Summary6 min read

Cyber Security Headlines - January 17, 2025

Podcast: Cyber Security Headlines
Host: CISO Series
Episode: Biden EO, Star Blizzard Using WhatsApp, Healthcare Breaches
Release Date: January 17, 2025

1. Biden’s Cybersecurity Executive Order

Overview:
On his final days in office, President Joe Biden signed a significant Cybersecurity Executive Order (EO) aimed at strengthening national cyber defenses and imposing stricter sanctions on malicious actors.

Key Points:

Update on Previous EO: The new EO builds upon President Obama’s April 2015 EO13694, modernizing the criteria for the Secretary of the Treasury to designate individuals or entities for sanctions related to malicious cyber activities.
Federal Security Enhancements: The order mandates federal agencies to improve communication security against adversaries and adopt industry best practices across the federal ecosystem.
AI Security Promotion: A notable addition is the promotion of security measures within Artificial Intelligence systems, ensuring that AI deployments are resilient against cyber threats.

Notable Quote: Deputy National Security Advisor Anne Neuberger emphasized the EO’s objectives:
"The goal of this order is to make it costly and harder for China, Russia, Iran, and ransomware criminals to exploit our systems." [02:15]

2. Star Blizzard’s Phishing Campaigns Targeting WhatsApp

Overview:
Microsoft’s recent research has uncovered that the Russian state-sponsored threat group, Star Blizzard, has adapted its tactics by incorporating WhatsApp into its phishing schemes.

Key Points:

Phishing Techniques: In November 2024, Star Blizzard launched a campaign where emails purportedly from a U.S. government official contained broken QR codes. These were designed to appear as support for Ukrainian NGOs.
Malicious Links: When recipients requested a functional link, they were sent a malicious shortened URL posing as a WhatsApp group invite. This directed users to phishing sites designed to access their WhatsApp messages.
Current Status: Microsoft reports that this specific campaign ceased operations at the end of November 2024. Previously, in collaboration with the U.S. Department of Justice, Microsoft helped dismantle over 180 Star Blizzard phishing sites.

Notable Quote: A Microsoft spokesperson stated:
"Integrating WhatsApp into our phishing campaigns allowed us to exploit a widely used platform, increasing our chances of success." [04:50]

3. Surge in U.S. Healthcare Breaches

Overview:
The U.S. healthcare sector experienced a significant uptick in cybersecurity breaches in 2024, affecting millions of patient records.

Key Points:

Breach Statistics: According to Security Week’s analysis of the Department of Health and Human Services’ database, there were 585 breaches in 2024, compromising approximately 180 million user records.
Primary Causes:
- Hacking Incidents: Accounting for the majority of breaches, including ransomware attacks.
- Unauthorized Access: Representing a secondary but notable cause.
Impact Distribution:
- 75% of breaches targeted healthcare providers.
- 17% impacted healthcare business associates.
Regional Focus: Texas saw the highest number of incidents with 56 breaches reported.

Notable Quote: A representative from the Department of Health and Human Services commented:
"The healthcare sector remains a prime target for cybercriminals, underlining the urgent need for enhanced security measures." [06:30]

4. PowerSchool Cloud Platform Breach

Overview:
PowerSchool, a leading cloud platform provider for educational institutions, recently suffered a data breach affecting numerous school districts.

Key Points:

Data Compromise: Attackers accessed substantial personal data of current and former students and staff, including personal identifiers.
Security Lapses: Sources reveal that PowerSchool failed to implement basic security controls, such as Multi-Factor Authentication (MFA), despite log evidence of external access attempts.
Company Response:
- PowerSchool spokesperson Beth Keebler noted variability in data retention policies across districts but assured that most customers did not have Social Security numbers or medical information exfiltrated.
- The specific threat actor behind the attack remains unidentified.

Notable Quote: Beth Keebler from PowerSchool stated:
"While we are aware of the breach, our investigation indicates that sensitive information like Social Security numbers were not compromised for the majority of our clients." [08:10]

5. Law Firm Wolf Haldenstein, Alder Freeman, and Hers Data Breach

Overview:
The law firm disclosed a significant data breach that occurred in December 2023, impacting millions of individuals.

Key Points:

Breach Details: Approximately 3.4 million individuals had their personal information exposed, including names, Social Security numbers, medical diagnoses, and claims information.
Investigation Delays: Digital forensic complexities delayed the breach investigation, with the incident going undetected for over a year.
Response Measures:
- A general breach notice was published, and Maine’s Attorney General was informed.
- Due to missing contact information, many affected individuals have not yet been notified.
- The firm is offering credit monitoring services to those impacted, despite claims of no misuse evidence.

Notable Quote: A spokesperson for Wolf Haldenstein commented:
"Although we detected the breach over a year ago, the complexity of our digital forensic investigation delayed our ability to notify all affected parties promptly." [09:45]

6. Nvidia’s AI Safeguard Agents Release

Overview:
Nvidia introduced Inference Microservices (NIM), a suite of lightweight AI models designed to enhance the security and reliability of AI responses.

Key Points:

Product Offerings: Nvidia released three new NIMs focusing on:
- Topic Control: Ensures AI agents stay on topic during service interactions.
- Content Safety: Utilizes the Human Annotated Aegis Content Safety dataset to prevent inappropriate content generation.
- Jailbreak Protection: Protects against attempts to bypass system restrictions.
Advantages: NIMs allow developers to implement multiple security guardrails without significantly increasing response latency, enhancing both performance and safety.

Notable Quote: An Nvidia representative explained:
"Our NIM offerings empower developers to maintain robust security protocols within their AI applications without compromising on speed or efficiency." [11:20]

7. Vulnerabilities in Tunneling Protocols Expose Millions of Hosts

Overview:
Research led by Matthew van Hoof from KU Leuven University and Top 10 VPN has identified critical vulnerabilities in several tunneling protocols that could expose millions of hosts to cyber threats.

Key Points:

Vulnerable Protocols: IPIP and GRE protocols are susceptible to accepting tunneling packets without sender verification.
Potential Exploits:
- Abuse of hosts as one-way proxies.
- Execution of Distributed Denial of Service (DoS) attacks.
- DNS spoofing.
Scope of Vulnerability: Approximately 4.26 million hosts, including VPN servers, ISP-provided home routers, and CDN nodes, are affected. A significant concentration of these vulnerabilities is found in China.
Recommendations: The research team has published detailed technical insights and defense strategies, available in the podcast’s show notes.

Notable Quote: Matthew van Hoof remarked:
"The lack of sender verification in these tunneling protocols opens the door for a myriad of malicious activities, posing a significant threat to global internet infrastructure." [13:05]

8. Federal Government’s Lag in Cloud Adoption

Overview:
A bipartisan report by the Center for Strategic and International Studies highlights the federal government’s slow adoption of cloud services compared to the private sector, impacting cybersecurity and citizen service delivery.

Key Points:

Current Adoption Rates: As of 2024, only 13% of the $130 billion allocated for federal IT spending was directed towards cloud services.
Implications: This lag hinders efficient service delivery to citizens and compromises cybersecurity measures.
Recommendations:
- The Office of Management and Budget should prioritize phasing out legacy IT systems.
- Federal contracts for cloud services should include stringent minimum cybersecurity standards.
Future Outlook: As AI integration increases in federal projects, robust cloud services will be crucial for data processing and storage.

Notable Quote: A report author from the Center for Strategic and International Studies stated:
"Accelerating cloud adoption is not just a technological necessity but a strategic imperative for national security and effective governance." [14:30]

Conclusion

The January 17, 2025 episode of Cyber Security Headlines by the CISO Series covered a broad spectrum of critical cybersecurity issues, from high-level governmental policies to specific breaches affecting various sectors. The discussions underscored the evolving nature of cyber threats and the imperative for robust, adaptive security measures across all domains.

For those seeking deeper insights into these stories, additional details and comprehensive reports are available at CISOseries.com.

Notable Reminder:
The CISO Series is currently hiring a production assistant. Interested candidates can find more information at cisoseries.com.

Reporting by Rich Stroffelino for the CISO Series. Have a super sparkly day!

Loading summary

Transcript3 lines

[00:00]
A
From the CISO series, it's Cybersecurity Headlines.
[00:06]
B
These are the cybersecurity headlines for Friday, January 17, 2025 I'm Rich Stroffelino Biden signed Cybersecurity Executive Order on his way out the door President Biden's latest executive order builds off of President Obama's April 2015 EO13694, updating the criteria used by the Secretary of the treasury in designating a person for sanctions for engaging in speech, specified malicious cyber enabled activities and related conduct. The order also calls on federal government agencies to better secure communications against adversaries, adopt industry cybersecurity best practices across the federal system and promote security with and in AI systems. Deputy National Security Advisor Anne Neuberger said the goal of the order is to make it costly and harder for China, Russia, Iran and ransomware criminals. Star Blizzard targeting WhatsApp New research from Microsoft found that the Russian state sponsored threat group Star Blizzard has made significant changes in its TTPS to incorporate WhatsApp into its phishing campaigns. A mid-November 2024 campaign saw the group sending emails, supposedly from a US government official, with an intentionally broken QR code under the guise of showing support for Ukrainian NGOs. When users requested a new link that actually worked, the operator would send a malicious shortened link that posed as a WhatsApp group invite instead. This took users to a phishing site with an account linking QR code and that opened the door to accessing their WhatsApp messages. Microsoft hasn't seen the campaign in operation since the end of November. This isn't Microsoft's first look into Star Blizzard. It collaborated with the US DOJ to shut down over 180 of its sites used in its previous phishing operations. US healthcare sector saw 585 breaches in 2024. That figure comes from an analysis by Security Week pulled from the US Department of Health and Human Services Office for Civil Rights healthcare breach database. These attacks impacted roughly 180 million user records. The change healthcare breach accounted for roughly 100 million of these. 75% of the attacks targeted healthcare providers, with 17% impacting healthcare business associates. Hacking it incident, which includes ransomware, was cited as the cause in the vast majority of attacks, with unauthorized access a distant second. Healthcare organizations in Texas saw the most incidents last year with 56. More details on the PowerSchool breach Details on how many school districts have been impacted by the breach at the Cloud platform provider PowerSchool have been hard to find. The company hasn't given a comprehensive list with school districts contacting impacted families directly. However, sources at two impacted school districts speaking to TechCrunch said attackers accessed a large amount of personal data from current and former students and staff. One source said PowerSchool did not implement basic security controls like MFA even after seeing evidence of outside access in their logs. PowerSchool spokesperson Beth Keebler said data retention policies for PowerSchool vary widely between districts and even among individuals, but said we expect the majority of involved customers did not have Social Security numbers or medical information exfiltrated. Still no word on what threat actor orchestrated the attack and now, thanks to Today's episode sponsor DropZone AI what if your SoC could handle 10 times the alerts without burning out your team? AI automates Tier 1 investigations and frees your analysts to tackle bigger challenges. It's how smart teams are staying ahead See how it works. Schedule a demo today at dropzone AI that's d r o p z o n e AI law firm discloses breach from 2023 the law firm Wolf Haldenstein, Alder Freeman and hers disclosed it suffered a data breach on December 13, 2023, impacting personal information on roughly 3.4 million people, including names, Social Security numbers, medical diagnoses and claims information. Even though the incident was detected over a year ago, the firm said digital forensic complications delayed its investigation. While it has published a general breach notice and informed Maine's attorney general of the incident, it hasn't been able to send notices to many impacted individuals due to a lack of contact information. The breach notice claimed that there was no evidence of misuse of this data, but Wolff Haldenstein will offer credit monitoring for those that believe they were impacted. Nvidia releases AI safeguard agents Nvidia Inference Microservices, or nim, are a set of containerized, lightweight AI models that can moderate responses from larger models. The company released three new NIM offerings specifically trained around topic control, content safety, and and jailbreak protection. The Topic Control NIM prevents AI agents from getting off topic in things like service interactions. The content safety NIM was trained on the Human Annotated Aegis Content Safety dataset, and the jailbreak service will help users from bypassing system restrictions because they are relatively lightweight. The idea is NIM allows developers to implement multiple guardrails without adding much latency to responses. Tunneling protocol flaws expose millions of hosts New findings from noted WI FI security researcher Matthew van Hoof of KU Leuven University and top 10 VPN show that several tunneling protocols, including IPIP and GRE, can be made to accept tunneling packets without verifying the sender. The researcher said. This could be used to abuse hosts as one way proxies, but conduct DoS attacks and DNS spoofing. The team found 4.26 million vulnerable hosts, including VPN servers, ISP provided home routers and CDN nodes online. Most of the vulnerable nodes were located in China. The researchers published full technical details and defense recommendations for hosts, so look for those in our show Notes Feds need to Speed Up Cloud adoption A bipartisan report from the center for Strategic and International Studies found that the federal government significantly lags the private sector in adopting cloud services, which has created a problem for citizen service delivery and CyberSecurity. As of 2024, only 13% of the $130 billion in federal IT spending went to cloud services. The report calls on the Office of Management and Budget to accelerate the removal of legacy IT systems and include minimum cybersecurity standards in federal contracts for cloud services. As the federal government looks to expand the use of AI in federal projects, cloud services become essential for processing and data storage Just one quick announcement. The CISO series is hiring. We're looking for a production assistant to help out our team. If that sounds like something for you or someone you know, head ON over to cisoseries.com for details. Reporting for the CISO series, I'm Rich Stroffelino, reminding you to have a super sparkly day.
[07:37]
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories. Behind the headlines.

Cyber Security Headlines - January 17, 2025

Podcast: Cyber Security Headlines
Host: CISO Series
Episode: Biden EO, Star Blizzard Using WhatsApp, Healthcare Breaches
Release Date: January 17, 2025

1. Biden’s Cybersecurity Executive Order

Key Points:

Update on Previous EO: The new EO builds upon President Obama’s April 2015 EO13694, modernizing the criteria for the Secretary of the Treasury to designate individuals or entities for sanctions related to malicious cyber activities.
Federal Security Enhancements: The order mandates federal agencies to improve communication security against adversaries and adopt industry best practices across the federal ecosystem.
AI Security Promotion: A notable addition is the promotion of security measures within Artificial Intelligence systems, ensuring that AI deployments are resilient against cyber threats.

2. Star Blizzard’s Phishing Campaigns Targeting WhatsApp

Overview:
Microsoft’s recent research has uncovered that the Russian state-sponsored threat group, Star Blizzard, has adapted its tactics by incorporating WhatsApp into its phishing schemes.

Key Points:

Phishing Techniques: In November 2024, Star Blizzard launched a campaign where emails purportedly from a U.S. government official contained broken QR codes. These were designed to appear as support for Ukrainian NGOs.
Malicious Links: When recipients requested a functional link, they were sent a malicious shortened URL posing as a WhatsApp group invite. This directed users to phishing sites designed to access their WhatsApp messages.
Current Status: Microsoft reports that this specific campaign ceased operations at the end of November 2024. Previously, in collaboration with the U.S. Department of Justice, Microsoft helped dismantle over 180 Star Blizzard phishing sites.

Notable Quote: A Microsoft spokesperson stated:
"Integrating WhatsApp into our phishing campaigns allowed us to exploit a widely used platform, increasing our chances of success." [04:50]

3. Surge in U.S. Healthcare Breaches

Overview:
The U.S. healthcare sector experienced a significant uptick in cybersecurity breaches in 2024, affecting millions of patient records.

Key Points:

Breach Statistics: According to Security Week’s analysis of the Department of Health and Human Services’ database, there were 585 breaches in 2024, compromising approximately 180 million user records.
Primary Causes:
- Hacking Incidents: Accounting for the majority of breaches, including ransomware attacks.
- Unauthorized Access: Representing a secondary but notable cause.
Impact Distribution:
- 75% of breaches targeted healthcare providers.
- 17% impacted healthcare business associates.
Regional Focus: Texas saw the highest number of incidents with 56 breaches reported.

4. PowerSchool Cloud Platform Breach

Overview:
PowerSchool, a leading cloud platform provider for educational institutions, recently suffered a data breach affecting numerous school districts.

Key Points:

Data Compromise: Attackers accessed substantial personal data of current and former students and staff, including personal identifiers.
Security Lapses: Sources reveal that PowerSchool failed to implement basic security controls, such as Multi-Factor Authentication (MFA), despite log evidence of external access attempts.
Company Response:
- PowerSchool spokesperson Beth Keebler noted variability in data retention policies across districts but assured that most customers did not have Social Security numbers or medical information exfiltrated.
- The specific threat actor behind the attack remains unidentified.

5. Law Firm Wolf Haldenstein, Alder Freeman, and Hers Data Breach

Overview:
The law firm disclosed a significant data breach that occurred in December 2023, impacting millions of individuals.

Key Points:

Breach Details: Approximately 3.4 million individuals had their personal information exposed, including names, Social Security numbers, medical diagnoses, and claims information.
Investigation Delays: Digital forensic complexities delayed the breach investigation, with the incident going undetected for over a year.
Response Measures:
- A general breach notice was published, and Maine’s Attorney General was informed.
- Due to missing contact information, many affected individuals have not yet been notified.
- The firm is offering credit monitoring services to those impacted, despite claims of no misuse evidence.

6. Nvidia’s AI Safeguard Agents Release

Overview:
Nvidia introduced Inference Microservices (NIM), a suite of lightweight AI models designed to enhance the security and reliability of AI responses.

Key Points:

Product Offerings: Nvidia released three new NIMs focusing on:
- Topic Control: Ensures AI agents stay on topic during service interactions.
- Content Safety: Utilizes the Human Annotated Aegis Content Safety dataset to prevent inappropriate content generation.
- Jailbreak Protection: Protects against attempts to bypass system restrictions.
Advantages: NIMs allow developers to implement multiple security guardrails without significantly increasing response latency, enhancing both performance and safety.

7. Vulnerabilities in Tunneling Protocols Expose Millions of Hosts

Key Points:

Vulnerable Protocols: IPIP and GRE protocols are susceptible to accepting tunneling packets without sender verification.
Potential Exploits:
- Abuse of hosts as one-way proxies.
- Execution of Distributed Denial of Service (DoS) attacks.
- DNS spoofing.
Scope of Vulnerability: Approximately 4.26 million hosts, including VPN servers, ISP-provided home routers, and CDN nodes, are affected. A significant concentration of these vulnerabilities is found in China.
Recommendations: The research team has published detailed technical insights and defense strategies, available in the podcast’s show notes.

8. Federal Government’s Lag in Cloud Adoption

Key Points:

Current Adoption Rates: As of 2024, only 13% of the $130 billion allocated for federal IT spending was directed towards cloud services.
Implications: This lag hinders efficient service delivery to citizens and compromises cybersecurity measures.
Recommendations:
- The Office of Management and Budget should prioritize phasing out legacy IT systems.
- Federal contracts for cloud services should include stringent minimum cybersecurity standards.
Future Outlook: As AI integration increases in federal projects, robust cloud services will be crucial for data processing and storage.

Conclusion

For those seeking deeper insights into these stories, additional details and comprehensive reports are available at CISOseries.com.

Notable Reminder:
The CISO Series is currently hiring a production assistant. Interested candidates can find more information at cisoseries.com.

Reporting by Rich Stroffelino for the CISO Series. Have a super sparkly day!