AI is changing the modern workplace at an unprecedented pace. Adopting AI-powered tools across your organization can supercharge productivity and creativity. Secure and responsible generative AI solutions, such as Copilot for Microsoft 365, elevate your AI investment with real gains in efficiency and innovation. This essential AI companion works across your data estate to deliver undeniable value—70% of early adopters said they were more productive, and 68% reported that it improved the quality of their work.1 Join Microsoft leaders and executives as they discuss how AI can advance your journey to a high-powered organization. Explore how you can: Jump-start the AI transformation with data security and compliance Enhance communication and collaboration with AI-powered tools Adopt and measure your AI transformation Register now to learn how secure and responsible AI can transform your organization. 1 “Work Trend Index Special Report: What Can Copilot’s Earliest Users Teach Us About Generative AI at Work?,” Microsoft, November 2023. |
The AI Advantage: Maximizing Productivity in the Modern Workplace |
Register now > |
Author: blogmirnet
Out for Comment | CSF 2.0, NIST SP 800-53 OLIR Crosswalk
NIST has released for comment an ‘OLIR Crosswalk’ between the recently released NIST Cybersecurity Framework 2.0 (CSF) and NIST Special Publication 800-53 Revision 5, Security and Privacy Controls for Information Systems and Organizations. This Crosswalk directly shows where the outcomes NIST SP 800-53 control(s) identified meets at least part of the respective CSF Subcategory. Comments are due via email to [email protected] by April 27, 2024, at 11:59 PM EST.
About OLIR
The National Online Informative References (OLIR) Program is a NIST program to facilitate subject matter experts in mapping/crosswalk relationships between elements of documents across cybersecurity, privacy, and other information and communications technology domains. View our catalog, download mappings, and participate (submit mappings).
These same mappings are also available and browse and download on the CPRT site for select NIST guidance documents
Cybersecurity Resources for Small to Medium-Sized Manufacturers
Event Date: May 2, 2024
Event Time: 2:00 p.m. to 2:45 p.m. ET
Event Location: Virtual
Event Description:
Join us on May 2, 2024, for a 30-minute fireside chat with the NIST MEP Program Office. During this webinar we will highlight the cybersecurity resources available to the nation’s small and medium-sized manufacturers (SMMs).
SMMs are increasingly relying on data, information, and technologies to run their operations in a competitive and efficient manner. With this increased reliance on technology and connectivity comes an increased cybersecurity threat surface to the business and to the entire supply chain in which they contribute.
Defending an SMM’s assets from cybersecurity threats can be challenging. However, because these organizations often have less complex information technology (IT) and operational technology (OT) infrastructures, many can more readily take basic steps to defend their information and systems.
The MEP National Network helps manufacturers of all sizes manage their cybersecurity and privacy risks by providing guidance, solutions, and training that is practical, actionable, and cost-effective.
During this webinar, we’ll have a robust discussion to provide attendees with:
- An introduction to the MEP National Network
- An overview of the MEP cybersecurity services and resources
- Basic steps an SMM can take to manage their cybersecurity risks
- Information about how to locate an MEP Center in your area
We’ll reserve time at the end of the webinar to address questions.
Speakers:
- Dr. Jyoti Malhotra, Division Chief, National Programs, NIST MEP
- Savann Thorn, IT Specialist (Security), NIST MEP
- Daniel Eliot, Lead for Small Business Engagement, Applied Cybersecurity Division, NIST
Register Here
FTC Reports $1.1 Billion in Losses from Impersonation Scams in 2023
The Federal Trade Commission (FTC) released a report stating that over $1.1 billion in losses from impersonation scams were reported in 2023. The FTC’s report shows that 330,000 incidents were business impersonation scams, and nearly 160,000 were government impersonation scams, accounting for almost half of the frauds reported to the agency. Reports also show an increase in multi-stage impersonation scams where threat actors pose as more than one organization in a single scam. Threat actors may initially begin the scam by posing as an employee of a trusted organization and then transfer the target to someone claiming to be from a bank or government agency to add legitimacy to their scam. |
Phone calls are still the top reported initial stage of impersonation scams but have seen a sharp decline compared to 2020. Emails are a close second, followed by text messages, and both have steadily increased in usage over the past few years. The below list of scams accounted for nearly half of the reported 2023 scams. |
Copycat Account Security Alerts: Threat actors initiate fraudulent messages of suspicious account activity or unauthorized charges, claiming to be from a trusted organization or bank. They try to persuade their target to transfer funds or move money to a Bitcoin ATM, claiming it will help “protect” their funds. Phony Subscription Renewals: Users receive a notice claiming that a subscription or account will auto-renew, often claiming the charge will be for a few hundred dollars. Threat actors sometimes try to convince their target to allow them to connect to their computer, making it appear that they “accidentally” refunded too much money to the target. The threat actors demand that the refund be returned, often through the purchase of gift cards. Fake Giveaways, Discounts, or Money to Claim: Threat actors send a message about a giveaway, discount, or unclaimed money. These messages appear to be sent from organizations, such as internet service providers, retailers, or the Publishers Clearing House. These scams require purchasing gift cards or transferring funds to receive a gift or discount. Bogus Problems with the Law: Threat actors impersonating government agents contact the target, claiming their identity has been used to commit a serious crime. They offer to help fix the problem, often by having their targets purchase gift cards or transfer funds to Bitcoin ATMs (or “safety lockers”) to protect their funds during the supposed investigation. Made-up Package Delivery Problems: Threat actors send messages claiming to be from carrier services, stating they are having problems making the delivery. These messages will include a link to the spoofed website of the carrier’s website, which may prompt for credit card or bank account information for a small redelivery fee. |
On April 1, the FTC announced a new rule regarding the impersonation of government agencies and businesses. This rule gives the agency more robust tools to fight and deter potential scammers. Due to the new rule, the FTC can file federal court cases seeking money back for victimized consumers and pursue civil penalties against those who violate the rules. |
2024 Q1 Top Ransomware Trends
The NJCCIC continues to receive reports of ransomware incidents impacting New Jersey private organizations and the public sector. Threat actors primarily targeted critical infrastructure and educational institutions, likely due to budgetary restraints, limited resources, and reliance on third-party vendors. These incidents resulted in financial losses, operational disruptions, and the loss of confidentiality, integrity, and availability of data and information systems. For the first quarter of 2024, we review the top ransomware variants reported to the NJCCIC, highlight ransomware trends, and provide recommendations to educate users and organizations to reduce the likelihood of victimization. |
For the first quarter of 2024, ransomware incidents reported to the NJCCIC consisted of Akira, LockBit, and Play ransomware. There was a sharp increase in Akira ransomware attacks, particularly after the LockBit ransomware group’s takedown. Akira ransomware operators are known for their sophisticated attacks, especially against US healthcare organizations. However, after the takedown, LockBit quickly relaunched operations to stay active and focused on targeting government agencies and critical infrastructure organizations, including healthcare. Also, cyberattacks targeting ConnectWise ScreenConnect vulnerabilities were linked to both LockBit and Play ransomware. Although existing ransomware groups continue their efforts, new ransomware gangs have initiated operations in 2024. |
The top attack vectors for ransomware are phishing, compromising valid accounts, and external remote services. Threat actors are using artificial intelligence at an increased rate to generate targeted and sophisticated phishing campaigns and launch successful, profitable ransomware attacks. They also exploited vulnerabilities to infiltrate systems and networks, as predicted in the mass exploitation of technologies supporting hybrid and remote work and enterprise third-party file transfer solutions, such as virtual private networks (VPNs), cloud-based storage, and multi-factor authentication (MFA) tools. |
An example of an initial attack vector in ransomware incidents reported to the NJCCIC was unauthorized remote login access via a VPN service. One of the tactics used was MFA prompt bombing , in which threat actors obtained account credentials and attempted to log in multiple times. They sent an overwhelming number of MFA authentication requests, hoping that the target would be distracted and unintentionally provide access or eventually give in due to fatigue and approve the request. The target could refrain from resisting temptation and approving the multiple notifications. This observed tactic has recently evolved into the threat actors calling the target from a spoofed support number to convince them to initiate a password reset and divulge the one-time password reset code. |
Once threat actors gained unauthorized access, they infiltrated the target organization, gained access to internal systems, and moved laterally to other critical systems. Once data was exfiltrated, they encrypted systems and servers, shutting down access to critical services and files containing personally identifiable information (PII) and financial information. Additionally, the ransomware incidents affected onsite backups; therefore, victim organizations had to resort to offsite backups, if available and viable for restoration. |
Ransomware remains a prevalent threat as extortion tactics continue and evolve to pressure victim organizations to pay the ransom. Threat actors used extortion tactics, such as denying access to encrypted files, stealing data, and threatening a data breach by posting on public ransomware leak sites or releasing the stolen data to regulators, clients, or patients. The additional tactic of swatting to pressure the victim organization into paying the ransom and gaining media coverage raises public safety concerns. |
Register now: Embracing AI-powered tools to maximize productivity
AI is changing the modern workplace at an unprecedented pace. Adopting AI-powered tools across your organization can supercharge productivity and creativity. Secure and responsible generative AI solutions, such as Copilot for Microsoft 365, elevate your AI investment with real gains in efficiency and innovation. This essential AI companion works across your data estate to deliver undeniable value—70% of early adopters said they were more productive, and 68% reported that it improved the quality of their work.1 Join Microsoft leaders and executives as they discuss how AI can advance your journey to a high-powered organization. Explore how you can: Jump-start the AI transformation with data security and compliance Enhance communication and collaboration with AI-powered tools Adopt and measure your AI transformation Register now to learn how secure and responsible AI can transform your organization. 1 “Work Trend Index Special Report: What Can Copilot’s Earliest Users Teach Us About Generative AI at Work?,” Microsoft, November 2023. |
The AI Advantage: Maximizing Productivity in the Modern Workplace |
Register now > |
Google’s New Generative AI Search Results Lead to Scam Websites
Search Generative Experience (SGE) is Google’s upcoming generative artificial intelligence (AI) search feature. Google first allowed users to opt into the Google SGE results in May 2023. Google recently began rolling out this feature to a small sample of random users who have not yet opted in. Selected users will see a brief AI-created overview above the Google search engine results. The “Ask a follow up” box allows users to add more details or ask follow-up questions. |
However, users are urged to exercise caution with AI-generated responses, as researchers identified that Google’s SGE results may lead to scam sites. The listed websites promoted by SGE used the .online Top-Level Domain (TLD), identical HTML templates, and the same sites to perform redirects indicating that they are likely part of the same search engine optimization (SEO) poisoning campaign. Upon clicking one of the listed websites in the search results, users may undergo a series of redirects until they reach a scam site. These scam sites often host fake CAPTCHAs or fraudulent YouTube sites that push a request to subscribe to browser notifications. Scammers use browser notifications to send unwanted advertisements directly to the operating system’s desktop, even after the website in the browser has been closed. Once subscribed, these spam advertisements redirect users to fake giveaways, unwanted browser extensions, spam subscriptions, and tech support scams. |
SMS Text Phishing
Threat actors continue to use SMS text messages in phishing campaigns to steal users’ personal data, account information, and funds. SMS-based phishing (SMiShing) may be more effective than email phishing as these messages are viewed on a mobile device, making it more difficult for users to identify potentially malicious communications. This threat is compounded by businesses and organizations’ legitimate use of text messages for notification and outreach purposes. Users may also be fatigued by the number of text messages they receive and act on a message by clicking a link or responding impulsively. |
SMiShing messages typically claim to come from a well-known business or organization – such as Amazon, FedEx, UPS, Netflix, or the IRS – and request that the recipient click on a link, often to access a promotion, obtain information about a package delivery, or address a problem with their account. Links may be included within these messages that, if clicked, lead to fraudulent websites that capture user credentials, steal funds, or deliver malware (image 1). These messages may also request sensitive information from the user that could facilitate identity theft or account compromise. |
Image 1 |
There has been a recent increase in other SMiShing campaigns in which a user receives a text message from an unrecognized number that contains verbiage similar to “Hey! How have you been?” The threat actors behind these campaigns seek to garner a response from the recipient. Responding may lead to a conversation in which the user is lured into a scam, such as a gift card scam (image 2), or the threat actor may simply be attempting to confirm that the phone number is active. Attempts to garner a response from the user are also used in bank impersonation campaigns, coercing the user to reply to avoid fraudulent activity on their account without requesting information or prompting them to click on a link (image 3). |
What’s new about the NIST 2.0 Cybersecurity Framework Zoom Meeting
Are you curious about what’s new about the NIST 2.0 Cybersecurity Framework? This Thursday, learn from ISC2 New Jersey Chapter‘s Master Cybersecurity Trainer, Jay Ferron about the improvements that have been made to the framework. I’ll also have the opportunity to interview Jay about his fascinating career and how he played a major part in the 9/11 recovery effort.
Click on the link below to register and hope to see you there!
As usual, newcomers can register for free.
Microsoft.Source Newsletter | Issue 57
Microsoft.Source Newsletter | Issue 57 See the latest ideas and projects from the global developer community. If someone forwarded you this newsletter and you want to receive future issues, sign up. This month’s Microsoft.Source delves into the synergy between open-source software (OSS) and Microsoft technologies. Resources Learn new skills with step-by-step guidance, learning paths and modules. |
Featured Explore Azure OpenAI Service Updates in Detail > Create advanced Copilot experiences using the Assistants API preview. Discover new models for GPT-4 Turbo (preview), GPT-3.5 Turbo, fine-tuning, and text-to-speech. |
What’s New Microsoft and Open-Source Software > Discover Microsoft technologies that are open source, check out repos on GitHub, and learn about tools you can use for your own open-source projects. (in English) How to deploy Mistral models with Azure AI Studio > Microsoft is partnering with Mistral AI to bring its Large Language Models to Azure. Mistral AI offers two categories of models in Azure Machine Learning studio. Python in Visual Studio Code – March 2024 Release > See what’s included in the March 2024 release of the Python and Jupyter extensions for Visual Studio Code. (in English) |
Events See local events > Microsoft Build / May 21 – 23 / Seattle > Learn from experts, get hands-on with AI, and make connections with peers, Microsoft engineers, and industry leaders. Open Source Summit / April 16 – 18 / Seattle > Open Source Summit is the premier event for open source developers, technologists, and community leaders to collaborate, share information, solve problems. Getting Started with the Fluent UI Blazor Library / On demand > This Open at Microsoft episode provides an overview of the Fluent UI Blazor library and how to leverage its open-source set of Blazor components. Build Your Own Copilot with Azure AI Studio / On demand > Learn how to use Azure AI studio to create, manage, and deploy AI solutions with Azure OpenAI Service. Architecting IoT applications with .NET and Meadow / On demand > Get your next IoT project started to enable flexible hardware design and platform support, including Meadow Feather, Raspberry Pi and desktop. |
Learning Code Sample: Simple Chat Application using Azure OpenAI > Build a Python Quart microframework app that streams responses from ChatGPT to an HTML/JS frontend using JSON Lines over a ReadableStream interface. Transform your work with Microsoft Copilot > Learn about Microsoft Copilot and find out how to extend it or build your own Copilot experiences with this content on Microsoft Learn. Microsoft Learn AI Skills Challenge > This immersive challenge will help you gain the skills, confidence, and Microsoft Credentials needed to excel in the era of AI. |