Cyber Intelligence Weekly: The 3 New Stories You Need to Know this Week (Issue 166 – November 10, 2024)

Dear Friends and Colleagues,

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe

Before we get started on this week’s CIW, I’d like to highlight and introduce our newest leader at the firm, Risk Advisory Manager, Alyson Pisarcik . Please connect with her and say hello!

?: What has your career path looked like?

???: I majored/minored in cybersecurity in college so moving to cyber consulting was a natural fit. I started out at Accenture where I primarily focused on serving Financial Service clients as they prepared for upcoming audits and built out cybersecurity programs. From there I moved to Unit 42 where I broadened my knowledge of the pillars of cyber, supported building out service offerings, and lead engagements.

?: Why did you choose to work at Echelon?

???: I chose to work here because the entire team is extremely excited to make forward progress in developing the practice and finding out how to best serve our clients. The company has welcomed me with open arms, and I look forward to putting my fingerprint on Risk Advisory.

?: What does a typical day at work look like for you?

???: I typically work through any emails that came in the previous evening first and then determine what internal and external initiatives will take priority for the day. Whether it be strategizing on how we deliver our services or meeting with our team members to ensure we are all aligned, most days fly by. Typically, I am engaging with our clients to track progress and delivery of engagements.

?: What is something you want to fix in the field of cybersecurity?

???: I would love to formalize training and awareness requirements for organizations. So often when I perform a risk assessment, this is a subject I find is often scoring very low. Although most organizations do their best to enforce an annual cybersecurity training, there is a lot of more role-specific training that can be the difference between a breach or a deleted email.

?: What do you like to do in your free time?

???: I live in NYC so most of my time is spent enjoying all the city has to offer. I value experiences so I am often getting tickets for sports games, finding the newest hot spot for dinner, or exploring a new pocket of the city I have not been to before. My puppy takes up a decent amount of my free time too- but that is not her fault!

?: If you were in a zombie apocalypse what character would you be and who would you want on your zombie fighting team?

???: If I were in a zombie apocalypse, I would immediately seek out the people who were best suited to produce a cure and create alliances. If I had someone on my zombie fighting team, I would pick Dr. Phil. I am sure all the people fighting would appreciate someone to vent to at the end of a long day.

Away we go!

?

1.??Apple’s New iOS Feature Locks Out Law Enforcement with Inactivity Reboot

Apple’s recent iOS 18.1 update has introduced a feature that’s causing frustration among law enforcement . Known as the "inactivity reboot," this feature automatically restarts an iPhone if it remains locked for an extended period, returning it to a more secure state that’s harder to access without the owner’s credentials. As police attempt to access locked devices for forensic investigation, they’re finding these devices mysteriously rebooting, making it nearly impossible to extract data. This change has sparked concern in the law enforcement community, which speculated initially that connectivity issues or network requirements might be to blame.

Security experts have now identified that the reboot is triggered solely by a set inactivity timer, not by network connections or charging. When the timer runs out, the device reboots to what’s known as the "Before First Unlock" (BFU) state, a more secure mode that’s notoriously difficult for forensic tools to penetrate. This state differs from "After First Unlock" (AFU), which is easier for law enforcement to access because the phone has already been unlocked once by its user.

The new feature reflects Apple’s ongoing dedication to user privacy and security, even as it complicates forensic investigations. Security analysts like Matthew Green, a cryptography expert, view this as a positive step, arguing that the feature enhances device security by preventing prolonged unauthorized access. If a thief were to steal an iPhone, this reboot feature would limit their ability to bypass the phone’s security after a period of inactivity.

While Apple remains silent on the feature, law enforcement professionals have advised immediate data extraction from devices running iOS 18 to avoid losing access. The new iOS feature underscores the complex balance between security measures for users and the challenges they pose for law enforcement.

?

2.??TSA Proposes Cybersecurity Reporting Mandate for Critical Infrastructure

The Transportation Security Administration (TSA) has proposed new cybersecurity rules aimed at enhancing protections for the nation’s critical transportation infrastructure. This proposed rule formalizes directives previously issued to pipeline and railroad operators following the 2021 Colonial Pipeline ransomware attack, which caused significant disruptions along the East Coast. These regulations mandate that certain transportation operators report cyber incidents and establish comprehensive cyber risk management (CRM) plans to protect against and respond to cyber threats.

Under the new rule, affected organizations would be required to conduct annual cybersecurity evaluations, identify and address vulnerabilities, and maintain a robust incident response plan. Additionally, the rule would require that cybersecurity incident reports be submitted to the Cybersecurity and Infrastructure Security Agency (CISA). The TSA has estimated that implementing these requirements could impact approximately 300 transportation operators and cost the industry over $2.1 billion over the next decade.

The TSA developed these requirements in close collaboration with industry stakeholders and crafted them to allow flexibility, aiming to help operators create effective cybersecurity defenses tailored to their specific networks. The agency emphasized that cyber threats from both nation-state actors and criminal groups continue to target U.S. transportation systems, increasing the risk of significant operational and economic disruptions. The proposed rules are designed to address the vulnerabilities identified in critical transportation sectors and to establish a uniform standard for cybersecurity resilience across the industry.

With a public comment period open until February 5, TSA is seeking further input from industry partners to refine the rule. The agency noted that threats from countries like Russia and China and the potential use of advanced technologies such as artificial intelligence in cyberattacks necessitate a permanent, proactive approach to securing the transportation sector. The TSA views these regulations as essential to reducing risks and strengthening the cybersecurity posture of the nation’s surface transportation infrastructure.

?

3.?Secure-by-Design: How AWS, Microsoft, and Others Are Embracing CISA's Cyber Goals

The Cybersecurity and Infrastructure Security Agency's (CISA) secure-by-design pledge , introduced six months ago, has spurred major software companies to make significant strides in enhancing cybersecurity practices. The pledge encourages companies to adopt security-focused improvements, such as eliminating default passwords, enforcing multi-factor authentication (MFA), expanding logging and data transparency, and fostering a proactive approach to vulnerability management. Since signing the pledge, companies like Amazon Web Services, Fortinet, Microsoft, Okta, and Sophos have actively worked to meet these goals, citing measurable progress in securing their platforms and improving the security experience for customers.

Amazon Web Services (AWS), for instance, has implemented MFA requirements for administrator accounts and introduced FIDO2 passkeys for stronger phishing-resistant authentication. Fortinet has focused on automatic updates for entry-level devices and assisting customers in migrating to cloud-based security products, while Microsoft has increased MFA enforcement across its Azure and Intune services. Microsoft also committed to reducing cloud vulnerability patching time by 50% and enhanced logging data access for customers—partly in response to feedback from Capitol Hill.

Okta, a leader in identity and access management, has almost fully achieved the pledge’s goals, working to eliminate default passwords and enhancing logging for “security-relevant events.” Sophos, meanwhile, has met all seven pledge requirements and is enhancing its customer security options by integrating FIDO2 token support and automatic firmware updates. Many companies praised CISA’s pledge for balancing practicality with ambition, giving organizations of all sizes a framework to enhance cybersecurity resilience.

While CISA considers expanding the pledge’s objectives in the coming year, industry leaders underscore its importance in raising the overall security standards across the software industry. Experts agree that while many major software firms have committed to the pledge, its impact could grow if more small and medium-sized developers join the initiative. As Jon Clay from Trend Micro observed, the pledge could gain even broader influence by encouraging a greater diversity of developers to support secure-by-design principles.

?

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about