TODAY'S TOP 5

TODAY'S TOP 5

STARK INFRASTRUCTURE WARNING FOR UK: Russia is prepared to launch a wave of cyber attacks on Britain that could “turn out the lights for millions,” a British Cabinet minister will warn at a Nato conference today, the Telegraph reports. The Kremlin is “exceptionally aggressive and reckless in the cyber realm” and wants to gain a “strategic advantage and degrade the states that support Ukraine,” Pat McFadden, who oversees policy on national security and state threats, will warn.

  • “Military hard power is one thing. But cyber war can be destabilising and debilitating. With a cyber attack, Russia can turn the lights off for millions of people. It can shut down the power grids. This is the hidden war Russia is waging with Ukraine.”
  • McFadden’s warning is designed to ensure that Britain’s critical national infrastructure and businesses do not underestimate the threat, and have the right protections in place.

TELECOMS MEET ON CHINA ATTACK: Senior White House officials met on Friday with telecommunications executives to discuss China's "significant cyber espionage campaign targeting the sector," the White House said. Reuters reports that the meeting was hosted by national security adviser Jake Sullivan and Anne Neuberger, deputy national security adviser for cyber and emerging technology, and “was an opportunity to hear from telecommunications sector executives on how the U.S. government can partner with and support the private sector on hardening against sophisticated nation state attacks," the White House said in a statement.

  • The revelations about China’s cyber attack highlight the rising cyberthreats tied to geopolitics and nation-state actor rivals of the U.S., CNBC reports, but inside the federal government there’s disagreement on how to fight back, with some advocates calling for the creation of an independent federal U.S. Cyber Force. As the Pentagon doubles down on its resistance to establishment of a separate U.S. Cyber Force, the incoming Trump administration could play a significant role in shaping whether America leans toward a centralized cyber strategy or reinforces the current integrated framework that emphasizes cross-branch coordination.

U.S. Air Force Capt. John Tibbetts, network analyst lead for the 275th Cyber Operations Squadron, host analyst lead Sgt. Justin Rodgers and network analyst Master Sgt. Zachary Lidie go over a defensive training in the cyber operations building at the 175 Wing, Warfield Air National Guard Base, Middle River, Maryland, on Jan. 12, 2022. (U.S. Air National Guard photo by Airman 1st Class Alexandra Huettner)

CNMF EXPANDS OPS: An American cyber military unit that carries out cyber operations abroad significantly expanded operations in 2024 as Chinese hackers infiltrated critical infrastructure, positioning for potential conflict with the United States, a senior U.S. Cyber Command official said Friday, GovInfoSecurity reports. The Cyber National Mission Force has been deployed more than 85 times over the past year and carried out missions spanning across at least 80 networks, said Morgan Adamski, executive director of the U.S. Cyber Command. 

  • Adamski said the force has significantly evolved since its 2014 launch to combat hacking and protect domestic critical infrastructure, a mission that is increasingly urgent as attacks on Department of Defense networks escalated in the years that followed. "Cyberspace is a warfighting domain," Adamski said while speaking at the Cyberwarcon security conference in Arlington, Va. 

NEW CYBER CHALLENGE FOR HEALTHCARE: Artificial intelligence could ease pernicious labor challenges facing the healthcare sector, but health systems will need to boost their cybersecurity spending to manage increased risks, according to a report by Moody’s Ratings. The emerging technology could help recruit and retain staff through tools that help nurses pick more flexible schedules or assist clinicians documenting clinical care, according to the credit ratings agency, Cybersecurity Dive reports. But new technology also brings more vulnerabilities for hackers to exploit — already a challenge for the healthcare industry, which is dependent on IT systems that house sensitive and valuable patient data.

GETTING THE ARMY AI-READY: The Army’s artificial intelligence accelerator, Project Linchpin, is working with open source software firm Red Hat to unveil an initial version of its AI development architecture as early as this week, product lead Bharat Patel said. The architecture, in essence, is a set of common technical standards — Application Programming Interfaces (API), data labeling protocols, and so on — to ensure that AIs built for the Army by different vendors are all compatible. By creating a level playing field for competition among innovative companies of different sizes, this “open architecture” should allow the Army to use whichever algorithms it likes best into its suite of AI software, fully confident the different products will work together, Patel and other officials explained in public comments and interviews with Breaking Defense.

CYBER FOCUS PODCAST

(

In the latest episode of Cyber Focus, host Frank Cilluffo sits down with former Deputy Assistant National Cyber Director Cheri Caddy, a McCrary senior fellow and senior technical advisor at the Department of Energy. They discuss the cybersecurity challenges surrounding connected vehicles, examining how modern cars are effectively "computers on wheels" and the broader implications for privacy, data security and national security. Cheri highlights the convergence of IT and OT systems in vehicles, the need for cyber-informed engineering and the importance of regulatory harmonization in addressing these challenges.

SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts

CYBER AND CI UPDATES

ATTACKS AND INCIDENTS

Breaches

Software company providing services to US and UK grocery stores says it was hit by ransomware attack

The hackers hit Blue Yonder — an Arizona-based software firm acquired by Panasonic in 2021 — affecting a private cloud computing service the company provides some customers, but not the company’s public cloud environment. A Blue Yonder spokesperson did not answer questions about which clients were affected, including those in the United States. But messages Blue Yonder sent to customers CNN reviewed show the company is scrambling to work with U.S.-based clients to mitigate any impacts on customers. (CNN.COM)

Yakuza victim data leaked in Japanese agency attack

Japan's web of ruthless Yakuza organized crime syndicates continues to operate, threatening the country's citizens with everything from extortion to gangland murders. Local agencies within communities are set up to help those who get involved with gangsters — but unfortunately, one of them has been hacked, potentially leading to physical safety consequences for the victims. (DARKREADING.COM)

Hackers breach Andrew Tate’s online university, obtain chat logs and leak data on 800,000 users

In a statement on the breach, the hackers claimed that after accessing the data they were able to leverage a vulnerability “to upload emojis, delete attachments, crash everyone’s clients, and temporarily ban people” from the platform. A source with knowledge of the breach told the Daily Dot that “hacktivism” was cited as a motive, and that the platform’s security was described as “hilariously insecure.” (DAILYDOT.COM)

Finastra breach puts file transfer security in the spotlight, says expert

While the root cause has not yet been fully identified, Finastra said, initial evidence suggests that compromised credentials are to blame for the attack. Paige Mullen, product manager at cyber defense from ACDS, told ITPro that, similar to a recent breach at MOVEit over the summer, this incident points to the importance of transfer tooling. (ITPRO.COM)

Malware

Faux ChatGPT, Claude API packages deliver JarkaStealer

Publishing open source packages with malware hidden inside is a popular way to infect application developers, and the organizations they work for or serve as customers. In this latest case, the targets were engineers eager to make the most out of OpenAI's ChatGPT and Anthrophic's Claude generative artificial intelligence (GenAI) platforms. The packages, claiming to offer application programming interface (API) access to the chatbot functionality, actually deliver an infostealer called "JarkaStealer." (DARKREADING.COM)

Hackers abuse Avast anti-rootkit driver to disable defenses

Security researchers at cybersecurity company Trellix recently discovered a new attack that leverages the bring-your-own-vulnerable-driver (BYOVD) approach with an old version of the anti-rootkit driver to stop security products on a targeted system. The malware uses a hardcoded list of 142 processes associated with security tools and checks it against multiple snapshots of active processes on the system. (BLEEPINGCOMPUTER.COM)

Ransomware

Five ransomware groups responsible for 40% of cyber attacks in 2024

Five ransomware groups, including RansomHub and LockBit 3.0, accounted for 40% of all cyber-attacks in Q3 2024, highlighting the increasing complexity and competition within the ransomware ecosystem, according to research by Corvus Insurance. RansomHub has quickly filled the void left by disruption to LockBit’s infrastructure and has accounted for more than 290 victims across various sectors in 2024. The overall number of active ransomware groups across the world rose to reach 59, according to the research. (INFOSECURITY-MAGAZINE.COM)

Scams

Bangkok busts SMS Blaster sending 1 million scam texts from a van

The device, which reportedly had a range of approximately three kilometers (10,000 feet), could send out messages at a rate of 100,000 every hour. Over three days, the scammers sent almost one million SMS text messages to mobile devices in range that stated, "Your 9,268 points are about to expire! Hurry up and redeem your gift now." (BLEEPINGCOMPUTER.COM)

(USCG photo by PA2 James Dillard)

THREATS

Critical infrastructure

Operational integrity as the cornerstone of cyber-physical risk in petrochemicals

Despite extensive discussions on network segmentation, anomaly detection, advanced authentication, vulnerability management, and secure communication protocols, cyber-physical risk in petrochemical installations extends beyond digital system security. It centers on the interplay between cyber systems and the physical processes they control. Malicious actions targeting automation systems are not isolated cyber events; they are deliberate attempts to manipulate physical processes, potentially causing hazardous outcomes such as thermal runaway or overpressure. (INDUSTRIALCYBER.CO)

Manufacturing sector in the crosshairs of advanced email attacks

Advanced email attacks, including phishing and business email compromise (BEC), are surging in the manufacturing sector as cybercriminals target an industry with a low tolerance for downtime. Phishing attacks in the sector have surged 83% in the past 12 months, with Generative AI technologies enabling threat actors create greater volumes of sophisticated email attacks. (INFOSECURITY-MAGAZINE.COM)

Not just tech: Stop & Shop hack shows cybersecurity matters everywhere

Stop & Shop is still restocking shelves in stores across the region nearly two weeks after a cybersecurity issue wreaked havoc with the supermarket chain's inventory and online ordering systems. Meanwhile, Hannaford Supermarkets were unable to process online orders for over a week because its website and mobile app were down due to the same issue. Cybersecurity experts say the attack shows the vulnerability of the local supply chain. (WBUR.ORG)

Disinformation

The U.S. is calling out foreign influence campaigns faster than ever

Ahead of the the 2024 US elections, the US intelligence community and law enforcement were on high alert and ready to share information—both among agencies and publicly—as foreign malign influence operations emerged. Tech giants like Microsoft similarly sprang into action, collaborating with government partners and publishing their own information about election-related disinformation campaigns. The speed and certainty with which authorities were able to pin these efforts on threat actors in Russia, China, and Iran was unprecedented. But researchers also caution that not all attributions are created equal. (WIRED.COM)

OT/ICS

OT threats rise as government, industry fight back

Volt Typhoon represents “a large interest by adversaries in not just knowing where our OT is, but also in taking a living-off-the-land approach to encamping themselves on those networks,” said Matt Hayden, GDIT vice president for cyber and emerging threats for intelligence and homeland security. “This is a national-grade challenge that we’re taking on now with the intelligence community, as well as law enforcement supporting the cyber community, to prevent adversaries from controlling critical services.” (MERITALK.COM)

Delivering comprehensive approach to fortify ICS architectures against rising threats, prepare for recovery

Securing industrial control system (ICS) architectures in the face of increasing threats to nation-states requires a comprehensive approach to modern Industrial Automation Control Systems (IACS) readiness due to the sophistication and escalation of threats and attacks that are so complex. Asset owners and operators must focus on enhancing and safeguarding ICS architectures and fortifying their cybersecurity defenses to protect critical infrastructure installations from sophisticated adversarial attacks. (INDUSTRIALCYBER.CO)

Phishing

Don’t get caught in the 'Apple ID suspended' phishing scam

The Apple ID phishing emails have come a long way in recent years. They used to be plain text, had no Apple branding and didn’t even greet or address the user. Now, though, they look almost identical to genuine Apple emails. These fraudulent emails claim your Apple ID has been suspended to trick you into giving up login credentials or other sensitive information. They come complete with an Apple logo, show "Apple ID" as the sender name and have a big blue button that says "Go to Apple ID." (FOXNEWS.COM)

Scams

Three-quarters of Black Friday spam emails identified as scams

This represents a 7% rise in the proportion of spam emails identified as scams compared to Black Friday 2023, and a 21% increase compared to 2022. Bitdefender said the growing prevalence of Black Friday scams “underscores the greed and daring of cybercriminals, who increasingly leverage fake offers and phishing tactics to exploit consumer shopping behaviors and trends.” (INFOSECURITY-MAGAZINE.COM)

Vulnerabilities

Palo Alto Networks pushes back as Shadowserver spots 2K of its firewalls exploited

Shadowserver researchers and Palo Alto Networks are disputing the number of compromised instances in the security vendor’s PAN-OS operating system. While Shadowserver identified around 2,000 compromised instances, Palo Alto Networks said it was less extensive. (CYBERSECURITYDIVE.COM)

400,000 systems potentially exposed to 2023’s most exploited flaws

According to a new VulnCheck report, these vulnerabilities are ripe for targeting due to a large number of public proof-of-concept (PoC) exploits available and because there are roughly 400,000 internet-accessible systems potentially exposed to attacks. There are more than 8 public exploits available for 14 of the flaws on the list, and the infamous Log4Shell bug tops the list with over 100 public exploits, followed by Zerologon with 75 exploits. (SECURITYWEEK.COM)


ADVERSARIES

China

China's cyber offensives built in lockstep with private firms, academia

"The existence of state-sponsored threat groups operating under the Chinese state's direction has long been well documented," researchers at France's Orange Cyberdefense wrote in their report, based on eight months of analysis of China's cyber-offense capabilities. But any notions that these entities are strictly in government hands, especially given the authoritarian nature of China's government, are off base, the authors warned. "China's offensive cyber capabilities are, in fact, supported by a complex and multilayered ecosystem involving a broad array of state and non-state actors," they wrote. (DARKREADING.COM)

China-linked TAG-112 targets Tibetan media with Cobalt Strike espionage campaign

The compromises have been pinned on a state-sponsored threat group called TAG-112, which has been described as a possible sub-group of another cluster tracked as Evasive Panda (aka Bronze Highland, Daggerfly, StormBamboo, and TAG-102) owing to tactical overlaps and their historical targeting of Tibetan entities. (THEHACKERNEWS.COM)

Google takes down fake news sites, wire services run by Chinese influence operation

Google’s Threat Analysis Group (TAG) and security subsidiary Mandiant published a report detailing the operations of Glassbridge, which they say is an umbrella group of four companies based in China that operate hundreds of inauthentic news sites and newswire services. All of the sites push pro-China narratives in a “highly coordinated manner.” Google said it has blocked more than 1,000 Glassbridge sites from Google News and Google Discover since 2022. (THERECORD.MEDIA)

North Korea

North Korean hackers steal $10M with AI-Driven scams and malware on LinkedIn

These findings come from Microsoft, which said that multiple threat activity clusters with ties to the country have been observed creating fake profiles on LinkedIn, posing as both recruiters and job seekers to generate illicit revenue for the sanction-hit nation. Sapphire Sleet, which is known to be active since at least 2020, overlaps with hacking groups tracked as APT38 and BlueNoroff. In November 2023, the tech giant revealed that the threat actor had established infrastructure that impersonated skills assessment portals to carry out its social engineering campaigns. (THEHACKERNEWS.COM)

Russia

Russian hackers deploy HATVIBE and CHERRYSPY malware across Europe and Asia

TAG-110's use of HATVIBE and CHERRYSPY was first documented by CERT-UA back in late May 2023 in connection with a cyber attack targeting state agencies in Ukraine. Both the malware families were again spotted over a year later in an intrusion of an unnamed scientific research institution in the country. As many as 62 unique victims across eleven countries have been identified since then. (THEHACKERNEWS.COM)

Microsoft president asks Trump to ‘push harder’ against Russian hacks

Microsoft’s president has called on Donald Trump to “push harder” against cyber attacks from Russia, China, and Iran amid a wave of state-sponsored hacks targeting U.S. government officials and election campaigns. Brad Smith, who is also the Big Tech company’s vice chair and top legal officer, told the Financial Times that cybersecurity “deserves to be a more prominent issue of international relations” and appealed to the U.S. president-elect to send a “strong message.” (FINANCIAL TIMES VIA ARSTECHNICA.COM)

Threat actors

APT-K-47 uses Hajj-themed lures to deliver advanced Asyncshell malware

Mysterious Elephant, which is also known as APT-K-47, is a threat actor of South Asian origin that has been active since at least 2022, primarily targeting Pakistani entities. The group's tactics and tooling have been found to share similarities with those of other threat actors operating in the regions, such as SideWinder, Confucius, and Bitter. (THEHACKERNEWS.COM)

GOVERNMENT AND INDUSTRY

Artificial intelligence

Are we prepared for the power of AI?

WATCH: Fareed Zakaria talks to Eric Schmidt, the former CEO of Google, about the artificial intelligence revolution and the incredible speed and scale at which it may advance. (CNN.COM)

Beyond ChatGPT: U.S. leads in AI by ‘wide margin’

Data collected by the Stanford Institute for Human-Centered AI shows the U.S. leading all other nations by a 'wide margin' in key areas of the global AI ecosystem. According to its Global Vibrancy Tool 2024, the U.S. has released more AI models, invested more, and produced more quality AI research than any other country. China ranks second but lags significantly from the U.S., followed by the UK, India, UAE, France, and South Korea. (CYBERNEWS.COM)

Arizona’s AI policy is evolving along with the technology

There are three major changes to the GenAI policy. The first entails updates on the State Data and Analytics Office’s role; this office was established in May to advance data work in support of GenAI. The second is added emphasis on the importance of data governance policies. The third is the addition of details on both agency and employee responsibilities related to GenAI applications, including responsible use, data protection, transparency, accountability, security and privacy. (GOVTECH.COM)

Law firm use of data scientists grows alongside AI’s challenges

Several top law firms are turning to specialists to beef up their artificial intelligence compliance practices in a way they wouldn’t with more established areas of law. They’re hiring data scientists and technologists as they test clients’ systems for bias, ensure compliance with emerging regulations and rethink their own legal offerings, which may themselves be enhanced through use of AI. The emerging field, which has consumed popular imagination for AI’s often lifelike behavior, also gives rise to potential legal snags. (ROLLCALL.COM)

Lieutenant General William J. Hartman tours the Wisconsin Quantum Institute during his visit to the University of Wisconsin-Madison on Nov. 21, 2024. (U.S. Cyber Command)

Collaboration

U.S. Cyber Command deputy commander highlights collaboration, innovation at UW-Madison Tech Talk

Speaking at the first-ever USCYBERCOM Tech Talk hosted at an academic institution, Lt. Gen. William J. Hartman, Deputy Commander of U.S. Cyber Command, praised the university’s commitment to advancing cyber education and research, and discussed the growing role of partnerships in strengthening the nation’s cybersecurity infrastructure. (CYBERCOM.MIL)

Leadership

Bad blood complicates pool for Trump's cyber nominees

As people read the tea leaves to try to predict a historically unpredictable president, many keep looking back to President-elect Trump's first term for clues for who might take key positions. "There's an extraordinarily thin bench of people," a former Trump official told Axios. "We'll probably be surprised with some outside picks that will come in." (AXIOS.COM)

Social media

Supreme Court drops Facebook’s appeal of investor suit in Cambridge Analytica scandal

It means Facebook will have to face a class action lawsuit over accusations it misled investors about the Cambridge Analytica data scandal, which stemmed from the company using data from tens of millions of unwitting Facebook users to support the 2016 presidential campaigns of Sen. Ted Cruz (R-Texas) and Donald Trump. (THEHILL.COM)

Software

DARPA tries a simple but profound concept to improve cybersecurity

The Defense Advanced Research Project Agency is seeking a simple but tricky-to-execute approach to cybersecurity. It would essentially break software into small pieces that are hard for hackers to access. The program manager in DARPA’s Information Innovation Office, Howard Shrobe, joined the Federal Drive with Tom Temin with details. (FEDERALNEWSNETWORK.COM)

Workforce

What talent gap? Hiring practices are the real problem

However, all that the surveys and studies tell us is that the cybersecurity sector is inadequately staffed, not that companies are looking to hire or that there are no people to fill positions. What exists is a disconnect between companies and candidates over issues like pay and required certifications, as well as budgeting struggles within organizations. Among a sea of qualified candidates, job seekers are struggling to figure out how to stand out to recruiters and hiring managers. (DARKREADING.COM)

Corporate security teams want specialty cyber roles as regulatory pressure grows

Among the “Fortune-sized” companies with annual revenue of $6 billion or more, most security teams include more than 50 members. When asked about their wish list for new hires, a growing number of CISOs are seeking to hire key delegated specialists, including deputy CISOs, chiefs of staff and business CISOs, to help interact with other parts of the company and manage regulatory compliance demands. (CYBERSECURITYDIVE.COM)

LEGISLATIVE UPDATES

Stronger cyber protections in healthcare targeted in new Senate bill

The Health Care Cybersecurity and Resiliency Act of 2024 (S.5390) is the culmination of a yearlong effort from Sens. Bill Cassidy (R-La.), Maggie Hassan (D-N.H.), John Cornyn (R-Texas) and Mark Warner (D-Va.), who formed a working group in November 2023 to examine cyber issues in health care. Under the umbrella of the Senate Health, Education, Labor and Pensions Committee, the senators aimed to address a staggering stat from the Health and Human Services Department, which found that 89 million Americans’ health information was breached last year, more than twice as many as in 2022. (CYBERSCOOP.COM)

EVENTS

OPERATIONAL TECHNOLOGY: Join government leaders and industry experts on Dec. 3 in Washington, D.C., to explore advanced strategies for protecting U.S. operational technology and critical infrastructure and understand the biggest threats facing these sectors today.

MARITIME CYBERSECURITY: The National Maritime Security Advisory Committee will conduct a virtual meeting Dec. 3 to discuss new Committee taskings on Cybersecurity Regulation Implementation, Regulatory/Navigation and Vessel Inspection Circular Revisions, and Homeport Modernization.

FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | FACEBOOK

SUBSCRIBE TO THE CYBER FOCUS PODCAST YOUTUBE | SPOTIFY | APPLE PODCASTS

GET THE DAILY CYBER BRIEFING IN YOUR INBOX: SUBSCRIBE

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics