News Items

According to technical evidence reviewed by Reuters and an analysis conducted by security researchers, an elite group of North Korean (DPRK) hackers infiltrated the computer networks of a Russian missile developer for at least five months in 2022. Reuters discovered that cyber espionage teams with ties to the North Korean government, known as ScarCruft and Lazarus among security researchers, secretly installed stealthy digital backdoors into the systems of NPO Mashinostroyeniya, a rocket design bureau based in Reutov, which is a small town on the outskirts of Moscow. Reuters could not confirm whether any data was taken or what information may have been viewed during the breach. In the months following the digital break-in, Pyongyang announced several developments in its banned ballistic missile program, but it is unclear if this was linked to the breach. According to experts, the incident demonstrates that the isolated country will even target its allies, such as Russia, to acquire critical technologies. This article continues to discuss the breach of a major Russian missile developer by the Lazarus hacking group.

Cybernews reports "Lazarus Hack Russian Missile Maker as Moscow Pleas for Shells"

Researchers at Horizon3.ai have published information about CVE-2023-39143, two vulnerabilities in PaperCut application servers that unauthenticated attackers could exploit to execute code remotely. It is not a "one-shot" Remote Code Execution (RCE) bug, unlike the PaperCut vulnerability, tracked as CVE-2023-27350, recently exploited by Clop and LockBit ransomware affiliates. Researchers noted that CVE-2023-39143 is more difficult to exploit because multiple vulnerabilities must be chained together to compromise a server. PaperCut NG and MF are popular print management server software solutions. PaperCut NG and MF versions released before v22.1.3 contain the path traversal vulnerabilities (CVE-2023-39143) that could be exploited to read, delete, and upload arbitrary files to a vulnerable application server. This article continues to discuss the bug fixed by PaperCut.

Help Net Security reports "PaperCut Fixes Bug That Can Lead To RCE"

A group of researchers has developed a "deep learning-based acoustic side-channel attack" that is 95 percent accurate in classifying laptop keystrokes recorded by a nearby phone. According to the researchers Joshua Harrison, Ehsan Toreini, and Maryam Mehrnezhad, when trained on keystrokes recorded with the video conferencing software Zoom, an accuracy of 93 percent was reached, a new record for the medium. Side-channel attacks are a class of security exploits aimed at gaining information from a system by monitoring and measuring its physical effects while processing sensitive data. Typical observable effects include runtime behavior, power consumption, electromagnetic radiation, acoustics, and cache accesses. To execute the attack, the researchers first conducted experiments with 36 of the Apple MacBook Pro's keys (0-9, a-z), pressing each key 25 times in a row, varying in pressure and finger. The next step involved isolating the individual keystrokes and converting them into a mel-spectrogram, on which a deep learning model called CoAtNet was run to classify the keystroke images. This article continues to discuss the deep learning-based acoustic side-channel attack.

THN reports "New 'Deep Learning Attack' Deciphers Laptop Keystrokes with 95% Accuracy"

Rapid7 researchers warn that the secondary market sale of decommissioned medical infusion pumps may result in the exposure of Wi-Fi configuration settings. Most medical infusion pumps purchased from secondary market services such as eBay contained wireless authentication data from the initial medical organization that deployed the devices. The researchers analyzed three different infusion pump models: the Alaris PC 8015, the Baxter Sigma Spectrum model 35700BAX2, and the Hospira Abbott PLUM A+ with MedNet. They analyzed 13 infusion pumps that are still in use in many medical facilities worldwide despite no longer being manufactured. Sensitive data was gathered by analyzing the content of compact flash cards, capturing serial communication while using the product's maintenance software serial communication, and physically removing and extracting data from the flash memory chip on the main circuit boards. Researchers retrieved hostnames with domain information, AES keys for encryption, SSIDs, Wi-Fi Pre Shared Keys (PSK) passphrases in clear text, Microsoft Active Directory authentication credentials, and Wi-Fi configuration settings. This article continues to discuss the security risks posed by decommissioned medical infusion pumps sold via the secondary market.

Security Affairs reports "Decommissioned Medical Infusion Pumps Sold on Secondary Market Could Reveal Wi-Fi Configuration Settings"

A survey of over 2,300 self-identified technologists from 90 countries reveals a lack of cybersecurity knowledge. In April and May, on behalf of RSA Security, a series of fact-based questions were posed, such as the most common cause of data breaches and how to implement a zero-trust strategy. The results were recently released as part of the RSA ID IQ report, as most of the questions dealt with identity-related issues. Fewer than 10 percent of respondents answered the majority of questions correctly, while nearly 50 percent answered at least half of the questions incorrectly. Two-thirds of the self-proclaimed experts in identity management did not choose the best practices for phishing prevention. This article continues to discuss key findings from the survey on cybersecurity knowledge.

SiliconANGLE reports "Many Tech Experts Fail a Test of Their Cybersecurity Knowledge"

Due to increased public reporting by security researchers and technology companies such as Microsoft and Google, a Russia-based hacking group connected to previous attacks on governments is shifting tactics. According to a report from Recorded Future, since March 2023, the group tracked as BlueCharlie, has established new infrastructure to launch attacks against various targets. BlueCharlie aims to collect information, steal credentials, and conduct hack-and-leak operations against Ukraine and North Atlantic Treaty Organization (NATO) nations. Several companies track the group as Calisto, COLDRIVER, or Star Blizzard/SEABORGIUM. It has previously targeted different government, higher education, defense, and political sector organizations, as well as non-governmental organizations (NGOs), activists, journalists, think tanks, and national laboratories. Recorded Future's Insikt Group could not determine who was targeted in this campaign but said they have observed it register 94 new domains as part of its new infrastructure building. According to the researchers, several tactics, techniques, and procedures (TTPs) observed in BlueCharlie's current operation deviate from previous activity, suggesting that the group is evolving its operations in response to public disclosures of its activities. This article continues to discuss recent findings and observations regarding BlueCharlie.

The Record reports "Russia-Based Hackers Building New Attack Infrastructure to Stay Ahead of Public Reporting"

According to a new report, cyberattacks against government agencies and the public sector have increased alarmingly over the past few months, as threat actors deployed various novel malware campaigns targeting financial institutions, healthcare services, and critical infrastructure industries. Blackberry's quarterly Global Threat Intelligence report reveals a 40 percent rise in attacks against government agencies and the public sector between March and May, as well as a 13 percent increase in novel malware samples. Blackberry's vice president of threat research and intelligence, Ismael Valenzuela, noted that these organizations struggle to defend against the threat posed by nation-states and cybercriminals due to limited resources and immature cyber defense programs. The report described the increase in attacks against the public sector as a "sudden surge" partly attributed to "extremely active" state-sponsored threat actors linked to Russia and North Korea. These actors primarily target government agencies, military organizations, businesses, and financial institutions in the US, Europe, and South Korea. In addition, they frequently modify their methods to make their attacks more difficult to detect and defend against. The growth in cyberattacks against US institutions coincides with recent high-profile breaches affecting multiple federal agencies. This article continues to discuss the rise in cyberattacks targeting government agencies and the public sector.

NextGov reports "Report Reveals 'Sudden Surge' in Cyberattacks Targeting Government Agencies"

President Biden issued the National Cybersecurity Strategy in March, outlining a clear and imperative path for the US. As the nation's Cyber Defense Agency, the Cybersecurity and Infrastructure Security Agency (CISA) plays a pivotal role in advancing toward a future in which robust collaboration is the norm and the responsibility for more effective and equitable cybersecurity is rebalanced. CISA has released its Cybersecurity Strategic Plan for FY2024-2026 to assure accelerated progress toward this vision. The plan is centered on three goals: addressing immediate threats, hardening the environment, and driving security at scale. CISA will collaborate with partners to gain visibility into the breadth of intrusions targeting the US, enable the disruption of threat actor campaigns, ensure adversaries are quickly evicted when intrusions occur, and expedite the mitigation of exploitable conditions that adversaries repeatedly exploit. This article continues to discuss the CISA Cybersecurity Strategic Plan.

CISA reports "CISA Cybersecurity Strategic Plan: Shifting the Arc of National Risk to Create a Safer Future"

Central Processing Units (CPUs) are designed to run multiple applications simultaneously, which is advantageous for productivity, but poses a security risk. By analyzing the processor's energy consumption, researchers at TU Graz and the Helmholtz Center for Information Security have discovered a novel technique named "Collide+Power" that enables attackers to read data from the memory of CPUs. The adversary stores a data package on a CPU segment in this attack. In the second phase, malicious code causes the attacker's data to be overwritten with the targeted data. This overwriting consumes power, and the greater the difference between the two data packages, the more power is consumed. The process is repeated thousands of times, each time with minimally different attacker data packages to be overwritten. The targeted data package can be derived from the variations in power consumption that occur throughout this process. This article continues to discuss the novel security gap in all common CPUs that is difficult to mitigate.

Graz University of Technology reports "CPU Security Loophole: Analysis of Energy Consumption Allows Data Theft"

California has enacted a new online privacy icon designed to give users greater authority over their personal information. Researchers from the University of Michigan's School of Information (UMSI) led the research to create the icon, simplifying consumers' privacy choices. According to Florian Schaub, associate professor of information at the University of Michigan, consolidation was found to be the most important aspect of the design when testing different styles of icons to get consumers' reactions. One link is the most effective and easy-to-understand alternative to multiple links for different aspects of a privacy policy. Implementing clear opt-out options and concrete privacy choices will benefit consumers by easing their control over their personal data. Schaub, Yixin Zou, a former doctoral candidate at UMSI, as well as researchers from Carnegie Mellon University and Fordham University collaborated with the California attorney general's office to research the misconceptions some users had about different privacy icons. They conducted multiple rounds of research and testing to eliminate misconceptions and ensure that the icon effectively conveys the essence of privacy options. This article continues to discuss the new California privacy choice icon.

The University of Michigan reports "U-M Researchers Play Role in Creating New California Privacy Choice Icon"

Hacktivist groups that operate for political or ideological reasons use various strategies to finance their operations. Although hacktivism appears to be about inflicting service disruption through Distributed Denial-of-Service (DDoS) attacks or reputational damage through data leaks, the modus operandi of these threat groups spans a larger array of operations, including common cybercrime strategies, according to the cyber intelligence company KELA. These tactics include stealing and selling data, selling malware and botnet licenses, demanding ransom from victims, and even offering hack-for-hire services that target non-political entities. For example, the pro-Russia hacktivist group KillNet promoted a botnet-for-hire in November 2021, but their monetization methods grew significantly in 2023. KillNet introduced a hack-for-hire service in March 2023, a new DDoS-for-hire service in July 2023, and a 'Dark School' training program in May 2023, selling nine hacking courses to hackers. This article continues to discuss the different ways in which hacktivists fund their operations.

Bleeping Computer reports "Hacktivists Fund Their Operations Using Common Cybercrime Tactics"

The Cybersecurity and Infrastructure Security Agency (CISA) is calling for improved security for Unified Extensible Firmware Interface (UEFI) update mechanisms in the wake of the debacle that has been mitigating the BlackLotus bootkit. CISA urges the computer industry to adopt a secure-by-design approach to improve the overall security of UEFI, which is the firmware responsible for a system's boot-up routine. It comprises several components: security and platform initializers, drivers, bootloaders, and a power management interface. According to Jonathan Spring, senior technical advisor at CISA, secure-by-design is about having the companies that create the software take responsibility for the security, which includes the update pathways. Threat actors can gain a high level of persistence on a device if UEFI is loaded with malicious code. That code will launch before the operating system or any security software, making it invisible to most incident response strategies and operating system-level defenses, as well as resistant to system reboots. This article continues to discuss the importance of improving UEFI security.

Dark Reading reports "Exclusive: CISA Sounds the Alarm on UEFI Security"

Scientists have developed a method that improves the detection of a common Internet attack by 90 percent compared to current methods. The new technique developed by computer scientists at the Pacific Northwest National Laboratory (PNNL) of the US Department of Energy (DOE) monitors the Internet's ever-changing traffic patterns. PNNL scientist Omer Subasi presented the findings on August 2 at the IEEE International Conference on Cyber Security and Resilience, where the manuscript was deemed the best research paper presented at the conference. The scientists modified the standard playbook for detecting Denial-of-Service (DoS) attacks, in which attackers attempt to bring down a website by bombarding it with requests. In order to increase detection accuracy, the PNNL team sidestepped thresholds and instead focused on the evolution of entropy, a measure of system disorder. This article continues to discuss the new method PNNL researchers developed to recognize a common Internet attack.

Pacific Northwest National Laboratory reports "Researchers Strengthen Defenses Against Common Cyberattack"

Microsoft Threat Intelligence has recently announced that it detected a series of highly targeted social engineering attacks employing credential theft phishing lures delivered as Microsoft Teams chats. Microsoft stated that these attacks have been traced back to the threat actor known as Midnight Blizzard, previously identified as Nobelium. The method used by the Russia-based threat actor involves exploiting previously compromised Microsoft 365 tenants owned by small businesses to create seemingly legitimate technical support entities. Using these domains from compromised tenants, Midnight Blizzard sends messages through Microsoft Teams to steal credentials by persuading users to approve multi-factor authentication (MFA) prompts. Microsoft's investigation revealed that roughly 40 global organizations have been affected by this campaign. Microsoft noted that the targeted sectors indicate specific espionage objectives by Midnight Blizzard, including government, non-government organizations (NGOs), IT services, technology, discrete manufacturing, and media entities. CEO of My1Login, Mike Newman, stated that this is a highly sophisticated phishing scam that would be almost impossible to detect to the untrained eye. To protect against such attacks, Microsoft advised organizations to implement phishing-resistant authentication methods, use conditional access authentication strength for critical applications, and educate users about social engineering and credential phishing threats.

Infosecurity reports: "Microsoft Teams Targeted in Midnight Blizzard Phishing Attacks"

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international cybersecurity partners have published an advisory on the Common Vulnerabilities and Exposures (CVEs), to include associated Common Weakness Enumeration (CWE), that were routinely and frequently exploited by malicious actors in 2022. The joint Cybersecurity Advisory, titled "2022 Top Routinely Exploited Vulnerabilities," provides technical background information on the 12 most exploited vulnerabilities and an overview of an additional 30 vulnerabilities frequently used to compromise organizations, as well as specific information that organizations can use to identify and mitigate their exposure. This advisory describes the CWEs associated with these vulnerabilities for the first time, reflecting the underlying root causes that lead to the exploitable vulnerability. To reduce the prevalence of common classes of vulnerabilities, this advisory suggests technology vendors implement specific secure-by-design principles and ensure that all published CVEs contain the correct CWE identifying the vulnerability's root cause. This article continues to discuss the new joint advisory urging organizations to implement secure-by-design practices and prioritize patching known exploited vulnerabilities.

CISA reports "U.S. and International Cybersecurity Partners Warn Organizations of Routinely Exploited Vulnerabilities"

According to security researchers at Guardio, threat actors have exploited a Salesforce zero-day vulnerability and abused Meta features in a sophisticated phishing campaign. Attackers sent out legitimate-looking emails designed to lure targeted users to a phishing page where they were instructed to hand over their Facebook account information, including their name, account name, email address, phone number, and password. The researchers noted that the emails mentioned the targeted user's real name, appeared to come from "Meta Platforms," and were sent from an @salesforce[.]com address. A button included in the email led users to a legitimate Facebook domain, "apps.facebook[.]com", where they were informed about violating Facebook's terms of service. When users clicked on a button to resolve the issue, they were taken to a phishing page that instructed them to provide their information. The researchers stated that the fact that the email came from an @salesforce[.]com address and the link it included pointed to facebook[.]com helped the phishing emails bypass traditional security mechanisms. The analysis revealed that the attackers had targeted the Email Gateway component in the Salesforce CRM, specifically an "Email-To-Case" feature designed to convert customer inbound emails into actionable tickets in Salesforce. By abusing this feature, the attacker managed to receive verification emails that gave them control over a genuine Salesforce email address that they could use to send out the phishing emails. As for Facebook, the phishing page was hosted on a legacy web games platform offered by Facebook until 2021. The researchers noted that while the platform has been discontinued, games developed prior to this date can still receive support, and it appears that the attackers gained access to an account associated with such a game. They used that account to host their phishing page. The researchers notified Salesforce on June 28, and a fix was rolled out to all impacted services and instances within a month, preventing the use of an address from the Salesforce domain to send emails. Salesforce said it had no evidence of impact to customer data.

SecurityWeek reports: "Salesforce Email Service Zero-Day Exploited in Phishing Campaign"

Researchers from the University College London (UCL) have discovered that humans cannot detect deepfake speech 27% of the time. During the study, the researchers presented 529 individuals with genuine and deepfake audio samples and asked them to identify the deepfakes. Participants could only identify the fake audio 73% of the time, although detection accuracy improved by 3.84% on average after they received training to recognize aspects of deepfake speech. The researchers noted that they used a text-to-speech (TTS) algorithm trained on two publicly available datasets to produce the deepfake speech samples. These were run in English and Mandarin to understand if language can affect detection performance and decision-making rationale. The researchers stated that their findings confirm that humans are unable to reliably detect deepfake speech, whether or not they have received training to help them spot artificial content. The researchers noted that the samples that they used in this study were created with algorithms that are relatively old, which raises the question of whether humans would be less able to detect deepfake speech created using the most sophisticated technology available now and in the future. The researchers are now planning to develop better automated speech detectors as part of efforts to create detection capabilities for deepfake audio and imagery.

Infosecurity reports: "Humans Unable to Reliably Detect Deepfake Speech"

Tesla cars are vulnerable to a nearly irreversible jailbreak of their onboard infotainment systems, which would enable owners to gain access to a variety of paid in-car features for free. According to a team of researchers, the stolen benefits can range from better bandwidth to faster acceleration and heated seats. The researchers also discovered that it is possible to escape the infotainment system and switch to the internal Tesla network for authenticating cars, which opens the door to more advanced modding, including breaking geolocation restrictions on navigation and self-driving and the ability to transfer the Tesla's "user profile" to another vehicle. Teslas have been at the forefront of enabling "smart" features, notably autonomous driving, for quite some time. All recent Tesla models feature an AMD-based infotainment system called MCU-Z, allowing an innovative in-car purchase scheme for advanced features enabled over-the-air (OTA) upon purchase. This was the target of a group of doctoral students in the Technical University of Berlin graduate program and independent researcher Oleg Drokin. This article continues to discuss the researchers' demonstrated jailbreaking of Tesla cars.

Dark Reading reports "Tesla Jailbreak Unlocks Theft of In-Car Paid Features"

Since June 2022, the hacktivist group Mysterious Team Bangladesh has been linked to more than 750 Distributed Denial-of-Service (DDoS) attacks and 78 website defacements. According to Group-IB, the group primarily targets logistics, government, and financial sector organizations in India and Israel. The group's main motivations are religious and political. Other countries of interest to the group include Australia, Senegal, the Netherlands, Sweden, and Ethiopia. In addition, the threat actor is said to have gained access to web servers and administrative panels, most likely by exploiting known security vulnerabilities or poorly protected passwords. Mysterious Team Bangladesh, as its name suggests, is likely of Bangladeshi origin. The group maintains an active presence on Telegram and Twitter. This article continues to discuss findings regarding the Mysterious Team Bangladesh hacktivist group.

THN reports "'Mysterious Team Bangladesh' Targeting India with DDoS Attacks and Data Breaches"

According to security researchers at Sophos, CryptoRom, a notorious scam that combines fake cryptocurrency trading and romance scams, has taken a new twist by utilizing generative artificial intelligence (AI) chat tools to lure and interact with victims. The researchers noted that CryptoRom scams typically begin by contacting potential targets through dating apps or social media platforms. Once the conversation moves to private messaging apps like WhatsApp or Telegram, the scammers introduce the idea of trading cryptocurrencies and offer to guide the targets through installing and funding a fake crypto-trading app. The researchers stated that what makes this new development particularly concerning is the use of generative AI tools like ChatGPT or Google Bard to assist scammers in creating more convincing conversations with targets. This makes the interactions more persuasive and reduces the workload for the scammers when dealing with multiple victims. Moreover, the researchers noted that recent cases revealed that scammers are not stopping at the initial "tax" payment but are coming up with additional excuses to extract even more money from victims. The researchers noted that the scammers have also slipped their fraudulent apps past both Apple's and Google's app store reviews by modifying the app's content after approval. By changing a pointer in remote code, the benign app can be switched to a fraudulent one without further scrutiny. The researchers warned individuals who believe they may have fallen victim to these scams to report the incident to local authorities experienced in dealing with fraud cases. Victims are also advised to contact their banks to see if any transactions can be reversed and report the wallet addresses of the fraud to the relevant cryptocurrency exchange.

Infosecurity reports: "AI-Powered CryptoRom Scam Targets Mobile Users"

Allegheny County recently released limited details on a data breach. According to the county, they were affected by a global cybersecurity incident impacting the popular file transfer tool, MOVEit. The county noted that the breach allowed a group of cybercriminals to access county files on May 28 and 29. The hackers claim they're only interested in business data and deleted files from the county. However, the county said they could have obtained personal information from Social Security numbers to health information. The county recommends that those concerned they are affected by the breach should monitor their credit for things such as new credit inquiries, new accounts opened, delinquent payments, and other things that would imply their identity was stolen.

CBS Pittsburgh reports: "Allegheny County Issues Notice of Data Breach"

Mozilla recently announced the release of Firefox 116, Firefox ESR 115.1, and Firefox ESR 102.14, which include patches for multiple high-severity vulnerabilities. Mozilla lists 14 CVEs in its advisory, nine of which are rated high severity. Three of the CVEs refer to memory safety bugs in Firefox. The first of the high-severity flaws tracked as CVE-2023-4045 is described as a cross-origin restrictions bypass in Offscreen Canvas, which failed to properly track cross-origin tainting. Mozilla noted that the issue can allow web pages to view images displayed in a page from a different site. Browsers include a same-origin policy that prevents HTML and JavaScript code originating on a website from accessing content on other sites. The second high-severity issue that Firefox 116 patches is CVE-2023-4046, which is described as the use of an incorrect value during WASM compilation. Mozilla noted that in some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. Mozilla noted that the browser update also resolves CVE-2023-4047, a permission request bypass via clickjacking. A page could trick users into clicking on a carefully placed item but instead, register the input as a click on a security dialog that was not displayed to the user. The three other high-severity vulnerabilities that Firefox 116 resolves include CVE-2023-4048 (an out-of-bounds read flaw causing DOMParser to crash when deconstructing a crafted HTML file), CVE-2023-4049 (race conditions leading to potentially exploitable use-after-free vulnerabilities), and CVE-2023-4050 (stack buffer overflow in StorageManager potentially leading to a sandbox escape). Tracked as CVE-2023-4056, CVE-2023-4057, and CVE-2023-4058, Mozilla noted that the memory safety bugs resolved in Firefox 116 could have led to arbitrary code execution. Most of these high-severity issues, Mozilla says, also impact Firefox extended support and Thunderbird and were addressed in Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14. Mozilla makes no mention of any of these vulnerabilities being exploited in attacks.

SecurityWeek reports: "Firefox 116 Patches High-Severity Vulnerabilities"

The North Atlantic Treaty Organization (NATO) is investigating the alleged theft of data by the hacktivist group known as SiegedSec. The threat actor claims to have compromised the Communities of Interest (COI) Cooperation Portal and stolen hundreds of confidential documents. According to SiegedSec, the data breach had nothing to do with the ongoing conflict between Russia and Ukraine. The threat intelligence company CloudSEK analyzed the 845 MB of leaked compressed data, discovering unclassified information and 8,000 employee records from 31 countries. The compromised information included names, business email addresses, home addresses, companies and units, working groups, job titles, and pictures. In addition, CloudSEC discovered 20 unclassified documents, while SeigedSec claims to have up to 700. Some leaked documents were several years old, while others were as recent as July 2023. Although the nature of the information in most leaked documents remains unknown, some contained a list of software used by NATO, including vendor information and version numbers. This article continues to discuss the alleged NATO data theft.

CPO Magazine reports "Alleged NATO Data Theft Leaked Hundreds of Sensitive Documents and Thousands of User Records"

False claims and disinformation in a society highly influenced by social media have become significant problems with potentially severe consequences. Researchers at the University of Oklahoma and collaborating institutions have received funding from the National Science Foundation's (NSF) Secure and Trustworthy Cyberspace (SaTC) program to study false claim attacks. Kash Barker, Ph.D., is the Principal Investigator (PI) leading a team of researchers exploring indirect attacks against infrastructure systems via unsuspecting users. In recent years, the number of false claims has increased, and studies suggest that most online users are initially tricked by fake news, as noted by Barker. When these incidents are weaponized by an adversary against US infrastructure networks, a damaging problem may occur. Disinformation can be used as a weapon to disrupt cyber-physical systems, human lives, and economic productivity. In these scenarios, chaos is caused not by systems or devices, but by "hacked" people. Imagine an adversary spreading information claiming that an electric company is offering free power during the hottest hours of the day, luring customers to use as much power as they want. This could exceed the grid's capacity and cause issues. Researchers will analyze the information and physical layers to combat these weaponized false claims. Both layers are intrinsically connected but are also individually vulnerable to attacks. This article continues to discuss the study on socio-technical approaches for securing cyber-physical systems from false claim attacks.

The University of Oklahoma reports "False Claims Attacks on Infrastructure Focus of NSF-Funded Research"