Cyber espionage increase, Nakasone cyber warning, PolarEdge exploits Cisco
In today’s cybersecurity news…
Chinese cyber espionage jumped 150% last year
The Global Threat Report released yesterday by CrowdStrike, shows a “150% surge in Chinese-backed cyber espionage operations across the world last year, with critical industries seeing a up to a 300% spike in targeted attacks.” This means the Volt Typhoon and Salt Typhoon campaigns represented just a small fraction of global cyber espionage activity from the country. Highlighting the most targeted sectors as being in finance, media, and manufacturing CrowdStrike identified seven new China-related adversaries in 2024 and “claimed to have blocked over 330 cyber-intrusion attempts attributed to Chinese hacking groups.”
Nakasone warns of U.S. falling behind adversaries in cyberspace
The former leader of Cyber Command and the National Security Agency, speaking at the DistrictCon cybersecurity conference in Washington, D.C., retired Gen. Paul Nakasone, pointed to incidents like the recent China-led breaches of U.S. telecommunications companies and ransomware attacks against U.S. targets, and that they illustrate “the fact that we’re unable to secure our networks, the fact that we’re unable to leverage the software that’s being provided today, the fact that we have adversaries that continue to maintain this capability.” He agrees with bipartisan calls in Congress for a more aggressive U.S. stance, including the use of AI, but also stressed the need for more hiring.
PolarEdge botnet exploits Cisco ASUS, QNAP, and Synology
According to French cybersecurity company Sekoia, this is a new malware campaign which targets edge devices from Cisco, ASUS, QNAP, and Synology to pull them into a botnet named PolarEdge. It has been operating since at least the end of 2023. The campaign leverages an unpatched end of life CVE-numbered critical security flaw (CVE-2023-20118) that impacts Cisco Small Business routers that could result in arbitrary command execution on susceptible devices. The vulnerability is said to have been used to deliver a TLS backdoor that incorporates the ability to listen for incoming client connections and execute commands.
Southern Water says Black Basta ransomware attack cost £4.5M in expenses
Following up on a story we covered this time last year, UK-based water utility Southern Water now says the ransomware attack it suffered in late January 2024 incurred costs of £4.5 million ($5.7M). Southern Water is a private company that provides water and wastewater to customers in some southern counties in England. This number mostly represents restoration and analysis costs. Analysis of leaked internal chat logs from the Black Basta group who conducted the attack appear to show that a ransom had been paid, although representatives from the utility have not clarified this.(BleepingComputer)
Thanks to today’s episode sponsor, Conveyor
Karen Evans becomes executive assistant director for cybersecurity at CISA
In further government administration news, this appointment makes Evans the leader of the cybersecurity half of CISA. She has most recently been managing director at the Cyber Readiness Institute but has also served as chief information officer of the Homeland Security Department, assistant secretary for cybersecurity, energy security, and emergency response at the Energy Department and the administrator of e-government and information technology at the Office of Management and Budget.
Cleveland Municipal Court closed for third straight day due to cyber incident
In the latest in a string of municipality-level attacks, the Cleveland Municipal Court remains closed for the third straight day. In a notification on its Facebook page, the court says that it has not yet confirmed the nature and scope of the attack and that “all internal systems and software platforms will be shut down until further notice.”
Software vulnerabilities take almost nine months to patch
A State of Software Security report released by Veracode shows the average fix time for software security vulnerabilities has “risen to eight and a half months, a 47% increase over the past five years.” This is also 327% higher than 15 years ago, “largely as a result of increased reliance on third-party code and use of AI generated code.” Furthermore, the report says, “half of all organizations have critical security debt – defined as accumulated high severity vulnerabilities left open for longer than a year, and 70 percent of this critical security debt comes from third-party code and the software supply chain.
Crypto analysts stunned by Bybit laundering speed
Following up on one of the biggest stories of this week, the $1.46 billion Ethereum theft conducted by the Lazarus Group has sent shockwaves through the cybercrime community, with experts marveling at the group’s “unprecedented speed and scale in laundering the stolen funds” along with its increased capability to conduct these brazen attacks. Ari Redbord, global head of policy at TRM Labs, said in an email to Cyberscoop, “within two days of the attack, … the group funneled $160 million through illicit channels, “an amount that would have been unimaginable to move this quickly just a year ago,” adding, “this raises alarming questions about whether North Korea’s laundering capacity has expanded. Criminal financial networks have never moved this quickly to process funds.”