Buzzwords of the Day 03-13-2024
#This Week's Buzzwords:
declare -a Buzzword = { "Ransomware", "AI/LLM", "Phishing" }
$Buzzword{0}= "Ransomware" - Won't somebody think of the children?
We've covered attacks on all sorts of targets, nuclear production plants, investment banks, healthcare facilities, power & water treatment plants, and more. There is a target we have not yet covered, and this week brings it into the spotlight: school systems. An unfortunate reality of the "always-online" world of 2024 is the sheer amount of valuable, private personal data contained in school networks. Staff, both administration and instructors, often lean entirely on centralized digital records for tasks like attendance, grading, and communication of vital information (medical accommodations, disciplinary records, and more). That data, though it may seem innocuous on the surface, has proven valuable enough for state-sponsored threat actors to attack US-based school districts with an increasing frequency.
Due to a combination of factors ranging from budgetary constraints to a lack of knowledgeable personnel, most school districts in the US are extremely vulnerable to external attacks. In an interview with NPR, Scott Elder (superintendent for the Albuquerque school district in New Mexico) politely summarized the attacks as beyond the scope of "Johnny in his room trying to break in and change his grades". Attacks like the one that crippled his district for 2 days are on the rise. Elder's district suffered a ransomware attack in 2022, where the attackers managed to exfiltrate the district's database of over 70,000 students. The data compromised in this case included full legal names, social security numbers, retained medical & disciplinary records, among other personal & identifying information (PII). His district has since put substantial effort into bolstering their security posture, but at this time are one of a small percentage of districts actively working on improving cyber defenses.
Albuquerque is not alone, and the frequency of attacks on these vulnerable institutions will only increase as malware becomes more readily & steadily available, and attack vectors evolve. Please read the full interview with NPR below, which covers additional attacks on other districts and more.
Source Context:
https://www.npr.org/2024/03/11/1236995412/cybersecurity-hackers-schools-ransomware
~~~
$Buzzword{1}= "AI/LLM" - Coming soon - NHL statblocks
It's 2024, and we're putting AI into anything & everything around us. A research team at the University of Waterloo has been working on integrating AI-powered analysis to professional hockey, creating a tool they hope will allow coaches to compile & learn from granular data pulled from recorded (and potentially real-time) game footage. At its present nascient stage, the tool is capable of tracking player movement with reasonable (83%) accuracy, and team identification with upwards of 97% accuracy. Considering the pace of development with other similar AI-powered analysis tools, this project hints at a breakthrough in sports analytics beyond the ice rink. Read more on the team below, in this piece by Science Daily
Source Context:
https://www.sciencedaily.com/releases/2024/03/240311145909.htm
~~~
$Buzzword{2}= "Phishing" - Tesla for $20 and some HTML?
Tesla owners who unlock their car with their phones are a new target for car thieves with some tech knowledge. Recent discoveries by a security research team show a gaping vulnerability in Tesla's "phone token" vehicle access service. Their proof-of-concept attack shows how an attacker could phish viable Tesla login credentials from the owner of a vehicle, and immediately leverage those credentials to create a second "phone key" for the car itself. Per reporting by BleepingComputer, the current enrollment process for adding a phone to vehicle access is authenticated by single-factor, and provides no update or indication to the vehicle owner that a new phone key has been added. As far as the owner of the car is aware, nothing is wrong (until, of course, they return to find their vehicle missing from where they last parked it).
The attack vector for stealing credentials will not shock most readers; the simulated attackers in the proof-of-concept scenario created a fascimile login page for Tesla's ubiquitous free Wifi service provided to owners of their vehicles. The attack, if it were to occur in the wild, would likely include an attacker creating a rogue WiFi access point, naming the SSID to match Tesla's free wifi SSID, and prompting users to input their legitimate Tesla credentials into a "login" form. The login form would capture those credentials for the attacker to then use to create a key for the vehicle in question, which can be done from close proximity to the vehicle, such as being parked next to it in a lot.
We encourage you to read the full breakdown by BleeepingComputer below
