Cyber Week in Review: June 14, 2024

Apple signs deal with OpenAI to integrate AI into its operating systems

Apple announced a deal this week with OpenAI to integrate AI into Apple’s operating systems for phones and computers. Apple is also rolling out its own AI within the operating system, known as Apple Intelligence, and the new system will integrate OpenAI’s ChatGPT as an additional feature to provide functionality beyond Apple Intelligence. Apple’s operating system will turn to ChatGPT when it is unable to fulfill a given request and will ask users for permission to access the AI before logging the query. Apple Intelligence will allow users to summarize large chunks of text easily, proofread text for tone, and create custom images according to user requests. Apple also touts the data security of its own AI models, with most of the data processing associated with Apple Intelligence done on-device, rather than in an external data center. This feature makes it more difficult for data to be aggregated, because of the lack of a central repository for data that could be accessed by Apple or another actor. For some more complicated queries where ChatGPT is used, devices will send data to external data centers run by OpenAI.

Microsoft and Google announce new program to boost rural hospitals’ cybersecurity

The White House announced that Microsoft and Google will begin providing cybersecurity services to rural hospitals at reduced prices and create a pool of funding that can be used to support migration to more secure software. Google will provide rural hospitals and nonprofit organizations with endpoint security advice at no cost and launch a pilot program to develop a package of security capabilities for certain hospitals based on their needs. Microsoft, on the other hand, will provide discounts of up to 75 percent on security products used by independent critical hospitals, meaning those located more than 35 miles from any other hospital, and rural emergency hospitals. Hospitals have frequently been the target of ransomware groups and other hackers, with Anne Neuberger, deputy national security advisor for cyber and emerging technologies, stating that cyberattacks on the U.S. healthcare system are up nearly 130 percent in 2023.

Chinese cybercrime gang sentenced to prison in Zambia

A court in Zambia handed down several lengthy prison sentences to twenty two Chinese citizens for cybercrimes committed in the country. The gang’s mastermind, Li Xianlin, received an 11 year sentence, and most of the group members were fined between $1500 and $3000 each for their role in the scam. Those arrested were working for a company called Golden Top Support Services, based in Zambia’s capital of Lusaka, and had allegedly recruited a large group of young Zambians who believed they were acting as call center agents, and then used the Zambians to commit various kinds of online fraud and scamming operations. Investigators discovered more than 13,000 SIM cards as part of the investigation, with the scammers using these to mask their location and target victims multiple times. The operation reportedly had a significant reach, targeting not only Zambians, but also residents of Singapore, Peru, the United Arab Emirates, and countries in Africa.

United States widens sanctions on sale of semiconductor chips to Russia

The U.S. government announced on Wednesday that it is expanding its sanctions on the sale of semiconductor chips to Russia, with the goal of limiting the ability of third-party sellers to sell microchips on to Russia. The new sanctions will expand the reach of U.S. export controls beyond just those produced in the United States and will now include those produced or sold abroad under U.S. brand names. The United States will now identify and warn third-party sellers when they are trading U.S.-branded chips with Russia; in a departure from previous practice, the United States will also begin publishing a list that identifies addresses used to ship chips, even if they are not linked to a particular company or individual. The United States imposed drastic sanctions on Russia at the outset of Russia’s invasion of Ukraine, largely choking off its access to advanced microchips used in missiles and other military equipment; however, over the past year, Russia has created broad third-party networks of suppliers for chips and other sanctioned goods, with a heavy reliance on suppliers from China, allowing it to blunt the effectiveness of U.S. export controls. The sanctions also target Russia’s expanding natural gas extraction projects and will prohibit trading for several new projects and seven liquid natural gas tankers being built at the Russian shipyard Zvzeda.

Microsoft President Brad Smith testifies before House Committee on Homeland Security

Microsoft President Brad Smith testified before the House Committee on Homeland Security earlier this week, where lawmakers questioned Microsoftsecurity failures that allowed the Chinese hacking group Storm-0558 to break into the systems of several U.S. government agencies. The U.S. Cyber Safety Review Board (CSRB) released a report last year that attacked Microsoft’s cascade of “unavoidable errors” and faulted the company for failing to develop a process that would automatically rotate cryptographic keys, which could have prevented the attack from taking place originally. At the hearing, representatives questioned Smith over the breaches and Microsoft’s vulnerability-management practices more broadly. Representatives also pressed Smith on why the breach was first identified by the U.S. State Department, and why Microsoft failed to identify the hack originally. Smith said that Microsoft accepts responsibility for the issues in the CSRB report, and promised to take action to apply the CSRB’s recommendations to Microsoft’s operating practices.

The Week in Review will be on hiatus until August 26, and will be replaced with a month-in-review series.