As part of the Biden administration's efforts to combat mounting cybersecurity threats from artificial intelligence, the Cybersecurity and Infrastructure Security Agency's Joint Cyber Defense Collaborative oversaw the first-ever tabletop exercise for the emerging technology conducted alongside dozens of AI experts and international cyber defense agencies, according to CyberScoop.
Tackled in the four-hour exercise were the elements of AI-enabled and AI-related cybersecurity incidents, as well as necessary information sharing techniques, and improved industry-government coordination in such threats, according to JCDC Associate Director Clayton Romans, who added that the exercise will be included in CISA's AI security incident collaboration playbook that is expected to be unveiled by the end of the year.
"We are using this exercise now to lay that groundwork for how we're going to collaborate together across these key companies, likely future key companies, and our very close and significant U.S. government partners who all have a role to play in this space," said Romans.
Intrusions involved alterations of the WordPress plugin WooCommerce's checkout PHP file to enable staging of an HTML style sheet-emulating PHP script, which then allows retrieval of the credit card skimmer.
Intrusions with Snowblind involved the injection of a seccomp filter to intercept system calls, as well as a SIGSYS signal handler to direct anti-tampering code to unchanged APK versions allowing the deactivation of several app security features.
Attacks aimed at up to 30 organizations in Europe and the Americas, particularly the U.S. manufacturing industry, have been linked to Chinese hacking group APT41 and North Korean state-backed advanced persistent threat operation Andariel