TODAY'S TOP 5
McCrary Institute for Cyber & Critical Infrastructure Security
Working to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
DHS AI GOVERNANCE FALLING SHORT: The Department of Homeland Security has taken steps to develop guidance and establish oversight for artificial intelligence (AI) use, but more action is needed to ensure DHS governs and manages AI use appropriately, the Office of Inspector General found. DHS issued AI-specific guidance, appointed a Chief AI Officer, and established multiple working groups and its AI Task Force to help guide the Department’s AI efforts. However, more action is needed to ensure DHS has appropriate governance for responsible and secure use of AI.
ACTIVE RANSOMWARE GROUPS JUMP: A surge in ransomware groups in 2024 left companies facing increased attacks, even as law enforcement ramped up investigations against well-known groups such as LockBit, and dismantled popular cybercriminal services, such as phishing-as-a-service provider LabHost and the encrypted messaging platform Ghost, Dark Reading reports. A pair of new studies outlines the state of play. Overall, more than 75 ransomware groups were actively compromising targets in 2024, compared to only 43 the prior year, according to a recent Rapid7 analysis. As a result, more than half of organizations suffered a successful attack, and the majority of those impacted shut down some operations leading to significant revenue loss, according to a large survey of IT and cybersecurity practitioners conducted by the Ponemon Institute.
ROADBLOCKS IN CYBERCRIME INVESTIGATIONS: The latest joint report by Europol and Eurojust,?Common Challenges in Cybercrime, explores the persistent and emerging issues that hinder cybercrime investigations. This year’s edition not only identifies key obstacles — particularly in the field of digital evidence — but also examines how new legislative measures could help address them. The report highlights several pressing challenges faced by law enforcement, including the overwhelming volume of digital data, the risk of data loss, and the persistent barriers to accessing critical information due to legal and technical constraints. The increasing use of anonymization services has further complicated efforts to track criminal activities online.
DOGE CYBER RISKS: The unbridled access that Elon Musk and his Department of Government Efficiency (DOGE) workers reportedly have to federal networks poses grave cybersecurity risks, several experts told Recorded Future News on Monday. Allowing employees to plug computers with unknown security controls into the Office of Personnel Management (OPM)?network?could give a foreign adversary a fresh way to breach the system and obtain sensitive data, including information from federal employees’ background checks and security clearance records, they said. DOGE workers'?access?to the Department of Treasury’s payments system also threatens national security, the experts said, because it includes details of payments to intelligence contractors or highly personal data about national security officials.?
MORE CVEs EXPLOITED: There were 768 CVEs exploited in 2024, reflecting a 20% increase from 639 in 2023, The Hacker News reports. Describing 2024 as "another banner year for threat actors targeting the exploitation of vulnerabilities," VulnCheck?said?23.6% of known exploited vulnerabilities (KEV) were known to be weaponized either on or before the day their CVEs were publicly disclosed. This marks a slight decrease from 2023's 26.8%, indicating that exploitation attempts can take place at any time in a vulnerability's lifecycle.?
CYBER FOCUS PODCAST
In the latest episode of Cyber Focus, host Frank Cilluffo sits down with Laura Galante, director of the Cyber Threat Intelligence Integration Center (CTIIC), and Lauren Goldman, head of Analysis and Analytic Integration at CTIIC. They discuss CTIIC’s evolving role in integrating intelligence across agencies and sectors, its initiatives to bolster critical infrastructure resilience, and its approach to public-private partnerships. The conversation also explores threats from adversarial nation-states such as China, operational collaboration for cybersecurity, and the integration of intelligence to address ransomware trends globally.
SUBSCRIBE TO CYBER FOCUS:?YouTube?|?Spotify?|?Apple Podcasts
CYBER AND CI UPDATES
ATTACKS AND INCIDENTS
Breaches
IntelBroker claims third data leak of Hewlett Packard Enterprise
Only days after announcing retirement, infamous leaker and threat actor IntelBroker has announced a third breach of Hewlett Packard Enterprise. In a post to an infamous hacking forum, the threat actor announced a “second” breach, closely following one he announced last month. This makes it the third he has claimed, having also listed the company last year. “Today, I have uploaded the Hewlett Packard Enterprise 2nd breach,” wrote IntelBroker. (CYBERDAILY.AU)
Cryptocurrency
Crazy Evil gang targets crypto with StealC, AMOS and Angel Drainer malware
Crazy Evil has been assessed to be active since at least 2021, functioning primarily as a?traffer team?tasked with redirecting legitimate traffic to malicious landing pages operated by other criminal crews. Allegedly run by a threat actor known on Telegram as @AbrahamCrazyEvil, it serves over 4,800 subscribers on the messaging platform (@CrazyEvilCorp) as of writing. "They monetise the traffic to these botnet operators who intend to compromise users either widely, or specifically to a region, or an operating system," French cybersecurity company Sekoia said in a deep-dive report about traffer services in August 2022. (THEHACKERNEWS.COM)
Canadian charged with stealing $65 million using DeFI crypto exploits
The U.S. Justice Department has charged a Canadian man with stealing roughly $65 million after exploiting two decentralized finance (DeFI) protocols. DeFI platforms are blockchain-based systems that facilitate peer-to-peer financial services, eliminating the need for conventional centralized financial intermediaries like banks or brokerages. These platforms deliver various financial services related to digital assets, enabling their users to lend, invest, earn interest, and trade assets through smart contracts and decentralized applications (dApps). (BLEEPINGCOMPUTER.COM)
Energy
Mississippi electric utility warns 20,000 residents of data breach
An electric utility serving multiple counties in Mississippi was attacked by cybercriminals last summer in an incident that exposed the information of more than 20,000 residents. The Yazoo Valley Electric Power Association initially?warned?customers through social media on August 26 that, due to software problems, they were unable to process payments. The system was?restored?by August 30. In breach notification letters?filed?with regulators last week, the utility confirmed it discovered “suspicious activity” on August 26 and initiated an investigation.?(THERECORD.MEDIA)
Healthcare
Hundreds of thousands hit by data breaches at healthcare firms in Colorado, North Carolina
Asheville Eye Associates and Delta County Memorial Hospital District last week disclosed separate data breaches that impacted hundreds of thousands of individuals. On Friday, Asheville Eye Associates said the personal and medical information of a subset of its patients was compromised as a result of a cybersecurity incident. The potentially compromised information, the North Carolina eye care center said, includes names, addresses, medical treatment information, and health insurance information. The incident did not impact Social Security numbers, credit card numbers, or financial information. (SECURITYWEEK.COM)
Hackers acquired health information as part of Columbus cyber attack, city reveals
Citizens' private health information was compromised when hackers?infiltrated city of Columbus computer systems?last summer, Mayor Andrew Ginther's office announced Monday. Fewer than 1,000 individuals treated by city fire paramedics were impacted by the breach of a Division of Fire database last summer that was not discovered until Dec. 12, a press release said. The database included fire dispatch records, with a small number including brief notes about emergency medical services provided on fire runs, the release states. (DISPATCH.COM)
Malware
Hackers hide malware in fake DeepSeek PyPI packages
Cybersecurity researchers at the Positive Technologies Expert Security Center (PT ESC)?have found a sneaky malware campaign targeting the Python Package Index (PyPI), a popular online repository for?Python software. The attack focused on developers, machine learning engineers, and AI enthusiasts who might integrate DeepSeek AI into their projects. It all began on January 29, when a suspicious user named “bvk,” whose account had been inactive since its creation in June 2023, uploaded two malicious packages: deepseeek or deepseekai. (HACKREAD.COM)
Coyote malware expands reach, now targets 1,030 sites and 73 financial institutions
Brazilian Windows users are the target of a campaign that delivers a banking malware known as?Coyote. "Once deployed, the Coyote Banking Trojan can carry out various malicious activities, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials," Fortinet FortiGuard Labs researcher Cara Lin?said?in an analysis published last week. The cybersecurity company said it discovered over the past month several Windows Shortcut (LNK) file artifacts that contain PowerShell commands responsible for delivering the malware. (THEHACKERNEWS.COM)
Phishing
High-profile X accounts targeted in phishing campaign
A phishing campaign targeting high-profile X accounts has been observed hijacking and exploiting them for fraudulent activity. The campaign, uncovered by SentinelLabs, has impacted various individuals and organizations, including US political figures, international journalists, a platform employee, major technology firms, cryptocurrency organizations and owners of valuable short usernames. SentinelLabs’ analysis links this activity to a similar operation from 2024 that compromised multiple accounts to spread scam content for financial gain. Although this campaign primarily focuses on X accounts, the attackers have also targeted other popular online services. (INFOSECURITY-MAGAZINE.COM)
THREATS
Critical infrastructure
DHS agencies support Super Bowl LIX security
More than 690 employees representing 12 DHS agencies are in New Orleans, providing air security resources; venue, cyber, and infrastructure security assessments; chemical, biological, radiological, nuclear, and explosives detection technologies; intelligence analysis and threat assessments; intellectual property enforcement; and real-time situational awareness reporting as part of a 20-year partnership with the National Football League and state and local law enforcement. (DHS.GOV)
Resilience
Texas to launch cyber command center, Gov. Abbott declares in State of State address
Texas will soon launch a command center to strengthen the state’s ability to anticipate, detect and prevent cyberattacks, Gov. Greg Abbott announced in his State of the State address at the state capitol building in Austin on Sunday. Abbott said the state will partner with the University of San Antonio to create the Texas Cyber Command, taking advantage of the school’s resources to deploy “cutting edge capabilities to better secure our state.” (STATESCOOP.COM)
47% of organizations have put off cybersecurity upgrades
According to a recent Sentry report, 47% of business leaders are optimistic their companies will thrive this year; however, a majority (67%) admit they're feeling more?stressed?compared to last year. Heading into 2025, 82% of executives at larger companies report higher stress levels, compared to 68% of executives at smaller businesses. Nearly half (47%) of executives cite economic uncertainty as their biggest worry, along with supply chain challenges (44%), rising healthcare costs (41%), labor shortages (38%), and inflation (36%). (SECURITYMAGAZINE.COM)
Vulnerabilities
Google fixes Android kernel zero-day exploited in attacks
This high-severity zero-day (tracked as?CVE-2024-53104) is a privilege escalation security flaw in the Android Kernel's?USB Video Class driver?that allows authenticated local threat actors to elevate privileges in low-complexity attacks. The issue occurs because the driver does not accurately parse frames of the type UVC_VS_UNDEFINED within the uvc_parse_format function. As a result, the frame buffer size is miscalculated, leading to potential out-of-bounds writes that can be exploited in?arbitrary code execution or denial-of-service attacks. (BLEEPINGCOMPUTER.COM)
ADVERSARIES
Russia
Russian hackers suspected of accessing Keir Starmer’s personal email
Sir Keir Starmer was forced to abandon his personal email account after the security services investigated a suspected Russian hack. Get In, a new book charting Starmer’s rise to power and his early days in No 10, reveals that in 2022 Starmer, then the Labour leader in opposition, was told that his email account may have been compromised in a sophisticated campaign by Kremlin-linked hackers. Jill Cuthbertson, his head of office, circulated a note without explanation instructing staff not to email Starmer under any circumstances. (THETIMES.COM)
Kazakhstan to audit foreign ministry after suspected Russia-linked cyberattack
The Kazakh Digital Ministry?responded?to the attack after the release of a report detailing a cyberespionage campaign targeting diplomatic entities in Central Asia, including Kazakhstan. The hacker group behind this operation — tracked as UAC-0063 — is potentially linked to the Russian state-sponsored threat actor APT28, also known as Fancy Bear or BlueDelta. Kazakh officials told the news outlet Orda they have been aware since the second half of 2023 of a cyberattack targeting the foreign ministry using the CherrySpy and Hatvibe malware strains. (THERECORD.MEDIA)
Terrorism
Neo-Nazi group leader convicted of plotting Maryland power grid attack
The founder of a Florida-based neo-Nazi group was convicted Monday of conspiring with his former girlfriend to plan an attack on Maryland’s power grid in furtherance of their shared racist beliefs. Brandon Russell, 29, encouraged?Sarah Beth Clendaniel to carry out a series of “sniper attacks”?on electrical substations around Baltimore that could have caused significant damage to the regional power grid, according to federal prosecutors. Their goal was to create chaos in the majority-Black city, prosecutors say. The two were arrested in February 2023 — before the plans were executed. (APNEWS.COM)
Australia sanctions ‘Terrorgram’ white supremacist online group
Australian Foreign Minister Penny Wong?said?in a statement that the sanctions are part of ongoing efforts to combat antisemitism and “keep Australians safe.” It is also the first time Australia has sanctioned an entity based entirely online. “There is no place in Australia for antisemitism, hatred, or violence,” Wong said. The new measures aim to cut off Terrorgram’s access to resources that could support its operations, including funding, recruitment, training or carrying out attacks. Violating these sanctions can result in severe penalties, including up to 10 years in prison and heavy fines. (THERECORD.MEDIA)
Threat actors
XE Group cybercrime gang moves from credit card skimming to zero-day exploits
A?joint investigation?by researchers from Intezer and Solis Security is warning that XE Group targeted VeraCore, a platform used by fulfillment companies, commercial printers, and e-retailers to manage orders and operations. The investigators found evidence the group exploited two previously unknown vulnerabilities — one in upload validation and another in SQL processing — to gain and maintain unauthorized access. According to a research paper, XE Group exploited two zero-day vulnerabilities in the VeraCore application to bypass security controls and deploy webshells to exfiltrate configuration files and move laterally within infected networks. (SECURITYWEEK.COM)
GOVERNMENT AND INDUSTRY
Artificial intelligence
UK announces ‘world-first’ AI security standard
The UK government has announced a new AI Code of Practice which it claims will form the basis of a global standard for securing the technology, through the European Telecommunications Standards Institute (ETSI). Published on Friday as a voluntary code of practice, alongside implementation guidance, it was developed in close collaboration with?the National Cyber Security Centre (NCSC)?and various external stakeholders. The code’s 13 principles cover the secure design, development, deployment, maintenance and end-of-life aspects of the AI lifecycle. They impact?software vendors that develop AI, use third-party AI and offer it to customers, as well as regular organizations that create their own or use externally provided AI services and components. (INFOSECURITY-MAGAZINE.COM)
Meta says it may stop development of AI systems it deems too risky
Meta CEO Mark Zuckerberg has pledged to make artificial general intelligence (AGI) — which is roughly defined as AI that can accomplish any task a human can — openly available one day. But in a?new policy document, Meta suggests that there are certain scenarios in which it may not release a highly capable AI system it developed internally. The document, which Meta is calling its Frontier AI Framework, identifies two types of AI systems the company considers too risky to release: “high risk” and “critical risk” systems. (TECHCRUNCH.COM)
Critical infrastructure
Estonia and Ukraine strengthen ties to protect critical infrastructure
Vladimir Svet, Estonia’s Minister of Infrastructure, and Rostislav Zamlynsky, Deputy Head of Ukraine’s State Agency for Communications and Information Protection, signed a memorandum in Kiev to strengthen their cooperation on critical infrastructure protection. The countries will implement the Memorandum in the coming weeks, exchanging experiences on risk assessment, threat identification and infrastructure protection. Estonia will also support Ukraine in developing sectoral legislation and aligning with EU regulations. (CEENERGYNEWS.COM)
Energy
FERC, NERC to review bulk power system performance during recent cold snap
FERC, the North American Electric Reliability Corporation (NERC), and NERC’s Regional Entities?have launched a joint review of the performance of the bulk power system during the successive cold weather events in January, including a multi-day polar vortex that enveloped much of the United States with bitterly cold weather on January 19-24.?During the events, the bulk power system operated without any major incidents, with no major fuel system disruptions impacting electric generation. (FERC.GOV)
Leadership
CISA hires former DHS CIO into top cyber position
A former cyber executive at the Department of Homeland Security and the Energy Department has joined the Cybersecurity and Infrastructure Security Agency. Karen Evans is now “senior advisor for cybersecurity” at CISA, an agency spokesman confirmed to Federal News Network today. Evans posted about joining CISA on LinkedIn last night. A CISA spokesman did not confirm whether Evans would be elevated to a permanent role at the agency. But multiple sources said Evans is likely to either be named as executive assistant director for cybersecurity at CISA or move on to a top position at DHS headquarters. (FEDERALNEWSNETWORK.COM)
Workforce
39% of IT leaders fear major incident due to excessive workloads
Enterprise security operations teams find themselves stretched thin and contending with an escalating cyber threat landscape today. Many are understaffed and underfunded, leaving CISOs on edge about the consequences for the enterprise —?and their careers. A?recent survey from Adaptavist?about fallout from last summer’s?CrowdStrike outage?found that two out of five (39%) IT leaders “warn that excessive workloads” could lead to a major incident for their companies. “The ongoing war for IT talent is likely exacerbating these issues,” the survey’s writers concluded. (CSOONLINE.COM)
LEGISLATIVE UPDATES
GOP lawmakers push for DHS innovation arm to secure sensitive data
House Republicans have proposed a measure that would push the Department of Homeland Security’s Science and Technology Directorate to better safeguard its sensitive research data from unauthorized access by foreign adversaries.?The legislation was?introduced?Friday by Rep. Dale Strong, R-Ala., and is co-sponsored by Reps. Mark Green, R-Tenn. — chairman of the House Homeland Security Committee — and Gabe Evans, R-Colo.?Strong’s bill would also require that the Government Accountability Office provide a report to Congress on DHS?“compliance with government-wide policies to protect research and development.” (NEXTGOV.COM)
HEARINGS
CYBER WORKFORCE: On Feb. 5, the House Homeland Security Committee is scheduled to hold a hearing to examine the state of America's cyber workforce.
EVENTS
ENERGY: The CSIS Korea Chair brings together policymakers, experts, and scholars on Feb. 5 to discuss ways to enhance U.S.-ROK-Japan trilateral energy cooperation in the Indo-Pacific. This public conference will discuss the Trump administration's energy policy and its implications, ROK-Japan cooperation in Joint Development Zone (JDZ), and the prospects for U.S.-ROK-Japan civil nuclear cooperation to strengthen their partnership in nuclear safety and nonproliferation.
CRYPTOCURRENCY: Within 72 hours of returning to the White House, President Donald Trump issued a landmark Executive Order aimed at reshaping U.S. cryptocurrency policy and positioning America as a global leader in digital assets, blockchain innovation, and financial technology. To break down the significance of this executive action, the Wilson Center’s Digital Assets Forum is hosting a Feb. 6 briefing to analyze its impact, explore what is changing, and discuss how this directive could influence U.S. fiscal and monetary policy moving forward.
CHINA: Join the CSIS China Power Project, Freeman Chair in China Studies, and the Trustee Chair in Chinese Business and Economics on Feb. 11 for the ninth annual conference featuring leading experts debating core issues underpinning China’s power.?
NUCLEAR SECURITY: The CSIS Project on Nuclear Issues will host its 2025 Virtual Winter Conference on Feb. 11.??
ZERO TRUST SUMMIT: This annual event on Feb. 19 in Washington, D.C., is presented by CyberScoop and will feature federal and industry tech and cybersecurity leaders discussing their firsthand experiences and strategies in laying the foundations for and establishing the major pillars of zero-trust cybersecurity.
SPACE SECURITY: Chatham House’s 2025 Space Security Conference online and in person on March 5 convenes policymakers and leaders from the private sector, multilateral organizations, academia and NGOs for a day of high-level interactive discussions examining conflict, competition and cooperation in outer space.?
NUCLEAR: Registration for the Nuclear Regulatory Commission’s 37th annual Regulatory Information Conference is open. The RIC will be held March 11-13 in North Bethesda, Maryland, and online.
AI FAILS: By some estimates, more than 80 percent of AI projects fail. That’s twice the rate of failure for IT projects that don't involve AI. RAND's James Ryseff talked to experienced data scientists and machine learning engineers to uncover five root causes that lead to AI failures—and what can be done to minimize these issues. He’ll discuss the findings in a March 26 webinar.?
FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | FACEBOOK
SUBSCRIBE TO THE CYBER FOCUS PODCAST:?YOUTUBE?|?SPOTIFY?|?APPLE PODCASTS