Friday Five: Critical Infrastructure Put to the Test, Cybercrime Efforts Thwarted, & More
U.S. critical infrastructure remains under fire, but questions remain as to whether or not federal agencies are prepared for attacks. Stay up to date with these developments and more in this week's Friday Five.
US DISRUPTS CHINA-BACKED HACKING OPERATION AMID WARNING OF THREAT TO AMERICAN INFRASTRUCTURE BY CARLY PAGE
The U.S. government has announced the disruption of a China-backed hacking operation targeting critical infrastructure in the U.S. FBI director Christopher Wray stated that China's hackers are preparing to cause "real-world harm" to American citizens and communities, particularly in the event of a conflict over Taiwan. The hacking group involved, Volt Typhoon, is a state-sponsored group based in China that focuses on espionage and information gathering. The disruption operation involved the FBI and the Justice Department removing malware from a China-controlled botnet that compromised hundreds of U.S.-based routers. The U.S. continues to address cybersecurity threats from foreign governments to safeguard its critical infrastructure.
GAO: FEDERAL AGENCIES LACK INSIGHT ON RANSOMWARE PROTECTIONS FOR CRITICAL INFRASTRUCTURE BY MATT BRACKEN
A report from the U.S. Government Accountability Office (GAO) reveals that federal agencies overseeing critical sectors, including manufacturing, energy, health care, and transportation, lack information on whether companies in these sectors have implemented recommended ransomware protections. The report focused on six lead agencies for these sectors and found that none had fully assessed the effectiveness of their support or determined the extent of adoption of recommended practices for addressing ransomware. The lack of assessments hampers communication, coordination, and the timely sharing of threat and incident information. The GAO made 11 recommendations, with responses varying among the agencies.
CYBERATTACKS ON STATE AND LOCAL GOVERNMENTS ROSE IN 2023, SAYS CIS REPORT BY SOPHIA FOX-SOWELL
A study by the Center for Internet Security revealed that cyberattacks on state and local governments increased from 2022 to 2023. The study surveyed over 3,600 government organizations and focused on the first eight months of each year, finding a 148% increase in malware attacks, a 51% increase in ransomware incidents, a 37% increase in non-malware cyberattacks, and a 313% rise in endpoint security services incidents. The report identified a significant weakness in cybersecurity programs, noting that many are still being created. Lack of funding, sophistication of cyber threats, undocumented processes, emerging technologies, and limited access to cybersecurity professionals were cited as common challenges.
INTERPOL OPERATION SYNERGIA TAKES DOWN 1,300 SERVERS USED FOR CYBERCRIME BY BILL TOULAS
An international law enforcement operation called 'Synergia' has successfully taken down over 1,300 command and control servers used in ransomware, phishing, and malware campaigns. The operation, conducted between September and November 2023, involved 60 law enforcement agencies from 55 countries. The takedown disrupted cybercriminal activities, with roughly 70% of the identified command and control servers, which are used by threat actors to control malware and collect information and are crucial in many cyber attacks, now offline. Law enforcement authorities also detained 31 individuals and identified 70 suspects linked to cybercrime operations. The remaining 30% of servers are under investigation.
CISA ORDERS FEDERAL AGENCIES TO DISCONNECT IVANTI VPN APPLIANCES BY SATURDAY BY SERGIU GATLAN
The Cybersecurity and Infrastructure Security Agency (CISA) has directed U.S. federal agencies to disconnect all Ivanti Connect Secure and Policy Secure VPN appliances vulnerable to actively exploited bugs by Saturday. This follows a recent emergency directive (ED 24-01) requiring Federal Civilian Executive Branch agencies to urgently secure Industrial Control Systems (ICS) and Industrial Process Systems (IPS) devices against two zero-day flaws. Ivanti appliances have been targeted in attacks exploiting authentication bypass and command injection flaws since December. Once agencies successfully disconnect affected Ivanti products, CISA has ordered the agencies to hunt for signs of compromise and follow a multi-step recovery process before bringing the appliances back online.