FBI cracks Russian cyber-spying operation, and other cybersecurity news to know this month

One of Russia's leading cyber spying programmes may have been "eradicated from the battlefield" by the FBI, according to US authorities.

In an operation dubbed "Medusa", technical experts at the Bureau discovered and disabled "Snake" malware being used by Russia's FSB security service, reports Reuters.

"We assess this as being their premier espionage tool," a US official told journalists.

The FSB spies using the malware are part of the notorious "Turla" hacking group. A senior FBI official said Turla has been active for 20 years, targeting those aligned with NATO, US government agencies and tech companies.

The US and its allies issued a joint advisory on 9 May, published by the Cybersecurity and Infrastructure Security Agency (CISA), which exposed technical information about Snake infrastructure, which had been found in more than 50 countries across the world.

“The advisory lifts the lid on a highly sophisticated espionage tool used by Russian cyber actors, helping to expose the tactics and techniques being used against specific targets around the world," said Paul Chichester, Director of Operations at the UK's National Cyber Security Centre – a part of GCHQ.

“We strongly encourage organizations to read the technical information about Snake malware and implement the mitigations to help detect and defend against this advanced threat.”

Natural language AI tools such as ChatGPT pose a risk to cybersecurity that leaders must be prepared for, according to a report in the Harvard Business Review.

Jim Chilton, the CTO of global edtech Cengage Group and the author of the report, writes that with cyber attacks increasing, business leaders must recognize the key threats from the growing impact of AI.

Concerns focus on the use of AI to make phishing attacks seem more plausible, the use of ChatGPT to write malicious code and the potential for AI tools to be hacked and used to disseminate misinformation.

"With reputations and revenue on the line, the industry must come together to have the right protections in place and make the ChatGPT revolution something to welcome, not fear," concludes Chilton.

OpenAI says it is committed to developing safe and secure AI tools.

Microsoft is expanding access to cybersecurity training for women and girls in Asia. Under its Ready4Cybersecurity programme, Microsoft is committing to skill and certify 100,000 young women and underrepresented youths in cybersecurity by 2025.

Hackers disrupted public services in the US city of Dallas, closing courts and knocking emergency services websites offline. The home pages of the police and fire service were taken offline and a police spokesperson said the city's computer-aided dispatch system was hit.

Australia's Medibank has been served with another class-action suit related to a cyber hacking incident last year. Medibank had disclosed that a hacker stole the personal information of 9.7 million current and former customers, and released the data on the dark web. The bank said it will defend the action.

Vietnam is preparing to make it mandatory for social media users of both local and foreign platforms to verify their identity to rein in online scams, state media reported. In recent years, the country has issued several regulations and a cybersecurity law targeting foreign social media platforms – to battle disinformation.

The personal information of 237,000 current and former federal government employees has been exposed in a data breach at the US Transportation Department, according to Reuters. The breach hit systems for processing TRANServe transit benefits that reimburse government employees for some commuting costs.

The character of cybersecurity threats is changing. This is a key finding revealed in the World Economic Forum's Global Cybersecurity Outlook 2023 report. Cyber attackers are more likely to focus on business disruption and reputational damage, while 43% of leaders fear it's likely a cyberattack will affect their organization in the next two years, the report says.

Cybersecurity has been identified as a key risk in the Forum's Global Risks Report, 2023. It finds that "geopolitical and economic uncertainty around the world is exacerbating the threat of potentially catastrophic cyber attacks, increasing the risk for businesses across sectors".

The advance of digitization brings benefits and risks in the context of cybersecurity. Technologies to defend against hackers are becoming more sophisticated – cybercriminals are also using technology to stay one step ahead. Here are 7 trends that could shape the future of cybersecurity by 2030.