Cyber Security Headlines: Week in Review

Host: CISO Series
Episode Title: Week in Review: CISA Officials Furloughed, DeepSeek’s Weak Security, Cairncross as Cyber Director
Release Date: February 14, 2025

Introduction

In this episode of Cyber Security Headlines, host David Spark engages in a detailed discussion with returning guest Doug Mayer, VP and CISO at WCG. They delve into the week's pivotal cybersecurity stories, offering expert insights and analyses. The conversation spans topics from administrative changes within CISA to vulnerabilities in emerging AI technologies, providing listeners with a comprehensive overview of the current cybersecurity landscape.

1. CISA Officials Placed on Administrative Leave

The episode opens with a significant development: several members of the Cybersecurity and Infrastructure Security Agency's (CISA) election security team have been placed on administrative leave. This decision primarily affects those working on misinformation and disinformation efforts, as reported by Cyberscoop.

David Spark [02:30]: "Former election secretary Kim Wyman warns that shutting down these efforts will hit smaller jurisdictions the hardest, leaving them more vulnerable to misinformation."

Discussion: Doug Mayer expresses concern over the potential negative impacts of this move, highlighting the risks it poses to both federal and state levels. He notes, "I think this is going to impact negatively across the country and at the state level..." [03:03]. The conversation underscores the importance of CISA's role in safeguarding election integrity and the broader implications of diminishing its capacity to combat misinformation.

2. DeepSeek’s Weak Security

The discussion shifts to the vulnerabilities identified in DeepSeek's R1 large language model. Researchers from AppSec revealed that DeepSeek's R1 failed numerous security tests, notably its inability to prevent malware creation and its susceptibility to guardrail bypassing.

David Spark [04:12]: "Clearly capitalizing the momentums of LLM generally, but also revealing how willing end users are to embrace new technologies..."

Discussion: Doug Mayer assesses that DeepSeek's premature market entry without robust security measures is unlikely to dismantle existing markets. He comments, "It's no surprise that a brand new to market, supposedly cheaper ran option is not fully baked..." [05:57]. The conversation emphasizes the necessity for comprehensive security protocols in AI deployments and cautions against the rapid adoption of unvetted technologies.

3. RNC Executive Tapped as National Cyber Director

Sean Cairncross, the RNC's Chief Operating Officer, has been nominated to serve as the National Cyber Director, a role that advises the President on cybersecurity matters. This nomination has sparked debate due to Cairncross's limited direct experience in cybersecurity.

David Spark [07:57]: "Not being shy about telling us how he feels. We want to hear your thoughts."

Discussion: Doug Mayer voices skepticism about appointing someone without a strong cybersecurity background to such a critical position. He asserts, "You really want to bring someone in, has expertise, someone who knows cyber..." [09:19]. The conversation highlights the importance of technical expertise in leadership roles within cybersecurity, questioning whether Cairncross's business and political experience sufficiently qualifies him for the position.

4. US Adversaries Increasingly Turning to Cybercriminals

A report from Google's Threat Intelligence Group reveals that state-sponsored actors from countries like China, Iran, and North Korea are increasingly collaborating with cybercriminals to advance their espionage goals.

David Spark [14:25]: "It's about getting away from passwords. And this here, 2fa is one step away from getting away from passwords. MFA is five steps getting away from passwords."

Discussion: Doug Mayer underscores the escalating threat posed by the convergence of state and criminal cyber activities. He notes, "Adversaries are much more advanced than us. Adversaries move quicker..." [14:25]. The discussion emphasizes the need for organizations to bolster their defenses and collaborate with vendors that are proactive in addressing these sophisticated threats.

5. UK Releases Hurricane Grade Scale for Cyber Attacks

The UK Cyber Monitoring Center has introduced a new rating system for cyber attacks, paralleling the Hurricane Saffir-Simpson scale. Designed to classify the severity of systemic cyber events, the scale aims to provide a standardized measure for assessing the impact of significant cyber incidents.

Doug Mayer [17:39]: "I think security team security organizations already have a lot of complexity between regulations and broken regulations and not consistent regulations around the world."

Discussion: While the initiative is lauded for its potential to aid the cyber insurance industry, Doug Mayer expresses reservations about its applicability on a global scale. He highlights concerns over subjectivity and the varying contexts of different organizations, suggesting that a one-size-fits-all approach may lack the necessary nuance [17:39].

6. Astaroth Phishing Kit Bypasses 2FA with Reverse Proxy Techniques

A new phishing tool, Astaroth, has emerged, capable of circumventing two-factor authentication (2FA) through sophisticated reverse proxy methods. This tool intercepts authentication tokens in real-time, effectively rendering traditional 2FA measures ineffective.

Doug Mayer [21:54]: "I think 2fa should have been killed long time ago because I took two FA out of my, my language a long time ago. I go up by mfa."

Discussion: Doug Mayer advocates for the adoption of Multi-Factor Authentication (MFA) over 2FA, emphasizing the need for advanced anomaly detection and comprehensive security operations. He argues that while 2FA has its shortcomings, moving towards more robust MFA solutions can enhance security resilience [21:54]. The conversation highlights the evolving nature of phishing threats and the imperative for organizations to adapt their authentication strategies accordingly.

7. Doug Mayer’s Takeaways and Final Thoughts

In his concluding remarks, Doug Mayer reflects on the overarching themes of the week, particularly the advancements and challenges in AI security.

Doug Mayer [24:30]: "I am pro AI. I'm just pro AI properly and threat teaming and investing in it."

Discussion: Doug emphasizes the dual-edged nature of AI, acknowledging its potential while cautioning against premature deployment without adequate security measures. He underscores the importance of red teaming and investment in secure AI development, advocating for a balanced approach that leverages AI's benefits while mitigating its inherent risks [24:30].

Conclusion

This episode of Cyber Security Headlines provides a multifaceted exploration of critical issues shaping the cybersecurity domain. From administrative shifts within federal agencies to the vulnerabilities of emerging AI technologies, host David Spark and guest Doug Mayer offer valuable perspectives that underscore the dynamic and often precarious nature of today's cybersecurity landscape. Listeners are equipped with nuanced analyses and expert opinions, enhancing their understanding of the complex challenges and trends in the field.

Find More Episodes: For full stories behind these headlines and daily updates, visit CISOseries.com.