Steve Prentiss (0:00)

From the CISO series, it's Cybersecurity Headlines these are the cybersecurity headlines for Friday, February 28, 2025. I'm Steve Prentiss. Chinese cyber espionage jumped 150% last year the Global Threat Report released yesterday by CrowdStrike shows a 150% surge in Chinese backed cyber espionage operations across the world last year, with critical industries seeing up to a 300% spike in targeted attacks. This means the Vault Typhoon and Salt Typhoon campaigns represented just a small fraction of global cyber espionage activity from the country, highlighting the most targeted sectors as being in finance, media and manufacturing. CrowdStrike identified seven new China related adversaries in 2024 and and claimed to have blocked over 330 cyber intrusion attempts attributed to Chinese hacking groups. End quote Nakasone warns of US falling behind adversaries in cyberspace the former leader of Cyber Command and the National Security Agency speaking at the District Con Cybersecurity conference in Washington D.C. retired General Paul Nakasone pointed to incidents like the recent China led breaches of US telecommunications companies and ransomware attacks against US targets and that they illustrate, quote, the fact that we are unable to secure our networks, the fact that we are unable to leverage the software that's being provided today, the fact we have adversaries that continue to maintain this capability, end quote. He agrees with bipartisan calls in Congress for a more aggressive US stance in cybersecurity including the use of AI, but also stressed the need for more hiring Polar Edge botnet exploits Cisco, Asus, QNAP and Synology According to French cybersecurity company Sequoia, this is a new malware campaign which targets edge devices from Cisco, Asus, QNAP and Synology to pull them into a botnet named Polaredge. As one word P O L A R E D G E. It has been operating since at least the end of 2023. The campaign leverages an unpatched end of life CVE numbered critical security flaw that impacts Cisco small business routers that could result in arbitrary command execution on susceptible devices. The vulnerability is said to have been used to deliver a TLS backdoor that incorporates the ability to listen for incoming client connections and execute commands. Southern Water says Black Basta Ransomware attack cost £4.5 million in expenses following up on a story we covered this time last year, UK based water utility Southern Water now says the ransomware attack it suffered in late January of 2024 incurred costs of 4.5 million pounds and that is roughly $5.7 million Southern Water is a private company that provides water and wastewater to customers in some southern counties in England. This number mostly represents restoration and analysis costs. A further analysis of leaked internal chat logs from the Black Bastard group who conducted the attack appear to show that a ransom has been paid, although representatives from the utility have not clarified this. Thanks to today's episode's sponsor, Conveyor Let me guess, another security questionnaire just landed in your inbox, which means all the follow up tasks you don't have time for are close behind. So what are you going to do? Or here's a better what would sue do? Sue is Conveyor's new AI agent for customer trust. She handles the entire security review process, like answering every customer request for a SoC2 from sales, completing every questionnaire, or executing every communications and coordination task in between. No more manual work, just a quick review when she's done, ready to let sue take the reins. Learn more@conveyor.com that is www.c o n v e y-o r.com Karen Evans becomes Executive Assistant Director for Cybersecurity at CISA in further government administration news, this appointment makes Evans the leader of the CyberSecurity half of CISA. She has most recently been Managing Director at the Cyber Readiness Institute, but has also served as Chief Information Officer of the Homeland Security Department, Assistant Secretary for Cybersecurity, Energy Security and Emergency Response at the Energy Department, and the Administrator of E Government and Information Technology at the Office of Management and Budget Cleveland Municipal Court Closed for third straight Day Due to cyber Incident in this latest in a string of municipality level attacks, the Cleveland Municipal Court remains closed, as I said, for the third straight day. In a notification on its Facebook page, the court says that it has not yet confirmed the nature and scope of the attack and that all internal systems and software platforms will be shut down until further notice. Software vulnerabilities take almost nine months to patch A state of software security report released by Vericode shows the average fixed time for software security vulnerabilities has risen to eight and a half months, a 47% increase over the past five years. This figure is also 327% higher than 15 years ago, largely as a result of increased reliance on third party code and use of AI generated code. Furthermore, the report says half of all organizations have critical security debt, defined as accumulated high severity vulnerabilities left open for longer than a year, and 70% of this critical security debt comes from third party code and the software supply chain. End quote. Crypto analysts stunned by bybit laundering speed following up on one of the biggest stories of this week, the $1.46 billion Ethereum theft conducted by the Lazarus Group has sent shockwaves through the cybercrime community, with experts marveling at the group's unprecedented speed and scale in laundering the stolen funds, along with its increased capability to conduct these brazen attacks, ari Redboard, global head of policy at TRM Labs, said in an email to CyberScoop. Within two days of the attack, the group funnel $160 million through illicit channels, an amount that would have been unimaginable to move this quickly just a year ago, end quote. He added, quote this raises alarming questions about whether North Korea's laundering capacity has expanded since criminal financial networks have never moved this quickly to process funds before, end quote. As usual, we've got a busy Friday of live streams today. It starts at 1pm with Super Cyber Friday, where the topic will be Hacking the Modern Audit, an hour of critical thinking about improving quality and reducing cost to this critical process. Then at 3:30pm Eastern, we have our Week in Review show. Andrew Wilder, CISO at VetCorp will be our guest, providing his expert commentary on the news of the week. To join us for both, head on over to the events page@cisoseries.com I'm Steve Prentice reporting. Four the CISO series cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.