Get a demo

TikTok ban, CISA's ransomware action and more: first officer's blog - week 43

A renewed effort at a TikTok ban, CISA gets proactive about ransomware, and more. Here are the latest stories from the world of cyber risk.

Mike Parkin | March 20, 2023

First Officer’s log, Terrestrial date, 20230320. Officer of the Deck reporting. 

We remained in orbit around [REDACTED] for the duration of the conference, recovering the delegates for their trip home after the final sessions and giving the diplomats some time to make their farewells and whatever other professional niceties were required by their roles. Unfortunately, at least as far as our crew was concerned, the band would not be accompanying us on the return voyage, as they had another engagement after the conference and would then be traveling to other worlds on their tour. 

With the delegates aboard, the [REDACTED] broke orbit and set course for their world of origin at normal cruise warp. Surprisingly, the leader of the group apologized to the captain and senior officers for being somewhat aloof on the trip out, attributing it to the stress of a formal conference and some vague issue with the delegation. Couched in subtle diplomatic language, the underlying message of “we thought we were getting to ride on a ship of the line, and we’re sorry for being jerks about it” came through. 

This set a good tone for the trip back to [REDACTED], though it was not meant to be. 

A day into the trip, our communication officer received what sounded like a distress call on one of the standard subspace channels. Though they initially seemed more confused by it than concerned. Confused enough to play the voice channel aloud for the bridge crew when the captain asked them to elaborate, as there was no accompanying visual. 

First voice: “Hello, dear.” This message may be a surprise. But we need help.” 

Second voice: “Yes, dear.” We need help.” 

First voice: “Our ship is broken.” We want you to come help us.” 

Second voice: “Yes, broken. “Come help us.” 

First voice: “Shush.” They can hear you.” 

Second voice: “Yes, they can hear me.” 

Incoherent sounds like someone getting smacked, followed by a pause, then the first voice again. 

Come help. “You are our only hope.” 

Comms looked at the captain, who shook his head and ordered the ship to Yellow Alert and had the helm set course for the apparent distress call. 

Don’t need to say it. Know it’s suspicious. But Federation regulations require us to respond. But they don’t require us to respond unprepared.” 

We notified the diplomatic team there might be some delay in getting them home and set maximum warp toward the distress signal. 

So we’re still ticking and tocking? 

What happened 

The Biden Administration has lent its support to a bipartisan effort called the RESTRICT act, which while not directly targeting the popular social media app TikTok, would effectively ban it. The act calls for a review of several technologies and could result in their being banned on national security grounds. It is likely that TikTok would be one of the first, and arguably the highest profile, to be subject to this scrutiny. 

Why it matters 

From a cyber security perspective, social media in general can be problematic. Whether it’s attackers going after social media sites to snag user data, or using them to spread misinformation, disinformation, social or political agendas, or even malware, social media platforms have been at the center of a lot of controversies for longer than some realize. From a national security perspective, politicians understandably don’t want to have these powerful platforms under the control of foreign powers who might not have “our” best interests at heart. 

And to be sure, that statement can apply to any government, anywhere in the world, when they’re looking at highly influential platforms that someone else controls. No government wants its people manipulated by foreign powers—even when they are doing the exact same thing. 

From a general user perspective, it can be hard to understand what all the fuss is about. But for government and civil organizations, it’s really easy to justify not wanting social media applications loose in their environments without some kind of control. 

What they said 

While a punchy reaction video might be more appropriate for a story about a TikTok ban, here’s some of the more traditional attention this is getting. 

The ChatGPT saga continues 

What happened 

As ongoing articles and discussions attest, OpenAI’s ChatGPT is still attracting a great deal of attention in the media and cyber security circles. Some of these concerns are genuine, especially in the areas of social engineering and other communication where a natural language model can be effective. While some are overblown or give more credit to ChatGPT’s coding abilities than it deserves. 

Why it matters 

Whether we like it or not, artificial intelligence is here to stay. OpenAI’s release of GPT-4 on March 14th is just another step in this advancement. The new version already appears to be a dramatic improvement over its predecessor, which means we’re going to see even more advanced social engineering efforts built from it, and possibly better code as well. 

Where will it all stop? No idea. While the worst-case scenario could be pretty grim, the reality will probably be much less so. Regardless, organizations need to take recent developments in AI technology into account when planning their cybersecurity posture and allocating budgets. 

What they said 

There’s plenty of (human-written) coverage about this one. 

CISA gets proactive against ransomware 

What happened 

In late January 2023, the Cybersecurity & Infrastructure Security Agency (CISA) started the Ransomware Vulnerability Warning Pilot Program (RVWP) as required by the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) in 2022. The pilot project is the start of CISA’s efforts to proactively address vulnerable systems in critical infrastructure. 

Why it matters 

Threat actors have been targeting critical infrastructure for a while and this effort to get ahead of the problem is probably overdue. Considering the geopolitical situation over the last few years, especially after Russia’s invasion of Ukraine last year, we can only expect the situation to get worse. While critical infrastructure is an inviting target for rival nation states, it doesn’t even count the threat actors with purely criminal goals. 

The RVWP program’s focus on ransomware rather than spyware, RATs, or other malware, indicates that CISA considers criminal actors a major threat here, or at least expects State or State Sponsored threats to borrow heavily from the cyber criminals’ playbooks. 

Regardless of the focus, we can hope this pilot project is successful in reducing the threat surface on critical infrastructure. 

What they said 

We actually wrote up our own take on this. Take a look.


Want to get ahead of the stories?


Free for risk owners

Set up in minutes to aggregate and prioritize cyber risk across all your assets and attack vectors.

"Idea for an overwhelmed secops/security team".

Name Namerson
Head of Cyber Security Strategy