TODAY'S TOP 5
McCrary Institute for Cyber & Critical Infrastructure Security
Working to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
WANTED FOR FIREWALL ATTACKS: The United States sanctioned a Chinese cybersecurity company over an ambitious cyberattack that U.S. Treasury officials say could have killed people, Reuters reports. The Chengdu-based Sichuan Silence Information Technology Company and one of its employees, Guan Tianfeng, are accused of deploying malicious software to about 81,000 firewalls run by thousands of companies worldwide and a U.S. agency in April 2020. Many of the victims were U.S. critical infrastructure companies.
OPERATION DIGITAL EYE: Chinese hackers almost breached critical European supply chain companies by disguising their malicious activities behind native Microsoft technologies, Dark Reading reports. It happened during a three-week period, from late June to July, according to researchers from SentinelLabs. A threat actor tied to China's diverse and thriving cyberattack scene targeted large business-to-business (B2B) IT service providers throughout southern Europe, such as cybersecurity vendors and data and infrastructure solutions providers, with the presumed goal of downstream supply chain espionage.
TELECOM CYBER REGULATION PROPOSAL: Sen. Ron Wyden (D-Ore.) introduced legislation Tuesday that would require the Federal Communications Commission to regulate the cybersecurity of telecommunications companies under federal wiretapping law, CyberScoop reports. The proposal is the latest response to the breach of telecom firms by Salt Typhoon, and would mandate that the FCC regulate telecommunications cybersecurity under the 1994 Communications Assistance for Law Enforcement Act (CALEA) within one year, in consultation with CISA and ODNI.
CHINA’S SATELLITE STRATEGY: Not only has China’s space fleet ballooned over the past decade, but Beijing is increasingly using maneuvering satellites to crisscross geosynchronous Earth orbit (GEO) in order to keep eyes on, and potentially do harm to, their U.S. counterparts, according to Space Force and industry officials, Breaking Defense reports. “China doesn’t sit still. They’re all over the sky. Why are they doing this? It’s because they’re coming for you. In their strategy documents, they will tell you, whoever controls space controls the Earth,” Clint Clark of sky-watching firm Exoanalytics told an audience made up largely of Guardians at the Space Force Association’s Spacepower 2024 conference in Orlando.
SURGE IN UTILITY ATTACKS: Ransomware groups are focusing more than ever on utilities, with the sector facing a 42% surge in attacks over the past year, according to ReliaQuest, Infosecurity Magazine reports. In its latest report, Uncovering Critical Cyber Threats to Utilities, the cybersecurity firm shared findings of cyber threats to the utilities sector between November 1, 2023, and October 31, 2024.
CYBER FOCUS PODCAST
NEW: In the latest episode of Cyber Focus, host Frank Cilluffo sits down with Eric Geller, a leading cybersecurity journalist who contributes to top outlets including POLITICO, WIRED and The Record. Together, they unpack Geller’s reporting on expectations for changes in AI regulation and cybersecurity under the incoming Trump administration. They also discuss vulnerabilities within critical infrastructure sectors such as agriculture and telecommunications. Geller offers insights into systemic challenges, the evolving threat environment, and the need for innovation in tackling cybersecurity policy and governance.
SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts
FROM McCRARY EXPERTS
Steady leadership prepares TSA to face evolving cyber threats
McCrary senior fellow Mark Montgomery and Jiwon Ma write that David Pekoske has transformed TSA into a proactive force in addressing cybersecurity risks, and doubling down on the selection of him in 2017 as TSA’s administrator and relying on his stewardship would serve the incoming Trump administration well. (CYBERSCOOP.COM)
CYBER AND CI UPDATES
ATTACKS AND INCIDENTS
Critical infrastructure
Arkansas City wraps up investigation into cyber attack of water plant
The Arkansas City, Kansas, water treatment plant is fully recovered after a cyber-attack earlier this year, according to city leaders. During the most recent city council meeting, leaders got an update on the investigation into the attack that happened in September. The investigation found that no personal information was compromised during the attack, and drinking water remained safe. City manager Randy Frazer said they are now working on upgrades to protect the plant from future attacks. (KWCH.COM)
Healthcare
Hospital notifies 316,000 of breach in Christmas 2023 hack
A Massachusetts hospital is notifying 316,000 people that their information was compromised in a cyberattack discovered nearly a year ago during Christmas 2023. Cybercriminal group Money Message claimed that it stole 600 gigabytes data in the incident, posting patient and employee records on the gang's dark website back in January. (HEALTHCAREINFOSECURITY.COM)
Ransomware
Ransomware sends Ohio county emergency services back to pen and paper
In Wood County, which has a population of approximately 130,000 people, emergency dispatchers can take incoming phone calls and communicate with first responders, but are using pen and paper to record calls because they cannot access the county’s records management system. Officials in the Bowling Green Police Department are also unable to access some historical police records. (STATESCOOP.COM)
Recovery
1 in 5 organizations unable to recover data after cyber attack
According to a report conducted by NetApp in tandem with Futurum Research that surveyed over 1,300 cybersecurity leaders, 54 percent of organizations suffered a cyber attack in the last 12 to 18 months, with one-fifth unable to bounce back and recover data. “The findings clearly highlight the urgency for organizations to rethink their cyber security strategies in an era of escalating threats,” said Gagan Gulati, general manager for data services at NetApp. (CYBERDAILY.AU)
Vulnerabilities
Cleo file transfer vulnerability under exploitation – patch pending, mitigation urged
Cybersecurity company Huntress said it discovered evidence of threat actors exploiting the issue en masse on December 3, 2024. The vulnerability, which impacts Cleo's LexiCom, VLTransfer, and Harmony software, concerns a case of unauthenticated remote code execution. The security hole is tracked as CVE-2024-50623, with Cleo noting that the flaw is the result of an unrestricted file upload that could pave the way for the execution of arbitrary code. (THEHACKERNEWS.COM)
THREATS
Artificial intelligence
Chatbots urged teen to self-harm, suggested murdering parents, lawsuit says
After a troubling October lawsuit accused Character.AI (C.AI) of recklessly releasing dangerous chatbots that allegedly caused a 14-year-old boy's suicide, more families have come forward to sue chatbot-maker Character Technologies and the startup's major funder, Google. In the case of one 17-year-old boy with high-functioning autism, J.F., the chatbots seemed so bent on isolating him from his family after his screentime was reduced that the bots suggested that "murdering his parents was a reasonable response to their imposing time limits on his online activity," the lawsuit said. (ARSTECHNICA.COM)
Cybercrime
HSI attends 4th International Cyber Offender Prevention Forum to strengthen global cybercrime prevention efforts
The event gathered experts from law enforcement agencies across 37 countries to share knowledge, develop joint cybercrime interventions, and explore new ways to address the growing threat of cybercrime. The InterCOP network facilitates international cooperation to tackle cybercrime through a holistic approach that goes beyond traditional investigations. As part of this global initiative, HSI officials highlighted the importance of collaboration in preventing cybercrime. (DHS.GOV)
66% of shoppers worry about falling victim to a holiday scam this season, CNET study finds
However, 71% of US adults have already taken actions deemed dangerous by security experts in safeguarding their personal data in the past year. CNET found that 41% of US adults surveyed have used the same password across multiple accounts in the last 12 months. Arguably more concerning is that one in five adults have also unenrolled in two-factor authentication in the last year. (CNET.COM)
Deepfakes
Scottish Parliament TV at risk from deepfakes
Scottish Parliament TV is a website providing livestreaming services and archived recordings from the Debating Chamber and committee rooms to the public masses. The website contains no content restrictions, allowing users to download streaming video clips in real time. The licensing to reuse the material is also relatively broad. (DARKREADING.COM)
Drones
In NDAA, Congress aims to move ball forward on solving drone incursion problem
Congress wants more information from the Pentagon on what authorities and technologies it needs to protect military installations from the threat of drone incursions, as a spate of high-profile incidents spark concerns that adversaries could use drones to exploit weaknesses in US base security. (BREAKINGDEFENSE.COM)
Malware
‘AppLite Banker’ lures victims with job offers, infects devices with trojan
Here’s how it works: Android users are lured into clicking on a link that takes them to a seemingly legitimate job application page. However, instead of landing their dream job, they unknowingly download the malicious dropper application. AppLite Banker then infiltrates their mobile devices, stealing sensitive financial information and compromising personal data. (SCWORLD.COM)
Trends
Cloudflare: 6.5% of global traffic, 4.3% of emails potentially malicious
According to the Cloudflare Radar 2024 Year in Review, Albania had the highest share of potentially malicious traffic that has been mitigated, at 42.8%. The share of mitigated traffic in the U.S. grew to 5%, up from 3.65% in 2023. Forty-four countries and regions had over 10% of traffic mitigated. (CYBERNEWS.COM)
Phishing holds the top spot as the primary entry point for ransomware attacks
Hornet Security’s Q3 2024 Ransomware Attacks Survey report paints a pretty bleak picture of how organizations have fared this year against ransomware attacks: 18.6% of them have been the victim of an attack, 16.3% of ransomware victims paid the ransom to recover their data, 32.6% of ransomware victims were unsure if their data had been exfiltrated during the attack. (KNOWBE4.COM)
Vulnerabilities
BadRAM: $10 security flaw in AMD could allow hackers to access cloud computing secrets
Researchers have unveiled a new way to bypass a key security protection used in AMD chips that could allow hackers with physical access to cloud computing environments to snoop on those services’ clients. (THERECORD.MEDIA)
Adobe patches over 160 vulnerabilities across 16 products
Roughly 90 of the vulnerabilities were patched in Adobe Experience Manager. A majority are important-severity (medium based on CVSS score) and they allow arbitrary code execution. Some of the flaws can be exploited to bypass security features. CVE-2024-43711 is the only vulnerability with a critical severity (high based on CVSS score). (SECURITYWEEK.COM)
Ivanti warns of maximum severity CSA auth bypass vulnerability
The security flaw (tracked as CVE-2024-11639 and reported by CrowdStrike's Advanced Research Team) enables remote attackers to gain administrative privileges on vulnerable appliances running Ivanti CSA 5.0.2 or earlier without requiring authentication or user interaction by circumventing authentication using an alternate path or channel. (BLEEPINGCOMPUTER.COM)
Dell urges immediate update to fix critical Power Manager vulnerability
Dell has issued a critical security alert (DSA-2024-439) regarding an Improper Access Control vulnerability discovered in its Power Manager software. This vulnerability, identified as CVE-2024-49600, could potentially allow attackers to execute malicious code and gain elevated privileges on affected systems. The vulnerability affects versions of Dell Power Manager released before 3.17. (HACKREAD.COM)
ADVERSARIES
China
U.S. antitrust cases could hand China a win
President-elect Trump should consider the national security implications of proceeding with suits against Google, Meta, Apple, and Amazon, Glenn Gerstell writes in a guest commentary. (BARRONS.COM)
Hybrid threats
The shallow Baltic Sea holds deep secrets about a hybrid war on NATO
When two undersea cables were severed in mid-November – one connecting Germany to Finland, and one Lithuania to a Swedish island – Germany’s defense minister was quick to announce that “no one believes that these cables were cut accidentally,” hammering the point home by adding that “we have to assume … it is sabotage.” Soon after the cables were cut, armed vessels from several Baltic Sea states, including Denmark, Sweden and Germany, approached a Chinese ship that they suspected of having been responsible for the rupture, the Yi Peng 3, making its way toward the Atlantic. (DEFENSENEWS.COM)
EU envoys to discuss first sanctions targeting Russian hybrid threats
A list of 16 individuals and 3 entities could be added to a new sanctions framework agreed in October in response to a rise in such attacks across the 27-member bloc since Russia's invasion of Ukraine nearly three years ago. Czech Foreign Minister Jan Lipavsky said last week that up to 100 incidents in Europe this year could be "attributed to Russian hybrid attacks, espionage, influence operations.” (REUTERS.COM)
Russia
ElevenLabs’ AI voice generation ‘very likely’ used in a Russian influence operation
The videos, which targeted European audiences, attacked Ukrainian politicians as corrupt or questioned the usefulness of military aid to Ukraine, among other themes. For example, one video touted that “even jammers can’t save American Abrams tanks,” referring to devices used by US tanks to deflect incoming missiles – reinforcing the point that sending high-tech armor to Ukraine is pointless. (TECHCRUNCH.COM)
Kremlin doubled its blocking of independent media sites this year, researchers say
Data from the Open Observatory of Network Interference (OONI), a nonprofit internet censorship monitor, confirmed the blocking of at least 279 foreign and local independent news media domains in Russia this year, doubling the number of organizations identified in the previous report. Among them are media outlets from Russia, Ukraine, Finland, Latvia, Poland, Estonia and Israel. To restrict access to these websites, Russian authorities mostly use a method called TLS interference, which works by tampering with the secure connection that browsers use to access websites. (THERECORD.MEDIA)
Cyber-narcos: How the Russian drug trade has gone digital
Since the 2000s, the Russian and Ukrainian-speaking cyberspaces have been home to a small but thriving online drug culture, where psychonauts traded trip reports and tips on staying alive. Sometime over a decade ago, these forums evolved into fully-fledged narcotic bazaars. Logging in through the dark web, the prospective shopper can browse a head-spinning array of happy chemicals, from Peruvian snowflake cocaine to LSD. Orders are delivered through a series of dead drops, or “treasures,” typically squirreled away somewhere in a park or attached to the inside of a drainpipe with magnets. (TALKINGDRUGS.ORG)
GOVERNMENT AND INDUSTRY
Artificial intelligence
AI safety is hard to steer with science in flux, U.S. official says
Policymakers aiming to recommend safeguards for artificial intelligence are facing a formidable challenge: science that is still evolving. AI developers themselves are grappling with how to prevent abuse of novel systems, offering no easy fix for government authorities to embrace, Elizabeth Kelly, director of the U.S. Artificial Intelligence Safety Institute, said. (REUTERS.COM)
How new AI dashcams could improve small-town policing
The cameras not only record crimes but monitor the driving of officers, both activities meant to increase the safety of the public and law enforcement. The use of these cameras comes as artificial intelligence finds its way in a host of governmental tasks — a trend that promises to further shake up gov tech as AI advances and officials and constituents become more comfortable with software designed to think on its own. (GOVTECH.COM)
Black Hat Europe: Cryptographic protocol attacks and AI in the spotlight
This week in London Black Hat Europe will feature a diverse range of talks and presentations covering the latest developments in cybersecurity. The opening keynote on Wednesday will be delivered by Frédérick Douzet, a professor of geopolitics at the University of Paris 8, and director of the French Institute of Geopolitics research team. (CSOONLINE.COM)
Critical infrastructure
How water and wastewater systems can meet the EPA’s cyber hygiene demands
Recent technological leaps and turbulent geopolitics, however, have forced a different answer to the question of securing critical infrastructure. While physical threats remain rampant—a hot topic at this year's ISC East conference was mitigating the impact of both domestic and foreign drone attacks on facilities—agencies like the EPA are urging operators to redirect their attention to intruders crossing the cyber perimeter. (SECURITYINFOWATCH.COM)
Data
Location data firm offers to help cops track targets via doctor visits
A location data company is asking police for the address of specific people’s doctors in case that can be useful in finding their mobile phone in a massive set of peoples’ location data, according to a document provided to U.S. law enforcement and obtained by 404 Media. (404MEDIA.CO)
Senators want to block data brokers from selling health and location data
Senate Democrats introduced a bill on Tuesday that would prohibit data brokers from selling or transferring location and health data and provide the Federal Trade Commission (FTC) with $1 billion for enforcement. The bill also would give the FTC, state attorneys general and victims of data broker abuses the right to sue brokers for violating the law. (THERECORD.MEDIA)
Elections
Nevada Secretary of State implements blockchain in bid to boost election security
The Nevada Secretary of State says it has integrated blockchain technology into its election certification process. They say this adds an extra layer of security to the certification “Blockchain adds important protection by making it much more difficult to alter or counterfeit these vital documents, ensuring that our certification process is both transparent and trustworthy. We are proud to lead the nation in utilizing emerging technology to protect the integrity of our elections,” said Secretary of State Francisco Aguilar. (KOLOTV.COM)
Energy
Massive data centers consuming large amounts of energy have eyes on South Dakota
These “hyperscale data centers,” or “hyperscalers,” are designed to handle immense computing demands and are often operated by tech giants. The centers are characterized by their large size — often tens of thousands of square feet — and thousands of computer servers that require significant energy to operate. Nick Phillips with Applied Digital in Texas, a developer of the centers, highlighted South Dakota’s appeal: a cold climate that cuts down on cooling a room full of hot servers, and abundant wind energy that’s considered one of the most cost-effective renewable energy sources, which can help keep operating costs down. (ENERGYNEWS.US)
ALSO: The AI paradox: energy-hungry technology could speed clean energy transition (UTILITYDIVE.COM)
FERC finalizes Version 4.0 standards for gas pipeline efficiency and reliability, boosts cybersecurity posture
The U.S. Federal Energy Regulatory Commission (FERC) has issued a final rule updating its regulations to include, with specific exceptions, Version 4.0 of the Standards for Business Practices of Interstate Natural Gas Pipelines, as adopted by the Wholesale Gas Quadrant (WGQ) of the North American Energy Standards Board (NAESB). These revisions are designed to promote greater efficiency and reliability of the natural gas industry’s operations and strengthen the cybersecurity protections provided within the standards. (INDUSTRIALCYBER.CO)
Exercises
Cyber Europe 2024: Unveiling key insights from the cyber exercise that tested the cybersecurity of EU’s energy sector
The purpose of the exercise was to assess and ensure adequacy of processes as well as improve standard operating procedures (SOPs). It also contributed towards building strong internal and external communication channels that are of significant importance in times of a cybersecurity crisis. In addition, it raised cybersecurity awareness at the corporate level, underscoring the significance of cybersecurity preparedness. (ENISA.EUROPA.EU)
Intelligence
IC’s new OSINT standards cover open source data, AI services
The Office of the Director of National Intelligence is standardizing how intel agencies are required to cite open source data and commercial information, including services powered by artificial intelligence, in their reporting and analysis. In a new “Intelligence Community Standards” document signed out Dec. 2, ODNI establishes citation and reference standards for “publicly available information, commercially available information and open source intelligence.” (FEDERALNEWSNETWORK.COM)
Regulations
EU cybersecurity rules for smart devices enter into force
The Cyber Resilience Act (CRA) puts obligations on product makers to provide security support to consumers, such as by updating their software to fix security vulnerabilities. Although the deadline for compliance with the main obligations of the law is still three years out — December 11, 2027 — to allow device makers time to comply. (TECHCRUNCH.COM)
UK banks weathered the storm of cyber threats in 2024 – here’s why
Large, regulated financial institutions have seen a major drop in the number of cyber attacks over the last year, following moves by the Financial Conduct Authority (FCA) to tighten regulations around operational resilience. According to data obtained by Hack The Box via Freedom of Information (FOI) requests, the FCA received 101 incident notifications from regulated firms between January 1 and October 21 this year - marking a 53% decrease compared to the year prior. (ITPRO.COM)
LEGISLATIVE UPDATES
NDAA to give DoD components more flexibility to procure cyber products
The 2025 Defense Authorization bill, unveiled on Saturday, modifies a provision in the 2022 authorization law that required military services and defense agencies to procure all cyber products and services through a centralized program management office. Lawmakers now would let DoD components buy cyber services independently if they can demonstrate a “compelling need” for a product or service, or if independent procurement will support competition in the market. (FEDERALNEWSNETWORK.COM)
EVENTS
BLACK HAT EUROPE: This cybersecurity conference returns to the ExCeL in London with a four-day program Dec. 9-12. The event will open with two-and four-day options of deeply technical hands-on cybersecurity trainings, with courses available for all skill levels.
THE STRATEGIC FUTURE OF SUBSEA CABLES: CSIS will host an event Dec. 18 to discuss cuts of critical cables and ways the U.S. government, partners and allies, and key stakeholders can take to create and maintain a secure and resilient subsea cable infrastructure.
FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | FACEBOOK
SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS