‘Operation cookie monster’ and other cybersecurity news to know this month
- This monthly round-up brings you key cybersecurity stories from the past month.
- Top cybersecurity news: International police seize dark web marketplace in ‘Operation Cookie Monster’; Microsoft introduces AI-powered cybersecurity assistant; US and Europe launch cyber dialogue.
1. 'Operation Cookie Monster': International police action seizes dark web market
International law enforcement agencies have seized a sprawling dark web marketplace popular with cybercriminals in a multinational crackdown dubbed "Operation Cookie Monster".
A banner is now plastered across Genesis Market's site saying that domains belonging to the organization have been seized by the FBI. Logos of other European, Canadian and Australian police organizations are also emblazoned across the site, along with that of cybersecurity firm Qintel.
"We assess that the Genesis is one of the most significant access marketplaces anywhere in the world," said Rob Jones, the Director-General of Threat Leadership at Britain's National Crime Agency (NCA).
The NCA estimates that Genesis hosted about 80 million credentials and digital fingerprints stolen from more than 2 million people.
“The takedown of Genesis Market is an important step in the fight against cybercrime, but it is only one battle in a larger war,” said Gretchen Bueermann, a Research and Analysis Specialist at the World Economic Forum’s Centre for Cybersecurity.
Europol reported that the Dutch Police have developed a portal enabling people to check whether their information has been compromised.
Read more about the significance of ‘Operation Cookie Monster’ in our blog.
2. Microsoft launches AI-powered cybersecurity assistant
Microsoft has launched a tool to help cybersecurity professionals identify breaches, threat signals and better analyze data, using OpenAI's latest GPT-4 generative artificial intelligence model.
The tool, named Security Copilot, is a simple prompt box that will help security analysts with tasks such as summarizing incidents, analyzing vulnerabilities and sharing information with co-workers on a pinboard.
The assistant will use Microsoft's security-specific model, which the company describes as "a growing set of security-specific skills" that is fed with more than 65 trillion signals every day.
The launch comes amid a flurry of announcements from Microsoft about integrating AI into its most popular offerings.
What is the World Economic Forum doing on cybersecurity?
The World Economic Forum Centre for Cybersecurity drives global action to address systemic cybersecurity challenges. It is an independent and impartial platform fostering collaboration on cybersecurity in the public and private sectors. Here are some examples of the impact delivered by the centre:
Cybersecurity training: Salesforce, Fortinet, and the Global Cyber Alliance, in collaboration with the Forum, provide free and accessible training to the next generation of cybersecurity experts worldwide.
Cyber resilience: Working its partners, the Centre is playing a pivotal role in enhancing cyber resilience across multiple industries: Oil and Gas, Electricity, Manufacturing and Aviation.
IoT security: The Council on the Connected World, led by the Forum, has established IoT security requirements for consumer-facing devices, safeguarding them against cyber threats. This initiative calls upon major manufacturers and vendors globally to prioritize better IoT security measures.
Paris Call for Trust and Security in Cyberspace: The Forum is proud to be a signatory of the Paris Call, which aims to ensure global digital peace and security, emphasizing the importance of trust and collaboration in cyberspace.
Contact us for more information on how to get involved.
3. News in brief: Top cybersecurity stories this month
The United States and Europe have launched a “cyber dialogue” to strengthen cooperation ahead of the Cyber Solidarity Act being proposed by the European Commission. Writing in a LinkedIn post, European Commissioner for Internal Market, Thierry Breton, said he and the US Secretary of Homeland Security, Alejandro Mayorkas, are working to establish a “close and trusting cooperation on a crucial subject”. He added: “In the same way that the United States adopted a new strategy a month ago that takes up the European regulatory approach, it is our responsibility to better organize our operational cooperation.”
Italian aerospace and defence group Leonardo and German technology company Siemens have signed a memorandum of understanding to offer cybersecurity solutions for infrastructure in the energy, oil and gas and industrial sectors. "The main area of intervention will concern the resilience against accidents and cyberattacks to automation and connectivity systems that monitor and supervise assets, equipment and processes of critical infrastructures," the firms said. They will aim to offer "complete protection" from threats on infrastructure, which could have a serious impact on "essential" public services.
The US cybersecurity watchdog has no confidence that the cellular network used by first responders and the military is secure against digital intrusions, according to a letter sent by Senator Ron Wyden, who is a member of the US Committee on Intelligence. The letter raised concerns about the FirstNet mobile network to the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA). FirstNet was set up in the wake of the 9/11 attacks of 2001, and is used by public safety officials such as emergency workers, firefighters and law enforcement.
New Zealand intelligence agencies are growing more concerned about both foreign interference and malicious cyberactivity ahead of elections in October, according to the country’s intelligence chiefs. “It's fair to say that concern about foreign interference as well as malicious cyberactivity is growing,” Andrew Hampton, Director-General of the New Zealand Government Communications Security Bureau said. “That's not just the domestic trend, it's the international trend as well.”
4. More on cybersecurity on Agenda
Software manufacturers are being urged to build cyber-safety into their products at the design stage to protect critical systems such as those used to manage hospital appointments. New principles for software that is “secure-by-design and -default” have been published by the CISA, FBI and NSA in the US, and by cybersecurity agencies in six partner countries.
Quantum computing presents transformational opportunities as well as cybersecurity risks. Mitigating the risks will require organizations to implement quantum-secure cryptography over several years, although there are steps that can be taken now. The Institute for Quantum Computing’s co-founder, Professor Michele Mosca, and Vikram Sharma, the Founder and CEO of QuintessenceLabs explain the three approaches likely to be adopted by most organizations to enable the quantum transition.
Digitalization has benefitted the manufacturing sector, but the gains could be offset by the risks, as manufacturing is the most targeted sector by cyberattacks, write four cyber experts. The World Economic Forum is convening a multistakeholder community to strengthen cyber-resilience across the whole manufacturing ecosystem.