A recent cyber-attack on CTS, a company that provides IT services to law firms and other organisations in the UK legal sector.
It was reported the cyberattack occurred on Wednesday, 22nd November 2023, and caused a widespread outage that affected dozens of law firms and homebuyers.
The cyberattack was reportedly caused by a CitrixBleed bug that has targeted other firms in recent weeks.
Cybersecurity is a very important and relevant topic in today’s world. It refers to the practice of protecting systems, networks, and programs from digital attacks that can harm individuals and organizations.
Cyberattacks will all have malicious intent, such as accessing, changing, or destroying sensitive information; extorting money from users via ransomware; or interrupting normal business processes.
Cybersecurity aims to prevent or mitigate these attacks by using various technologies, measures, and practices.
There are many types of cybersecurity, depending on the domain or layer of IT infrastructure that needs to be protected.
Critical infrastructure security
This protects the computer systems, applications, networks, data and digital assets that a society depends on for national security, economic health and public safety. For example, the power grid, the water supply, the transportation system, the health care system, etc.
In the United States, there are some guidelines and frameworks for IT providers in this area, such as the NIST cybersecurity framework and the CISA guidance.
Network security
This prevents unauthorized access to network resources and detects and stops cyberattacks and network security breaches in progress. For example, firewalls, antivirus software, encryption, VPNs, etc. Network security also ensures that authorized users have secure access to the network resources they need, when they need them.
Application security
This protects applications from cyberattacks by ensuring that they are designed, developed, tested, and maintained with security in mind. For example, code reviews, vulnerability scanning, penetration testing, secure coding practices, etc. Application security also involves educating users about safe and responsible use of applications.
Cyberattacks will all have malicious intent, such as accessing, changing, or destroying sensitive information; extorting money from users via ransomware; or interrupting normal business processes.
There are many more types of cybersecurity, such as cloud security, endpoint security, data security, identity and access management (IAM), etc. Each type of cybersecurity has its own challenges and solutions.
Companies to watch
Cybersecurity companies such as CrowdStrike, Okta, Zscaler and Palo Alto Networks are valuable assets with businesses willing to pay good money to protect against hackers.
The U.S. cyber hacker challenge is a new initiative launched by the Biden administration in August 2023 to use artificial intelligence (AI) to protect critical U.S. infrastructure from cybersecurity risks.
The challenge will offer $20 million in prize money and includes collaboration from leading AI companies Anthropic, Google, Microsoft and OpenAI, who will make their technology available for the competition. The challenge was announced at the Black Hat USA hacking conference in Las Vegas.
The competition will consist of three stages
Qualifying event in the spring of 2024
Semifinal at DEF CON 2024
Final at DEF CON 2025
The competitors will be asked to use AI to secure vital software and open source their systems so that their solutions can be used widely (does that create a risk in itsellf)? The top three teams will be eligible for additional prizes, including a top prize of $4 million for the team that best secures vital software.
The challenge aims to explore what’s possible when experts in cybersecurity and AI have access to a suite of cross-company resources. The U.S. government hopes that the promise of AI can help further secure critical U.S. systems and protect Americans from future cyber attacks!
Limitations and risks using AI for security
However, there are flaws and drawbacks of using AI for cybersecurity, both for the attackers and the defenders.
Lack of transparency and explainability: AI systems are often complex and opaque, making it difficult to understand how they make decisions or what factors influence their outputs. This can lead to trust issues, ethical dilemmas, and legal liabilities.
Overreliance on AI: AI systems are not infallible and may make mistakes or produce false positives or negatives. Relying too much on AI, without human oversight or verification can result in missed threats, erroneous actions, or unintended consequences.
Bias and discrimination: AI systems may inherit or amplify human biases or prejudices that are present in the data, algorithms, or design of the systems. This can result in unfair or discriminatory outcomes, such as excluding certain groups of people from access to services or opportunities, or targeting them for malicious attacks.
Vulnerability to attacks: AI systems may be susceptible to adversarial attacks, such as data poisoning, model stealing, evasion, or exploitation. These attacks can compromise the integrity, availability, or confidentiality of the systems, or manipulate them to produce malicious outputs.
High cost: Developing and maintaining AI systems for cybersecurity requires a lot of resources, such as computing power, memory, data, and skilled personnel. These resources may not be easily accessible or affordable for many organizations or individual.
‘Well, what do you think of AI and cybersecurity sharing resources’? ‘Ha! playing right into our hands’.
These are some of the flaws of using AI for cybersecurity, but they are not insurmountable. With proper research, regulation, education, and collaboration, AI can be a powerful ally in enhancing cybersecurity and protecting against cyber threats – that is until it takes over, but that will never happen… will it?
The UK’s elections watchdog has revealed it has been the victim of a complex cyber-attack potentially affecting millions of voters.
The Electoral Commission said unspecified ‘hostile actors‘ had managed to gain access to copies of the electoral registers, from August 2021. Note the word ‘unspecified’ is used – do they even know?
Hackers also broke into its emails and “control systems” but the attack was not discovered until October last year. The watchdog has warned people to watch out for unauthorised use of their data.
The commission said hackers accessed copies of the registers it was holding for research purposes, and for conducting checks on political donors. The commission knew which of its systems were accessible to the hackers, but could not ‘conclusively‘ identify which files may have been accessed.
‘Very sophisticated’ attack
The personal data held on the registers – name and address – did not itself present a ‘high risk‘ to individuals, it added, although it is possible it could be combined with other public information to ‘identify and profile individuals’.
It has not said when the hackers’ access to its systems was stopped, but said they were secured as soon as possible after the attack was identified in October 2022. Why was it left so long to be made public and how long did it take to make systems secure again?
Explaining why it had not made the attack public before now, the commission said it first needed to stop the hackers’ access, examine the extent of the incident and put additional security measures in place.Defending the delay, commission chair John Pullinger said: “If you go public on a vulnerability before you have sealed it off, then you are risking more vulnerabilities.” He is reported to have said the ‘very sophisticated attack involved using software to try and get in and evade our systems’. Well, that clearly worked then.
The world of digital data
He reportedly said that the hackers were not able to alter or delete any information on the electoral registers themselves, which are maintained by registration officers around the country. Information about donations and loans to political parties and registered campaigners is held in a system that is not affected by this incident, the notice added. He understood public concern, and would like to apologise to those affected.
Steps
The commission added that it had taken steps to secure its systems against future attacks, including by updating its login requirements, alert system and firewall policies. The Information Commissioner’s Office, which is responsible for data protection in the UK, said it was urgently investigating.
Labour’s deputy leader Angela Rayner reportedly said: ‘This serious incident must be fully and thoroughly investigated so lessons can be learned‘. Why wouldn’t it be investigated? I dislike it immensely when clueless politicians roll out this ‘standard remark’ as an attempt to demonstrate they ‘know what’s going on’.
Then what? It happens again and we have to… learn more lessons…?
