TODAY'S TOP 5
STARK INFRASTRUCTURE WARNING FOR UK: Russia is prepared to launch a wave of cyber attacks on Britain that could “turn out the lights for millions,” a British Cabinet minister will warn at a Nato conference today, the Telegraph reports. The Kremlin is “exceptionally aggressive and reckless in the cyber realm” and wants to gain a “strategic advantage and degrade the states that support Ukraine,” Pat McFadden, who oversees policy on national security and state threats, will warn.
TELECOMS MEET ON CHINA ATTACK: Senior White House officials met on Friday with telecommunications executives to discuss China's "significant cyber espionage campaign targeting the sector," the White House said. Reuters reports that the meeting was hosted by national security adviser Jake Sullivan and Anne Neuberger, deputy national security adviser for cyber and emerging technology, and “was an opportunity to hear from telecommunications sector executives on how the U.S. government can partner with and support the private sector on hardening against sophisticated nation state attacks," the White House said in a statement.
CNMF EXPANDS OPS: An American cyber military unit that carries out cyber operations abroad significantly expanded operations in 2024 as Chinese hackers infiltrated critical infrastructure, positioning for potential conflict with the United States, a senior U.S. Cyber Command official said Friday, GovInfoSecurity reports. The Cyber National Mission Force has been deployed more than 85 times over the past year and carried out missions spanning across at least 80 networks, said Morgan Adamski, executive director of the U.S. Cyber Command.
NEW CYBER CHALLENGE FOR HEALTHCARE: Artificial intelligence could ease pernicious labor challenges facing the healthcare sector, but health systems will need to boost their cybersecurity spending to manage increased risks, according to a report by Moody’s Ratings. The emerging technology could help recruit and retain staff through tools that help nurses pick more flexible schedules or assist clinicians documenting clinical care, according to the credit ratings agency, Cybersecurity Dive reports. But new technology also brings more vulnerabilities for hackers to exploit — already a challenge for the healthcare industry, which is dependent on IT systems that house sensitive and valuable patient data.
GETTING THE ARMY AI-READY: The Army’s artificial intelligence accelerator, Project Linchpin, is working with open source software firm Red Hat to unveil an initial version of its AI development architecture as early as this week, product lead Bharat Patel said. The architecture, in essence, is a set of common technical standards — Application Programming Interfaces (API), data labeling protocols, and so on — to ensure that AIs built for the Army by different vendors are all compatible. By creating a level playing field for competition among innovative companies of different sizes, this “open architecture” should allow the Army to use whichever algorithms it likes best into its suite of AI software, fully confident the different products will work together, Patel and other officials explained in public comments and interviews with Breaking Defense.
CYBER FOCUS PODCAST
In the latest episode of Cyber Focus, host Frank Cilluffo sits down with former Deputy Assistant National Cyber Director Cheri Caddy, a McCrary senior fellow and senior technical advisor at the Department of Energy. They discuss the cybersecurity challenges surrounding connected vehicles, examining how modern cars are effectively "computers on wheels" and the broader implications for privacy, data security and national security. Cheri highlights the convergence of IT and OT systems in vehicles, the need for cyber-informed engineering and the importance of regulatory harmonization in addressing these challenges.
SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts
CYBER AND CI UPDATES
ATTACKS AND INCIDENTS
Breaches
Software company providing services to US and UK grocery stores says it was hit by ransomware attack
The hackers hit Blue Yonder — an Arizona-based software firm acquired by Panasonic in 2021 — affecting a private cloud computing service the company provides some customers, but not the company’s public cloud environment. A Blue Yonder spokesperson did not answer questions about which clients were affected, including those in the United States. But messages Blue Yonder sent to customers CNN reviewed show the company is scrambling to work with U.S.-based clients to mitigate any impacts on customers. (CNN.COM)
Yakuza victim data leaked in Japanese agency attack
Japan's web of ruthless Yakuza organized crime syndicates continues to operate, threatening the country's citizens with everything from extortion to gangland murders. Local agencies within communities are set up to help those who get involved with gangsters — but unfortunately, one of them has been hacked, potentially leading to physical safety consequences for the victims. (DARKREADING.COM)
Hackers breach Andrew Tate’s online university, obtain chat logs and leak data on 800,000 users
In a statement on the breach, the hackers claimed that after accessing the data they were able to leverage a vulnerability “to upload emojis, delete attachments, crash everyone’s clients, and temporarily ban people” from the platform. A source with knowledge of the breach told the Daily Dot that “hacktivism” was cited as a motive, and that the platform’s security was described as “hilariously insecure.” (DAILYDOT.COM)
Finastra breach puts file transfer security in the spotlight, says expert
While the root cause has not yet been fully identified, Finastra said, initial evidence suggests that compromised credentials are to blame for the attack. Paige Mullen, product manager at cyber defense from ACDS, told ITPro that, similar to a recent breach at MOVEit over the summer, this incident points to the importance of transfer tooling. (ITPRO.COM)
Malware
Faux ChatGPT, Claude API packages deliver JarkaStealer
Publishing open source packages with malware hidden inside is a popular way to infect application developers, and the organizations they work for or serve as customers. In this latest case, the targets were engineers eager to make the most out of OpenAI's ChatGPT and Anthrophic's Claude generative artificial intelligence (GenAI) platforms. The packages, claiming to offer application programming interface (API) access to the chatbot functionality, actually deliver an infostealer called "JarkaStealer." (DARKREADING.COM)
Hackers abuse Avast anti-rootkit driver to disable defenses
Security researchers at cybersecurity company Trellix recently discovered a new attack that leverages the bring-your-own-vulnerable-driver (BYOVD) approach with an old version of the anti-rootkit driver to stop security products on a targeted system. The malware uses a hardcoded list of 142 processes associated with security tools and checks it against multiple snapshots of active processes on the system. (BLEEPINGCOMPUTER.COM)
Ransomware
Five ransomware groups responsible for 40% of cyber attacks in 2024
Five ransomware groups, including RansomHub and LockBit 3.0, accounted for 40% of all cyber-attacks in Q3 2024, highlighting the increasing complexity and competition within the ransomware ecosystem, according to research by Corvus Insurance. RansomHub has quickly filled the void left by disruption to LockBit’s infrastructure and has accounted for more than 290 victims across various sectors in 2024. The overall number of active ransomware groups across the world rose to reach 59, according to the research. (INFOSECURITY-MAGAZINE.COM)
Scams
Bangkok busts SMS Blaster sending 1 million scam texts from a van
The device, which reportedly had a range of approximately three kilometers (10,000 feet), could send out messages at a rate of 100,000 every hour. Over three days, the scammers sent almost one million SMS text messages to mobile devices in range that stated, "Your 9,268 points are about to expire! Hurry up and redeem your gift now." (BLEEPINGCOMPUTER.COM)
THREATS
Critical infrastructure
Operational integrity as the cornerstone of cyber-physical risk in petrochemicals
Despite extensive discussions on network segmentation, anomaly detection, advanced authentication, vulnerability management, and secure communication protocols, cyber-physical risk in petrochemical installations extends beyond digital system security. It centers on the interplay between cyber systems and the physical processes they control. Malicious actions targeting automation systems are not isolated cyber events; they are deliberate attempts to manipulate physical processes, potentially causing hazardous outcomes such as thermal runaway or overpressure. (INDUSTRIALCYBER.CO)
Manufacturing sector in the crosshairs of advanced email attacks
Advanced email attacks, including phishing and business email compromise (BEC), are surging in the manufacturing sector as cybercriminals target an industry with a low tolerance for downtime. Phishing attacks in the sector have surged 83% in the past 12 months, with Generative AI technologies enabling threat actors create greater volumes of sophisticated email attacks. (INFOSECURITY-MAGAZINE.COM)
Not just tech: Stop & Shop hack shows cybersecurity matters everywhere
Stop & Shop is still restocking shelves in stores across the region nearly two weeks after a cybersecurity issue wreaked havoc with the supermarket chain's inventory and online ordering systems. Meanwhile, Hannaford Supermarkets were unable to process online orders for over a week because its website and mobile app were down due to the same issue. Cybersecurity experts say the attack shows the vulnerability of the local supply chain. (WBUR.ORG)
Disinformation
The U.S. is calling out foreign influence campaigns faster than ever
Ahead of the the 2024 US elections, the US intelligence community and law enforcement were on high alert and ready to share information—both among agencies and publicly—as foreign malign influence operations emerged. Tech giants like Microsoft similarly sprang into action, collaborating with government partners and publishing their own information about election-related disinformation campaigns. The speed and certainty with which authorities were able to pin these efforts on threat actors in Russia, China, and Iran was unprecedented. But researchers also caution that not all attributions are created equal. (WIRED.COM)
OT/ICS
OT threats rise as government, industry fight back
Volt Typhoon represents “a large interest by adversaries in not just knowing where our OT is, but also in taking a living-off-the-land approach to encamping themselves on those networks,” said Matt Hayden, GDIT vice president for cyber and emerging threats for intelligence and homeland security. “This is a national-grade challenge that we’re taking on now with the intelligence community, as well as law enforcement supporting the cyber community, to prevent adversaries from controlling critical services.” (MERITALK.COM)
Delivering comprehensive approach to fortify ICS architectures against rising threats, prepare for recovery
Securing industrial control system (ICS) architectures in the face of increasing threats to nation-states requires a comprehensive approach to modern Industrial Automation Control Systems (IACS) readiness due to the sophistication and escalation of threats and attacks that are so complex. Asset owners and operators must focus on enhancing and safeguarding ICS architectures and fortifying their cybersecurity defenses to protect critical infrastructure installations from sophisticated adversarial attacks. (INDUSTRIALCYBER.CO)
Phishing
Don’t get caught in the 'Apple ID suspended' phishing scam
The Apple ID phishing emails have come a long way in recent years. They used to be plain text, had no Apple branding and didn’t even greet or address the user. Now, though, they look almost identical to genuine Apple emails. These fraudulent emails claim your Apple ID has been suspended to trick you into giving up login credentials or other sensitive information. They come complete with an Apple logo, show "Apple ID" as the sender name and have a big blue button that says "Go to Apple ID." (FOXNEWS.COM)
Scams
Three-quarters of Black Friday spam emails identified as scams
This represents a 7% rise in the proportion of spam emails identified as scams compared to Black Friday 2023, and a 21% increase compared to 2022. Bitdefender said the growing prevalence of Black Friday scams “underscores the greed and daring of cybercriminals, who increasingly leverage fake offers and phishing tactics to exploit consumer shopping behaviors and trends.” (INFOSECURITY-MAGAZINE.COM)
Vulnerabilities
Recommended by LinkedIn
Palo Alto Networks pushes back as Shadowserver spots 2K of its firewalls exploited
Shadowserver researchers and Palo Alto Networks are disputing the number of compromised instances in the security vendor’s PAN-OS operating system. While Shadowserver identified around 2,000 compromised instances, Palo Alto Networks said it was less extensive. (CYBERSECURITYDIVE.COM)
400,000 systems potentially exposed to 2023’s most exploited flaws
According to a new VulnCheck report, these vulnerabilities are ripe for targeting due to a large number of public proof-of-concept (PoC) exploits available and because there are roughly 400,000 internet-accessible systems potentially exposed to attacks. There are more than 8 public exploits available for 14 of the flaws on the list, and the infamous Log4Shell bug tops the list with over 100 public exploits, followed by Zerologon with 75 exploits. (SECURITYWEEK.COM)
ADVERSARIES
China
China's cyber offensives built in lockstep with private firms, academia
"The existence of state-sponsored threat groups operating under the Chinese state's direction has long been well documented," researchers at France's Orange Cyberdefense wrote in their report, based on eight months of analysis of China's cyber-offense capabilities. But any notions that these entities are strictly in government hands, especially given the authoritarian nature of China's government, are off base, the authors warned. "China's offensive cyber capabilities are, in fact, supported by a complex and multilayered ecosystem involving a broad array of state and non-state actors," they wrote. (DARKREADING.COM)
China-linked TAG-112 targets Tibetan media with Cobalt Strike espionage campaign
The compromises have been pinned on a state-sponsored threat group called TAG-112, which has been described as a possible sub-group of another cluster tracked as Evasive Panda (aka Bronze Highland, Daggerfly, StormBamboo, and TAG-102) owing to tactical overlaps and their historical targeting of Tibetan entities. (THEHACKERNEWS.COM)
Google takes down fake news sites, wire services run by Chinese influence operation
Google’s Threat Analysis Group (TAG) and security subsidiary Mandiant published a report detailing the operations of Glassbridge, which they say is an umbrella group of four companies based in China that operate hundreds of inauthentic news sites and newswire services. All of the sites push pro-China narratives in a “highly coordinated manner.” Google said it has blocked more than 1,000 Glassbridge sites from Google News and Google Discover since 2022. (THERECORD.MEDIA)
North Korea
North Korean hackers steal $10M with AI-Driven scams and malware on LinkedIn
These findings come from Microsoft, which said that multiple threat activity clusters with ties to the country have been observed creating fake profiles on LinkedIn, posing as both recruiters and job seekers to generate illicit revenue for the sanction-hit nation. Sapphire Sleet, which is known to be active since at least 2020, overlaps with hacking groups tracked as APT38 and BlueNoroff. In November 2023, the tech giant revealed that the threat actor had established infrastructure that impersonated skills assessment portals to carry out its social engineering campaigns. (THEHACKERNEWS.COM)
Russia
Russian hackers deploy HATVIBE and CHERRYSPY malware across Europe and Asia
TAG-110's use of HATVIBE and CHERRYSPY was first documented by CERT-UA back in late May 2023 in connection with a cyber attack targeting state agencies in Ukraine. Both the malware families were again spotted over a year later in an intrusion of an unnamed scientific research institution in the country. As many as 62 unique victims across eleven countries have been identified since then. (THEHACKERNEWS.COM)
Microsoft president asks Trump to ‘push harder’ against Russian hacks
Microsoft’s president has called on Donald Trump to “push harder” against cyber attacks from Russia, China, and Iran amid a wave of state-sponsored hacks targeting U.S. government officials and election campaigns. Brad Smith, who is also the Big Tech company’s vice chair and top legal officer, told the Financial Times that cybersecurity “deserves to be a more prominent issue of international relations” and appealed to the U.S. president-elect to send a “strong message.” (FINANCIAL TIMES VIA ARSTECHNICA.COM)
Threat actors
APT-K-47 uses Hajj-themed lures to deliver advanced Asyncshell malware
Mysterious Elephant, which is also known as APT-K-47, is a threat actor of South Asian origin that has been active since at least 2022, primarily targeting Pakistani entities. The group's tactics and tooling have been found to share similarities with those of other threat actors operating in the regions, such as SideWinder, Confucius, and Bitter. (THEHACKERNEWS.COM)
GOVERNMENT AND INDUSTRY
Artificial intelligence
Are we prepared for the power of AI?
WATCH: Fareed Zakaria talks to Eric Schmidt, the former CEO of Google, about the artificial intelligence revolution and the incredible speed and scale at which it may advance. (CNN.COM)
Beyond ChatGPT: U.S. leads in AI by ‘wide margin’
Data collected by the Stanford Institute for Human-Centered AI shows the U.S. leading all other nations by a 'wide margin' in key areas of the global AI ecosystem. According to its Global Vibrancy Tool 2024, the U.S. has released more AI models, invested more, and produced more quality AI research than any other country. China ranks second but lags significantly from the U.S., followed by the UK, India, UAE, France, and South Korea. (CYBERNEWS.COM)
Arizona’s AI policy is evolving along with the technology
There are three major changes to the GenAI policy. The first entails updates on the State Data and Analytics Office’s role; this office was established in May to advance data work in support of GenAI. The second is added emphasis on the importance of data governance policies. The third is the addition of details on both agency and employee responsibilities related to GenAI applications, including responsible use, data protection, transparency, accountability, security and privacy. (GOVTECH.COM)
Law firm use of data scientists grows alongside AI’s challenges
Several top law firms are turning to specialists to beef up their artificial intelligence compliance practices in a way they wouldn’t with more established areas of law. They’re hiring data scientists and technologists as they test clients’ systems for bias, ensure compliance with emerging regulations and rethink their own legal offerings, which may themselves be enhanced through use of AI. The emerging field, which has consumed popular imagination for AI’s often lifelike behavior, also gives rise to potential legal snags. (ROLLCALL.COM)
Collaboration
U.S. Cyber Command deputy commander highlights collaboration, innovation at UW-Madison Tech Talk
Speaking at the first-ever USCYBERCOM Tech Talk hosted at an academic institution, Lt. Gen. William J. Hartman, Deputy Commander of U.S. Cyber Command, praised the university’s commitment to advancing cyber education and research, and discussed the growing role of partnerships in strengthening the nation’s cybersecurity infrastructure. (CYBERCOM.MIL)
Leadership
Bad blood complicates pool for Trump's cyber nominees
As people read the tea leaves to try to predict a historically unpredictable president, many keep looking back to President-elect Trump's first term for clues for who might take key positions. "There's an extraordinarily thin bench of people," a former Trump official told Axios. "We'll probably be surprised with some outside picks that will come in." (AXIOS.COM)
Social media
Supreme Court drops Facebook’s appeal of investor suit in Cambridge Analytica scandal
It means Facebook will have to face a class action lawsuit over accusations it misled investors about the Cambridge Analytica data scandal, which stemmed from the company using data from tens of millions of unwitting Facebook users to support the 2016 presidential campaigns of Sen. Ted Cruz (R-Texas) and Donald Trump. (THEHILL.COM)
Software
DARPA tries a simple but profound concept to improve cybersecurity
The Defense Advanced Research Project Agency is seeking a simple but tricky-to-execute approach to cybersecurity. It would essentially break software into small pieces that are hard for hackers to access. The program manager in DARPA’s Information Innovation Office, Howard Shrobe, joined the Federal Drive with Tom Temin with details. (FEDERALNEWSNETWORK.COM)
Workforce
What talent gap? Hiring practices are the real problem
However, all that the surveys and studies tell us is that the cybersecurity sector is inadequately staffed, not that companies are looking to hire or that there are no people to fill positions. What exists is a disconnect between companies and candidates over issues like pay and required certifications, as well as budgeting struggles within organizations. Among a sea of qualified candidates, job seekers are struggling to figure out how to stand out to recruiters and hiring managers. (DARKREADING.COM)
Corporate security teams want specialty cyber roles as regulatory pressure grows
Among the “Fortune-sized” companies with annual revenue of $6 billion or more, most security teams include more than 50 members. When asked about their wish list for new hires, a growing number of CISOs are seeking to hire key delegated specialists, including deputy CISOs, chiefs of staff and business CISOs, to help interact with other parts of the company and manage regulatory compliance demands. (CYBERSECURITYDIVE.COM)
LEGISLATIVE UPDATES
Stronger cyber protections in healthcare targeted in new Senate bill
The Health Care Cybersecurity and Resiliency Act of 2024 (S.5390) is the culmination of a yearlong effort from Sens. Bill Cassidy (R-La.), Maggie Hassan (D-N.H.), John Cornyn (R-Texas) and Mark Warner (D-Va.), who formed a working group in November 2023 to examine cyber issues in health care. Under the umbrella of the Senate Health, Education, Labor and Pensions Committee, the senators aimed to address a staggering stat from the Health and Human Services Department, which found that 89 million Americans’ health information was breached last year, more than twice as many as in 2022. (CYBERSCOOP.COM)
EVENTS
OPERATIONAL TECHNOLOGY: Join government leaders and industry experts on Dec. 3 in Washington, D.C., to explore advanced strategies for protecting U.S. operational technology and critical infrastructure and understand the biggest threats facing these sectors today.
MARITIME CYBERSECURITY: The National Maritime Security Advisory Committee will conduct a virtual meeting Dec. 3 to discuss new Committee taskings on Cybersecurity Regulation Implementation, Regulatory/Navigation and Vessel Inspection Circular Revisions, and Homeport Modernization.
FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | FACEBOOK
SUBSCRIBE TO THE CYBER FOCUS PODCAST YOUTUBE | SPOTIFY | APPLE PODCASTS