Welcome to Episode Six of the "State of Enterprise IT Security" podcast, where host Brad Bussie, Chief Information Security Officer at e360, expertly navigates through pivotal cybersecurity topics shaping today's digital landscape. In this episode, Brad delves into the intricate details of Ivanti's latest response to zero-day vulnerabilities, exposing the underlying complexities and implications for enterprises.
The discussion then shifts to a critical analysis of the ongoing cyber tensions between the US and China, highlighting how these geopolitical dynamics impact American businesses and the global cyber landscape. Furthermore, Brad provides insightful commentary on Congress's cautious yet progressive approach towards integrating AI into legislative processes, a move reflecting the balancing act between technological advancement and security.
This episode serves as a vital resource for technology leaders and cybersecurity enthusiasts seeking to stay ahead in the ever-evolving world of cybersecurity.
[00:00:32] Hey, everybody. I'm Brad Bussie, Chief Information Security Officer here at E360. Thank you for joining me for the State of Enterprise IT Security Edition. This is the show that makes IT security approachable and actionable for technology leaders. I'm happy to bring you three topics this week. The first one is Ivanti patching zero-days and confirming some new exploits.
[00:01:00] Second, the U.S. says that it disrupted a China cyber threat but warns that hackers could still wreak havoc on U.S. businesses. And third, Congress confronts security risks as it seeks to expand its use of AI on what they call the Hill. So, let's get started. The first topic is Ivanti patching a couple of zero-days, but while doing that, they confirmed several new exploits.
[00:01:35] I know a lot of our listeners are Ivanti customers. For those unfamiliar, think of Ivanti as a VPN provider that also offers patching services. Similar to the older Pulse Secure technology, the idea is to establish a virtual private network or to securely patch and deliver software. Vulnerabilities in such services can create significant issues for enterprises.
[00:02:20] Three weeks ago, a digital forensics firm, Volexity, spotted the exploitation. This was linked to a Chinese government-backed APT hacking team, impacting Ivanti's secure access client, remote device management, and remote policy management.
[00:02:49] Interestingly, Ivanti was aware of this before making it public. Initially, it was thought to impact 20 companies, but Mandiant revealed it was a broadly exploited activity, occurring since December 3rd, 2023.
[00:03:21] The main risks included the hacker group installing crypto miners, stealing information, and installing backdoors. The vulnerabilities included ways to bypass authentication and command injection vulnerabilities, among others.
[00:05:36] Fortunately, there are CVEs out for this. If you're using Ivanti, it's crucial to review these CVEs for patching details.
[00:06:00] The second topic is another Chinese cyber threat, this time targeting critical infrastructure like power plants, water treatment, transportation, and communication. This is a strategic move by nation-states like China, as seen in the movie "Leave the World Behind," to destabilize civilian infrastructure as a preparatory or precautionary step towards potential conflict.
[00:07:47] We don't often hear about these national security incidents. The attack group targets smaller systems to mask their activities, forming botnets and spreading malware.
[00:08:21] At home or in corporate networks, basic security measures like changing passwords, using password managers, multi-factor authentication, and keeping systems patched are essential to prevent being part of these botnets. Routers with security suites can also help detect unusual activities.
[00:11:12] Finally, I discussed how Congress is confronting security risks with the expansion of AI use on the Hill, highlighting the differences in approach between the House and Senate. The House is piloting chat GPT for various tasks, while the Senate adopts AI more cautiously and only for research and evaluation purposes.
[00:14:35] An interesting aspect of AI use is the phenomenon of 'hallucinations,' where AI can provide convincingly wrong information, akin to a person misunderstanding a question on a conference call.
[00:17:04] To address these challenges, Congress is building guardrails for AI use. The House Chief Admin Office is expected to unveil a draft policy for AI use across the House in the next few months.
[00:18:08] The Senate is being more cautious, with top cybersecurity officials deeming tools like OpenAI, Chat GPT, Google Bard, and Microsoft Copilot as posing a moderate level of risk if controls are followed.
[00:18:37] Thank you for joining me, and we'll see you next time.