TOP OF THE DAY – Microsoft: Nation-States Team Up with Cybercriminals for Attacks
(James Coker – Infosecurity Magazine – 15 October 2024) Nation-state threat actors have ramped up cooperation with cybercriminals in the past year to advance their political and military goals, according to Microsoft’s Digital Defense Report 2024. The use of cybercriminals by nation-states has served a variety of purposes, including to collect intelligence, conduct operations for financial gain, and to make use of tools favored by these financially-motivated groups, such as infostealers and command and control frameworks. – Microsoft: Nation-States Team Up with Cybercriminals for Attacks – Infosecurity Magazine (infosecurity-magazine.com)
Geostrategies
(Trisha Ray – Observer Research Foundation – 11 October 2024) India’s growing strategic importance as a balance to China in the Indo-Pacific region, as well as convergence between New Delhi and Washington DC about Beijing’s aggressive stance on emerging technology, have resulted in warming relations between the United States (US) and India. Indeed, in recent years, there has been a spur of cooperative agreements between the two sides on domains such as defence technology, 5G, and semiconductors. This brief highlights the evolution of this partnership in the past decade, and asks: Can the two overcome current points of friction—immigration and anti-competitive practices by US tech giants, for example—especially as the US undergoes a change in leadership? – India-U.S. Technology Ties: Charting an Ambitious Course for the Future (orfonline.org)
Governance
(Molly Kinder, Xavier de Souza Briggs, Mark Muro, Sifan Liu – Brookings – 10 October 2024) Existing generative AI technology already has the potential to significantly disrupt a wide range of jobs. We find that more than 30% of all workers could see at least 50% of their occupation’s tasks disrupted by generative AI. Unlike previous automation technologies that primarily affected routine, blue collar work, generative AI is likely to disrupt a different array of “cognitive” and “nonroutine” tasks, especially in middle- to higher-paid professions. Despite the high stakes for workers, we are not prepared for the potential risks and opportunities that generative AI is poised to bring. The report emphasizes the importance of developing strategies to proactively shape AI’s impact on work and workers. This includes fostering worker engagement in AI design and implementation, enhancing worker voice through unions or other means, and developing public policies that ensure workers benefit from AI while mitigating harms such as job loss and inequality. – Generative AI, the American worker, and the future of work (brookings.edu)
Security
(Natalie Alms, David DiMolfetta – NextGov – 15 October 2024) The Biden administration is mulling new policies for federal agencies that buy data on Americans from commercial data brokers, citing increased risks posed by the increased use of artificial intelligence in government IT systems. In a request for information scheduled to be published Wednesday, the administration lays out potential privacy risks stemming from the use of commercially available information by federal agencies. – White House probes the collision of AI and personal data – Nextgov/FCW
(Alexandra Kelley – NextGov – 15 October 2024) Out of over 400 federal agencies and offices, few entities seem better equipped to implement artificial intelligence solutions internally than the Department of Energy. As the agency tasked with overseeing the expansive U.S. national laboratory network, leadership has access to the research and development to drive both AI policy and implementation. As a result, the agency has a dual perspective on the emerging technology that looks to both expand on AI’s possibilities and consider how it would operate in the organization internally. Likewise, Energy’s director of the Office of Critical and Emerging Technologies and chief AI officer, Helena Fu, and its chief information officer, Ann Dunkin, work closely on the agency’s overall approach to AI. – Bridging security and productivity at Energy – Nextgov/FCW
(Edward Graham – NextGov – 15 October 2024) The Transportation Security Administration has been working in recent years to deploy enhanced security tools, but Chief Technology, Data and Artificial Intelligence Officer Matt Gilkeson said the agency is currently taking a “crawl, walk, run approach” when it comes to implementing new AI technologies. Gilkeson said AI tools have the ability to improve the airport screening process, with the embrace of generative AI potentially allowing travelers to better understand and navigate TSA’s various policies. For now, however, the agency has largely been focused on training its workforce about the capabilities of the novel technologies and continuing to test AI tools for potential use. – TSA’s ‘crawl, walk, run’ approach to AI – Nextgov/FCW
(David DiMolfetta – NextGov – 15 October 2024) Under 4% of software developers across the globe are implementing training initiatives focused on baking baseline cybersecurity standards into the design and development of their products, research out Monday says. The small figure, which may help explain why basic software bugs are still frequently exploited by hackers en masse, comes from Secure Code Warrior, a firm headquartered in Australia that offers secure software manufacturing tools and services. – Few software developers employ secure by design training, research finds – Nextgov/FCW
(Eduard Kovacs – SecurityWeek – 15 October 2024) The Volkswagen Group has issued a statement after a known ransomware group claimed to have stolen valuable information from the carmaker’s systems. “This incident is known,” a Volkswagen spokesperson told SecurityWeek, adding, “The IT infrastructure of the Volkswagen Group is not affected. We are continuing to monitor the situation closely.” – Volkswagen Says IT Infrastructure Not Affected After Ransomware Gang Claims Data Theft – SecurityWeek
(Alessandro Mascellino – Infosecurity Magazine – 15 October 2024) A novel cyber-attack method dubbed ConfusedPilot, which targets Retrieval-Augmented Generation (RAG) based AI systems like Microsoft 365 Copilot, has been identified by researchers at the University of Texas at Austin’s SPARK Lab. The team, led by Professor Mohit Tiwari, CEO of Symmetry Systems, uncovered how attackers could manipulate AI-generated responses by introducing malicious content into documents the AI references. – New ConfusedPilot Attack Targets AI Systems with Data Poisoning – Infosecurity Magazine (infosecurity-magazine.com)
(Elizabeth Montalbano – Dark Reading – 15 October 2024) Cyber-threat actors have ramped up their targeting of the 2024 US elections with a flood of malicious activity expected to peak over the next month, aimed at causing disruption to voters and the election process and requiring increased vigilance on the part of stakeholders. Specifically, attackers have bolstered election-related threat activity since the beginning of the year with an increase in the sale of phishing kits targeting US voters and campaign donors; the registration of more than 1,000 domains aimed at exploiting election-related content for malicious purposes; and increased ransomware activity targeting government entities, according to research from FortiGuard Labs Threat Research released today. – Flood of Election-Related Cyber Activity Unleashed (darkreading.com)
(Beth Maundrill – Infosecurity Magazine – 15 October 2024) Despite NIST’s recent publication of post-quantum encryption standards, many organizations have not begun preparing for the post-quantum threat, according to a new report by the Entrust Cybersecurity Institute. In August, NIST published its first three finalized post-quantum encryption standards, outlining usage and implementation guidelines for organizations entering a new era of quantum cryptography. – Most Organizations Unprepared for Post-Quantum Threat – Infosecurity Magazine (infosecurity-magazine.com)
(Kevin Poireault – Infosecurity Magazine – 15 October 2024) A new sophisticated malicious campaign is using an undetected Cerberus Android banking Trojan payload, according to cybersecurity provider Cyble. In a new report published on October 14, Cyble Research and Intelligence Labs (CRIL) identified 15 malicious samples posing as Chrome and Play Store apps from mid-September through the end of October. – Cerberus Android Banking Trojan Deployed in New Malicious Campaign – Infosecurity Magazine (infosecurity-magazine.com)
(Phil Muncaster – Infosecurity Magazine – 15 October 2024) A leading insurer has launched a new service designed to recover funds stolen from British businesses by online fraudsters, such as those running business email compromise (BEC) scams. Coalition said it has already been able to return £1.4m ($1.8m) to a policyholder that was stolen in a “sophisticated social engineering attack” on a south-of-England law firm. – Insurer Aims to “Clawback” BEC Funds After £1.4m Success – Infosecurity Magazine (infosecurity-magazine.com)
(Phil Muncaster – Infosecurity Magazine – 15 October 2024) Security researchers flagged hundreds of fake apps to Google last year, warning that millions of users may have unwittingly infected their devices with malware. Zscaler made the claims in its ThreatLabz 2024 Mobile, IoT, & OT Threat Report, which covers the period June 2023 to April 2024. – Eight Million Users Download 200+ Malicious Apps from Google Play – Infosecurity Magazine (infosecurity-magazine.com)
Defense, Intelligence, and War
(Courtney Albon – Defense News – 15 October 2024) The Army is eyeing a mix of existing and new technology to potentially scale through the second iteration of the Pentagon’s Replicator initiative, including systems that use artificial intelligence and machine learning to target and intercept small-drone threats. Defense Secretary Lloyd Austin announced last month that Replicator 2 would center on countering threats from small drones, particularly those that target “critical installations and force concentration,” he said in a Sept. 29 memo. DOD plans to propose funding as part of its fiscal 2026 budget request with a goal of fielding “meaningfully improved” counter-drone defense systems within two years. – For Replicator 2, Army wants AI-enabled counter-drone tech (defensenews.com)
(Patrick Tucker – Defense One – 15 October 2024) Russia is giving its armed drones more autonomy as Ukraine’s defenses tighten, a dynamic that has the U.S. Army working harder to bulk up its own anti-drone and -missile systems, service and industry officials said. Defense One caught up with Sgt. Maj. Kellen Rowley, the top enlisted leader of the 10th Army Air and Missile Defense Command, at the AUSA conference in Washington, D.C. We asked him whether Russia is increasingly relying on autonomy software for drone attacks in order to thwart defensive measures that target the connection between the weapons and their operators. “They are,” Rowley said. “They are becoming more adaptive. We saw them struggle quite a bit with dynamic targeting. As time has gone on, they’ve adapted.” – US Army rushes to boost defenses as Russia ups strike-drone autonomy – Defense One
(Sydney J. Freedberg Jr. – Breaking Defense – 15 October 2024) The world’s largest defense contractor, Lockheed Martin, is pulling from its vast archives of digital engineering data to build a comprehensive “hardware catalog” of proven, tested components that its designers can draw on, the company announced here Monday. The newly announced initiative, ModSTAR, will feed into the company’s ARISE simulation toolkit announced last year. The combination is meant to let Lockheed engineers run detailed tests of their designs before they even start building a prototype — potentially cutting months and years off development timelines. – Lockheed launches virtual parts catalog ModSTAR for AI-wielding digital engineers – Breaking Defense
(Todd South – Defense News – 15 October 2024) As technology advances, the gear soldiers use to survive on the battlefield and accomplish their missions becomes more sophisticated. As the epicenter of all things soldier gear, Program Executive Office-Soldier works with Army laboratories, research and development commands to deliver ready-to-field kit to troops, with gear ranging from soldiers’ boots to advanced targeting and night vision. – All the high-tech gear the Army is bringing to soldiers (defensenews.com)
(Jen Judson – Defense News – 15 October 2024) The Army is maturing technology for a cannon capable of firing hypervelocity projectiles for the air defense mission, according to the director of the service’s Rapid Capabilities and Critical Technologies Office. The RCCTO, which stood up a product office for the Multidomain Artillery Cannon system in July, is assessing hypervelocity gun system work already completed by the Pentagon’s Strategic Capabilities Office, as well as data from its own canceled Extended Range Cannon Artillery, or ERCA, system to inform the prototype’s development, Lt. Gen. Robert Rasch told Defense News in an interview ahead of the Association of the U.S. Army’s annual conference. – How the Army is maturing tech for an air defense cannon (defensenews.com)
Frontiers
(Rebecca Bellan – TechCrunch – 15 October 2024) During Tesla’s much-hyped robotaxi reveal event last week, CEO Elon Musk said he expects Tesla to release an “unsupervised” version of FSD, the automaker’s advanced driver assistance system, in Texas and California in 2025 on certain Model 3 and Model Y vehicles. He also said Tesla would begin production on its robotaxis – which are built without a steering wheel or pedals – by 2026 or 2027. – How Tesla’s plans for ‘unsupervised FSD’ and robotaxis could run into red tape | TechCrunch
(Brian Heater – TechCrunch – 15 October 2024) MAB Robotics Tuesday showcased the latest trick from its Honey Badger robot. In a video, the quadruped is seen running along the bottom of a pool. Legs don’t generally make more sense than propellers or other more standard methods of underwater robot locomotion, but the video demonstrates a sense of robustness and dynamism not often seen in such sophisticated systems. – Watch a robot dog run under water | TechCrunch
(Manish Singh, Jagmeet Singh – TechCrunch – 15 October 2024) India announced on Tuesday it would allocate spectrum for satellite services through administrative means rather than auction, a decision that aligns with recent comments by Elon Musk and rebuffs lobbying efforts by the country’s largest telecom operators. Jyotiraditya Scindia, India’s Communications Minister, stated on Tuesday evening: “Spectrum for satcomm is shared spectrum, and cannot be auctioned. The administrative allocation of satellite spectrum is practised worldwide.” – India backs Musk in satellite spectrum allocation row | TechCrunch
(Dominic-Madori Davis – TechCrunch – 15 October 2024) Ruben Harris and Timur Meyster, the founders of the upskilling platform Career Karma, announced today the launch of the company OutRival, which offers a service that hosts and lets businesses build their own customer service agents to take on customer interactions. AI agent companies are hot right now, and AI is one of the only sectors in venture capital seeing a flood of money rush toward it. As of September, the VC industry poured at least $64.1 billion into the AI sector and a third of all VC dollars this year went to AI startups, according to PitchBook data reported by the Wall Street Journal. – Career Karma founders launch OutRival to help companies build AI agents | TechCrunch
(Aisha Malik – TechCrunch – 15 October 2024) After bringing generative AI to Search in 2023, Google is supercharging its Shopping tab with the technology. The company announced on Tuesday that it will use AI to help users shop for products based on exactly what they’re looking for. It also launched a new scrollable feed of personalized, shoppable products. Now, when you search for a product on Google, the results page will include an AI brief with things to consider when shopping. For instance, if you search for a “men’s winter jacket for Seattle,” you will see a summary with things Google thinks you should know before purchasing a new jacket for that specific climate. – Google supercharges Shopping tab with AI and personalized recommendation feed | TechCrunch