CyberWire Daily: "CISA Furlough Sparks Fears" – October 2, 2025
Episode Overview
This episode of CyberWire Daily, hosted by Dave Bittner, explores a tumultuous moment in U.S. cybersecurity: the CISA furlough resulting from a federal government shutdown, which coincides with the expiration of the CISA 2015 liability protection law. The episode delivers a packed cyber news briefing and features a timely interview with Cynthia Kaiser, SVP at Halcyon’s Ransomware Research Center and former FBI cyber leader, who shares her sharp insights on the shutdown’s operational impact, information sharing uncertainty, and supporting federal employees under stress.
Key News Highlights and Analysis
1. CISA Furloughs and the Government Shutdown
- CISA, the critical U.S. Cybersecurity and Infrastructure Security Agency, has furloughed most of its staff—only 35% remain active, per DHS—with the possibility of recalling more for emergencies.
- The furlough occurs alongside the expiration of CISA 2015—the law shielding companies from liability when sharing cyber threat information—raising sharp concerns that corporations might now pull back from industry security groups.
- Expert fears: This twin disruption could “hamper efforts against ransomware and Chinese state-linked hacking campaigns.”
- The timing is especially awkward during Cybersecurity Awareness Month.
2. Interview: Cynthia Kaiser on Shutdown Implications
- [14:59–21:18] See in-depth highlights and quotes below.
3. US Air Force and SharePoint Breach
- The USAF is investigating a privacy issue after a reported breach in Microsoft SharePoint may have exposed personally identifiable and health information.
- Servicewide shutdowns of SharePoint systems were considered, potentially disabling certain tools for up to two weeks. Microsoft has not commented.
- Concerns are raised regarding possible connections to a summer wave of SharePoint exploits by Chinese hackers, data thieves, and ransomware gangs.
4. Google Warns of Massive Executive Extortion Campaign
- Attackers claim to have breached Oracle’s E-Business Suite, sending ransom demands up to $50M.
- Group linked: Fin11, affiliated with the Clop ransomware gang.
- Hundreds of extortion emails originate from compromised accounts.
- Mandiant confirms the email activity but not the data breach; Google advises heightened vigilance and incident investigation.
5. Android Spyware Disguised as Messaging Apps
- ESET researchers discover Pro Spy and 2Spy targeting UAE users by mimicking apps like Signal and Tutalk.
- Spread via fake sites and app stores, these steal sensitive data and reinstall legitimate apps to avoid raising suspicion.
- Both campaigns require manual third-party installation; 2Spy has been active since 2022, Pro Spy since 2024.
6. Red Hat GitHub Extortion Claim
- An “extortion group” called Crimson Collective claims to have stolen 570GB from Red Hat’s private GitHub, including detailed customer and infrastructure data.
- Red Hat confirms a consulting-related incident but does not validate the specific data loss; assuages that its software supply chain is intact.
7. Motility Software Ransomware Breach
- RV and powersports dealership software provider Motility notifies 750,000 people of a ransomware event with the Pair gang claiming over 4TB of stolen data.
- Personal data including SSNs and driver’s licenses were accessed.
- Motility says systems have been restored; 12 months of identity protection offered.
8. Patchwork APT: New PowerShell Loader
- Patchwork (Dropping Elephant, etc.) deploys a multi-stage loader using scheduled tasks.
- Attack flow: Macro triggers shortcut and PowerShell script, installs decoy apps, persists malware, enables encrypted command-and-control, and exfiltrates data.
- Defenses: Restrict macros, monitor suspicious tasks, and use up-to-date endpoint security.
9. U.S. Senator Urges Post-Quantum Cyber Readiness
- Senator Marsha Blackburn (R-TN) pushes legislation and federal strategy for quantum-resistant encryption by 2027.
- Priorities: Countering Chinese technological advances, workforce development, and commercial sector involvement.
10. Malaysian Man Pleads Guilty in $6B Crypto Fraud
- Hock Sen Ling admits to aiding a Ponzi-style scam orchestrated by Jiming Quan, targeting 128,000 victims.
- $15 million in assets seized, authorities pursuing $7.1B in Bitcoin. Both men face sentencing in November.
11. Protected Health Information Misuse in Marketing
- Cadia Healthcare fined $182,000 for HIPAA violations related to posting patients’ data on social media.
- Regulators stress proper authorization is non-negotiable for sharing protected health information.
Special Feature: Interview with Cynthia Kaiser – CISA Furlough & Shutdown Impact
[14:59] What is Shutdown Like for Federal Cyber Personnel?
- Cynthia Kaiser:
“At the FBI, almost all the work that we do is accepted. And what that means is it's essential for the American people so people still come into work... But that being said, there’s obviously a lot of stress around not knowing when your next paycheck's going to come.” - The camaraderie and shared ordeal create a support network—but agencies are often without normal lines of collaboration:
“You don’t necessarily have all of your counterparts across government that can help you. So, sometimes it almost becomes more busy.” [15:40]
[16:03] CISA 2015 Expiration: Information Sharing Under Threat
-
“After a decade of having protections, liability protections, antitrust protections, those don’t exist anymore. And companies are going to have to make choices about what their risk tolerance is.”
— Cynthia Kaiser -
Kaiser says some will, like Halcyon, maintain sharing, trusting in reauthorization:
“We’re not going to change our sharing posture... But not every company has that luxury.” -
The risk: “If the government doesn’t have that information, they can’t warn others.” [17:37]
[18:09] On CISA Furloughs: What’s the Impact?
- “CISA was probably my closest partner when I was in government. Every day, multiple times a day, I was talking to my CISA counterparts... If the same people at CISA aren’t there, that makes that job all the more difficult because...you can’t just have one agency...and be the same level of effectiveness if the other agencies that have complementary activities, that’s not occurring.”
— Cynthia Kaiser
[19:25] National Cybersecurity Impact of Shutdowns
- “In every shutdown...it felt like we weren’t able to have kind of the full spectrum picture of cyber activity that was going on... And when the shutdown was done, you were felt like you were playing catch up. And so really...there’s always going to be a natural slowing, not stop, but slowing of some of the important work.”
— Cynthia Kaiser
[20:19] Advice for Federal Employees Under Shutdown Stress
- “My advice is that most of America is really accommodating...I could remember talking to a credit card company...and them saying, ‘oh you work for the government, that’s fine, you’ll just pay us when you get paid.’ So don’t be afraid to call, ask for help...because we all rely on you and we want you to be able to counter these criminals that don’t care for shutdown or not.”
— Cynthia Kaiser
Notable Quotes
- “If the government doesn’t have that information, they can’t warn others.”
— Cynthia Kaiser, on the expiration of data sharing protections [17:37] - “In every shutdown...it felt like we weren’t able to have kind of the full spectrum picture of cyber activity that was going on.”
— Cynthia Kaiser [19:25] - “You don’t necessarily have all of your counterparts across government that can help you. So, sometimes it almost becomes more busy.”
— Cynthia Kaiser [15:40] - “Don't be afraid to call, ask for help...because we all rely on you and we want you to be able to counter these criminals that don’t care for shutdown or not.”
— Cynthia Kaiser [20:36]
Timestamps for Key Segments
- CISA Furlough and Shutdown Overview: [00:12–02:00]
- USAF SharePoint Breach: [03:00–05:00]
- Google/Oracle Extortion Campaign: [05:00–06:30]
- Android Spyware Discovery: [06:30–07:30]
- Red Hat Extortion Claim: [07:30–08:30]
- Motility Software Ransomware Breach: [08:30–09:30]
- Patchwork APT Tactics: [09:30–10:45]
- Quantum Cyber Law Push: [10:45–12:00]
- Crypto Fraud Guilty Plea: [12:00–13:00]
- Interview: Cynthia Kaiser – Gov’t Shutdown Impacts: [14:59–21:18]
- HIPAA/PHI Marketing Enforcement: [22:30–23:30]
Tone and Takeaways
The episode maintains a clear-eyed, urgent tone, somberly detailing the high-stakes consequences of the shutdown on national cyber defense and the private sector’s willingness to share intelligence. The interview segments, in particular, deliver practical insight and empathy for the federal workforce, as well as a blunt warning to industry and policymakers about the risks of pausing critical collaboration.
For cybersecurity professionals and stakeholders, this episode is an essential listen and read—a snapshot of the risks, uncertainty, and human elements facing the U.S. cyber ecosystem at a time of government inaction.
