Jörg Abraham
November 7, 2023

Navigating Cyber Challenges: Biden's AI Executive Order, Ransomware Attack on German Municipalities

Blog

tap 21 - 2023

President Biden Signs Executive Order to Enhance AI Safety And Security in The US   

On October 30, 2023, President Biden issued an Executive Order (EO) [1] focusing on the safe, secure, and trustworthy development and use of Artificial Intelligence (AI). The EO charges multiple US agencies with producing guidelines and taking actions to advance the safe and secure development and use of Artificial Intelligence.  

President Biden's Executive Order sets forth a comprehensive framework for AI, focusing on establishing new safety and security standards, enhancing privacy protections, and promoting equity and civil rights. It aims to safeguard consumers, patients, and students, support workers against AI disruption, and drive innovation and competition within the industry. The order reinforces America's global leadership in AI and mandates responsible adoption of AI technologies across government agencies. 

The order comprises directives for various agencies and organizations to conduct research or formulate more comprehensive guidelines. An obligation that likely has immediate impact on the AI industry is a set of requirements for AI developing companies or companies that intend to develop dual-use foundation models. These businesses will be required to disclose their AI development strategies to the U.S. authorities, along with protective steps they have implemented - encompassing both digital and physical security - to safeguard their AI systems, as well as any outcomes from safety evaluations conducted. The EO does not, however, specify the consequences for a company that discloses its model and might be hazardous. The EO is not a law, hence does not govern AI. The US congress holds hearings with experts to create legislation for putting up AI guardrails.  

The EO order is the beginning of a long international process to govern the use of AI. It complements international efforts through the G7 Hiroshima Process [2] aimed at mitigating risk of AI while also harnessing its potential. The suggested code of conduct, which is voluntary, is poised to become a significant reference point for the way prominent nations oversee AI, with the backdrop of data privacy and security risks. 

In the European Union talks for an AI Act are underway with EU countries in the Council. [3] The aim is to reach an agreement by the end of this year.  

BiBi-Linux Wiper Targets Israeli Infrastructure Amidst Hamas Conflict        

Security Joes Incident Response team has identified a new type of malware known as the BiBi-Linux Wiper that primarily primary targets Israeli companies and potentially other entities associated with Israel.[4] The malware appears politically motivated and is not intended for financial gain, but for data destruction and causing operational disruption.  

It is almost certain that a pro-Hamas hacktivist group deployed the wiper. The political undertones of the malware, including the use of the Israeli Prime Minister's nickname (bibi), strongly suggest that it is part of the cyber operation associated with the ongoing war between Israel and Hamas. It represents an extension of physical warfare into the digital domain, aiming to weaken the adversary by disrupting IT infrastructure and sowing chaos. 

Previous cyberattacks that have been attributed to Hamas reveal a pattern of cyber warfare aimed at Israeli infrastructure. This new malware is consistent with these tactics, aiming to damage and disrupt Israeli companies during times of conflict. 

BiBi-Linux Wiper is designed to target Linux systems and can cause damage by overwriting data with random information, which renders the affected files unusable. It operates by corrupting files rapidly using multiple threads, and it can potentially wipe out an entire operating system if it gains root access.
 

German Municipal IT Provider Hit by Ransomware, Affecting Dozens of Local Administrations   

On October 30, Südwestfalen-IT (SIT), a German local municipalities IT provider, experienced a ransomware attack that affected the operational capabilities of seventy-two local administrations.[5], [6] SIT identified encrypted data on its server that indicated unauthorized external access to its IT systems overnight from Sunday to Monday.  

According to a statement on a temporary SIT website, the cyber-attack severely limited operations of local government services, impacting city's finances, residents, cemeteries, and registry offices. Some cities' internal and external communication, including email and phone services, had been rendered nonfunctional. To stop the proliferation of the ransomware, the company limited access to its infrastructure for more than seventy municipalities located in the western German state of North Rhine-Westphalia. 

SIT is in contact with the State Criminal Police (LKA), the Federal Office for Information Security (BSI), and external security service providers to determine the origin and assess the extent of the cyberattack.  
   

Structured Data

Find the Analyst Prompt and earlier editions in our public TAXII collection for easy use in your security stack: https://cti.eclecticiq.com/taxii/discovery.

Please refer to our support page for guidance on how to access the feeds.

About EclecticIQ Intelligence and Research

EclecticIQ is a global provider of threat intelligence, hunting and response technology and services. Headquartered in Amsterdam, the EclecticIQ Intelligence and Research team is made up of experts from Europe and the U.S. with decades of experience in cyber security and intelligence in industry and government.

We would love to hear from you. Please send us your feedback by emailing us at research@eclecticiq.com or fill in the EclecticIQ Audience Interest Survey to drive our research toward your priority area.

You might also be interested in:

Cisco IOS XE Web UI Privilege Escalation Vulnerability; Sandworm Targets Ukrainian Telecom

Johnson Controls Ransomware Attack; McLaren Health Care Data Breach; Unpatched Exim Vulnerability; Lazarus LinkedIn Attack; NATO Cyber Breach 

Chinese State-Sponsored Cyber Espionage Activity Targeting Semiconductor Industry in East Asia

Appendix

[1] T. W. House, “Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence,” The White House. Accessed: Nov. 02, 2023. [Online]. Available: https://www.whitehouse.gov/briefing-room/presidential-actions/2023/10/30/executive-order-on-the-safe-secure-and-trustworthy-development-and-use-of-artificial-intelligence/  

[2] “G7 Leaders’ Statement on the Hiroshima AI Process | Shaping Europe’s digital future.” Accessed: Nov. 01, 2023. [Online]. Available: https://digital-strategy.ec.europa.eu/en/library/g7-leaders-statement-hiroshima-ai-process  

[3] “EU AI Act: first regulation on artificial intelligence | News | European Parliament.” Accessed: Nov. 01, 2023. [Online]. Available: https://www.europarl.europa.eu/news/en/headlines/society/20230601STO93804/eu-ai-act-first-regulation-on-artificial-intelligence  

[4] S. Joes, “BiBi-Linux: A New Wiper Dropped By Pro-Hamas Hacktivist Group,” Security Joes. Accessed: Nov. 02, 2023. [Online]. Available: https://www.securityjoes.com/post/bibi-linux-a-new-wiper-dropped-by-pro-hamas-hacktivist-group  

[5] “Südwestfalen-IT.” Accessed: Nov. 02, 2023. [Online]. Available: https://www.sit.nrw/  

[6] “Cyberattacke: Stadtverwaltungen Wermelskirchen, Burscheid und Hückeswagen offline,” https://www.rga.de. Accessed: Nov. 02, 2023. [Online]. Available: https://www.rga.de/lokales/wermelskirchen/cyberangriff-stadtverwaltung-wermelskirchen-nicht-erreichbar-92644731.html  

Talk to one of our experts

Protect your organization with cutting-edge threat intelligence. Book your free demo today and explore how our products and services can help you meet your security needs.
Book a call
cta-footer
Book a demo