TODAY'S TOP 5

DEEPSEEK’S DEEP HOLES: Ever since OpenAI released?ChatGPT?at the end of 2022, hackers and security researchers have tried to find holes in?large language models?(LLMs) to get around their guardrails and trick them into spewing out hate speech, bomb-making instructions, propaganda, and other harmful content. In response, OpenAI and other generative AI developers have refined their system defenses to make it more difficult to carry out these attacks, WIRED reports. But as the Chinese AI platform DeepSeek rockets to prominence with its?new, cheaper R1 reasoning model, its safety protections appear to be far behind those of its established competitors. Security researchers from Cisco and the University of Pennsylvania found that, when tested with 50 malicious prompts designed to elicit toxic content, DeepSeek’s model did not detect or block a single one. In other words, the researchers say they were shocked to achieve a “100 percent attack success rate.”

• When word first came last week that China’s AI startup DeepSeek had launched an artificial intelligence assistant that could compete with top-tier U.S.-made models – and that it had done so for a small fraction of the cost – the news sent shudders through the American tech sector and caused a selloff in the stocks of some of the biggest U.S. tech companies. How had China caught up so quickly, particularly given recent U.S. export controls aimed at slowing China’s progress in the AI space??Experts at The Cipher Brief discuss what it means for national security.

EVEN THE GOVERNMENT CAN GET CRYPTOJACKED: Cryptojacking, the tactic of breaking into a device to steal computing resources and mine crypto, is a pervasive, frustrating and expensive problem. But attacks like these can also raise cybersecurity concerns, especially when they happen to the federal government. Last fall, the U.S. Agency for International Development learned it was hit by a cryptojacking incident, according to documents viewed by Scoop News Group. The agency was notified by Microsoft that a global administrator account located in a test environment had been breached through a password spray attack — a brute force attempt to enter a system by guessing a series of passwords.?That account was then used to create another account — and both were then deployed to begin crypto-mining processes through USAID’s Azure resources. The result was around half a million dollars in cloud service charges to the agency.

• An all-staff email distribution list at the National Oceanic and Atmospheric Administration was bombarded with crude emails Thursday night, prompting a review by its top IT official, FedScoop reports. Vice Admiral Nancy Hann, NOAA’s deputy undersecretary for operations, said the agency was “subject to a cyber attack using a NOAA all hands email account” and that the OCIO was investigating to make sure it doesn’t happen again.

A LIGHTER CYBER BURDEN ON FORCES: As part of ongoing efforts to modernize its network, the Marine Corps wants more centralized monitoring to alleviate the burden for forces on the battlefield, DefenseScoop reports. Commands at the tactical edge don’t always have the resources or the know-how to deal with the sophisticated digital threats facing the network. “Our adversary is certainly not standing still. They’ve been watching us for quite some time and they’re up to some things and they’re evolving quite a bit … What we know now is that the adversaries will get into the systems and they’ll go dormant and sleep. But we have to have the ability to not only hunt forward, but the persistent presence inside our networks to ensure” security, Lt. Gen. Melvin “Jerry” Carter, deputy commandant for information, said in an interview at the annual WEST conference.

NO BUYOUTS FOR CISA: At least two offices in the Department of Homeland Security were told Thursday that they are not allowed to take a deferred buyout offer from the Office of Personnel Management that was sent to the federal workforce earlier in the week, arguing that their positions are vital for national security purposes. Those bureaus include the Cybersecurity and Infrastructure Security Agency, as well as Customs and Border Protection, according to multiple people familiar with the matter and email notifications obtained by?Nextgov/FCW.

• The exemption notices demonstrate how agencies and their leaders are taking different approaches to the severance program. But CISA being among them is notable because the Trump administration has vowed to reduce the size and scope of the cyber agency.

DOGE MOVES: The U.S. Agency for International Development’s director of security and his deputy were placed on administrative leave Saturday after they tried to prevent employees from the Department of Government Efficiency from accessing secure USAID systems, five sources familiar with the events told NBC News. The USAID systems the DOGE team tried to access included personnel files and security systems, including classified systems beyond the security level of at least some of the DOGE employees, according to three of the sources.?The systems also included security clearance information for agency employees, two of the sources said.

• DOGE gained access to sensitive Treasury data including Social Security and Medicare customer payment systems, according to two people familiar with the situation, the Associated Press reports.?
• Some senior career employees at OPM have had their access revoked to some of the department's data systems, Reuters reports. The systems include a vast database called Enterprise Human Resources Integration, which contains dates of birth, Social Security numbers, appraisals, home addresses, pay grades and length of service of government workers, the officials said. “We have no visibility into what they are doing with the computer and data systems," one official said. "That is creating great concern. There is no oversight. It creates real cybersecurity and hacking implications."

CYBER FOCUS PODCAST

In the latest episode of Cyber Focus, host Frank Cilluffo sits down with Laura Galante, director of the Cyber Threat Intelligence Integration Center (CTIIC), and Lauren Goldman, head of Analysis and Analytic Integration at CTIIC. They discuss CTIIC’s evolving role in integrating intelligence across agencies and sectors, its initiatives to bolster critical infrastructure resilience, and its approach to public-private partnerships. The conversation also explores threats from adversarial nation-states such as China, operational collaboration for cybersecurity, and the integration of intelligence to address ransomware trends globally.

SUBSCRIBE TO CYBER FOCUS:?YouTube?|?Spotify?|?Apple Podcasts

CYBER AND CI UPDATES

ATTACKS AND INCIDENTS

Breaches

Tata Technologies hit by ransomware attack

Tata Technologies Limited, a subsidiary of the Indian conglomerate Tata Group, has been the victim of a ransomware attack affecting some of its IT assets. The publicly traded company informed the Bombay Stock Exchange (BSE) of the attack in?a January 31 letter. The tech giant temporarily suspended some IT services as a precaution, but they have now been restored. Client delivery services remained fully operational and unaffected throughout. (INFOSECURITY-MAGAZINE.COM)

Globe Life data breach may impact an additional 850,000 clients

Insurance giant Globe Life finished the investigation into the data breach it suffered last June and says that the incident may have impacted an additional?850,000 customers. Globe Life was founded in 1900 and is one of the largest providers of life and health insurance plans in the United States. It has a market capitalization of $12 billion and a total revenue that exceeds $5.3 billion. On June 13, 2024, the company discovered during a security review of its networks that?it had been compromised?by hackers who had gained unauthorized access to one of its web portals. (BLEEPINGCOMPUTER.COM)

Mizuno USA says hackers stayed in its network for two months

Mizuno USA, a subsidiary of Mizuno Corporation, one of the world's largest sporting goods manufacturers, confirmed in data breach notification letters that unknown attackers stole files from its network between August and October 2024. Headquartered in Peachtree Corners, Georgia, Mizuno USA manufactures and distributes golf, running, baseball, volleyball, softball, swimming, and tennis equipment, apparel, and footwear for North America. (BLEEPINGCOMPUTER.COM)

Casio and 16 other websites hit by double-entry web skimming attack

A recent investigation has revealed a significant web skimming campaign affecting at least 17 websites, including the UK site of electronics giant?Casio.?Researchers uncovered these infections, likely stemming from vulnerabilities in Magento or similar e-commerce platforms, and are working to notify all affected parties.??Client-side web security provider, Jscrambler, has published exclusive details about a?web skimmer infection?that impacted electronic brand Casio’s UK website and 16 additional victims, and detected on January 28.?(HACKREAD.COM)

Cybercrime

Cybercrime websites selling hacking tools to transnational organized crime groups seized

The Justice Department announced the coordinated seizure of 39 domains and their associated servers in an international disruption of a Pakistan-based network of online marketplaces selling hacking and fraud-enabling tools operated by a group known as Saim Raza (also known as HeartSender). The seizures were conducted in coordination with the Dutch National Police. According to the affidavit filed in support of these seizures, Saim Raza has used these cybercrime websites since at least 2020 to sell phishing toolkits and other fraud-enabling tools to transnational organized crime groups, who used them to target numerous victims in the United States, resulting in over $3 million in victim losses. (JUSTICE.GOV)

Exploits

Threat actors target public-facing apps for initial access

Threat actors are increasing their focus on exploiting public-facing applications to achieve?initial access, according to Cisco Talos’?Incident Response Trends in Q4 2024?report. The exploitation of public-facing applications was the most common method of gaining initial access in Q4 2024, making up 40% of incidents. The researchers said this marked a “notable shift” in initial access techniques. Prior to this quarter,?account compromise?had been their most observed method of initial access for over a year. (INFOSECURITY-MAGAZINE.COM)

Healthcare

U.S. healthcare provider data breach impacts 1 million patients

Community Health Center (CHC), a leading Connecticut healthcare provider, is notifying over 1 million patients of a data breach that impacted their personal and health data. The non-profit organization provides primary medical, dental, and mental health services to more than 145,000 active patients. CHC said in a Thursday?filing with Maine's attorney general?that unknown attackers gained access to its network in mid-October 2024, a breach discovered more than two months later, on January 2, 2025. (BLEEPINGCOMPUTER.COM)

NorthBay Health data breach impacts 569,000 individuals

According to the organization, the unauthorized access to its network was identified on February 23, 2024, but the attackers had access to its systems between January 11 and April 1. During that time, the attackers accessed certain files containing personal information such as names, dates of birth, Social Security numbers, driver’s license numbers, passport and other government ID numbers, medical information, and biometric information. (SECURITYWEEK.COM)

Malware

Hackers use fake wedding invitations to spread Android malware in Southeast Asia

Since mid-2024, the attackers have been spreading the malware through private and group chats on Telegram and WhatsApp, inviting users to weddings and prompting them to install a mobile app to receive the invitation, according to a?report?published Thursday by Russian cybersecurity firm Kaspersky. Once installed, the malware steals sensitive data from SMS messages, emails, including Gmail and Outlook, call logs, and messaging apps like WhatsApp and WhatsApp Business. (THERECORD.MEDIA)

Hackers hijack JFK file release: Malware?and phishing surge

Veriti Research has uncovered a potentially growing cyber threat campaign surrounding the release of the declassified JFK, RFK, and MLK files. Attackers are capitalizing on public interest in these historical documents to launch potential malware campaigns, phishing schemes, and exploit attempts. Our research indicates that cybercriminals are quick to react to major public events, and this case is no exception.?As the files gain media attention, attackers are starting to create potential infrastructure for their upcoming attacks.?(SECURITYBOULEVARD.COM)

Spyware

WhatsApp says journalists and civil society members were targets of Israeli spyware

Nearly 100 journalists and other members of civil society using?WhatsApp, the popular messaging app owned by Meta, were targeted by spyware owned by Paragon Solutions, an Israeli maker of hacking software, the company alleged on Friday. The journalists and other civil society members were being alerted of a possible breach of their devices, with WhatsApp telling the Guardian it had “high confidence” that the 90 users in question had been targeted and “possibly compromised.” It is not clear who was behind the attack.?(THEGUARDIAN.COM)

Former Polish justice minister arrested in sprawling spyware probe

Ziobro’s arrest is the latest high-profile action in a probe the country’s new prime minister has undertaken to mete out justice for nearly 600 people who are believed to have been victims of the spyware attacks. The abuses took place from 2017 to 2022. In February, current Prime Minister DonaldDaniel Tusk said that he had?surfaced?documents which “confirm 100%” that the prior administration had used a powerful zero-click form of spyware known as Pegasus to target opponents. Pegasus is manufactured by the NSO Group, which is based in Israel. (THERECORD.MEDIA)

THREATS

Malvertising

Malvertising scam uses fake Google ads to hijack Microsoft advertising accounts

Cybersecurity researchers have discovered a malvertising campaign that's targeting Microsoft advertisers with bogus Google ads that aim to take them to phishing pages that are capable of harvesting their credentials. "These malicious ads, appearing on Google Search, are designed to steal the login information of users trying to access Microsoft's advertising platform," Jér?me Segura, senior director of research at Malwarebytes,?said?in a Thursday report. (THEHACKERNEWS.COM)

Resilience

Security tool consolidation boosts efficiency, threat mitigation

Organizations that have consolidated security spending into integrated platforms have experienced improved cyber resilience and stronger operational efficiencies, according to a?study released Tuesday by IBM and Palo Alto Networks.?Managing security stacks has been a struggle for organizations,?which juggle an average of 83 different security tools from 29 different vendors, according to the study. More importantly, the “platformization” model reduces the time it takes to identify and mitigate security incidents by an average of 74 days and 84 days, respectively, the study found. (CYBERSECURITYDIVE.COM)

Critical UK government systems at high risk, warn auditors

The British government fell short of its goal of significantly fortifying civilian IT systems to withstand cyberattacks by 2025, warned auditors in a report highlighting that much of officialdom runs on legacy systems. The United Kingdom?vowed?in a 2022 strategy for cybersecurity to significantly upgrade the defenses of critical functions against cyberattacks over the next three years. The entire public sector, the strategy said, should be resilient to known vulnerabilities and attack methods no later than 2030. (GOVINFOSECURITY.COM)

Transportation

Crash sheds light on strained workforce controlling the skies

The fatal midair collision over the Potomac River on Wednesday should be a wake-up call to Congress and the nation to address long-unresolved issues like an air traffic controller shortage and D.C. airspace congestion, according to many in the aviation industry.?Chief among the concerns is the potential impact of President Donald Trump’s promised cuts to the federal workforce and government spending, which they warn could disrupt expertise and funding at the Federal Aviation Administration and harm aviation safety. (ROLLCALL.COM)

ADVERSARIES

China

Chinese AI app DeepSeek was downloaded by millions. Deleting it might come next

The amount of data and information that bad actors in China could harvest from DeepSeek is 20 times worse than what could be collected from a Google search, says Dewardric McNeal, managing director and senior policy analyst at risk management firm Longview Global, which advises companies on China strategy. “It is a rich trove of intelligence,”?said McNeal, who has studied the details of Chinese government data sharing requirements for domestic firms. (CNBC.COM)

Italy bans China's DeepSeek AI chatbot over privacy fears

The Italian Protection Data Authority, known locally as the Garante, ordered the technology company to cease its alleged operations in Italy on Thursday. The move came shortly after the firm failed to satisfy local regulators' inquiries into its privacy policies, the watchdog?said?in a statement.?DeepSeek has faced plenty of opposition over its data collection practices?from western regulators, who say they fear the firm could exploit foreigners’ data for espionage and other nefarious purposes. (DECRYPT.CO)

Abbott bars Texas officials from using DeepSeek, RedNote on government devices

In recent weeks, DeepSeek, an?artificial intelligence (AI) startup, and RedNote, a short-form video?social media app, have surged in popularity across the country as concerns about Chinese-owned tech continue to escalate following TikTok’s?short-lived ban?in the U.S. “State agencies and employees responsible for handling critical infrastructure, intellectual property, and personal information must be protected from malicious espionage operations by the Chinese Communist Party,” Abbott?said. (THEHILL.COM)

The future of China's new information support force

In December 2024, Xi Jinping made a highly publicized?visit?to the PLA’s newly formed Information Support Force (ISF), underscoring its strategic importance to the People’s Liberation Army. The?establishment?of the force earlier that year marked a pivotal step in China’s evolving military strategy and Xi’s vision for the force. But what does its future hold? Recent PLA statements, exercises, and leadership directives provide essential clues about the nascent force’s likely trajectory. (DEFENSEONE.COM)

Russia

Norway seizes Russian-crewed ship on suspicion of causing ‘serious damage’ to undersea cable between Latvia and Sweden

Troms Police in northern Norway located the Silver Dania ship on Thursday evening, following a request from Latvian authorities, and it was brought into the port of Tromso Friday morning, according to a?police statement. “There is suspicion that the ship has been involved in?serious damage?to a fiber cable in the Baltic Sea between Latvia and Sweden. The police are conducting an operation on the ship to search, conduct interviews, and secure evidence,” the statement said. The Silver Dania is Norwegian-registered and Norwegian-owned, police said, but the crew on board is Russian. (CNN.COM)

Russia blocked a record 417K websites in 2024

According to Vyorstka’s analysis of?data?from the internet freedom NGO Roskomsvoboda, a total of 523,000 websites were restricted last year. Of those, access was later restored to approximately 106,000, leaving more than 417,000 sites permanently inaccessible. Despite the record number of blockings in 2024, the highest total ever recorded was in 2023, when authorities restricted access to 571,000 online resources. However, only 197,000 remained blocked by the year’s end. (THEMOSCOWTIMES.COM)

GOVERNMENT AND INDUSTRY

Artificial intelligence

AI's power requirements under exponential growth

Globally, AI data centers could need ten gigawatts (GW) of additional power capacity in 2025, which is more than the total power capacity of the state of Utah. If exponential growth in chip supply continues, AI data centers will need 68 GW in total by 2027 — almost a doubling of global data center power requirements from 2022 and close to California's 2022 total power capacity of 86 GW. (RAND.ORG)

Deepseek’s AI breakthroughs don’t change the fundamentals — but they are a warning

China’s AI ambitions have long been hamstrung by a critical weakness: access to high-end computing hardware. US export controls have effectively cut Beijing off from the most advanced AI chips, putting a hard ceiling on its ability to compete at the highest level. But that hasn’t stopped China from trying to work around these limitations. (AEI.ORG)

Biometrics

DHS watchdog investigating TSA’s use of facial recognition

The Department of Homeland Security’s top watchdog is investigating the growing use of facial recognition technology in the security screening process at U.S. airports, a Democratic lawmaker announced on Friday.?Sen. Jeff Merkley, D-Ore., and a bipartisan group of senators previously sent a letter to DHS Inspector General Joseph Cuffari in November?calling for a thorough review?of the Transportation Security Administration’s deployment of biometric technologies to verify travelers’ identities “from both an authorities and privacy perspective.”?That request was signed by a total of 12 senators, including seven Democrats and five Republicans. (NEXTGOV.COM)

Education

Cyber measures for education cool in state legislatures as sector matures

The nonprofit Consortium for School Networking on Thursday published a report showing that state legislatures last year introduced fewer cybersecurity bills affecting educational institutions, an indication of maturity in government policies, not reduced interest, according to the group. The consortium’s?State and Federal Cybersecurity Policy and Education in 2024?report collects information on state cybersecurity legislation affecting K-12 and postsecondary schools across the country. From 42 states, it tallies 258 bills introduced last year, 29 of which became law. This was a decline from 307 bills and 75 new laws in 2023. (STATESCOOP.COM)

ICS/OT

ISA releases updated ANSI/ISA-62443-2-1-2024 standard to strengthen industrial cybersecurity

Aligned with the comprehensive definition and scope of IACS in ISA-62443-1-1, the standard ensures consistency with industry best practices. Importantly, it expands the term ‘asset owner’ to include IACS operators,?highlighting their?shared responsibility in maintaining robust security measures. The release reinforces ISA’s dedication to strengthening cybersecurity in industrial environments, offering a clear, actionable framework to protect critical infrastructure against growing threats. (INDUSTRIALCYBER.CO)

LEGISLATIVE UPDATES

Bill requiring federal contractors to have vulnerability disclosure policies gets House redo

The Federal Contractor Cybersecurity Vulnerability Reduction Act, a bicameral, bipartisan bill that?stalled out last year in the Senate, was reintroduced Friday in the House by Reps. Nancy Mace, R-S.C., and Shontel Brown, D-Ohio.?The bill, whose?2024 companion in the upper chamber?came from Sens. Mark Warner, D-Va., and James Lankford, R-Okla., calls on the Office of Management and Budget and the Defense Department to update federal acquisition policies to require all federal contractors to institute vulnerability disclosure policies (VDPs). (CYBERSCOOP.COM)

HEARINGS

CYBER WORKFORCE: On Feb. 5, the House Homeland Security Committee is scheduled to hold a hearing to examine the state of America's cyber workforce.

EVENTS

ENERGY: The CSIS Korea Chair brings together policymakers, experts, and scholars on Feb. 5 to discuss ways to enhance U.S.-ROK-Japan trilateral energy cooperation in the Indo-Pacific. This public conference will discuss the Trump administration's energy policy and its implications, ROK-Japan cooperation in Joint Development Zone (JDZ), and the prospects for U.S.-ROK-Japan civil nuclear cooperation to strengthen their partnership in nuclear safety and nonproliferation.

CRYPTOCURRENCY: Within 72 hours of returning to the White House, President Donald Trump issued a landmark Executive Order aimed at reshaping U.S. cryptocurrency policy and positioning America as a global leader in digital assets, blockchain innovation, and financial technology. To break down the significance of this executive action, the Wilson Center’s Digital Assets Forum is hosting a Feb. 6 briefing to analyze its impact, explore what is changing, and discuss how this directive could influence U.S. fiscal and monetary policy moving forward.

CHINA: Join the CSIS China Power Project, Freeman Chair in China Studies, and the Trustee Chair in Chinese Business and Economics on Feb. 11 for the ninth annual conference featuring leading experts debating core issues underpinning China’s power.?

NUCLEAR SECURITY: The CSIS Project on Nuclear Issues will host its 2025 Virtual Winter Conference on Feb. 11.??

ZERO TRUST SUMMIT: This annual event on Feb. 19 in Washington, D.C., is presented by CyberScoop and will feature federal and industry tech and cybersecurity leaders discussing their firsthand experiences and strategies in laying the foundations for and establishing the major pillars of zero-trust cybersecurity.

SPACE SECURITY: Chatham House’s 2025 Space Security Conference online and in person on March 5 convenes policymakers and leaders from the private sector, multilateral organizations, academia and NGOs for a day of high-level interactive discussions examining conflict, competition and cooperation in outer space.?

AI FAILS: By some estimates, more than 80 percent of AI projects fail. That’s twice the rate of failure for IT projects that don't involve AI. RAND's James Ryseff talked to experienced data scientists and machine learning engineers to uncover five root causes that lead to AI failures—and what can be done to minimize these issues. He’ll discuss the findings in a March 26 webinar.?

FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | FACEBOOK

SUBSCRIBE TO THE CYBER FOCUS PODCAST:?YOUTUBE?|?SPOTIFY?|?APPLE PODCASTS

GET THE DAILY CYBER BRIEFING IN YOUR INBOX: SUBSCRIBE