As the federal government is working to secure critical infrastructure organizations and its own agencies, law enforcement is hard at work taking down large-scale phishing networks and state-sponsored botnets. Get up to speed on these stories and more in this week's Friday Five.
CISA ISSUES GUIDE TO HELP FEDERAL AGENCIES SET CYBERSECURITY PRIORITIES BY DAVID DIMOLFETTA
The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) released a plan to help federal civilian agencies enhance their cybersecurity. The Federal Civilian Executive Branch Operational Cybersecurity Alignment plan focuses on asset management, vulnerability management, defensible architecture, supply chain resilience, and incident detection and response to improve communication, agility, and resilience across the federal government and defend against evolving cyber threats. This is part of broader efforts to implement zero trust architecture by a September 30 deadline, with several agencies nearing compliance. The guidance follows numerous cyberattacks targeting federal entities in the 2020s.
EUROPEAN, LATIN AMERICAN AUTHORITIES ARREST 17 IN CRACKDOWN ON PHISHING NETWORK WITH 483,000 VICTIMS BY TIM STARKS
European and Latin American law enforcement, with the help of Europol, arrested 17 suspects involved in a phishing network targeting nearly 500,000 victims worldwide. The network, run through a platform called iServer, focused on unlocking stolen or lost mobile phones by phishing users attempting to recover their devices and allowed low-skilled criminals to steal device passwords and bypass security features. The operation reportedly spanned several countries, resulting in 28 searches and the seizure of mobile phones, electronic devices, vehicles, and weapons. The bust highlights successful cross-border collaboration in combating cybercrime.
MASSIVE CHINA-STATE IOT BOTNET WENT UNDETECTED FOR FOUR YEARS—UNTIL NOW BY DAN GOODIN
The FBI dismantled a massive botnet dubbed Raptor Train, operated by Chinese state-sponsored hackers for four years, targeting U.S. and Taiwanese government agencies, defense contractors, and telecoms. The botnet, comprising over 60,000 devices and posing a major DDoS attack threat at its peak, used compromised Internet-connected devices such as routers and cameras and targeted critical infrastructure, military, and government sectors. U.S. authorities swiftly took control of the botnet's infrastructure, which was organized into three tiers, thwarting hackers' efforts to rebuild it, and continue to advise device owners on security measures to prevent future attacks.
UNITEDHEALTH GROUP CISO: WE HAD TO ‘START OVER’ AFTER CHANGE HEALTHCARE ATTACK BY GREG OTTO
UnitedHealth Group is still recovering from a February ransomware attack on its subsidiary, Change Healthcare, which disrupted U.S. healthcare providers. Chief Information Security Officer Steven Martin said they essentially "started over" with their IT infrastructure, replacing everything but the cables, and that the recovery has been long and grueling, with teams reportedly working 20-hour days for weeks. The attack, orchestrated by the ALPHV/BlackCat group, led to $22 million in ransom payments. Martin emphasized the importance of communication with customers and staff, as well as monitoring the mental health of team members during the recovery process, underscoring the toll large-scale attacks can take on IT teams.
CONCERNS OVER SUPPLY CHAIN ATTACKS ON US SEAPORTS GROW BY ROBERT LEMOS
A congressional report highlights the vulnerability of U.S. maritime ports due to reliance on Chinese-made cranes, with 80% of port cranes coming from Shanghai Zhenhua Heavy Industries (ZPMC). These cranes have software vulnerabilities and can be remotely accessed, raising concerns about potential cyberattacks, especially amid geopolitical tensions. While no malicious intent by ZPMC was proven, experts worry about long-term risks to U.S. infrastructure. The report recommends disabling cellular modems in cranes, increasing cybersecurity measures, and exploring domestic manufacturing solutions to reduce reliance on foreign equipment, emphasizing the critical nature of port security in safeguarding U.S. economic and military interests.
