![[Available Now!] Book Report: Q3 2024 - GenAI Safety and Security](https://substackcdn.com/image/fetch/w_140,h_140,c_fill,f_webp,q_auto:good,fl_progressive:steep,g_auto/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F789f986a-4e77-4889-8d33-8d82c944c46d_950x707.png)
Highlights:
Microsoft Report: Faces 600M+ attacks daily.
Internet Archive: Suffers third cyberattack in October.
Quantum Computing: Poses threat to RSA encryption.
Wells Fargo: Faces lawsuit over customer data breach.
New York DFS: Issues AI cybersecurity guidance.
Deep Dive:
1. Microsoft 600 million+ cyberattacks daily
Represents July 2023 through June 2024.
2023: 65 trillion → 2024: 78 trillion security signals per day.
1,500 unique threat groups.
Included 600 nation-state threat actor groups, 300 cybercrime groups, 200 influence operations groups, and hundreds of others.
Reassigned 34,000 engineers to security initiatives.
> 99% id attacks is PASSWORD, BREACH & PHISHING.
< 1% is MFA, Post Authentication & compromised infrastructure.
Mitigation: Priority a security-first culture.
Source: Executive Summary/ CISO/ Policy maker
2. Internet Archive's Third Cyberattack in October
Breach on Zendesk email support platform.
800K+ support tickets exposed.
Due to unrotated GitLab authentication tokens.
Mitigation: Rotate API keys and other authentication tokens.
Source: Bleeping Computer / Forbes
3. Quantum Computing Threat to RSA Encryption
Chinese researchers use D-Wave quantum computer.
Attacked structured algorithms (SPN) of AES with 22-bit key.
Also targets Present, Rectangle algorithms, and the Gift-64 block cipher.
Possibly, other public-key and symmetric cryptographic systems.
Mitigation: Explore and implement post-quantum cryptographic solutions.
Source: CSO Online / The Register / Tom's Hardware / Forbes
4. Wells Fargo Class-Action Lawsuit over Data Breach
Lawsuit alleges “preventable hack” exposed customer data.
Includes names, addresses, DOBs, phone numbers, SSNs, bank account details, and more.
Over 100 class members involved.
Mitigation: Implement robust security measures to protect customer data.
Source: The Daily Hodl
5. New York DFS Guidance on AI and Cybersecurity
Outlines risk mitigation related to social engineering, enhanced cyberattacks, data theft, and supply chain vulnerabilities.
Emphasizes risk assessments, TPSP management, access controls, cybersecurity training, and monitoring.
Reinforces existing obligations under the DFS cybersecurity regulation.
Guidance does not impose new requirements.
Notice: the guidance to strengthen cybersecurity defenses related to AI.
Source: DFS / DFS / Bank Info Security
Share this post