Cyber Week in Review: December 1, 2023

United Kingdom, South Korea warn of North Korean supply chain hack against Taiwanese company

The UK National Cyber Security Centre (NCSC) and South Korea’s National Intelligence Service (NIS) issued a warning on Monday regarding North Korean threat actor Lazarus Group’s supply chain attack against Taiwanese software company CyberLink Corporation. The attackers compromised CyberLink’s network and embedded malicious code in an update of CyberLink’s Promeo software. The attack appeared aimed at critical government, financial, and defense systems in countries including Japan, Taiwan, Canada, and the United States. The attack appears to have been relatively targeted, as Microsoft said it had observed only around one hundred infections worldwide. Lazarus Group has pulled off brazen hacks before, including in August of this year, when it was revealed that Lazarus managed to break into the systems of a Russian missile manufacturer, NPO Mashinostroyeniya.

UK, United States release Guidelines for Secure AI System Development

On Sunday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the UK NCSC released Guidelines for Secure AI System Development [PDF], with feedback from all members of the Group of 7 (G7) and other countries. The guidelines are the first internationally agreed upon recommendations supporting AI developers in understanding how to implement proper cybersecurity and safety during AI development. In four sections, the guidelines cover: 1) secure design and security trade-offs to consider in the design phase; 2) implementing secure AI development lifecycles; 3) secure deployment of AI through incident management; and 4) operation and maintenance of AI systems post-deployment. Since CISA’s inception in 2018, the agency has focused on secure, safe tech development, promoting this goal through the agency’s Secure by Design principles.

Google DeepMind says it used machine learning to generate 400,000 potential materials designs

In a demonstration of the remarkable opportunity that AI-powered research will bring to scientific discovery, researchers from Google DeepMind released a new paper in the journal Nature that outlines the combinations of 400,000 hypothetical stable materials that could be used in a variety of different industries, including batteries and solar. The group said it used data on 48,000 existing compounds from the Materials Project to train an AI to develop potential compounds that could be used in different technological processes. The model the DeepMind team used may be capable of consistently developing more complex molecules compared to human research, when measured by the number of elements contained in a compound and compared against the data gathered by the Materials Project. Some experts criticized the authors for not sharing all of the data used to train the model or the final model itself, both of which could hamper the ability of researchers to replicate the authors’ findings. Google DeepMind said that researchers were already synthesizing some of the newly-discovered materials and that it is sharing the hypothetical materials identified and other data output by the model with researchers.

Okta says October breach affected more customers than originally announced

Managed security provider Okta announced that a security breach in September of this year was far larger than it had originally acknowledged. Okta originally stated that only 1 percent of Okta customers were affected. Its new announcement clarified that hackers managed to steal the names and email addresses of everyone who used Okta’s customer support system, along with some Okta employee data. Okta had originally been criticized for its slow response to the breach, with Okta customers BeyondTrust and Cloudflare saying that Okta took an unacceptably long time to report the breach and to follow up on questions. This is not the first time that Okta’s disclosure failures have garnered attention; Okta was previously criticized for its failure to fully disclose the consequences of a breach by the criminal gang Lapsus$ in January 2022.

CISA issues warning after Pennsylvania water hack  

Over the weekend, a programmable logic controller (PLC) that monitors water pressure at the Municipal Water Authority of Aliquippa, Pennsylvania suddenly shut down and displayed a message: “Cyber Av3ngers. Down with Israel.” The Department of Homeland Security (DHS) is currently investigating the hack on the water authority, and some news outlets have reported that the attack was likely carried out by anti-Israeli Iranian group, Cyber Av3ngers. Cyber Av3ngers have previously been implicated in attacks on Israeli critical infrastructure. PLCs are used to control industrial processes in water plants, and manipulating them can have catastrophic impacts for the safety of water systems. The hacked PLC does not appear to have been manipulated beyond the initial compromise and message. The breach at the water authority comes as the Environmental Protection Agency (EPA) has tried to improve cybersecurity in the water sector, but the EPA has seen its draft rules stymied in court and recently removed them from consideration.

Eva Schwartz is the intern for the CFR Independent Task Force Program.