Cyber Trust label, UK deepfake laws, Treasury attack details - Cybersecurity Headlines

Summary8 min read

Cyber Security Headlines - January 8, 2025

Hosted by CISO Series

The January 8, 2025, episode of Cyber Security Headlines by the CISO Series delivers a comprehensive overview of the latest developments in the information security landscape. Covering significant governmental initiatives, legislative changes, cyberattacks, and industry responses, this episode provides valuable insights for cybersecurity professionals and enthusiasts alike. Below is a detailed summary of the key topics discussed, enriched with notable quotes and structured for clarity.

1. Cyber Trust Labels Launched in the United States

In an effort to enhance consumer awareness and promote cybersecurity best practices, the White House introduced Cyber Trust labels in 2023, akin to the Energy Star certification for energy efficiency. These labels are set to appear on retail packaging for connected devices starting this year.

Deputy National Security Advisor for Cyber, Ann Neuberger, emphasized the significance of this initiative at [01:45]:

"An upcoming executive order will mandate that the federal government will only purchase devices with the CyberTrust label as of 2027."

The Federal Communications Commission (FCC) unanimously approved the label in March 2023. The Cyber Trust program is grounded in National Institute of Standards and Technology (NIST) cybersecurity criteria and provides consumers with information on how long manufacturers intend to support their devices with software updates at the point of sale. Oversight and enforcement will be a collaborative effort among CISA, the FCC, and the Department of Justice.

2. UK Criminalizes Sexually Explicit Deepfakes

Building upon existing legislation against non-consensual intimate media (commonly known as revenge porn), the UK government announced new laws targeting machine-generated explicit deepfake content. This marks a significant step in addressing the evolving challenges posed by synthetic media.

The British government declared that creating and sharing explicit deepfake media that accurately represents real individuals will now be a criminal offense, punishable by up to two years in prison. This legislation aims to curb the alarming rise in digitally altered revenge porn images, which the Revenge Porn Helpline reports have surged by over 400% since 2017.

At [03:30], a spokesperson highlighted:

"By criminalizing explicit deepfakes, we are sending a clear message against the misuse of technology to harm individuals without their consent."

Additionally, the UK government will intensify its scrutiny of technology platforms that host such malicious content, ensuring stricter compliance and proactive measures to prevent distribution.

3. CISA Reports on Treasury Department Cyberattack

The Cybersecurity and Infrastructure Security Agency (CISA) disclosed a significant cybersecurity incident involving the U.S. Treasury Department. State-sponsored Chinese threat actors infiltrated Treasury systems through the remote support provider BeyondTrust.

CISA's investigation revealed that:

No other federal agencies were compromised in this breach.
Threat actors did not maintain access after the Treasury terminated its BeyondTrust instance.
Ongoing monitoring and coordination with relevant federal authorities will continue to ensure no further vulnerabilities exist.

At [04:50], a CISA representative stated:

"Our findings confirm that the breach was contained within the Treasury Department, and we are committed to preventing any similar incidents across other federal entities."

The full scope of the attack remains under investigation, with authorities assessing the extent of data accessed and any potential long-term impacts.

4. Chinese Threat Actors Target the Philippines Executive Branch

According to sources from Bloomberg, Chinese state-sponsored actors have engaged in a sustained campaign over the past year to penetrate the systems of the Philippines' executive branch, resulting in the theft of sensitive data.

Department of Information and Communications Technology (DICT) Secretary Ivan Yuey addressed the issue at [06:10]:

"While current data remains uncompromised, the threat actors successfully obtained historical data from previous years. We manage thousands of breach attempts daily and challenge these actors to disclose any relevant data they've unlawfully obtained."

Yuey emphasized the department's resilience and proactive stance in defending against such persistent threats, highlighting the continuous efforts to safeguard government information infrastructure.

5. Critical Infrastructure Ransomware Attacks on the Rise

Temple University's Department of Criminal Justice maintains the Critical Infrastructure Ransomware Attacks (KIRA) database, tracking ransomware incidents targeting essential services. As of the latest update, the database records over 2,000 attacks, with 45% of these added since February 2022.

Key findings include:

Government facilities, healthcare, public health, and education sectors are the most frequently targeted.
Contrary to popular belief, water infrastructure remains among the least targeted sectors.
Ransom demands have escalated, with incidents seeking $5 million or more, constituting 42% of attacks in the past two years.

A representative from KIRA Defense noted at [07:35]:

"The increasing ransom amounts reflect the growing confidence and capabilities of threat actors, posing a significant challenge to our critical infrastructure."

The database is accessible to stakeholders upon request, offering valuable data for strategizing defensive measures against ransomware threats.

6. US Defense Department Designates Tencent and CATL as Military-Linked Firms

The U.S. Department of Defense has officially added Tencent, the parent company of the widely used Chinese messaging app WeChat, and CATL, the world's largest electric vehicle (EV) battery manufacturer, to its list of companies with ties to the Chinese military.

This designation identifies potential security risks associated with these firms, although it does not impose direct bans or sanctions. Any punitive measures would require action from the U.S. Treasury. The inclusion of these companies signals increased scrutiny and caution for Western businesses engaging with them.

At [09:20], a Defense Department official explained:

"While these designations do not immediately restrict business operations, they highlight the need for heightened awareness and due diligence among our partners and allies."

This move underscores the broader geopolitical tensions and the intertwining of commercial enterprises with national security considerations.

7. Washington Sues T-Mobile Over 2021 Data Breach

In a follow-up to the massive data breach disclosed in 2021, where T-Mobile reported unauthorized access affecting 79 million individuals across the United States, the Washington Attorney General, Bob Ferguson, has filed a lawsuit against the telecommunications giant.

Key allegations in the lawsuit include:

Misrepresentation of cybersecurity capabilities, suggesting insufficient protection measures were in place.
Failure to inform customers specifically whose Social Security numbers were compromised.
Inadequate breach notifications, with brief and incomplete text message alerts rather than comprehensive communication.

The lawsuit seeks a court order mandating T-Mobile to enhance its cybersecurity practices and imposes financial penalties under the Consumer Protection Act.

At [10:15], Bob Ferguson stated:

"Consumers trusted T-Mobile to protect their sensitive information. This breach and the subsequent handling of it demonstrate a blatant disregard for that trust and personal security."

This legal action highlights the increasing accountability companies face regarding data protection and responsive measures following cybersecurity incidents.

8. Aviation Agency Faces Breach Claims

On cybersecurity breach forums, an account named NATOHUB alleged the compromise of 42,000 documents from the United Nations' International Civil Aviation Organization (ICAO). These documents purportedly contain personal records of staff and affiliates.

ICAO has not confirmed the breach but indicated that it is actively investigating the claims. While the NATOHUB account lacks a substantial history of verified leaks, its recent assertion has raised concerns within the aviation and cybersecurity communities.

At [11:40], an ICAO spokesperson commented:

"We are taking these allegations seriously and are conducting a thorough investigation to ascertain the validity of these claims and mitigate any potential impact."

The situation remains under scrutiny as authorities work to verify the breach's authenticity and implement necessary security enhancements.

9. Green Bay Packers Online Store Compromised by Threat Actors

Fans of the Green Bay Packers were recently informed of a cybersecurity incident affecting the team's official online store. Between late September and early October 2024, a card skimming script was injected into the website, compromising the payment system.

Key details of the breach include:

Detection on October 23 by the Dutch e-commerce security firm Sansec.
Immediate response involved disabling checkouts and payment systems to prevent further unauthorized access.
Scope of impact: Only customers paying directly with payment cards were affected. Those using gift cards, PayPal, and Amazon Pay remained secure.
Remedial measures: The Packers have offered all affected customers three years of credit monitoring services.

At [13:25], a team representative reassured:

"We prioritize our customers' security and are committed to rectifying this issue promptly while preventing future incidents."

The incident underscores the persistent threat of cyberattacks on e-commerce platforms and the importance of swift, transparent responses to safeguard consumer trust.

Conclusion

The episode of Cyber Security Headlines provided an insightful exploration of pressing cybersecurity issues, ranging from governmental initiatives and legal reforms to high-profile cyberattacks and industry responses. By highlighting these events, the CISO Series underscores the dynamic and ever-evolving nature of the cybersecurity realm, emphasizing the necessity for continuous vigilance, proactive measures, and collaborative efforts to mitigate emerging threats.

For listeners seeking deeper dives into these stories, additional information and full episodes are available at CISOseries.com.

Notable Quotes:

Ann Neuberger at [01:45]: "An upcoming executive order will mandate that the federal government will only purchase devices with the CyberTrust label as of 2027."
Spokesperson on UK's Deepfake Law at [03:30]: "By criminalizing explicit deepfakes, we are sending a clear message against the misuse of technology to harm individuals without their consent."
CISA Representative at [04:50]: "Our findings confirm that the breach was contained within the Treasury Department, and we are committed to preventing any similar incidents across other federal entities."
Ivan Yuey at [06:10]: "While current data remains uncompromised, the threat actors successfully obtained historical data from previous years. We manage thousands of breach attempts daily and challenge these actors to disclose any relevant data they've unlawfully obtained."
KIRA Defense Representative at [07:35]: "The increasing ransom amounts reflect the growing confidence and capabilities of threat actors, posing a significant challenge to our critical infrastructure."
Defense Department Official at [09:20]: "While these designations do not immediately restrict business operations, they highlight the need for heightened awareness and due diligence among our partners and allies."
Bob Ferguson at [10:15]: "Consumers trusted T-Mobile to protect their sensitive information. This breach and the subsequent handling of it demonstrate a blatant disregard for that trust and personal security."
ICAO Spokesperson at [11:40]: "We are taking these allegations seriously and are conducting a thorough investigation to ascertain the validity of these claims and mitigate any potential impact."
Green Bay Packers Representative at [13:25]: "We prioritize our customers' security and are committed to rectifying this issue promptly while preventing future incidents."

For daily updates and in-depth analyses of cybersecurity news, tune in to Cyber Security Headlines and visit CISOseries.com.

Loading summary

Transcript3 lines

[00:00]
A
From the CISO series, it's Cybersecurity Headlines.
[00:07]
B
These are the cybersecurity headlines for Wednesday, January 8, 2025. I'm Rich Stroffelino. Cyber Trust Marks to roll out in 2025 back in 2023, the White House launched an initiative to add Cyber Trust labels to retail packaging for connected devices. This was compared to the equivalent of Energy Star certification to indicate a baseline of cybersecurity best practices to consumers. The FCC unanimously approved the label back in March. Now, White House officials say the label will start appearing on consumer devices this year. Deputy National Security Advisor for Cyber Ann Neuberger said an upcoming executive order will mandate that the federal government will only purchase devices with the CyberTrust label as of 2027. The program will go off NIST cybersecurity criteria and inform users how long companies plan to provide software updates at the point of purchase. Cisa, the FCC and the Department of Justice will collaborate to oversee and enforce the program. UK to Criminalize Sexually Explicit deepfakes the UK already criminalized the publishing of intimate media meant to cause distress without consent and aka revenge porn back in 2015, but that only accounted for actual images, not machine generated ones. The British government announced it will make creating and sharing explicit deepfake media that represents a real likeness a crime punishable with up to two years in prison. The government also said it will increase scrutiny on tech platforms hosting these images. The Revenge Porn Helpline found that digitally altered revenge porn images had have increased by over 400% since 2017. CISA says government hack limited to Treasury Last week, the US Treasury Department informed lawmakers that state sponsored Chinese threat actors breached its systems in a major cybersecurity incident through its remote support provider Beyond Trust. After an investigation, CISA announced it found no signs of the breach impacting any other federal agencies. CESA said it will continue to monitor the response to the attack and coordinate with relevant federal authorities as needed. Investigators are still looking into the full scope of the treasury attack, but said there was no evidence the threat actors maintained access after the treasury terminated its Beyond Trust instance. Philippines targeted by Chinese threat actors Bloomberg sources say Chinese state sponsored actors orchestrated a year long campaign to penetrate systems of the Philippines executive branch stealing sensitive data. However, Department of Information and Communications Technology Secretary Ivan Yuey said the attacks did not compromise current data, but that threat actors did obtain old data from many years ago. UI said his department deals with thousands of breach attempts against the government daily and challenges the threat actors to publish details if they obtained relevant data. And now, thanks to Today's episode sponsor Nudge Security Identity based attacks targeting Okta, Microsoft 365 and Google Workspace are on the rise. Do you have the visibility you need into identity security risks? Nudge Security provides advanced security posture management for these critical platforms, surfacing risks like weak or missing mfa, inactive admin accounts, risky integrations and more. And you can automate remediation tasks and ongoing identity governance. Start a free 14 day trial today at nudgesecurity.com identity that's n u D G E S E c u r I-T-Y.com identity 2000 attacks launched against critical infrastructure Temple University's Department of Criminal justice maintains the Critical Infrastructure Ransomware attacks database, or KIRA. Operating since 2013, the database now holds details on over 2,000 different attacks, with 45% of those added since February 2022. In the last two years, government facilities, health care, public health and education facilities were the most commonly targeted. While attacks on water infrastructure get a lot of attention, they were among the least targeted. The database also shows ransom amounts increasing with attacks resulting in a $5 million or more ransom, up from 42% over the last two years. The entire data set is available upon request from Kira Defense Department Ties Tencent to the Chinese Military the US Defense Department formally added Tencent, the parent company of the massively popular Chinese messaging app WeChat, to a list of companies with ties to aiding and supplying the Chinese military, which could pose a security risk to the U.S. while this designation doesn't impose direct bans or sanctions by itself, it does add considerable risk to Western companies doing business with it. Any sanctions would have to come from the Treasury. The Defense Department also added the firm Catl to the list. The World's Largest EV Battery maker Washington Sues T Mobile over data breach back in 2021, T Mobile disclosed that a brute force attack on its corporate network resulted in a data leak impacting 79 million people across the U.S. it took t mobile six months to discover the malicious activity when data began appearing on hacking forums. Washington Attorney General Bob Ferguson filed a lawsuit against the telco, claiming it misrepresented its cybersecurity capabilities. The lawsuit also criticized T Mobile for not telling customers that specifically had Social Security numbers stolen and for sending brief and incomplete text message alerts about the breach. The lawsuit seeks a court order from T Mobile to strengthen its cybersecurity practices and financial penalties under the Consumer Protection Act. Aviation Agency Investigating Breach Claims In a Post on breach forums 2, the account NATOHUB claimed it compromised 42,000 documents from the UN's International Civil Aviation Organization, or ICAO, supposedly containing personal records on staff and others working with the agency. ICOW did not confirm it suffered a breach, but but said it was actively investigating reports of a potential information security incident. The NATOhub account doesn't have an extensive track record of leaks, but it has made unsubstantiated claims that it accessed personal data on thousands of UN delegates last month. Green Bay Packers Online store Sacked by threat Actors the American football team notified customers that a threat actor injected a card skimming script into its official online store sometime between late September and early October 2024. The team learned of the skimmer on October 23 from the Dutch e commerce security company Sansec. It immediately disabled checkouts and payment systems while investigating the issue. The skimmer could only steal information of customers paying directly with payment cards, so customers using gift cards, PayPal and Amazon Pay were not impacted. No word on how many customers the attack impacted, but the team will offer all victims three years of credit monitoring services. Are you following the CISO series across the panoply of social media options? Then you're in luck. We're active on LinkedIn and YouTube where we're posting original content, hosting insightful conversations and more. And we've just created a bluesky account, so if you're into the whole decentralized microblogging, we've got you covered. Wherever you spend time on cyberspace, be sure you're following the CISO series. Reporting for the CISO series, I'm Rich Stroffelino, reminding you to have a super sparkly day.
[08:09]
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.