TODAY'S TOP 5
McCrary Institute for Cyber & Critical Infrastructure Security
Working to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
HOW TRUMP’S WIN COULD AFFECT AI:?The effects of former President Trump’s victory will be acutely felt in the AI industry, which has largely rallied against federal policymaking,?TechCrunch reports. Trump has repeatedly said he plans to dismantle Biden’s AI policy framework on “day one” and has aligned himself with kingmakers who’ve sharply criticized all but the lightest-touch regulations. Yet little can be gleaned from the AI executive orders Trump signed during his last presidential term, which founded national AI research institutes and directed federal agencies to prioritize AI R&D
HOW TRUMP’S WIN COULD AFFECT CYBER POLICY:?Donald Trump's return to the White House in January could bring significant changes to technology and cybersecurity policy in the United States, experts?told Information Security Media Group, potentially reshaping federal approaches to artificial intelligence regulation, industry investment and national security against rising digital threats. This includes the incoming administration’s approach to Russian threat actors and a revival of his attacks on social media's legal protections.
PIPELINE AND RAIL CYBER RULES:?The Transportation Security Administration?published a?Notice of Proposed Rulemaking?seeking to mandate cyber risk management and reporting requirements for certain surface transportation?owners and?operators. The rule would require that certain pipeline, freight railroad, passenger railroad and rail transit owner/operators with higher cybersecurity risk profiles establish and maintain a comprehensive cyber risk management program, and would require these owner/operators, and higher-risk bus-only public transportation and?over-the-road bus owner/operators,?currently required to report significant physical security concerns to TSA?to report cybersecurity incidents to CISA.
‘CURRENT AND ACCURATE’ NVD SOUGHT:?A National Institute of Standards and Technology advisory board is urging the agency to scale and implement support for its national cyber vulnerability database to protect national security interests,?MeriTalk reports. The board warned that product vulnerabilities are likely to escalate, driven by the deployment of artificial intelligence and machine learning (AI/ML) technologies aimed at uncovering new weaknesses, with China also intensifying efforts to exploit these security gaps.?
BILLIONS OF ELECTION DDoS ATTEMPTS:?Cloudflare?examines?online attacks against election-related sites — some of which were notable but none were disruptive — and how initial election results impacted internet traffic across the U.S. at both national and state levels, with increases in traffic as much as 15% nationwide.?In the 24-hour period from October 31 - November 1, the company says it automatically mitigated over 6 billion HTTP DDoS requests that targeted U.S. election-related websites — such as state and local government election sites and political campaigns.?
CYBER FOCUS PODCAST
NEW:?In the latest episode of?Cyber Focus, host?Frank Cilluffo?interviews?Nebraska Chief Information Security Officer and Chief Privacy Officer Patrick Wright?about the challenges and opportunities of implementing artificial intelligence and cybersecurity strategies at the state and local levels. Wright shares insights on leveraging AI to bolster cybersecurity
SUBSCRIBE TO CYBER FOCUS:?YouTube?|?Spotify?|?Apple Podcasts
CYBER AND CI UPDATES
ATTACKS AND INCIDENTS
Breaches
SelectBlinds says 200,000 customers impacted after hackers embed malware on site
In breach notification documents filed this week in?California?and?Maine, SelectBlinds said employees discovered the malware on September 28 and realized the malware had been on the company website since at least January 7. In addition to login information, the company learned that hackers likely obtained names, emails, shipping and billing addresses, phone numbers and payment card numbers alongside expiration dates and security/CVV codes.?(THERECORD.MEDIA)
Cyber attack on Microlise disrupts DHL and Serco tracking services
The attack compromised “some limited employee data,” according to Microlise’s statement to the London Stock Exchange, although the company has indicated that customer data was not affected. Microlise has engaged third-party cybersecurity specialists to assist in containing the incident and restoring systems.?(INFOSECURITY-MAGAZINE.COM)
MORE:?Cyberattack disables tracking systems and panic alarms on British prison vans?(THERECORD.MEDIA)
Nokia: No evidence so far that hackers breached company data
Known threat actor?IntelBroker?on Tuesday posted what it claimed is Nokia's online internal data — including SSH keys, source code, and internal credentials — putting it up for sale on the BreachForums cybercrime site for $20,000. However, at this time, the company's investigation "has found no evidence that any of our systems or data being impacted," though Nokia continues "to closely monitor the situation.” (DARKREADING.COM)
DataBreach.com emerges as alternative to HaveIBeenPwned
Have I Been Pwned?has long been one of the most useful ways to learn if your personal information was exposed in a hack. But a new site offers its own powerful tool to help you check if your data has been leaked to cybercriminals. (PCMAG.COM)
Cybercrime
Massive Nigerian cybercrime bust sees 130 arrested
The suspects include 113 foreign individuals, primarily of Chinese and Malaysian origin, and 17 Nigerian nationals. They are accused of being involved in high-level cybercrimes, hacking and activities threatening national security.?(INFOSECURITY-MAGAZINE.COM)
Malware
VEILDrive attack exploits Microsoft Services to evade detection and distribute malware
Hunters said it discovered the campaign in September 204 after it responded to a cyber incident targeting a critical infrastructure organization in the United States. It did not disclose the name of the company, instead giving it the designation "Org C." The threat actor behind the operation is said to have sent Teams messages to four employees of Org C by impersonating an IT team member and requesting remote access to their systems via the Quick Assist tool. (THEHACKERNEWS.COM)
Winos 4.0 malware infects gamers through malicious game optimization apps
Campaigns distributing Winos 4.0 were?documented?back in June by Trend Micro and the KnownSec 404 Team. The cybersecurity companies are tracking the activity cluster under the names Void Arachne and Silver Fox. These attacks have been observed targeting Chinese-speaking users, leveraging black hat Search Engine Optimization (SEO) tactics, social media, and messaging platforms like Telegram to distribute the malware. (THEHACKERNEWS.COM)
Cybercrooks are targeting Bengal cat lovers in Australia for some reason
Around since 2014, Gootloader has been one of the most popular malware strains of its kind. It's used as an infostealer or at times a malware dropper acting as a precursor to other attacks like ransomware.?Financially motivated attackers typically cast their net far and wide or target specific, high-value organizations and/or individuals such as banks and crypto investors. It's what makes Sophos’ finding that criminals, armed with Gootloader, were seemingly targeting Australian enthusiasts of Bengal cats all the more baffling. (THEREGISTER.COM)
Ransomware
Microchip technology reports $21.4 million cost from ransomware attack
The incident came to light in August, when the U.S.-based semiconductor supplier found suspicious activity on its network. The intrusion resulted in?disruptions?at some of Microchip’s manufacturing facilities.?The Play ransomware group?took credit for the attack?roughly one week later, claiming to have stolen gigabytes of data.?The ransomware gang has published files allegedly stolen from the company, which indicates that Microchip refused to pay a ransom.?(SECURITYWEEK.COM)
Resilience
IRISSCON: Organizations still falling victim to predictable cyber attacks
Experts speaking at the IRISSCON 2024 conference in Dublin noted that many incidents are indeed preventable. Analyzing the findings from Verizon’s?Data Breach Investigations Report?(DBIR) 2024, Phillip Larbey, Associate Director for EMEA at Verizon, said that the vast majority of cyber incidents involve at least one of three elements – human error, social engineering and ransomware. “Organizations should know what’s coming,” stated Larbey. (INFOSECURITY-MAGAZINE.COM)
THREATS
ICS/OT
PLCHound aims to improve detection of internet-exposed ICS
An analysis conducted by internet intelligence platform Censys showed?over 40,000 internet-exposed ICS devices?in the United States. A?Shodan search?shows roughly 110,000 such devices worldwide. However, a team from the Georgia Tech School of Electrical and Computer Engineering (ECE), led by Ph.D. student Ryan Pickren, says it has come up with an algorithm that helps identify far more ICS devices — specifically programmable logic controllers (PLCs) — that are exposed to the web.?(SECURITYWEEK.COM)
Attackers breach IT-based networks before jumping to ICS/OT systems
Attacks against industrial control systems and operations technology systems are increasing, as adversaries find weaknesses in IT networks that allows them to move into OT networks, according to a recent report from SANS. There were more non-ransomware incidents (74.4%) reported than ransomware (11.7%) over the past year, according to the SANS report. (DARKREADING.COM)
Malware
New SteelFox malware hijacks Windows PCs using vulnerable driver
The?malware bundle dropper is distributed?through forums and torrent trackers as a crack tool that activates legitimate versions of various software like?Foxit PDF Editor, JetBrains and AutoCAD. Using a vulnerable driver for privilege escalation is common for?state-sponsored threat actors?and?ransomware groups. However, the technique now appears to extend to info-stealing malware attacks.?(BLEEPINGCOMPUTER.COM)
HookBot malware’s overlay attacks to impersonate as popular brands
HookBot is a banking Trojan that aims to steal sensitive information like banking credentials, passwords and personal data from victims. It spreads via malicious apps that mimic legitimate brand-owned software found on “unofficial app stores.” Not only that, it also has the ability to evade the security checks on official marketplaces like Google Play. (CYBERSECURITYNEWS.COM)
Ransomware
GoZone ransomware accuses and threatens victims
A new ransomware dubbed GoZone is being leveraged by attackers that don’t seem to be very greedy: they are asking the victims to pay just $1,000 in Bitcoin if they want their files decrypted. The ransom notes shown by the malware lay out another incentive for paying up: they claim that child sexual abuse material has been found on the targeted computer and urge the victim to pay to prevent being reported to the authorities.?(HELPNETSECURITY.COM)
Vulnerabilities
Cisco bug lets hackers run commands as root on UWRB access points
Tracked as?CVE-2024-20418, this security flaw was found in Cisco's Unified Industrial Wireless Software's web-based management interface. Unauthenticated threat actors can exploit it in low-complexity command injection attacks that don't require user interaction.?(BLEEPINGCOMPUTER.COM)
ADVERSARIES
领英推荐
Iran
Iran uses open and covert methods to sway U.S. voters
The societal division in the U.S. and predictions of "post-election unrest," as well as depictions of the United States’ support for Israel in the ongoing Israel-Hamas war as Americans’ historic "support for genocide," dominated the Iranian state-controlled media coverage of the U.S. elections. An Iran-operated network of social media accounts and fake news sites targeted U.S. voters on opposite ends of the political spectrum with polarizing messaging. (VOANEWS.COM)
North Korea
South Korean facilities attacked by Russian hackers over plan to track North’s troops
Z Pentest claimed it gained access to equipment at a warehouse that stored Ukrainian grains in the city of Naju in South Jeolla province. The gang shared a video on social media supposedly showing how it breached the granary’s electronic controls for loading grain elevators, saying they “were loaded for a very long time, and then just poured tonnes of grain onto the ground.” Z Pentest also targeted a cultivation and irrigation system at an unnamed location in South Korea.(SCMP.COM)
Russia
One million cyber attacks made on one Pennsylvania county’s election, mainly from Russia and Belarus, officials say
Montgomery County is confident that their IT system rebuffed all of the hacking attempts and that the security of the election there was not impacted. Specifically, some 600,0000 of the attempts were traced back to Russia and Belarus.?While authorities did not have specific numbers to compare the cyber attacks to past elections, they were clear that this was significantly more than ever before. (PATCH.COM)
MORE:?‘No evidence of any malicious activity that had a material impact’ on vote, Easterly says?(CISA.GOV)
GOVERNMENT AND INDUSTRY
5G
NIST releases ‘Applying 5G Cybersecurity and Privacy Capabilities’ white paper series for public comment
The series targets technology, cybersecurity, and privacy program managers within commercial mobile network operators, potential private 5G network operators and organizations using and managing 5G-enabled technology who are concerned with how to identify, understand, assess and mitigate risk for 5G networks. The series recommends practices and illustrate how to implement them. All of the capabilities featured in the white papers have been demonstrated on the NCCoE testbed on commercial-grade 5G equipment.?(NIST.GOV)
Agencies
An agency-by-agency look at Trump's plan to overhaul government
Trump has vowed to relocate agency headquarters, end the merit-based civil service for some segments of the federal workforce, require government employees to take constitutional exams and other changes to executive branch management. Some of his more signature policy ideas, however, will also require sweeping changes to how agencies operate.?(NEXTGOV.COM)
How data recovery and backup strategies form the blueprint for DoD’s cybersecurity plans
DoD aims to protect its mission-critical systems and achieve its objectives with greater efficiency by following a comprehensive strategy centered around the?zero-trust framework. This work is bolstered by the Pentagon’s?Fulcrum Strategy, a unified approach to data security released in June that further coordinates its efforts to maintain a resilient cyber environment in the face of evolving threats. (FEDTECHMAGAZINE.COM)
Artificial intelligence
Industry’s take on the chief artificial intelligence officer role
Over the past 24 months, companies from Amazon to Zendesk — and as different in the services they provide as Hinge and Tractor Supply Company — have hired or designated positions to oversee their AI efforts. Dozens of federal agencies have quickly followed suit, naming CAIOs in response to President Joe Biden’s?October 2023 executive order.?(NEXTGOV.COM)
Digital Cities 2024: Advancing responsible AI and customer-focused innovation
This year’s winners in the Digital Cities Survey from the Center for Digital Government created new pathways to ensure digital equity for their residents while working to lock down systems and data. These endeavors moved ahead while tech leaders focused on enhancing the overall user experience.?(GOVTECH.COM)
Tech policy likely set for changes after election
Sen. Ted Cruz (R-Texas), who won reelection, is expected to become chairman of the Commerce, Science and Transportation Committee in the next Congress, an important post for policy decisions on artificial intelligence, data privacy and other areas of technology. Cruz generally has supported narrow legislation to address harms, such as those from AI-generated pornography and a package of kids’ online safety measures, but he has been very critical of the Biden administration’s approach to regulating AI, as well as bipartisan legislation to create a federal data privacy standard. (ROLLCALL.COM)
Making sure AI is used responsibly at NSF
The work on artificial intelligence conducted at the National Science Foundation is broadly twofold: investing in research and development, and responsibly deploying new and evolving technologies internally. For NSF’s Dorothy Aronson, the division director and chief data officer serving as the assistant chief information officer for AI, her role is focused on the latter. (NEXTGOV.COM)
The other election night winner: Perplexity
On Tuesday, two AI startups tried convincing the world their AI chatbots were good enough to be an accurate, real-time source of information during a high-stakes presidential election: xAI and Perplexity. Elon Musk’s?Grok failed almost instantly, offering wrong answers about races’ outcomes before the polls had even closed. On the other hand, Perplexity offered helpful, real-time election insights and maps throughout the night, linking to reliable resources and offering historical context where appropriate. (TECHCRUNCH.COM)
Critical infrastructure
Australia adds 46 critical infrastructure assets as Systems of National Significance
The initiative is part of the Australian government’s ongoing efforts to enhance the cyber resilience of the nation’s vital infrastructure. With this latest declaration, the total number of such systems now exceeds 200, spanning sectors such as energy, communications, transport, financial services, food and grocery, and data storage or processing.?(INDUSTRIALCYBER.CO)
Cryptography
NIST details Cryptographic Module Validation Program to boost cybersecurity standards, seeks input
The?goal of the project?is to demonstrate a suite of automated tools that would permit organizations to perform testing of their cryptographic products according to the requirements of FIPS 140-3, then directly report the results to NIST using appropriate protocols. (INDUSTRIALCYBER.CO)
Healthcare
NIST Cybersecurity White Paper available for comment: ‘Mitigating Cybersecurity and Privacy Risks in Telehealth Smart Home Integration’
Hospital at home introduces privacy and cybersecurity risks by introducing medical-grade equipment and information systems into environments the hospital does not control. This paper examines risks found in HaH deployments when using smart speakers as a representative IoT device and provides recommended steps to address these risks. It also describes applying controls that include access control, authentication, continuous monitoring, data security, governance, and network segmentation.?(NIST.GOV)
Social media
Supreme Court appears split in Facebook lawsuit tied to data breach
The?Supreme Court?on Wednesday appeared closely divided over whether to allow shareholders to proceed with a?lawsuit?accusing Meta's?Facebook?of?omitting key information about a data breach. (WASHINGTONPOST.COM)
What Telegram’s recent policy shift means for cyber crime
Telegram’s approach to user privacy and content moderation changed significantly following CEO Pavel Durov’s arrest in France on August 24, 2024, with the company quietly changing its FAQ page and privacy policy in the following weeks. Although the app’s source code hasn’t changed, according to Telegram spokesperson Remy Vaughn, users can now report illegal activity for automated takedown or manual moderation. Furthermore, Telegram also updated its privacy policy, stating that, upon receiving a valid court order, it will disclose users’ phone numbers and IP addresses. (SECURITYINTELLIGENCE.COM)
Major Ukrainian university bans Telegram to reduce cyberthreats
The decision to restrict Telegram use among faculty members at Taras Shevchenko National University of Kyiv follows a recent?ban?on the app for official devices used by state and security officials, military personnel and employees of critical infrastructure facilities. (THERECORD.MEDIA)
Space
Space Force expands Commercial Integration Cell for industry cooperation
Lt. Gen. Doug Schiess, double-hatted as commander of?Space Forces-Space (S4S)?and the?Combined Joint Force Space Component, told the Mitchell Institute that the?Commercial Integration Cell (CIC)?has added five members. Two additional companies are in the process of joining and should be on board by early next year, he said. “[O]n the commercial side, we are continually trying to up our game in the commercial world,” Schiess stressed. (BREAKINGDEFENSE.COM)
Vulnerabilities
German law could protect researchers reporting security flaws
The draft eliminates criminal liability for people who choose to warn businesses, and ultimately the public, of cyber vulnerabilities. The proposed law amends an existing law that protects IT security researchers, companies, and hackers from punishment. Certain criteria must be met for the act to be considered security research. (DARKREADING.COM)
LEGISLATIVE UPDATES
ECONOMIC SECURITY:?Rep. John Moolenaar (R-Mich.)?introduced legislation to amend the State Department Basic Authorities Act to establish a Deputy Secretary of State for Economic Security as well as redesignate and relocate other offices of the Department of State.?(H.R. 10100)
EVENTS
IT MODERNIZATION AND AI SUMMIT:?This virtual summit on?Nov. 12?will bring together technology leaders from across higher education, as well as state and local governments to explore the ongoing challenges they face while embracing IT modernization and digital transformation.
CYBERSAT:?From?Nov. 18 to Nov. 20?in Reston, Va., CyberSat24 is the space security event that successfully unites satellite, space, cyber and government to educate on threat vectors and to thwart next-generation attacks.
CYBERSECURITY FUTURES FORUM:?This cybersecurity conference on?Nov. 20in Tyons Corner, Va., hosted by GovExec’s Nextgov/FCW, Defense One and Washington Technology, will feature leaders from federal and defense sectors to tackle pressing cybersecurity challenges. Mainstage discussions will focus on proactive measures, regulatory updates and emerging cybersecurity standards essential for operational readiness.?
FOLLOW THE?McCRARY INSTITUTE?ON?LINKEDIN?|?X?|?FACEBOOK
SUBSCRIBE TO THE CYBER FOCUS PODCAST?YOUTUBE?|?SPOTIFY?|?APPLE PODCASTS