Welcome to Episode Six of the "State of Enterprise IT Security" podcast, where host Brad Bussie, Chief Information Security Officer at e360, expertly navigates through pivotal cybersecurity topics shaping today's digital landscape. In this episode, Brad delves into the intricate details of Ivanti's latest response to zero-day vulnerabilities, exposing the underlying complexities and implications for enterprises.
The discussion then shifts to a critical analysis of the ongoing cyber tensions between the US and China, highlighting how these geopolitical dynamics impact American businesses and the global cyber landscape. Furthermore, Brad provides insightful commentary on Congress's cautious yet progressive approach towards integrating AI into legislative processes, a move reflecting the balancing act between technological advancement and security.
This episode serves as a vital resource for technology leaders and cybersecurity enthusiasts seeking to stay ahead in the ever-evolving world of cybersecurity.
Listen to the Episode:
Watch the Episode:
Key Topics Covered:
- Ivanti's response to zero-day vulnerabilities and new exploits
- The U.S. government's disruption of a China cyber threat and its potential impact on American businesses
- Congress's approach to confronting security risks associated with expanding AI use on the Hill
- Discussion on how small offices, home businesses, and routers can be targeted by cyber threats
- Importance of basic cybersecurity measures like password management and system updates
- The phenomenon of AI 'hallucinations' and the risks of misinformation
- Development of AI usage policies by Congress, focusing on the House and Senate's approaches
- Ivanti's patching of zero-days and new exploits: Security Week Article
- U.S. disruption of a Chinese cyber threat: Security Week Article
- Congress and AI security: Politico Article
- Digital forensics firm Volexity: Volexity
- Ivanti: Ivanti
- Mandiant's insights on cybersecurity: Mandiant
- Vigilance in cybersecurity is critical, especially concerning zero-day vulnerabilities in enterprise systems
- Global cybersecurity dynamics are increasingly affected by geopolitical tensions, necessitating national cybersecurity measures
- AI integration in government systems must balance innovation with security risks
- Small systems and home networks are increasingly targeted, underlining the importance of fundamental cybersecurity practices
- AI can sometimes provide misleading information, highlighting the need for critical evaluation of AI-generated data
- Government bodies, like Congress, are actively developing policies to manage the risks and benefits of AI in their operations
Read the Transcript:
[00:00:32] Hey, everybody. I'm Brad Bussie, Chief Information Security Officer here at E360. Thank you for joining me for the State of Enterprise IT Security Edition. This is the show that makes IT security approachable and actionable for technology leaders. I'm happy to bring you three topics this week. The first one is Ivanti patching zero-days and confirming some new exploits.
[00:01:00] Second, the U.S. says that it disrupted a China cyber threat but warns that hackers could still wreak havoc on U.S. businesses. And third, Congress confronts security risks as it seeks to expand its use of AI on what they call the Hill. So, let's get started. The first topic is Ivanti patching a couple of zero-days, but while doing that, they confirmed several new exploits.
[00:01:35] I know a lot of our listeners are Ivanti customers. For those unfamiliar, think of Ivanti as a VPN provider that also offers patching services. Similar to the older Pulse Secure technology, the idea is to establish a virtual private network or to securely patch and deliver software. Vulnerabilities in such services can create significant issues for enterprises.
[00:02:20] Three weeks ago, a digital forensics firm, Volexity, spotted the exploitation. This was linked to a Chinese government-backed APT hacking team, impacting Ivanti's secure access client, remote device management, and remote policy management.
[00:02:49] Interestingly, Ivanti was aware of this before making it public. Initially, it was thought to impact 20 companies, but Mandiant revealed it was a broadly exploited activity, occurring since December 3rd, 2023.
[00:03:21] The main risks included the hacker group installing crypto miners, stealing information, and installing backdoors. The vulnerabilities included ways to bypass authentication and command injection vulnerabilities, among others.
[00:05:36] Fortunately, there are CVEs out for this. If you're using Ivanti, it's crucial to review these CVEs for patching details.
[00:06:00] The second topic is another Chinese cyber threat, this time targeting critical infrastructure like power plants, water treatment, transportation, and communication. This is a strategic move by nation-states like China, as seen in the movie "Leave the World Behind," to destabilize civilian infrastructure as a preparatory or precautionary step towards potential conflict.
[00:07:47] We don't often hear about these national security incidents. The attack group targets smaller systems to mask their activities, forming botnets and spreading malware.
[00:08:21] At home or in corporate networks, basic security measures like changing passwords, using password managers, multi-factor authentication, and keeping systems patched are essential to prevent being part of these botnets. Routers with security suites can also help detect unusual activities.
[00:11:12] Finally, I discussed how Congress is confronting security risks with the expansion of AI use on the Hill, highlighting the differences in approach between the House and Senate. The House is piloting chat GPT for various tasks, while the Senate adopts AI more cautiously and only for research and evaluation purposes.
[00:14:35] An interesting aspect of AI use is the phenomenon of 'hallucinations,' where AI can provide convincingly wrong information, akin to a person misunderstanding a question on a conference call.
[00:17:04] To address these challenges, Congress is building guardrails for AI use. The House Chief Admin Office is expected to unveil a draft policy for AI use across the House in the next few months.
[00:18:08] The Senate is being more cautious, with top cybersecurity officials deeming tools like OpenAI, Chat GPT, Google Bard, and Microsoft Copilot as posing a moderate level of risk if controls are followed.
[00:18:37] Thank you for joining me, and we'll see you next time.