Cybersecurity Snapshot: AI Data Security Best Practices Released, While New Framework Seeks To Help IT Pros Gain Cyber Skills

1 - Cyber agencies offer AI data security best practices

With organizations gleefully deploying artificial intelligence (AI) tools to enhance their operations, cybersecurity teams face the critical task of securing AI data.

If your organization is looking for guidance on how to protect the data used in AI systems, check out new best practices released this week by cyber agencies from Australia, New Zealand, the U.K. and the U.S.

“This guidance is intended primarily for organizations using AI systems in their operations, with a focus on protecting sensitive, proprietary or mission-critical data,” reads the document titled “AI Data Security: Best Practices for Securing Data Used to Train & Operate AI Systems.”

“The principles outlined in this information sheet provide a robust foundation for securing AI data and ensuring the reliability and accuracy of AI-driven outcomes,” it adds.
 
By drafting this guidance, the authoring agencies seek to accomplish three goals:

• Create awareness about data security risks involved in developing, testing and deploying AI systems.
• Offer best practices for securing data throughout the AI lifecycle.
• Promote the adoption of strong data-security techniques and of risk-mitigation strategies.

Here’s a small sampling of recommended best practices in the 22-page document:

• Use trusted, reliable data source for training your AI models and adopt provenance-tracking to trace the training-data origins.
• Employ checksums and cryptographic hashes to maintain the AI data’s integrity during storage and transmission.
• Adopt digital signatures to prevent unauthorized third-parties from tampering with the AI data.

2 - Framework maps cyber skills across 14 IT roles

Security skills must extend beyond an organization’s cyber team and across your IT department

– but how?

It’s a question that the Linux Foundation and the Open Source Security Foundation have tried to answer with a new reference framework that maps required cyber skills across 14 IT department roles.

The new “Cybersecurity Skills Framework,” available via an interactive web interface, is meant to be a “starting point” for organizations to then adjust the framework’s guidance based on their specific needs and requirements.

“The framework provides leaders with an easy way to understand the cybersecurity skills needed, quickly identify knowledge gaps, and incorporate critical skills into all of their IT roles,” the Linux Foundation and OpenSSF said in a statement.
 

“By establishing a shared language for cybersecurity readiness, the framework prepares everyone who touches a system to take responsibility for security, not just the cybersecurity specialists,” the organizations added.

The required cyber skills are organized into three categories for each IT role: basic, intermediate and advanced. For example, for a web developer the framework lists nine basic cybersecurity skills, seven intermediate ones and five advanced ones. 

Cybersecurity skills for a web developer include:

• Basic: Adopt input validation and injection prevention techniques to prevent vulnerabilities like cross-site scripting and SQL injection.
• Intermediate: Implementing scanning and testing throughout the development lifecycle.
• Advanced: Deepen advanced cryptographic techniques such as digital signatures and hashing algorithms.

 

3 - Alert: LummaC2 malware used against critical infrastructure

Cyber attackers are deploying the LummaC2 malware in an attempt to breach the networks of U.S. critical infrastructure organizations and steal sensitive data.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued the warning this week in a joint advisory that outlines attackers’ TTPs and indicators of compromise, along with recommended mitigations.

“LummaC2 malware is able to infiltrate victim computer networks and exfiltrate sensitive information, threatening vulnerable individuals’ and organizations’ computer networks across multiple U.S. critical infrastructure sectors,” the advisory reads.
 

Cyber attackers use spearphishing methods to trick victims into downloading legit-looking apps that contain the LummaC2 malware, which has been available in cybercriminal forums since 2022. The malware’s obfuscation methods allow it to bypass standard cyber controls.

“Once a victim’s computer system is infected, the malware can exfiltrate sensitive user information, including personally identifiable information, financial credentials, cryptocurrency wallets, browser extensions, and multifactor authentication (MFA) details without immediate detection,” the advisory reads.

Mitigation recommendations include:

• Monitor and detect anomalous behavior, such as API calls that try to retrieve system information.
• Implement application controls, such as allowlisting remote access programs.
• Adopt phishing-resistant multi-factor authentication.
• Collect logs to regularly review registry changes and access logs that may signal a LummaC2 malware infection.
• Regularly update and patch software to remediate critical vulnerabilities.

 

4 - Logistics and tech vendors warned about Russian cyber spies

Cyber attackers backed by Russia’s GRU military intelligence unit have unleashed an aggressive cyber espionage campaign targeting U.S. and European technology companies and logistics providers involved in delivering aid to Ukraine.

That’s according to the joint advisory “Russian GRU Targeting Western Logistics Entities and Technology Companies” published this week by cybersecurity and law enforcement agencies from 11 countries, including Australia, Canada, France, Germany, the U.K. and the U.S.

“This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors’ wide-scale targeting of IP cameras in Ukraine and bordering NATO nations,” the 33-page document reads.
 

The group carrying out the cyber espionage campaign, known by various names, including APT28 and Fancy Bear, uses multiple tactics, techniques and procedures (TTPs) to gain initial access to victims’ networks, including: 

• brute-force password attacks
• credential spearphishing
• malware delivery
• vulnerability exploitation
• attacks against VPNs

The advisory’s mitigation recommendations include:

• Segment networks, restrict network access and adopt a zero-trust architecture
• Automatically log network access and audit the logs to identify suspicious access requests
• Implement allowlisting for applications and scripts
• Adopt tools that check the safety of links in emails
• Use multi-factor authentication with passkeys or PKI smartcards
• Limit the number of administrative accounts 
• Change all default credentials

 

5 - NIST develops metric to predict likelihood of a vulnerability’s exploitation

Knowing which vulnerabilities have been exploited in the wild is priceless information for a security team as it prioritizes which ones to patch first.

Now, the U.S. National Institute of Standards and Technology has come up with a set of calculations designed to determine a vulnerability’s exploitation chances.

“Only a small fraction of the tens of thousands of software and hardware vulnerabilities that are published every year will be exploited. Predicting which ones is important for the efficiency and cost effectiveness of enterprise vulnerability remediation efforts,” reads NIST’s white paper “Likely Exploited Vulnerabilities: A Proposed Metric for Vulnerability Exploitation Probability,” published this week.