Cyber Security Headlines - January 17, 2025

Podcast: Cyber Security Headlines
Host: CISO Series
Episode: Biden EO, Star Blizzard Using WhatsApp, Healthcare Breaches
Release Date: January 17, 2025

1. Biden’s Cybersecurity Executive Order

Overview:
On his final days in office, President Joe Biden signed a significant Cybersecurity Executive Order (EO) aimed at strengthening national cyber defenses and imposing stricter sanctions on malicious actors.

Key Points:

• Update on Previous EO: The new EO builds upon President Obama’s April 2015 EO13694, modernizing the criteria for the Secretary of the Treasury to designate individuals or entities for sanctions related to malicious cyber activities.
• Federal Security Enhancements: The order mandates federal agencies to improve communication security against adversaries and adopt industry best practices across the federal ecosystem.
• AI Security Promotion: A notable addition is the promotion of security measures within Artificial Intelligence systems, ensuring that AI deployments are resilient against cyber threats.

Notable Quote: Deputy National Security Advisor Anne Neuberger emphasized the EO’s objectives:
"The goal of this order is to make it costly and harder for China, Russia, Iran, and ransomware criminals to exploit our systems." [02:15]

2. Star Blizzard’s Phishing Campaigns Targeting WhatsApp

Overview:
Microsoft’s recent research has uncovered that the Russian state-sponsored threat group, Star Blizzard, has adapted its tactics by incorporating WhatsApp into its phishing schemes.

Key Points:

• Phishing Techniques: In November 2024, Star Blizzard launched a campaign where emails purportedly from a U.S. government official contained broken QR codes. These were designed to appear as support for Ukrainian NGOs.
• Malicious Links: When recipients requested a functional link, they were sent a malicious shortened URL posing as a WhatsApp group invite. This directed users to phishing sites designed to access their WhatsApp messages.
• Current Status: Microsoft reports that this specific campaign ceased operations at the end of November 2024. Previously, in collaboration with the U.S. Department of Justice, Microsoft helped dismantle over 180 Star Blizzard phishing sites.

Notable Quote: A Microsoft spokesperson stated:
"Integrating WhatsApp into our phishing campaigns allowed us to exploit a widely used platform, increasing our chances of success." [04:50]

3. Surge in U.S. Healthcare Breaches

Overview:
The U.S. healthcare sector experienced a significant uptick in cybersecurity breaches in 2024, affecting millions of patient records.

Key Points:

• Breach Statistics: According to Security Week’s analysis of the Department of Health and Human Services’ database, there were 585 breaches in 2024, compromising approximately 180 million user records.
• Primary Causes:
  • Hacking Incidents: Accounting for the majority of breaches, including ransomware attacks.
  • Unauthorized Access: Representing a secondary but notable cause.
• Impact Distribution:
  • 75% of breaches targeted healthcare providers.
  • 17% impacted healthcare business associates.
• Regional Focus: Texas saw the highest number of incidents with 56 breaches reported.

Notable Quote: A representative from the Department of Health and Human Services commented:
"The healthcare sector remains a prime target for cybercriminals, underlining the urgent need for enhanced security measures." [06:30]

4. PowerSchool Cloud Platform Breach

Overview:
PowerSchool, a leading cloud platform provider for educational institutions, recently suffered a data breach affecting numerous school districts.

Key Points:

• Data Compromise: Attackers accessed substantial personal data of current and former students and staff, including personal identifiers.
• Security Lapses: Sources reveal that PowerSchool failed to implement basic security controls, such as Multi-Factor Authentication (MFA), despite log evidence of external access attempts.
• Company Response:
  • PowerSchool spokesperson Beth Keebler noted variability in data retention policies across districts but assured that most customers did not have Social Security numbers or medical information exfiltrated.
  • The specific threat actor behind the attack remains unidentified.

Notable Quote: Beth Keebler from PowerSchool stated:
"While we are aware of the breach, our investigation indicates that sensitive information like Social Security numbers were not compromised for the majority of our clients." [08:10]

5. Law Firm Wolf Haldenstein, Alder Freeman, and Hers Data Breach

Overview:
The law firm disclosed a significant data breach that occurred in December 2023, impacting millions of individuals.

Key Points:

• Breach Details: Approximately 3.4 million individuals had their personal information exposed, including names, Social Security numbers, medical diagnoses, and claims information.
• Investigation Delays: Digital forensic complexities delayed the breach investigation, with the incident going undetected for over a year.
• Response Measures:
  • A general breach notice was published, and Maine’s Attorney General was informed.
  • Due to missing contact information, many affected individuals have not yet been notified.
  • The firm is offering credit monitoring services to those impacted, despite claims of no misuse evidence.

Notable Quote: A spokesperson for Wolf Haldenstein commented:
"Although we detected the breach over a year ago, the complexity of our digital forensic investigation delayed our ability to notify all affected parties promptly." [09:45]

6. Nvidia’s AI Safeguard Agents Release

Overview:
Nvidia introduced Inference Microservices (NIM), a suite of lightweight AI models designed to enhance the security and reliability of AI responses.

Key Points:

• Product Offerings: Nvidia released three new NIMs focusing on:
  • Topic Control: Ensures AI agents stay on topic during service interactions.
  • Content Safety: Utilizes the Human Annotated Aegis Content Safety dataset to prevent inappropriate content generation.
  • Jailbreak Protection: Protects against attempts to bypass system restrictions.
• Advantages: NIMs allow developers to implement multiple security guardrails without significantly increasing response latency, enhancing both performance and safety.

Notable Quote: An Nvidia representative explained:
"Our NIM offerings empower developers to maintain robust security protocols within their AI applications without compromising on speed or efficiency." [11:20]

7. Vulnerabilities in Tunneling Protocols Expose Millions of Hosts

Overview:
Research led by Matthew van Hoof from KU Leuven University and Top 10 VPN has identified critical vulnerabilities in several tunneling protocols that could expose millions of hosts to cyber threats.

Key Points:

• Vulnerable Protocols: IPIP and GRE protocols are susceptible to accepting tunneling packets without sender verification.
• Potential Exploits:
  • Abuse of hosts as one-way proxies.
  • Execution of Distributed Denial of Service (DoS) attacks.
  • DNS spoofing.
• Scope of Vulnerability: Approximately 4.26 million hosts, including VPN servers, ISP-provided home routers, and CDN nodes, are affected. A significant concentration of these vulnerabilities is found in China.
• Recommendations: The research team has published detailed technical insights and defense strategies, available in the podcast’s show notes.

Notable Quote: Matthew van Hoof remarked:
"The lack of sender verification in these tunneling protocols opens the door for a myriad of malicious activities, posing a significant threat to global internet infrastructure." [13:05]

8. Federal Government’s Lag in Cloud Adoption

Overview:
A bipartisan report by the Center for Strategic and International Studies highlights the federal government’s slow adoption of cloud services compared to the private sector, impacting cybersecurity and citizen service delivery.

Key Points:

• Current Adoption Rates: As of 2024, only 13% of the $130 billion allocated for federal IT spending was directed towards cloud services.
• Implications: This lag hinders efficient service delivery to citizens and compromises cybersecurity measures.
• Recommendations:
  • The Office of Management and Budget should prioritize phasing out legacy IT systems.
  • Federal contracts for cloud services should include stringent minimum cybersecurity standards.
• Future Outlook: As AI integration increases in federal projects, robust cloud services will be crucial for data processing and storage.

Notable Quote: A report author from the Center for Strategic and International Studies stated:
"Accelerating cloud adoption is not just a technological necessity but a strategic imperative for national security and effective governance." [14:30]

Conclusion

The January 17, 2025 episode of Cyber Security Headlines by the CISO Series covered a broad spectrum of critical cybersecurity issues, from high-level governmental policies to specific breaches affecting various sectors. The discussions underscored the evolving nature of cyber threats and the imperative for robust, adaptive security measures across all domains.

For those seeking deeper insights into these stories, additional details and comprehensive reports are available at CISOseries.com.

Notable Reminder:
The CISO Series is currently hiring a production assistant. Interested candidates can find more information at cisoseries.com.

Reporting by Rich Stroffelino for the CISO Series. Have a super sparkly day!