Cyber Security Headlines: Week in Review – Sanctions, Ransomware, and Breaches

Episode Release Date: January 10, 2025
Host: CISO Series
Guest: Bill Harmer, Operating Partner and CISO at Craft Ventures

1. US Sanctions on China's Integrity Technology for Flax Typhoon Attacks

Overview:
The episode kicks off with a significant development in international cyber relations. The United States has imposed sanctions on China's Integrity Technology Group, known in the private sector as Flax Typhoon. This action stems from the company's involvement in providing infrastructure to China's Ministry of State Security and state-backed hacking groups, facilitating attacks on various US institutions.

Key Points:

• Targeted Entities: Universities, government agencies, telecommunications providers, and media organizations in the US and beyond.
• Sanctions Details: As stated by State Department spokesperson Matthew Miller, the sanctions "freeze all US assets of the company and limit the amount of interaction financial institutions can have with it" (00:48).

Guest Insights: Bill Harmer underscores the reactive nature of such sanctions, likening it to a "game of whack a mole." He notes, “You can find the company, it's called Integrity this week, sanction them, freeze their accounts. That company will spring up under another name funded by China” (02:56). Harmer emphasizes the necessity of continuous efforts to disrupt these operations, acknowledging the persistent challenge posed by state-sponsored groups.

2. French Military Contractor ATOS Dismisses Ransomware Attack Claims

Overview:
The podcast addresses the recent ransomware attack allegations against ATOS, a France-based company responsible for securing communications for the French military and intelligence services. Despite claims from a ransomware group named Space Bears, ATOS has publicly denied any compromise to its internal databases.

Key Points:

• Attack Claims: Space Bears threatened to publish stolen data on January 8th.
• Current Status: Reports suggest that a ransom was paid, according to German IT news outlets.

Guest Insights: Bill Harmer discusses the implications of ATOS's denial, especially in the context of the company's financial struggles and plans to sell its computing division back to the French government. He remarks, “Transparency to the customers. That is there better be transparency from ATOS to the French military and the government” (05:41). Harmer raises concerns about oversight and the potential vulnerabilities arising from financial instability within defense contractors.

3. ICAO Breach Claims and Aviation Security Concerns

Overview:
The International Civil Aviation Organization (ICAO) has confirmed a breach wherein approximately 42,000 documents from its recruitment database were compromised. The stolen data includes personal records such as names, email addresses, dates of birth, and employment history.

Key Points:

• Data Compromised: Recruitment records lacking financial information or passwords.
• Potential Risks: Leveraging personal data for deeper infiltration or compromising individuals' backgrounds.

Guest Insights: Harmer expresses heightened concern over the compromise of recruitment data, drawing parallels to the Office of Personnel Management (OPM) hack. He emphasizes the potential for personal data to be exploited in sophisticated attacks, stating, “There are leverage on every one of those people. Right” (09:00). The conversation highlights the broader implications for national and international security when such data falls into malicious hands.

4. Surge in Critical Infrastructure Attacks

Overview:
Temple University's Department of Criminal Justice has updated its Critical Infrastructure Ransomware Attacks Database, now documenting over 2,000 distinct attacks since its inception in 2013. Notably, 45% of these attacks occurred post-February 2022, with significant increases in ransom demands.

Key Points:

• Common Targets: Government facilities, healthcare, public health, and education sectors.
• Ransom Trends: Ransoms of $5 million or more have risen by 42% over two years.

Guest Insights: Harmer attributes the rise in attacks to the low cost and high scalability of deploying ransomware, stating, “You can build ransomware, deploy it, let it run almost at zero cost” (12:58). He warns of the strategic targeting of entities that are likely to pay hefty ransoms, especially those critical to public welfare, thereby exacerbating vulnerabilities across essential services.

5. House Lawmakers Advocate for a Dedicated Cyber Force

Overview:
House lawmakers are revisiting proposals to establish a new branch of the US Military dedicated solely to digital warfare. Representative Morgan Luttrell of Texas is spearheading efforts to create this "Cyber Force," aiming to enhance focus and capabilities in cyber operations separate from existing military services.

Key Points:

• Current Structure: Cyber capabilities are dispersed across various military branches, creating barriers to specialized talent acquisition.
• Proposed Benefits: Enhanced focus on cyber warfare, streamlined recruitment, and specialized training.

Guest Insights: Harmer expresses surprise and support for the establishment of a dedicated Cyber Force, highlighting global precedents like Israel's Units 81 and 8200. He emphasizes, “The future is AI versus AI. That is the future of warfare” (15:34). Harmer advocates for a recruitment model that prioritizes mental acuity over traditional physical requirements, suggesting, “You don't need the physical aspects of it. You need the mental or the curiosity” (17:53).

6. European Commission Faces First GDPR Fine

Overview:
In a landmark case, the European General Court has ruled that the European Commission violated the General Data Privacy Regulation (GDPR) by transmitting a German citizen’s data to the US through a Facebook sign-in option on an event site. The court mandated a €400 fine, setting a significant precedent for data privacy enforcement.

Key Points:

• Violation Details: Transmission of device, browser, and IP address information to Amazon and Meta.
• Implications: Potential for widespread fines as entities worldwide navigate GDPR compliance.

Guest Insights: Harmer critiques the ruling, suggesting it paves the way for an influx of fines and legal challenges. He warns of the potential for misuse, stating, “You can DDoS people with this, right? You can just start launching these complaints” (19:55). Harmer underscores the need for balanced regulation to prevent overburdening organizations with minor infractions.

Conclusion and Future Outlook

In wrapping up the episode, the host engages with listeners' comments on the proposed Cyber Force, highlighting community interest and support. Bill Harmer reaffirms his enthusiasm for the initiative, labeling it a “thumbs up” and emphasizing the urgency to advance cybersecurity capabilities in tandem with evolving threats.

Notable Closing Remarks: Harmer shares his ongoing projects, including a presentation on the future of cybersecurity at the SIGS conference in Zurich and his role in the Canadian CISO Forum in Toronto, encouraging listeners to follow his insights on LinkedIn (22:17).

Final Thoughts:

This week's episode of Cyber Security Headlines delivers a comprehensive overview of critical developments in the cybersecurity landscape. From international sanctions and ransomware attacks to legislative advancements and regulatory challenges, the discussions provide valuable insights for professionals and enthusiasts alike. Bill Harmer's expert commentary underscores the complexities and evolving nature of cyber threats, advocating for proactive and innovative approaches to safeguard against them.

For more detailed stories behind these headlines, visit CISOseries.com.

Notable Quotes:

• Bill Harmer on Sanctions:
  “It's just a game of whack a mole... they will spring up under another name funded by China” (02:56).

• Bill Harmer on ATOS:
  “Transparency to the customers. That is there better be transparency from ATOS to the French military and the government” (05:41).

• Bill Harmer on Cyber Force:
  “The future is AI versus AI. That is the future of warfare” (15:34).

• Bill Harmer on GDPR Fine:
  “You can DDoS people with this, right? You can just start launching these complaints” (19:55).

For more insights and daily updates, subscribe to Cyber Security Headlines on your preferred podcast platform or visit cisoseries.com.