TODAY'S TOP 5

THREAT LANDSCAPE: The Department of Homeland Security’s annual Homeland Threat Assessment ?predicts that the threat environment will “remain high over the coming year.” Among myriad threats cited in the new report are those posed by foreign influence operations as well as adversaries — nation-states, criminal hacktivists, financially motivated criminals and violent extremists — continuing to target critical infrastructure via prepositioning and both cyber and physical attacks.?

• The assessment notes the “promise and peril” of artificial intelligence, expecting malicious cyber actors “will continue to use advancements in generative AI to incrementally enhance their ability to develop malware, vulnerability scanning, and exploit tools and to improve their social engineering tactics and operations,” while “adversarial states will continue to use AI in their malign influence campaigns.”
• DHS also warns that violent extremists motivated by policy grievances pose a threat to election workers and the voting process, ABC News reports .

ELECTION CONFIDENCE: CISA Director Jen Easterly told the Associated Press that foreign adversaries who try to skew the vote won't be successful as they collide with beefed-up election infrastructure including access controls and regular testing to identify potential vulnerabilities.

• “Things will go wrong," Easterly predicted. "There could be another storm. There could be a ransomware attack, a distributed denial of service attack. These disruptions will create effects, but they will not impact the ability and the votes being cast or those votes being counted.”

OT CYBER PRINCIPLES: Led by the Australian Signals Directorate’s Australian Cyber Security Centre, an international coalition of government agencies including CISA, NSA and the FBI released a document promoting six principles of critical infrastructure operational technology?cybersecurity. “If a decision impacts or breaks one or more of the principles of OT cyber security outlined in this document, then it will likely introduce a vulnerability to the OT environment,” the document states.

MANUFACTURING TARGETS: In the past year, the manufacturing industry has been the top target for ransomware groups due to the sector's lack of technological advancement even as its digital footprint continues to grow, Dark Reading reports on a study finding that the sector accounts for 21% of ransomware attacks.?

• The analysis of 5,000 manufacturing companies found that 80% have?critical vulnerabilities and 67% had at least one vulnerability from CISA’s Known Exploited Vulnerabilities?Catalog, reports Infosecurity Magazine .

CRI EXPLORES AI: The International Counter Ransomware Initiative wraps up its fourth summit today in D.C. Among the body’s accomplishments highlighted in the joint statement released by the White House is Canada’s establishment of a new Public-Private Sector Advisory Panel with a “trusted set of private sector partners” to support CRI members in combating ransomware.?

• “The Initiative also hosted its first-ever event dedicated to examining the use of AI to counter ransomware attacks,” the statement from the CRI’s 68 members said. “Topics of discussion included the use of AI to track threat actor use, AI for Software Security, scenario planning around ransomware attacks on the healthcare industry, and tools such as watermarking to counter disinformation.”

CYBER FOCUS PODCAST

NEW: In the latest episode of Cyber Focus , host Frank Cilluffo speaks with National Security Agency Director of Cybersecurity Dave Luber, who shares insights from his extensive career spanning 37 years in the intelligence community. The discussion focuses on the NSA's dual mission in signals intelligence and cybersecurity, working with industry through the Cybersecurity Collaboration Center, the importance of public-private partnerships and the evolving threat landscape. Luber emphasizes the need for secure-by-design principles, the role of education in developing the next-generation cyber workforce, and the NSA's efforts to address threats from state-sponsored actors such as China and Russia.

SUBSCRIBE TO CYBER FOCUS:?YouTube ?|?Spotify ?|?Apple Podcasts

CYBER AND CI UPDATES

ATTACKS AND INCIDENTS

Cybercrime

Fake trading apps target victims globally via Apple App Store and Google Play

The campaign is part of a consumer investment fraud scheme that's also widely known as?pig butchering, in which prospective victims are lured into making investments in cryptocurrency or other financial instruments after gaining their trust under the guise of a romantic relationship or an investment advisor. (THEHACKERNEWS.COM )

Arrests in international operation targeting cybercriminals in West Africa

Eight individuals have been arrested as part of an ongoing international crackdown on cybercrime, dealing a major blow to criminal operations in C?te d’Ivoire and Nigeria. The arrests were made as part of INTERPOL’s Operation Contender 2.0, an initiative aimed at combating cyber-enabled crimes, primarily in West Africa, through enhanced international intelligence sharing. (INTERPOL.INT )

DDoS

Cloudflare reports thwarting largest-ever DDoS attack

The attack by unknown perpetrators, observed in September, was part of a bigger campaign of more than 100 attacks that constantly exceeded three terabits per second (Tbps) and peaked at 3.8 Tbps. The scale of the attack shows an ever-increasing amplification of distributed denial-of-service attempts, aided in part by the growing number of vulnerable or poorly secured IoT devices. (CSOONLINE.COM )

Energy

In areas hardest hit by Helene, rural cooperatives could need weeks to restore power

Mudslides, flooding and downed trees are challenging utilities in remote areas as they work to restore power. So far, supply chains have kept pace with the need for replacement equipment. (UTILITYDIVE.COM )

Malware

Fake browser updates spread updated WarmCookie malware

FakeUpdate is a cyberattack strategy used by a threat group known as 'SocGolish' that?compromises?or creates fake websites to show visitors fake update prompts?for a variety of applications, such as web browsers, Java, VMware Workstation, WebEx and Proton VPN. (BLEEPINGCOMPUTER.COM )

Ransomware

Hackers pose as British postal carrier to deliver Prince ransomware in destructive campaign

To gain access to their victims' systems, the hackers used malicious emails and public contact forms found on the target organizations’ websites. One phishing email analyzed by Proofpoint appeared to be sent by Royal Mail, alerting the recipient about an unsuccessful package delivery.?(THERECORD.MEDIA )

Telecommunications

Report finds cybercriminal attacks on telecom infrastructure are accelerating, driven by Generative AI and automation

The number and frequency of DDoS attacks have grown from one or two a day to well over 100 per day in many networks, based on traffic monitored by Nokia from June 2023 to June 2024, according to the company’s Threat Intelligence Report.(NOKIA.COM )

Vulnerabilities

Adobe Commerce and Magento stores under attack from CosmicSting exploit

Dutch security firm Sansec, which has?described?CosmicSting as the "worst bug to hit Magento and Adobe Commerce stores in two years," said the e-commerce sites are being compromised at the rate of three to five per hour. (THEHACKERNEWS.COM )

Researchers warn of ongoing attacks exploiting critical Zimbra postjournal flaw

Enterprise security firm Proofpoint said it began observing the activity starting September 28. The attacks seek to exploit?CVE-2024-45519, a severe security flaw in Zimbra's postjournal service that could enable unauthenticated attackers to execute arbitrary commands on affected installations. (THEHACKERNEWS.COM )

Critical Ivanti RCE flaw with public exploit now used in attacks

CISA warned that a critical Ivanti vulnerability that can let threat actors gain remote code execution on?vulnerable Endpoint Manager (EPM) appliances is now actively exploited in attacks. (BLEEPINGCOMPUTER.COM )

THREATS

Cyber defense

14 underrated pentesting tools to round out your red team arsenal

Incorporating?mainstream penetration testing tools?and?lesser-known, but just as powerful, tools can elevate your offensive maturity, helping cover more internal and external attack surfaces that you may have overlooked. (CSOONLINE.COM )

Healthcare

Healthcare workforces need to prep for deep fakes and AI-enabled cyberattacks

It's already happening: CFOs are getting Teams calls from their "CEO" asking for reports on financial transactions, says ChristianaCare CISO Anahi Santiago ahead of her appearance at the 2024 Healthcare Cybersecurity Forum.(HEALTHCAREITNEWS.COM )

Mitigations

MITRE adds mitigations to EMB3D threat model

Aligned with threat models such as CWE, ATT&CK, and CVE, EMB3D aims to help asset owners and operators, vendors, and security researchers improve the security of embedded devices. (SECURITYWEEK.COM )

Vulnerabilities

Research reveals vulnerabilities in routers that left 700,000-plus exposed

ForeScout’s Vedere Labs uncovered 14 now-patched vulnerabilities, one of them the most severe kind, which left hundreds of thousands of routers made by Taiwan-based DrayTek exposed to the public internet. (CYBERSCOOP.COM )

ADVERSARIES

China

China-linked CeranaKeeper targeting Southeast Asia with data exfiltration

Slovak cybersecurity firm ESET, which observed campaigns targeting governmental institutions in Thailand starting in 2023, attributed the activity cluster as aligned to China, leveraging tools previously identified as used by the?Mustang Panda?actor. (THEHACKERNEWS.COM )

Going for the gold: Chinese firms lead U.S. firms in remote sensing ‘Olympics’

A new assessment of global?commercial remote sensing?satellite systems shows that Chinese firms are edging out U.S. commercial firms in capabilities across a broad range of sensor technologies. (BREAKINGDEFENSE.COM )

North Korea

Sanctioned North Korean unit tried to hack at least 3 U.S. organizations this summer

Researchers at Symantec?said?they found evidence that APT45, also known as Andariel and Stonefly, conducted intrusions at three different organizations just one month after the Justice Department published an indictment of a member of the group.?(THERECORD.MEDIA )

Russia

FIN7 hackers launch deepfake nude “generator” sites to spread malware

FIN7 is believed to be a Russian hacking group that has been conducting financial fraud and cybercrime since 2013, with ties to ransomware gangs, such as?DarkSide,?BlackMatter and BlackCat, who recently?conducted an exit scam?after stealing a $20 million?UnitedHealth?ransom payment. (BLEEPINGCOMPUTER.COM )

Russian cyber offensive shifts focus to Ukraine’s military infrastructure

In response to these escalating threats, Ukrainian cybersecurity experts have intensified their?red teaming?efforts, simulating sophisticated attacks to identify and address vulnerabilities in their defence systems. This proactive approach has helped strengthen Ukraine’s cyber resilience against increasingly targeted Russian operations. (HACKREAD.COM )

Threat intelligence

The CIA is soliciting secret tips from informants in the national languages of Iran, North Korea and China

The instructions, in a text-only video and infographic, were posted?online?across multiple social media platforms and sites on the dark web, the agency said.

(NBCNEWS.COM )

GOVERNMENT AND INDUSTRY

Artificial intelligence

DoJ revising vulnerability disclosure framework to encourage AI red teaming

The updates will “address the reporting of vulnerabilities for AI systems and to contemplate issues that might arise under intellectual property laws,” Nicole Argentieri, principal deputy assistant attorney general in DoJ’s criminal division, said during an event hosted by the Center for Strategic and International Studies. (FEDERALNEWSNETWORK.COM )

MORE: Argentieri's full remarks at the Computer Crime and Intellectual Property Section’s symposium (JUSTICE.GOV )

WATCH: AI in the Department of Justice (CSIS.ORG )

AI's chilling impact on global elections

There’s a growing recognition of the need for transparency when AI-powered technology is being utilized in large-scale movements, like political campaigns. Such initiatives are becoming increasingly important as AI's influence in advertising and the spread of information continues to expand, with significant implications for the integrity of elections and voters' privacy. (SECURITYINFOWATCH.COM )

There are ‘literally zero’ skills where AI could replace a human, Indeed’s chief economist says

Based on an Indeed analysis, generative AI is unlikely to replace most work skills, especially those used for in-person roles such as cooks, drivers and nurses. Although generative AI may be more likely to affect technical or computational fields, such as accounting, advertising and software development, these tools still can’t replace workers entirely. (HRDIVE.COM )

ALSO: Fed governor says ‘impressive’ AI innovation has yet to lift productivity (HRDIVE.COM )

Cyber insurance

Despite escalating threat, execs slow to go for cyber insurance

Despite the heightened awareness, nearly 30% of the more than 1,200 business leaders surveyed reported that their companies do not have cyber insurance coverage. However, the number of businesses opting for cyber insurance is growing – 65% of respondents said their organizations had a policy, up from 60% last year and a significant increase from just 39% in 2018. (INSURANCENEWSNET.COM )

Energy

Power grids cybersecurity takes prominence at EU forum

Industry representatives underlined the challenges of creating generic standards fit for diverse use cases. Additionally, regulators and authorities revealed how scarce resources are constraining the speed of capacity-building needed to achieve the required execution performance. (ENISA.EUROPA.EU )

ERCOT, SPP and 3 US regions need ‘significant investment’ in new generating capacity

After two decades of stagnant electricity demand growth, the United States could need up to 300 GW of incremental effective capacity by 2035, according to a BofA Global Research report published Monday. But the growth will not be uniform, with a few regions showing sustained growth, the firm said. (UTILITYDIVE.COM )

Healthcare

HHS finalizes federal health IT strategy to drive systemic improvements in health and care

“The plan represents an important commitment to improving both the access to and the quality of the health care data which are the foundation for developing safe and high-quality AI technologies,” said Keith E. Campbell, program director of the U.S. Food and Drug Administration's Systematic Harmonization and Interoperability Enhancement for Laboratory Data (SHIELD) program. (HHS.GOV )

MORE: 2024-2030 Federal Health IT Strategic Plan (HEALTHIT.GOV )

ALSO: Inside HHS’ ‘one-stop shop’ for health sector cybersecurity (FEDERALNEWSNETWORK.COM )

Military

Commoditizing AI/ML models: An approach through Agile development and model quality simulation

The concept-development and acquisition communities have long treated artificial intelligence and machine learning (AI/ML) as speculative future technologies for next generation military systems, but the Army can no longer ignore the problems of procuring and supplying AI/ML models in current military systems.?(ARMY.MIL )

Nuclear security

Vast nuclear waste dump ordered to pay nearly ￡400,000 over cybersecurity failings

Sellafield?left information that could threaten national security exposed for four years, according to the industry regulator, which brought the charges. It was also found that 75% of its computer servers were vulnerable to cyber-attack.(THEGUARDIAN.COM )

Passwords

Customers are done with passwords. Do businesses have a solution?

Nearly?9 in 10 consumers?complain about keeping track of their passwords, according to a?Ping Identity survey?of 8,000 consumers across the world released Wednesday.?Three-quarters of consumers want to change how they login to apps and websites.?(CYBERSECURITYDIVE.COM )

Privacy

Meta smart glasses can be used to dox anyone in seconds, study finds

Two Harvard students recently?revealed?that it's possible to combine Meta smart glasses with face image search technology to "reveal anyone's personal details," including their name, address, and phone number, "just from looking at them."(ARSTECHNICA.COM )

Social media

Telegram has disclosed criminal data to authorities for years, Durov says

The founder of the popular messaging app Telegram stated that the recently announced updates to the platform’s terms of service don’t represent a big change in how it interacts with law enforcement, as the company has been disclosing criminal data to authorities for years. (THERECORD.MEDIA )

Supply chain

Administration to invest up to $100 million to accelerate R&D and AI technologies for sustainable semiconductor materials

The Department of Commerce issued a?notice of intent?to announce an open competition demonstrating how AI can assist in developing new sustainable semiconductor materials and processes that meet industry needs and can be designed and adopted within five years. (COMMERCE.GOV )

Workforce

Cyber Leaders Exchange 2024: ONCD’s Harry Wingo on lowering barriers to good-paying cyber jobs

The idea is to focus more on evaluating candidates’ skills, as opposed to relying purely on educational degrees and self-assessments. The White House expects that by transitioning to skills evaluations and on-the-job training public and private sector organizations can fill nearly 500,000 open jobs. (FEDERALNEWSNETWORK.COM )

MORE: CISA’s Jeff Greene at Cyber Leaders Exchange 2024 on challenging the status quo (FEDERALNEWSNETWORK.COM )

Tomorrow’s cyber talents might already work in-house

Filling cybersecurity and IT positions is, for many governments, a long-standing challenge. At NASCIO, Montana CIO Kevin Gilbertson explains his state’s successful strategy of hiring and training up applicants from other government agencies. (GOVTECH.COM )

LEGISLATIVE UPDATES

ARTIFICIAL INTELLIGENCE: Rep. Rick Larsen (D-Wash.) introduced a bill to provide Department of Defense personnel with increased access to training and education in artificial intelligence and machine learning. (H.R. 9903 )

DAM SECURITY: Reps. Debbie Dingell (D-Mich.) and John Moolenaar (R-Mich.) reintroduced the National Dam and Hydropower Safety Improvements Act, which aims to enhance dam and hydropower safety operation requirements nationwide and modernize existing infrastructure through the development of new best practices and improved communications between the Federal Energy Regulatory Commission and states. (H.R. 9893 )

EDUCATION SECURITY: Reps. Jared?Moskowitz (D-Fla.), Mario Díaz-Balart (R-Fla.), Sheila Cherfilus-McCormick (D-Fla.) and Brian Fitzpatrick (R-Pa.) introduced the School Safety Notification System Act to require school districts to develop emergency response and parental notification procedures for certain threats and emergencies. (H.R. 9906 )

SMART CITIES: Reps. Suzan DelBene (D-Wash.) and Yvette Clarke (D-N.Y.) introduced the Smart Cities and Communities Act to expand smart city technologies and improve federal coordination of these programs, including improving the quality and performance of smart city technologies while assessing and enhancing cybersecurity and privacy protections.?(H.R. 9892 )

EVENTS

IT MODERNIZATION FOR THE IC: The 8th?Annual Intel IT Modernization Summit?Oct. 9-10 in National Harbor, Md., will convene senior-level experts, policymakers and innovators from across the intelligence community, military services, U.S. government and industry to highlight advanced technologies and strategies aimed at modernizing IT infrastructure to ensure robust intelligence capabilities.

CYBERSECURITY AWARENESS MONTH: CISA will host a webinar Oct. 16 to mark Cybersecurity Career Week and discuss the latest programs and resources aimed at filling the cyber workforce gap.

CISA’s School Safety Task Force will hold a webinar Oct. 23 on helping K-12 schools and school districts address systemic cybersecurity risks and strengthen their cyber posture.

GET THE DAILY CYBER BRIEFING IN YOUR INBOX: SUBSCRIBE