A breach in the U.S. Treasury. - CyberWire Daily

Summary7 min read

CyberWire Daily: A Breach in the U.S. Treasury

Release Date: January 2, 2025
Host: Dave Bittner
Guest: Mick Baccio, Global Security Advisor at Splunk

Introduction

In the January 2, 2025 episode of CyberWire Daily, hosted by Dave Bittner, the focus centers on a significant cybersecurity breach within the U.S. Treasury Department. The episode delves into the mechanics of the attack, its broader implications, and expert insights on bridging the cybersecurity resilience gap. Additionally, the episode covers a spectrum of other pressing cybersecurity incidents and legislative updates shaping the industry.

Major Cybersecurity Incidents

1. U.S. Treasury Department Breach

At [00:40], Dave Bittner reports that Chinese state-sponsored hackers successfully breached the U.S. Treasury Department. The attack, attributed to the Salt Typhoon APT group, exploited two zero-day vulnerabilities in Beyond Trust's remote support SaaS platform. Utilizing a stolen API key, the attackers reset passwords, gained privileged access, and exfiltrated sensitive agency documents.

Detection and Response: Beyond Trust identified the breach on December 8, promptly shutting down compromised instances and revoking the API key. Federal authorities, including the FBI and CISA, confirmed that the hackers no longer retained access to Treasury systems.
Broader Impact: This breach follows similar espionage activities targeting major telecommunications companies like AT&T and Verizon. The Salt Typhoon campaign initially impacted eight companies, with a ninth victim identified after detailed federal guidance on Chinese hacking tactics was released.
Quotes:
- Dave Bittner [00:40]: "Using a stolen API key, the attackers reset passwords, gained privileged access and stole agency documents."

2. Chrome Extensions Phishing Campaign

A sophisticated phishing campaign compromised at least 35 Chrome extensions, including those from Cyberhaven, affecting approximately 2.6 million users. Active since March 2024 and escalating in December, attackers impersonated Google to deceive developers into granting permissions to a malicious OAuth app. This allowed the injection of data-stealing code targeting Facebook business accounts, extracting user credentials and access tokens.

Security Flaws Exploited: The campaign bypassed multi-factor authentication by capturing QR codes used for login verification, highlighting significant vulnerabilities in Chrome extension security.
Quote:
- Dave Bittner [00:40]: "Despite multi-factor authentication protections, the phishing method effectively exploited OAuth workflows, exposing significant vulnerabilities in Chrome extension security."

3. Arrest of U.S. Army Soldier for Cybercrimes

Federal authorities arrested Cameron John Waghenius, a 20-year-old U.S. Army soldier, under allegations of stealing and leaking sensitive data from AT&T and Verizon. Operating under the alias Cyber Phantom, Waghenius is accused of hacking 15 telecom firms and leaking call logs of high-profile individuals, including President-Elect Trump and Vice President Kamala Harris.

Investigation Insights: Swift action by security researchers, who identified operational security lapses, led to his arrest near Fort Hood, Texas. The case underscores the escalating risks posed by young cybercriminals and the enhanced capabilities of law enforcement to prosecute such offenses.
Quote:
- Dave Bittner [00:40]: "Experts warn young cybercriminals of escalating risks as law enforcement improves its ability to track and prosecute cybercrimes domestically."

4. Volkswagen EV Data Exposure

Volkswagen's subsidiary, Cariad, inadvertently exposed sensitive data of 800,000 EV owners due to a misconfigured Amazon cloud server. The data, including precise location and movement information, was accessed through a pseudonymized but multi-stage process, ensuring no passwords or payment details were compromised. The breach was discovered by the Chaos Computer Club, which alerted VW, granting a 30-day window for resolution.

Impact: High-profile individuals, including German politicians and intelligence personnel, were among those affected.

5. Rhode Island Ransomware Linked Breach

Rhode Island confirmed a data breach associated with the ransomware group Brain Cipher, compromising personal information of citizens applying for health services. Deloitte, the state's vendor, reported that the data was leaked on the dark web. Governor Dan McKee advised residents to freeze and monitor their credit to safeguard financial information.

Scale of Breach: The group alleged to have stolen one terabyte of data, targeting systems beyond Deloitte’s network.

6. Ascension Healthcare Data Breach

A cyberattack in May 2024 on healthcare giant Ascension exposed the personal and medical data of 5.6 million customers. The breach occurred when an employee inadvertently downloaded a malicious file, leading to the exposure of medical records, payment information, government IDs, and personal details. Although Ascension assured that core clinical systems remained secure, the incident highlights persistent vulnerabilities in healthcare cybersecurity.

7. Windows BitLocker Vulnerability

Researcher Thomas Lamberts revealed that a recent patch to Windows BitLocker encryption remains insufficient. Using the BitPixie method, Lamberts demonstrated how rebooting a device in recovery mode with PXE booting enabled can extract encryption keys from memory, allowing data decryption. He criticized Microsoft's patch as inadequate, recommending the disablement of the network stack in BIOS as the only effective mitigation.

8. Exploitation of Palo Alto Firewalls

A suspected Chinese hacking campaign is exploiting a vulnerability in Palo Alto firewalls to deploy a custom malware backdoor known as Little Lamb Woolt. The malware masquerades as a logd file, providing extensive functionality including file manipulation and network tunneling. Palo Alto has patched the flaw and advised administrators to restrict Web management portal access to trusted IPs.

9. DOJ Bans Sale of Sensitive U.S. Data to Adversarial Nations

The U.S. Department of Justice (DOJ) finalized a rule prohibiting the sale of American sensitive data, including biometric, geolocation, health, and financial information, to adversarial nations such as China, Russia, and Iran. This regulation, stemming from a February executive order, aims to thwart hostile nations from leveraging such data for AI development, cyber espionage, and influence operations. Implementation is set to commence three months post-publication in the Federal Register.

10. HHS Proposes HIPAA Cybersecurity Updates

The Department of Health and Human Services (HHS) has proposed updates to HIPAA cybersecurity rules in response to increasing healthcare data breaches and ransomware attacks. The proposed measures mandate:

Encryption of Protected Health Information (PHI)
Multi-Factor Authentication (MFA)
Network Segmentation to limit attacker movement within networks

White House Official Ann Neuberger emphasized the urgency of these updates, highlighting the potential risks to critical infrastructure and patient safety if action is not taken.

Quote:
- Dave Bittner [00:40]: "The proposed measures include mandatory encryption of protected health information, multi-factor authentication and network segmentation to limit attackers movements."

Expert Insights: Bridging the Cybersecurity Resilience Gap

Guest: Mick Baccio, Global Security Advisor at Splunk
Interview with: Dave Bittner and Jenn Easterly, CISA Director

Understanding the Resilience Confidence Gap

Mick Baccio discusses the resilience confidence gap, a phenomenon where organizations believe they are secure against certain threats while being unprepared for others. Referencing the Foundry report, Baccio notes that 52% of decision-makers in both public and private sectors lack confidence in their understanding of digital resilience requirements.

Quote:
- Mick Baccio [17:33]: "Organizations that prioritize foundational security will be better positioned to implement new technologies effectively."

Challenges in Cybersecurity Prioritization

Baccio identifies a tendency among organizations to favor "cool" and innovative solutions, such as AI and automation, over foundational security measures like asset inventory, patch management, and multi-factor authentication. This misalignment often stems from limited budgets, with 82% of organizations facing budget-related obstacles to implementing essential security measures.

Quote:
- Jenn Easterly [16:23]: "Focusing on the basics is not very sexy, but it's crucial for building a strong security foundation."

Strategic Recommendations

To bridge the resilience gap, Baccio emphasizes the importance of:

Prioritizing Foundational Security: Ensuring that basic security practices are robust before adopting advanced technologies.
Enhancing Budget Allocation: Allocating resources effectively to cover both foundational and innovative security needs.
Fostering Partnerships: Leveraging collaborations with Information Sharing and Analysis Centers (ISACs) and public-private partnerships to share knowledge and resources.
Adopting a Community Approach: Recognizing that collective efforts amplify security measures across the board.

Quote:
- Mick Baccio [22:53]: "Partnerships, whether with ISACs or public-private collaborations, are invaluable in addressing shared cybersecurity challenges."

CISA's Role in Enhancing National Cybersecurity

Jenn Easterly, CISA Director, reflects on CISA's achievements in 2024, highlighting:

Proactive Initiatives: Launching the Pre-Ransomware Notification Initiative, sending over 2,100 alerts to mitigate threats.
Vulnerability Management: Blocking 1.26 billion malicious connections and remediating 861 vulnerabilities.
Cyber Defense Exercises: Conducting Cyberstorm 9, preparing over 2,200 participants for advanced threats.
Election Security: Implementing the Protect 2024 election portal to secure the November elections.
Global Partnerships: Initiating an international strategic plan to advance global cybersecurity collaborations.

Easterly underscores the critical need for ongoing collaboration to address emerging threats and ensure CISA's resilience and innovation amidst evolving geopolitical challenges.

Quote:
- Jenn Easterly [22:53]: "Collaboration is essential to address emerging threats and ensure CISA remains a cornerstone of US cybersecurity."

Conclusion

The episode concludes by emphasizing the intricate and evolving landscape of cybersecurity, underscored by significant breaches and legislative actions. Expert insights from Mick Baccio and Jenn Easterly highlight the imperative for organizations to prioritize foundational security measures, foster strategic partnerships, and navigate budgetary constraints effectively. As cyber threats become more sophisticated, the collective efforts of industry leaders, government agencies, and international partners remain pivotal in safeguarding critical infrastructure and sensitive data.

Key Takeaways:

Foundational Security is Paramount: Organizations must solidify basic security practices to defend against sophisticated attacks.
Budget and Resource Allocation: Efficient use of limited resources is crucial for implementing both foundational and advanced security measures.
Collaborative Efforts: Partnerships and information sharing enhance overall cybersecurity resilience.
Legislative Updates: New rules and proposed regulations aim to bolster data protection and limit adversarial access, emphasizing the government's role in cybersecurity.

For more detailed insights and ongoing updates in cybersecurity, tune into future episodes of CyberWire Daily.

Loading summary

Transcript21 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire Network powered by N2K.
[00:14]
Mick Baccio
The IT world used to be simpler. You only had to secure and manage environments that you controlled. Then came new technologies and new ways to work. Now employees, apps and networks are everywhere. This means poor visibility, security gaps and added risk. That's why why Cloudflare created the first ever connectivity cloud. Visit cloudflare.com to protect your business everywhere.
[00:40]
Dave Bittner
You do business Chinese hackers breach the U.S. treasury Department at least 35 Chrome extensions are compromised. Federal authorities arrest a U.S. army soldier over accusations of sensitive data stolen from AT&T and Verizon. A misconfigured Amazon cloud server exposes sensitive data from over 800,000 VW EV owners. Rhode island confirms a data breach linked to ransomware group Brain Cipher. Ascension Healthcare confirms the exposure of the personal and medical data of 5.6 million customers. A recent patch to Windows BitLocker encryption proves in inadequate A suspected Chinese hacking campaign is exploiting a vulnerability in Palo Alto firewalls for espionage. The DOJ bans the sale of American sensitive data to adversarial nations. HHS proposes a HIPAA update to address cybersecurity Our guest is Mick Baccio, Global Security Advisor at Splunk, with insights on the cybersecurity resilience Gap and CISA. Director Easterly looks back at 20 foreign 2025. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Happy New Year and thank you for joining us here once again. It is great to have you with us. Chinese state sponsored hackers breached the U.S. treasury Department through a compromised remote support platform provided by Beyond Trust. The attack attributed to the Salt Typhoon APT group exploited two zero day vulnerabilities in Beyond Trust's remote support SaaS. Using a stolen API key, the attackers reset passwords, gained privileged access and stole agency documents. Beyond Trust detected The breach on December 8, shut down compromised instances and revoked the API key. The FBI and CISA assisted in the investigation, confirming the hackers no longer have access to treasury systems. The breach follows AT and T and Verizon's confirmation that they've expelled Chinese cyber espionage hackers from their networks following a months long Salt Typhoon campaign. The attackers exploited vulnerabilities to intercept calls, geo locate individuals and access metadata. The breach originally impacted eight companies, but a ninth victim was recently identified after the federal government issued detailed guidance on Chinese tactics. The companies targeted include major players like AT and T. Verizon and Lumen. T Mobile previously reported breaches but said no sensitive customer data was stolen. The hackers leveraged poorly secured admin accounts, giving them sweeping access across networks, including lawful intercept back doors used for court ordered wiretaps. Investigations were complicated by inadequate logging and the attackers efforts to erase their tracks. The White House has called for improved cybersecurity practices, urging measures like network segmentation and better logging. The FCC is also considering mandatory cybersecurity standards and the US plans to ban China Telecom's remaining operations. A phishing campaign targeting Chrome Extension developers compromised at least 35 extensions, including one from cybersecurity firm Cyberhaven, impacting around 2.6 million users. The attack, active since March of 2024, escalated in December with phishing emails impersonating Google. Developers were tricked into granting permissions to a malicious OAuth app, allowing attackers to inject data stealing code into extensions. The malicious code targeted Facebook business accounts, stealing user credentials, IDs, access tokens and ad account information. Threat actors even bypassed two factor authentication by capturing QR codes used for login verification. Extensions were hijacked to distribute new malicious versions via the Chrome Web Store. Investigators identified command and control domains linked to the campaign and suspect many more extensions were targeted. Despite multi factor authentication protections, the phishing method effectively exploited OAuth workflows, exposing significant vulnerabilities in Chrome extension security. Krebs on security reports that federal Authorities have arrested 20 year old US army soldier Cameron John Waghenius, accusing him of being Cyber Phantom or Kyber Phantom. It's hard to say it's Cyber or Kyber with a K. A cybercriminal who sold and leaked sensitive data stolen from AT and T and Verizon. Wigenius, a communications specialist stationed in South Korea, was apprehended near Fort Hood, Texas in December after an indictment for unlawfully transferring confidential phone records. Cyber Phantom allegedly hacked 15 telecom firms, including AT and T and Verizon, and leaked call logs of prominent figures such as President Elect Trump and Vice President Kamala Harris. He also offered SIM swapping services and posted stolen data schemas linked to the nsa. The Swift investigation, spanning just weeks, relied on security researchers identifying operational security mistakes. Experts warn young cybercriminals of escalating risks as law enforcement improves its ability to track and prosecute cybercrimes domestically. This case has been transferred to the Western District of Washington. A Volkswagen subsidiary, Cariad, exposed sensitive data from 800,000 EV owners due to a misconfigured Amazon cloud server. The leak included contact information, movement data and precise location Data accurate to within 10cm for Volkswagen and Seat vehicles and 10km for Audi and Skoda. High profile individuals including German politicians, Hamburg police and intelligence employees were affected. The hacker group Chaos Computer Club discovered the breach and alerted authorities, giving VW 30 days to resolve it. Volkswagen confirmed the data was pseudonymized and accessed through a complex multi stage process. No passwords or payment details were exposed. Rhode island has confirmed that cybercriminals have published personal data stolen from its social services portal RI Bridges. The breach linked to ransomware group Brain Cipher compromised citizen sensitive information, including data from individuals applying for health services. Deloitte, the state's vendor, revealed that files had been leaked on the dark web. Governor Dan McKee stated that it teams were analyzing the release data, urging residents to freeze and monitor credit to protect financial information. Social engineering attacks are also a concern. RI Bridges remains offline with investigations ongoing. Brain Cipher claims to have stolen one terabyte of data in the December breach, targeting systems outside Deloitte's network. Deloitte and Rhode island have not verified these claims. A December 20 filing with Maine's Attorney General revealed that a May 8 cyber attack on healthcare giant Ascension exposed the personal and medical data of 5.6 million customers. The breach occurred after an employee mistakenly downloaded a malicious file. Exposed data varies by individual and includes medical records, payment information, government IDs and personal details. Although Ascension confirmed its core clinical systems were not accessed, the incident highlights ongoing vulnerabilities in healthcare cybersecurity, following similar breaches in 2024 at Change Healthcare and Kaiser Permanente proposed legislation. The Healthcare Cybersecurity and Resilience act seeks to bolster defenses with grants for healthcare organizations. A recently patched flaw in Windows BitLocker encryption remains vulnerable to attacks, researcher Thomas Lamberts revealed at the Chaos Communication Congress. Using a method called BitPixie, Lamberts demonstrated how rebooting a device in recovery mode with PXE booting enabled allowed him to extract encryption keys from memory and decrypt data. Lamberts criticized Microsoft's patch as insufficient, noting that disabling the network stack in the BIOS is the only effective mitigation. A suspected Chinese hacking campaign is exploiting a vulnerability in Palo Alto firewalls to deploy a custom malware backdoor for espionage, according to northwave researchers. The backdoor, a variant of Little Lamb Woolt, installs disguised as a logd file and provides extensive functionality, including file manipulation, network tunneling and socks. 5 Proxy setup exploited since November. Attackers use the vulnerability to gain root privileges and deploy additional payloads. Palo Alto patched this flaw and another, advising administrators to limit Web management portal access to trusted IPs. The campaign aligns with Chinese threat group UNC 5325's strategy of targeting edge devices similar to their past exploits of Ivanti VPNs and Fortinet firewalls. Researchers say thousands of devices may be affected. The U.S. department of justice has finalized a rule banning the sale of American sensitive data, including biometric geolocation, health and financial information to adversarial nations like China, Russia and Iran. Stemming from a February executive order, the rule targets efforts by hostile nations to use such data for AI development, cyber espionage and influence campaigns. Assistant Attorney General Matthew Olson emphasized the rule's role in protecting national security implementation begins three months after its Federal Register publication. The U.S. department of Health and Human Services has proposed updated HIPAA cybersecurity rules to protect patient health data amid increasing healthcare data breaches and ransomware attacks. The proposed measures include mandatory encryption of protected health information, multi factor authentication and network segmentation to limit attackers movements. White House official Ann Neuberger highlighted the urgency, citing high costs of inaction, which could endanger critical infrastructure and patient safety. The Updates, expected within 60 days, mark the first major HIPAA security revisions in a decade. Implementation is projected to cost $9 billion in the first year and $6 billion over the coming up after the break, my conversation with Mick Baccio, Global Security Advisor at Splunk, with insights on the cybersecurity resilience gap and CISA Director Easterly looks back at 2024. Stay with.
[13:27]
Mick Baccio
And now a word from our sponsor, KnowBe4. It's all connected and we're not talking conspiracy theories. When it comes to infosec tools, effective integrations can make or break your security stack. The same should be true for security awareness training. KnowBeFor, provider of the world's largest library of security awareness training, provides a way to integrate your existing security stack tools to help you strengthen your organization's security culture. KnowBeFor's security coach uses standard APIs to quickly and easily integrate with your existing security products from vendors like Microsoft, CrowdStrike and Cisco 35. Vendor integrations and Counting Security Coach analyzes your Security Stack alerts to identify events related to any risky security behavior from your users. Use this information to set up real time coaching campaigns targeting risky users based on those events from your network, endpoint identity or web security vendors. Then coach your users at the moment the risky behavior occurs, with contextual security tips delivered via Microsoft Teams, Slack or email. Learn more@knowbe4.com SecurityCoach that's knowbe4.com SecurityCoach and we thank knowbe4 for sponsoring our show.
[15:02]
Dave Bittner
Mick Macchio is global Security Advisor at Splunk's security research team Surgeon. He joins me to share some insights on the cybersecurity resilience gap and the top cyber challenges and priorities for the public sector.
[15:17]
Jenn Easterly
When it comes to supply chains heading to 2025, I think it's really, really weird. It goes back to the Foundry report we just put out talking about the resilience confidence gap, where a lot of folks think that they're more, they're very secure, very prepared for a specific scenario and the other scenarios are maybe more likely to happen, they are unprepared for. So like I think the folks that I've talked to, the organizations I've worked with, you know, 50, 50, I think it was around like 52%. Decision makers, both public and private sector, don't feel confident in the understanding of requirements for digital resilience. So if you're not able to, you know, kind of articulate what it means for your organization, that's going to kind of muddy up the waters when you're trying to find how can I secure my supply chain and be confident in that. Going into 2025, is this kind of.
[16:14]
Dave Bittner
The, the cyber equivalent of, you know, being afraid to, to get on an airplane, but even though it's much more likely you're going to get, you know, run over crossing the street?
[16:24]
Jenn Easterly
Well, it's, it's. I think it's by. It'd be the metaphor I would use. The analogy I would use is, you know, I'm buying three different kinds of insurance, but I'm not going to wear my seatbelt on the plane.
[16:36]
Dave Bittner
Gotcha. Got.
[16:38]
Jenn Easterly
So, you know, when you look at organizations that are, and kind of 50, 50, and the survey we did, the private sector scored a slightly higher, but I think it's really, even across the board where organizations that prioritize things like asset inventory, mfa, patch management, you know, those things I kind of call the, the cyber veggies, where these are the things you know you're supposed to do. And if you don't, your enterprise suffers in the same way. You know, you're supposed to exercise, get some water and eat mostly green stuff and you don't, your body suffers for it. So I think it's a prioritization of those organizations that realize how important that is. That foundation is going to be what's most critical. You know, I think the analogy that I've heard a lot or what I've tried to use is, you know, don't be more concerned with innovation and focus on foundation.
[17:33]
Dave Bittner
What do you suppose is generating this gap here? I mean, why, why the focus on things that might not be the best first place to start?
[17:43]
Jenn Easterly
Because they're so cool, Dave. They're so cool. When you look at all. And I am so guilty of this as well, right? When you look at all of the advancements and we haven't talked about AI in about three or four minutes, so let's talk about AI. When you look at the advancements in generative AI, large language models and all of the use cases that have been develop and just the past eight months, the past 18 months, it's been phenomenal to see on the defensive side of the board. And focusing on that is amazing because you know, it solves this very specific problem. But when you look at the, the overarching themes of it, you know, focusing on the basics, it's not very sexy. It's not very, you know, cool to say in a briefing. It doesn't make a cool slide that, you know, everyone in our enterprise has multi factor authentication. All the administrator accounts are using hardware tokens, FIDO based, things like that. Like it's the things we need to do, but there's not really appeal to doing them. You want to do like the cool thing, the new thing. And I think we're losing sight of the foundational security that makes us better at implementing the new things we have.
[18:52]
Dave Bittner
Is this an opportunity for folks to focus on things that maybe are a better bang for their buck?
[18:59]
Jenn Easterly
Well, and I think when you talk about more bang for your buck, that's the issue, right? The Foundry report we said, I think the data was 82% of both public and private sector organizations face budget related obstacles. And that's not a new story, right? Money. It always comes down to resources, it always comes down to available resources to implement the things that you want. And I think budget's always going to be a challenge. I think across the public sector and the private sector. I know the public sector has more budgetary concerns, but I think it's the prioritization of those things. What you can do inside your budget, that more bang for your buck. What can I do that is low cost but high effort?
[19:43]
Dave Bittner
One of the things that caught my eye in your research was it seems like supply chain security is slipping down the priority list. Am I right there?
[19:56]
Jenn Easterly
I don't know if I would say that it's slipping down the list. I think it's a matter of other issues kind of bubbling to the top or becoming equally as important. When you look at supply chain, supply chain I think is just one facet of your organization's resilience, confidence, you know, and if there is a cyber attack, 95% of the folks we surveyed agreed, hey, resilience is super essential. And I think 2/3 of them really agreed with that. But I think that really comes down to that foundational security. You know, what are you focusing on to get better in the case of an attack or in case of downtime? How can you recover? How can you stay above board? How can your business, how can your enterprise keep running? And I think when you look at supply chain attacks, that's just one of the many scenarios that can happen that would affect that resilience posture.
[21:00]
Dave Bittner
If I'm the person in my organization who's responsible for this stuff and I have to get in front of the powers that be and justify the things that we're doing here. Do you have any tips on telling this story of making sure that the non sexy stuff gets its due? Wow.
[21:20]
Jenn Easterly
The non sexy stuff gets to do. It sounds like the title of my autobiography. So I think, you know, it's kind of making that message resonate in a, in a manner that's going to speak to your board, to your leadership, to your executives. You know, I think when we talk about value, what value are we bringing? And in a, on a lower scale, we think of value not in monetary terms, but when you speak to your executives, please keep that in mind. There's an organization, a business that they're running. I think that putting the basics in the frame of cloud security, observability, AI, orchestration, automation. I think more and more folks in the public and private sectors, I think 2/3 of public sector are realizing how important soar is because of the amount of data that we're processing now, the amount of data that we're being kind of looking at to aggregate and it's growing more and more. So I think the ability to speak to the board, to speak to your leadership and say, hey, us doing the foundational things right will let us be more agile in the future. I think. What is the phrase, if you're not agile, you're fragile. But again, it's that foundational security I think that folks kind of overlook and that becomes more critical as we move on, as the data expands.
[22:39]
Dave Bittner
What are your recommendations for organizations that want to do a better job with this? Recognize, see the numbers here, recognize that they need to make some adjustments. Any words that wisdom words of wisdom.
[22:53]
Jenn Easterly
What adjustments can you make? I honestly my my biggest achievements, my biggest successes have come from partnerships, whether that be a partnership with with something like an ISAC that is specific to to your organization's vertical. We are talking with colleagues who are essentially facing the same issues that your organization is. You're not in this alone. And I think it's that community effort, the whole rising tide lifts all boats. I think a lot of organizations find themselves facing the same challenges and having professional colleagues to work through those with is invaluable and building on that, I think when you look at the public private partnerships, those become even more critical and useful as we move on. When you look at NIST 2 that just came out in the EU, where you the AI NIST directive that came up years back, or the AI Bill of Rights that was released from the administration months earlier, I think those public private partnerships kind of give you an overarching idea of what the federal government may be planning that may be able to assist you, what resources are available to you, what other folks are having these issues, or what legislation is coming out soon.
[24:10]
Dave Bittner
That's Mick Baccio, Global Security Advisor at Splunk Security Research Team Surge. We'll have a link in the show, notes to their blog and white paper and finally the US Cybersecurity and Infrastructure Security Agency celebrated a year of growth and accomplishment in 2024, as highlighted in its Year in Review by outgoing director Jenn Easterly. With warmth and appreciation, easterly reflected on CISA's collaborative efforts with industry, government, and international partners to enhance national cybersecurity. Notable achievements include the Pre Ransomware Notification Initiative, which sent over 2,100 alerts in 2024, mitigating threats to schools, healthcare organizations, and critical infrastructure. CISA also blocked 1.26 billion malicious connections, remediated 861 vulnerabilities, and issued nearly 1,300 cyber defense alerts. Programs like Secure by Design gained traction, rallying 250 software manufacturers to commit to secure practices. CISA's Cyberstorm 9 exercise prepared over 2,200 participants for advanced cyber threats, while its Protect 2024 election portal centralized resources for securing the November elections. The agency also launched its first international strategic plan, advancing global Partnerships and prioritizing AI system Security. Easterly emphasized the critical need for collaboration to address emerging threats, ensuring CISA remains resilient and innovative in its mission. While CISA's 2024 accomplishments highlight its role as a cornerstone of US cybersecurity, the agency faces uncertainty as it transitions to new leadership under an incoming presidential administration. The robust progress made, such as advancing ransomware defenses, securing elections, and fostering international partnerships, serves as a testament to its effectiveness. However, evolving geopolitical threats, challenges in regulating AI, and potential shifts in federal priorities could impact its trajectory as CISA moves forward. Its ability to sustain bipartisan support and adapt to new directives will be critical in navigating this uncertain landscape and ensuring its continued mission to protect the nation's critical infrastructure. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com we're privileged that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world's preeminent intelligence and law enforcement enforcement agencies. This episode was produced by Liz Stokes. Our mixer is Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Our executive editor is Brandon Karp. Simone Petrella is our president, Peter Kilby is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.