Risky Bulletin: Biden's Last Cyber Executive Order – Detailed Summary

Podcast Title: Risky Bulletin
Host: Claire Aird, Risky Business Team
Release Date: January 19, 2025

Introduction

In the latest episode of Risky Bulletin, host Claire Aird delves into a series of significant cybersecurity developments shaping the digital landscape. From President Joe Biden's final cyber executive order to major cyberattacks and regulatory actions, this episode provides a comprehensive overview of the current state of cybersecurity. Below is a detailed summary of the key discussions, insights, and conclusions presented.

1. Biden's Final Cyber Executive Order

The episode opens with the announcement of President Joe Biden signing his last cyber executive order, marking a pivotal moment in U.S. cybersecurity policy.

• New Cybersecurity Requirements:
  The executive order imposes stringent cybersecurity measures on federal agencies and their contractors. Key obligations include:

  • Phishing Resistant Authentication Systems: Deployment across all federal platforms.
  • Email Traffic Encryption: Ensuring secure communication channels.
  • Encrypted Communication Systems: Mandatory use to safeguard information.

  "Federal agencies will also have to secure their address space and routing, share detection data with CISA, and only buy IoT devices that feature the US Cyber Trust Mark," explains Claire Aird (00:04).

• Enhanced Legal Powers:
  The order expands the authorities of federal agencies to sanction foreign threat actors targeting U.S. critical infrastructure, strengthening the nation's defensive posture against cyber threats.

2. US Treasury Sanctions on Sichuan Xuxinque Network Technology

A significant development highlighted is the U.S. Treasury's sanctions against Sichuan Xuxinque Network Technology, a Chinese cybersecurity firm.

• Connection to Salt Typhoon APT Group:
  The company is linked to the Salt Typhoon Advanced Persistent Threat (APT) group, involved in hacking multiple U.S. telecommunications companies.

• Impact on Federal Networks:
  "The Salt Typhoon Group was also active on several federal networks before the group's telco hacks," notes Claire Aird (00:04). CISA Director Jen Easterly emphasized the early detection efforts that led to seizing one of the group's servers, uncovering a broader cyber campaign.

• Additional Sanctions:
  Shanghai-based Yin Keqiang, affiliated with the Chinese Ministry of State Security and supporting the Silk Typhoon group, has also been sanctioned. This group reportedly accessed over 400 U.S. Treasury laptops and desktops, stealing more than 3,000 unclassified documents. Notably, "US Treasury Secretary Janet Yellen's computer was one of the compromised systems," Aird states (00:04).

3. GoDaddy Settles FTC Investigation Over Security Failures

Web hosting giant GoDaddy has reached a settlement with the Federal Trade Commission (FTC) concerning multiple cybersecurity lapses.

• Settlement Conditions:

  • Implementation of Robust Security Programs: GoDaddy must establish comprehensive security measures.
  • Multi-Factor Authentication: Mandatory rollout for both customers and employees.
  • Network Security Enhancements: Removal of outdated equipment and protection of APIs.

  "The company has agreed to set up a robust security program and is prohibited from misleading customers about its security features," Claire Aird reports (00:04).

• No Financial Penalty:
  Interestingly, the FTC did not impose a fine but enforced operational changes to prevent future security breaches.

4. FTC Bans General Motors from Data Practices

In a related move, the FTC has prohibited General Motors (GM) from collecting and selling customer information for five years.

• Reason for Ban:
  The agency took action after reports surfaced that GM was selling geolocation data and driver behavior metrics to insurance companies. This data was allegedly used to adjust insurance rates based on individual driving styles, raising privacy and ethical concerns.

5. European Commission's Cybersecurity Plan for Healthcare

The European Commission unveiled a strategic initiative to bolster cybersecurity within the healthcare sector.

• Key Components of the Plan:

  • EU-Wide Early Warning Service: This service will provide timely alerts on potential cyber threats to healthcare facilities.
  • Rapid Response Service: Utilizes trusted private service providers to assist hospitals in mitigating cyberattacks.
  • Financial Assistance: Allocated funds to support smaller hospitals and healthcare providers in enhancing their cybersecurity defenses.

  "Officials plan to build an EU-wide early warning service that will deliver alerts on potential cyber threats," states Claire Aird (00:04).

6. Surge in Mobile Spyware Market

The episode highlights a significant uptick in the mobile spyware market, with nearly 100 foreign governments purchasing spyware designed to compromise cell phones.

• Market Growth:
  Michael Casey, head of the U.S. government's counterintelligence agency, remarks, "The mobile spyware market has seen huge growth, with dozens of companies selling surveillance products," (00:04).

• Global Proliferation:
  The agency notes that approximately 20 new countries have acquired mobile spyware since 2023, raising alarms about global surveillance and privacy violations.

7. Otelia's Amazon S3 Cloud Storage Breach

A breach of the Amazon S3 cloud storage environment used by hotel management platform Otelia has compromised data for millions of customers.

• Affected Entities:
  Major hotel chains like Marriott, Hilton, and Hyatt rely on Otelia's platform for managing reservations.

• Details of the Breach:
  The attack occurred in July 2024, resulting in the theft of sensitive data. Otelia has confirmed the breach, stating that employees had their Atlassian credentials stolen, facilitating unauthorized access.

8. Leakage of Fortinet Firewall Configurations

Security researcher Kevin Beaumont uncovered a significant data leak involving over 15,000 Fortinet firewall configurations and login credentials.

• Method of Exploitation:
  The data was harvested in October 2022 through a zero-day vulnerability, highlighting vulnerabilities in cybersecurity defenses.

• Attribution and Actions:
  The responsible threat actor, known as the Belson Group, has been identified. Security researchers are currently notifying affected organizations after extracting the IPs of all impacted devices.

  "A threat actor has leaked config files and login credentials for over 15,000 Fortinet firewalls," Aird explains (00:04).

9. Russian APT Group Targets WhatsApp Accounts

Microsoft has identified a Russian APT group, Star Blizzard, actively targeting WhatsApp accounts of government officials and organizations supporting Ukraine.

• Operational Tactics:
  The group, linked to Russia's FSB intelligence service, has adjusted its tactics following the FBI's seizure of some of its server infrastructure in October.

  "Microsoft claims the group mixed up its TTPS to target WhatsApp accounts after the FBI seized some of the group's server infrastructure in October," Claire Aird reports (00:04).

10. Kubernetes Vulnerability Patch

The Kubernetes project has addressed a critical vulnerability that previously allowed threat actors to commandeer compute nodes.

• Nature of the Vulnerability:
  Attackers exploiting the logging endpoint of a node could execute arbitrary commands, potentially compromising entire systems.

• Scope of Impact:
  The vulnerability specifically affected nodes running on Windows, and the patch ensures enhanced security against such exploits.

Conclusion

The episode of Risky Bulletin provides an in-depth analysis of the evolving cybersecurity threats and the corresponding measures being implemented to counter them. From high-level executive orders shaping national security to specific incidents of cyber breaches and regulatory actions against major corporations, the landscape remains dynamic and challenging. Hosts like Claire Aird ensure that listeners are well-informed about these critical developments, empowering them to navigate the complex world of cybersecurity.

For more detailed insights and updates, listeners are encouraged to tune into future episodes of Risky Bulletin.