Welcome reader to your Friday CybersecurityHQ report.

Headlines

● The largest cybersecurity threat today comes from synthetic media (so-called deepfakes) generated by AI. This claim comes from a recent cybersecurity bulletin from the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA).

The generative AI market continues to expand, with estimates that it will continue a 35% yearly growth rate into at least 2030. This will make the technology more effective at producing media with the potential to create political and economic destabilization, the report warns. It cites several recent examples, including one from June of this year when a deepfake of Vladimir Putin declaring martial law was broadcast on Russian TV by hackers.

● MGM Resorts in Las Vegas and elsewhere shut down several systems on Monday, including slot machines and ATMs, due to a cybersecurity issue. ALPHV / BlackCat claims to have carried out the attack using social engineering — making a call to the help desk using information from LinkedIn. Reports from resorts run by MGM detailed hotel keys not working, gambling machines down, and more.

Local social media has plenty of speculation about the attack, including that it was ransomware. The FBI is investigating, but they have not released any information so far.

● Multiple tech leaders met with senators on Wednesday to discuss the dangers of unregulated AI. The summit included Elon Musk, Mark Zuckerberg, and Bill Gates, along with more than 60 senators. There appeared to be a broad, bipartisan consensus that some regulatory framework around AI will be important going forward, though nothing specific has been proposed.

Some companies have voluntarily signed to follow AI commitments laid out by the Biden White House. Among the signers are Google, OpenAI, Microsoft, Adobe, IBM, and Nvidia. The commitments include steps to differentiate works created by AI, like watermarking generated content. The White House has also announced that it is developing an executive order to address AI.

Long Read

The automotive industry isn’t ready for a cyberattack. That’s what this long read by Michael Hill for CSO Online dives into as challenges continue to mount for a supply chain woefully under-protected. Apparently, 64% of industry leaders agree that their companies are vulnerable, according to research from Kaspersky.

New regulation (laid out in UN155/156), however, is going to require robust cybersecurity for all new vehicles. These new rules take effect in July 2024. But will the industry be able to meet the deadline?

Cyber Security Career Opportunities

• Technical Program Manager, IT Risk & Compliance

  •  TikTok

  • Full-time

  • San Jose, CA
    

•  Manager, Cybersecurity Governance and Risk leads IT Risk management (ITRM)

  • Relevante, Inc.

  • Full-time

  • Washington, DC
    

•  Senior DevSecOps Engineer

  • Reperio Human Capital

  • Full-time

  • Pennsylvania, PA

For the latest openings in cyber security careers, check CybersecurityHQ.