Check out CISA’s urgent call for federal agencies to protect themselves from Midnight Blizzard’s breach of Microsoft corporate emails. Plus, a new survey shows cybersecurity pros are guardedly optimistic about AI. Meanwhile, SANS pinpoints the four trends CISOs absolutely must focus on this year. And the NSA is sharing best practices for data security. And much more!
Dive into six things that are top of mind for the week ending April 12.
Midnight Blizzard, a nation-state hacking group affiliated with the Russian government, stole email messages exchanged between several unnamed U.S. federal agencies and Microsoft.
So said the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in its Emergency Directive 24-02, sent to federal civilian agencies last week and made public this week.
The directive instructs agencies to take immediate and specific actions, including “to analyze potentially affected emails, reset any compromised credentials, and take additional steps to secure privileged Microsoft Azure accounts,” CISA said in a statement.
“Midnight Blizzard’s successful compromise of Microsoft corporate email accounts and the exfiltration of correspondence between agencies and Microsoft presents a grave and unacceptable risk to agencies,” reads the directive. All impacted federal agencies have been notified.
Tenable CEO and Chairman Amit Yoran said in a statement that it’s not surprising to learn that Midnight Blizzard’s intrusion campaign escalated after its initial discovery. “Given Microsoft’s consistent track record of partial disclosure, misleading statements and downplaying security incidents, it was only a matter of when the other shoe would drop,” Yoran said.
“Microsoft’s lackadaisical security practices and negligent approach to disclosure have national security implications, and should alarm their commercial clients, which don’t necessarily have the voice or get the attention that the U.S. government might,” he added. “CISA is treating this threat with the intense scrutiny it deserves. Bad cyber hygiene leads to worse outcomes.”
Although the directive applies only to federal civilian executive branch agencies, CISA encourages any other organization impacted by Midnight Blizzard’s hack of Microsoft emails to seek guidance from their Microsoft account team.
The attack against Microsoft began in November 2023, when Midnight Blizzard – also known as Nobelium, Cozy Bear and APT29 – compromised a legacy, non-production test account that lacked multi-factor authentication protection.
Microsoft disclosed the breach in January, saying then that the hackers had stolen information from some of its employees’ corporate email accounts, including senior leaders and cybersecurity and legal staffers.
In a March update, Microsoft revealed that Midnight Blizzard had accessed Microsoft source code repositories and breached internal systems – and that it had been unable to contain the attack so far.
Microsoft further said at the time that Midnight Blizzard was trying to exploit stolen “secrets” shared via email between Microsoft and some customers. The Associated Press reported then that the stolen information included “cryptographic secrets” such as passwords, certificates and authentication keys.
To get more details, check out:
For more information about Midnight Blizzard’s attack against Microsoft:
A majority of cybersecurity professionals feel cautiously hopeful about artificial intelligence’s potential for strengthening their organizations’ cyber defenses, while also recognizing AI’s risks and adoption obstacles.
That’s according to a new global survey of almost 2,500 IT and security professionals conducted by the Cloud Security Alliance (CSA).
“While there’s optimism about AI’s role in enhancing security, there’s also a clear recognition of its potential misuse and the challenges it brings,” reads the “State of AI and Security Survey Report,” which was commissioned by Google and released this week.
Specifically, 63% of respondents said AI can potentially boost their organizations’ cybersecurity processes. Only 12% felt the opposite way. The rest had no opinion.
Already, 22% of polled organizations use generative AI for security. More than half (55%) plan to use it within the next year, with the top use cases being rule creation, attack simulation and compliance monitoring. C-level and board support is driving generative AI adoption.
Meanwhile, 67% have tested AI for security purposes, and 48% feel either “very” or “reasonably” confident in their organizations’ ability to use AI for security successfully.
What are your desired outcomes when it comes to implementing AI in your security team?
(Source: Cloud Security Alliance’s “State of AI and Security Survey Report”, April 2024)
However, respondents recognize that AI’s power can cut both ways. While 34% said AI will help security teams more than attackers, 31% opined that it will benefit both groups equally. One fourth of respondents view AI as more advantageous for attackers.
When asked about their concerns, respondents cited the quality of the data used to train AI models (38%); the “black box” nature of AI systems (36%); and a lack of staffers skilled on AI system management (33%). Other concerns: hallucinations, privacy violations, data loss and misuse.
Regarding worries that AI will lead to job losses, most cybersecurity pros (88%) are confident that AI tools won't replace them. They see AI as complementing their skills (30%), supporting their roles (28%) and freeing them up for other tasks (24%).
To get more details, check out the report’s announcement “More Than Half of Organizations Plan to Adopt Artificial Intelligence (AI) Solutions in Coming Year” and the full 33-page report “State of AI and Security Survey Report.”
For more information about how AI can help cybersecurity teams:
CISOs must track myriad new cyberthreats, regulations, technologies and business risks. It’s a challenge to focus on what’s most important. A new SANS Institute white paper aims to help.
Titled "SANS CISO Primer: 4 Cyber Trends That Will Move the Needle in 2024," the 10-page document unpacks these four trends and offers best practices for each:
“There are many topics I could have picked to discuss, but these four cybersecurity trends rise to the top as a result of countless conversations with esteemed CISOs,” wrote the study’s author, James Lyne, in the blog “4 Trends That Will Define the CISO's Role in 2024.”
“I trust that you will find my selections for this year thought-provoking, and that you will be able to go back to your team after reading this paper and add a highlight or priority to produce better risk management and security outcomes,” added Lyne, SANS Institute’s Chief Technology and Innovation Officer.
Here's a brief sampling of SANS Institute’s recommended best practices for each trend.
For more information about important trends for CISOs:
Oh, my – tech recruiters are all over AI.
Although tech job openings fell slightly in 2024’s first quarter, some tech roles bucked the trend: Jobs that require AI, 5G and WiFi expertise. That’s according to IoT Analytics’ “State of Tech Employment Spring 2024” report, released this week.
Compared with 2023’s fourth quarter, tech job postings dropped 2% in 2024’s first quarter, the seventh consecutive quarter of declines. However, jobs for which candidates need AI expertise grew 4% in the same period, while jobs requiring generative AI skills ballooned 38%.
“Executives are concerned about a labor shortage and skill gap in this area, thus creating the need to upskill existing or future workforces,” IoT Analytics Principal Analyst and report author Philipp Wegner wrote in an article.
Meanwhile, roles requiring 5G expertise grew 13% quarter-on-quarter, while those requiring WiFi expertise were up 2%.
(Source: IoT Analytics’ “State of Tech Employment Spring 2024” report, April 2024)
For more information about the tech jobs market:
Need suspicious files analyzed? You can now submit them to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which made its Malware Next-Generation Analysis tool available to all organizations this week.
Users from the U.S. federal government and the U.S. military have had access to Malware Next-Generation Analysis since November. About 1,600 suspicious files have been submitted, and about 200 suspicious or malicious files and URLs have been identified and shared with CISA partners.
“All organizations, security researchers and individuals are encouraged to register and submit suspected malware into this new automated system for CISA analysis,” reads CISA’s announcement of Malware Next-Generation Analysis.
Malware Next-Generation Analysis helps CISA’s threat hunters to “better analyze, correlate, enrich data, and share cyber threat insights with partners,” resulting in faster and sharper responses to cyberthreats, CISA Executive Assistant Director for Cybersecurity Eric Goldstein said in the statement.
The U.S. National Security Agency (NSA) published recommendations this week for organizations seeking to better protect their data from breaches, including customer records, proprietary information, employee data and intellectual property.
The NSA’s data security recommendations are organized into seven areas:
To get more information, check out:
Juan has been writing about IT since the mid-1990s, first as a reporter and editor, and now as a content marketer. He spent the bulk of his journalism career at International Data Group’s IDG News Service, a tech news wire service where he held various positions over the years, including Senior Editor and News Editor. His content marketing journey began at Qualys, with stops at Moogsoft and JFrog. As a content marketer, he's helped plan, write and edit the whole gamut of content assets, including blog posts, case studies, e-books, product briefs and white papers, while supporting a wide variety of teams, including product marketing, demand generation, corporate communications, and events.