Skip to main content

Friday Five: Updates on Chinese Hacking Operations, the Growing Quishing Threat, & More

by Robbie Araiza on Friday February 9, 2024

Contact Us
Free Demo
Chat

More information on the hacking of critical infrastructure by Chinese threat actors has been uncovered in the past week, along with a rise in QR code 'Quishing' attacks, concerns over proposed regulations, and more. Get up to speed with it all in this week's Friday Five!

FEDS: CHINESE HACKING OPERATIONS HAVE BEEN IN CRITICAL INFRASTRUCTURE NETWORKS FOR FIVE YEARS BY AJ VICENS

Chinese-sponsored hackers, known as "Volt Typhoon," were found to have infiltrated and remained inside some U.S. critical infrastructure IT networks for at least five years, according to a joint advisory from the FBI, NSA, and CISA. The advisory warns of the hackers' pre-positioning for potential disruptions to operational technology assets. U.S. officials have consistently raised concerns about aggressive Chinese activities in sensitive networks, with this most recent advisory noting the hackers' capability to manipulate HVAC systems and disrupt critical energy and water controls. While there's no evidence of disruption, national security officials are wary of potential disruptive effects during geopolitical tensions or military conflicts.

Read more

CHINESE HACKERS FAIL TO REBUILD BOTNET AFTER FBI TAKEDOWN BY SERGIU GATLAN

Chinese hackers from the aforementioned Volt Typhoon group -- also known as Bronze Silhouette -- reportedly failed to revive the KV-botnet recently taken down by the FBI, which was previously used for attacks on critical infrastructure in the United States. After the FBI's dismantling of the botnet, the hackers attempted to rebuild it by exploiting vulnerable devices. Despite targeting thousands of devices, however, security researchers thwarted their efforts by null-routing the entire command-and-control server fleet. The lack of an active C2 server indicates that the KV activity cluster is no longer effectively active.

Read more

QR CODE 'QUISHING' ATTACKS ON EXECS SURGE, EVADING EMAIL SECURITY BY ROBERT LEMOS

In the last quarter, email attacks using QR codes have surged, particularly targeting corporate executives and managers. These phishing emails, known as "quishing," can often bypass spam filters and have successfully targeted Microsoft 365 and DocuSign users. The average C-suite executive saw 42 times more phishing attacks using QR codes compared to the average employee. Attackers are exploiting executives' credentials through QR code attacks, with the primary goal being to steal usernames and passwords. While the use of QR code phishing has subsided to some extent since October, it remains a tool for attackers, emphasizing the need for both training and technical controls to protect against such threats. Training employees is crucial, but technical controls are also necessary, given the potential impact of a single failure.

Read more

PROPOSED CONTRACTOR CYBER REPORTING RULE SETS A ‘SIGNIFICANTLY PROBLEMATIC’ BAR, INDUSTRY GROUPS SAY BY DAVID DIMOLFETTA

Cybersecurity and technology trade groups are urging federal agencies to reconsider a proposed rule that would heighten requirements for federal contractors reporting cybersecurity incidents. The proposed rule from the Pentagon, GSA, and NASA aims to intensify reporting measures, including the development of a Software Bill of Materials (SBOM) and notification of security incidents within eight hours of discovery. Industry groups argue that the proposed rule grants unprecedented access to contractors' information systems and personnel, constituting a privacy violation. They also express concerns about the SBOM demands, noting misalignment with other federal software regulations and the challenging nature of generating SBOMs for commercial off-the-shelf products. Furthermore, the eight-hour reporting window is deemed by many as too rigorous, lacking sufficient time for comprehensive assessments and confirmation of cyber incidents.

Read more

CONTRACTS FEATURING AUTOMATION, BUILT-IN SECURITY CAN BOOST AGENCIES’ CYBER DEFENSES, VA OFFICIALS SAY BY EDWARD GRAHAM

Officials from the Department of Veterans Affairs have stressed automating legacy systems, prioritizing security in vendor contracts, and adopting mature AI tools to boost overall cyber resilience. With the VA overseeing a significant portion of federal civilian IT assets, modernization and increased rigor are essential. They align with CISA's push for "secure-by-design" products, reflecting efforts to enforce security requirements in vendor contracts. However, the introduction of AI poses challenges, including the potential for more sophisticated cyber attacks. Mature AI tools may enhance preventive measures, but adversaries could also refine phishing campaigns. Adoption of AI could help mitigate persistent cyber workforce gaps across the federal government.

Read more

Tags:  Phishing Critical Infrastructure State Hackers Compliance

Robbie Araiza

Robbie Araiza

Robbie is a Content Creator for the Data Protection team at Fortra. Prior to joining the organization, he studied psychology and social work at Texas State University in San Marcos, TX.

Recommended Resources


The Definitive Guide to DLP

All the essential information you need about DLP in one eBook.

The Ultimate Guide to Data Protection

Everything you need to know about data protection but were afraid to ask.