Cyber Security Headlines - January 8, 2025

Hosted by CISO Series

The January 8, 2025, episode of Cyber Security Headlines by the CISO Series delivers a comprehensive overview of the latest developments in the information security landscape. Covering significant governmental initiatives, legislative changes, cyberattacks, and industry responses, this episode provides valuable insights for cybersecurity professionals and enthusiasts alike. Below is a detailed summary of the key topics discussed, enriched with notable quotes and structured for clarity.

1. Cyber Trust Labels Launched in the United States

In an effort to enhance consumer awareness and promote cybersecurity best practices, the White House introduced Cyber Trust labels in 2023, akin to the Energy Star certification for energy efficiency. These labels are set to appear on retail packaging for connected devices starting this year.

Deputy National Security Advisor for Cyber, Ann Neuberger, emphasized the significance of this initiative at [01:45]:

"An upcoming executive order will mandate that the federal government will only purchase devices with the CyberTrust label as of 2027."

The Federal Communications Commission (FCC) unanimously approved the label in March 2023. The Cyber Trust program is grounded in National Institute of Standards and Technology (NIST) cybersecurity criteria and provides consumers with information on how long manufacturers intend to support their devices with software updates at the point of sale. Oversight and enforcement will be a collaborative effort among CISA, the FCC, and the Department of Justice.

2. UK Criminalizes Sexually Explicit Deepfakes

Building upon existing legislation against non-consensual intimate media (commonly known as revenge porn), the UK government announced new laws targeting machine-generated explicit deepfake content. This marks a significant step in addressing the evolving challenges posed by synthetic media.

The British government declared that creating and sharing explicit deepfake media that accurately represents real individuals will now be a criminal offense, punishable by up to two years in prison. This legislation aims to curb the alarming rise in digitally altered revenge porn images, which the Revenge Porn Helpline reports have surged by over 400% since 2017.

At [03:30], a spokesperson highlighted:

"By criminalizing explicit deepfakes, we are sending a clear message against the misuse of technology to harm individuals without their consent."

Additionally, the UK government will intensify its scrutiny of technology platforms that host such malicious content, ensuring stricter compliance and proactive measures to prevent distribution.

3. CISA Reports on Treasury Department Cyberattack

The Cybersecurity and Infrastructure Security Agency (CISA) disclosed a significant cybersecurity incident involving the U.S. Treasury Department. State-sponsored Chinese threat actors infiltrated Treasury systems through the remote support provider BeyondTrust.

CISA's investigation revealed that:

• No other federal agencies were compromised in this breach.
• Threat actors did not maintain access after the Treasury terminated its BeyondTrust instance.
• Ongoing monitoring and coordination with relevant federal authorities will continue to ensure no further vulnerabilities exist.

At [04:50], a CISA representative stated:

"Our findings confirm that the breach was contained within the Treasury Department, and we are committed to preventing any similar incidents across other federal entities."

The full scope of the attack remains under investigation, with authorities assessing the extent of data accessed and any potential long-term impacts.

4. Chinese Threat Actors Target the Philippines Executive Branch

According to sources from Bloomberg, Chinese state-sponsored actors have engaged in a sustained campaign over the past year to penetrate the systems of the Philippines' executive branch, resulting in the theft of sensitive data.

Department of Information and Communications Technology (DICT) Secretary Ivan Yuey addressed the issue at [06:10]:

"While current data remains uncompromised, the threat actors successfully obtained historical data from previous years. We manage thousands of breach attempts daily and challenge these actors to disclose any relevant data they've unlawfully obtained."

Yuey emphasized the department's resilience and proactive stance in defending against such persistent threats, highlighting the continuous efforts to safeguard government information infrastructure.

5. Critical Infrastructure Ransomware Attacks on the Rise

Temple University's Department of Criminal Justice maintains the Critical Infrastructure Ransomware Attacks (KIRA) database, tracking ransomware incidents targeting essential services. As of the latest update, the database records over 2,000 attacks, with 45% of these added since February 2022.

Key findings include:

• Government facilities, healthcare, public health, and education sectors are the most frequently targeted.
• Contrary to popular belief, water infrastructure remains among the least targeted sectors.
• Ransom demands have escalated, with incidents seeking $5 million or more, constituting 42% of attacks in the past two years.

A representative from KIRA Defense noted at [07:35]:

"The increasing ransom amounts reflect the growing confidence and capabilities of threat actors, posing a significant challenge to our critical infrastructure."

The database is accessible to stakeholders upon request, offering valuable data for strategizing defensive measures against ransomware threats.

6. US Defense Department Designates Tencent and CATL as Military-Linked Firms

The U.S. Department of Defense has officially added Tencent, the parent company of the widely used Chinese messaging app WeChat, and CATL, the world's largest electric vehicle (EV) battery manufacturer, to its list of companies with ties to the Chinese military.

This designation identifies potential security risks associated with these firms, although it does not impose direct bans or sanctions. Any punitive measures would require action from the U.S. Treasury. The inclusion of these companies signals increased scrutiny and caution for Western businesses engaging with them.

At [09:20], a Defense Department official explained:

"While these designations do not immediately restrict business operations, they highlight the need for heightened awareness and due diligence among our partners and allies."

This move underscores the broader geopolitical tensions and the intertwining of commercial enterprises with national security considerations.

7. Washington Sues T-Mobile Over 2021 Data Breach

In a follow-up to the massive data breach disclosed in 2021, where T-Mobile reported unauthorized access affecting 79 million individuals across the United States, the Washington Attorney General, Bob Ferguson, has filed a lawsuit against the telecommunications giant.

Key allegations in the lawsuit include:

• Misrepresentation of cybersecurity capabilities, suggesting insufficient protection measures were in place.
• Failure to inform customers specifically whose Social Security numbers were compromised.
• Inadequate breach notifications, with brief and incomplete text message alerts rather than comprehensive communication.

The lawsuit seeks a court order mandating T-Mobile to enhance its cybersecurity practices and imposes financial penalties under the Consumer Protection Act.

At [10:15], Bob Ferguson stated:

"Consumers trusted T-Mobile to protect their sensitive information. This breach and the subsequent handling of it demonstrate a blatant disregard for that trust and personal security."

This legal action highlights the increasing accountability companies face regarding data protection and responsive measures following cybersecurity incidents.

8. Aviation Agency Faces Breach Claims

On cybersecurity breach forums, an account named NATOHUB alleged the compromise of 42,000 documents from the United Nations' International Civil Aviation Organization (ICAO). These documents purportedly contain personal records of staff and affiliates.

ICAO has not confirmed the breach but indicated that it is actively investigating the claims. While the NATOHUB account lacks a substantial history of verified leaks, its recent assertion has raised concerns within the aviation and cybersecurity communities.

At [11:40], an ICAO spokesperson commented:

"We are taking these allegations seriously and are conducting a thorough investigation to ascertain the validity of these claims and mitigate any potential impact."

The situation remains under scrutiny as authorities work to verify the breach's authenticity and implement necessary security enhancements.

9. Green Bay Packers Online Store Compromised by Threat Actors

Fans of the Green Bay Packers were recently informed of a cybersecurity incident affecting the team's official online store. Between late September and early October 2024, a card skimming script was injected into the website, compromising the payment system.

Key details of the breach include:

• Detection on October 23 by the Dutch e-commerce security firm Sansec.
• Immediate response involved disabling checkouts and payment systems to prevent further unauthorized access.
• Scope of impact: Only customers paying directly with payment cards were affected. Those using gift cards, PayPal, and Amazon Pay remained secure.
• Remedial measures: The Packers have offered all affected customers three years of credit monitoring services.

At [13:25], a team representative reassured:

"We prioritize our customers' security and are committed to rectifying this issue promptly while preventing future incidents."

The incident underscores the persistent threat of cyberattacks on e-commerce platforms and the importance of swift, transparent responses to safeguard consumer trust.

Conclusion

The episode of Cyber Security Headlines provided an insightful exploration of pressing cybersecurity issues, ranging from governmental initiatives and legal reforms to high-profile cyberattacks and industry responses. By highlighting these events, the CISO Series underscores the dynamic and ever-evolving nature of the cybersecurity realm, emphasizing the necessity for continuous vigilance, proactive measures, and collaborative efforts to mitigate emerging threats.

For listeners seeking deeper dives into these stories, additional information and full episodes are available at CISOseries.com.

Notable Quotes:

• Ann Neuberger at [01:45]: "An upcoming executive order will mandate that the federal government will only purchase devices with the CyberTrust label as of 2027."

• Spokesperson on UK's Deepfake Law at [03:30]: "By criminalizing explicit deepfakes, we are sending a clear message against the misuse of technology to harm individuals without their consent."

• CISA Representative at [04:50]: "Our findings confirm that the breach was contained within the Treasury Department, and we are committed to preventing any similar incidents across other federal entities."

• Ivan Yuey at [06:10]: "While current data remains uncompromised, the threat actors successfully obtained historical data from previous years. We manage thousands of breach attempts daily and challenge these actors to disclose any relevant data they've unlawfully obtained."

• KIRA Defense Representative at [07:35]: "The increasing ransom amounts reflect the growing confidence and capabilities of threat actors, posing a significant challenge to our critical infrastructure."

• Defense Department Official at [09:20]: "While these designations do not immediately restrict business operations, they highlight the need for heightened awareness and due diligence among our partners and allies."

• Bob Ferguson at [10:15]: "Consumers trusted T-Mobile to protect their sensitive information. This breach and the subsequent handling of it demonstrate a blatant disregard for that trust and personal security."

• ICAO Spokesperson at [11:40]: "We are taking these allegations seriously and are conducting a thorough investigation to ascertain the validity of these claims and mitigate any potential impact."

• Green Bay Packers Representative at [13:25]: "We prioritize our customers' security and are committed to rectifying this issue promptly while preventing future incidents."

For daily updates and in-depth analyses of cybersecurity news, tune in to Cyber Security Headlines and visit CISOseries.com.