Friday Five: Elaborate Vishing, Microsoft's Security Woes, & More

FEDS SAW MORE CYBERATTACKS BUT BETTER DETECTION LAST YEAR, FISMA REPORT SAYS BY DAVID DIMOLFETTA

Federal agencies experienced a nearly 10% increase in cyberattacks in fiscal year 2023, reporting 32,211 incidents to the Cybersecurity and Infrastructure Security Agency (CISA), up from 29,319 the previous year, according to an Office of Management and Budget report. Attrition attacks surged from 197 to 1,147 incidents, and email phishing more than doubled from 3,011 to 6,198 incidents. This rise is partly due to improved detection capabilities, including automation and training. Thirty additional incidents were rated as "Medium" risk, affecting public safety or national security, and eleven were categorized as "major," impacting agencies like Health and Human Services, Treasury, and Justice. Civilian agencies may receive a 10% increase in cybersecurity funding in the 2025 budget.

Read more

WIDESPREAD VISHING EFFORT IMPERSONATES CISA STAFF BY NATHAN EDDY

The US Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about scammers impersonating its own representatives, requesting cash, gift cards, or cryptocurrency. CISA emphasized that its staff will never make such requests and advised recipients of these calls to refuse payment, note the caller’s number, hang up, and report the incident. This scam highlights the growing trend of cybercriminals using social engineering to exploit trust in government agencies. The FBI and other agencies have also been targeted. Experts recommend educating employees about scam tactics and employing multi-layered cyber defenses, including multifactor authentication and AI-based security measures, to combat these sophisticated threats.

Read more

MICROSOFT ADMITS SECURITY FAILINGS ALLOWED CHINA TO ACCESS US GOVERNMENT EMAILS BY JAMES COKER

Microsoft President Brad Smith admitted to security failings that allowed Chinese state hackers to access the emails of US government officials in 2023. In testimony before Congress, Smith acknowledged Microsoft's responsibility for the issues highlighted in a Cyber Safety Review Board (CSRB) report, which cited a series of security failures enabling the hack. The attack involved forged authentication tokens using a Microsoft encryption key, exploiting flaws in Microsoft's authentication system. Smith emphasized Microsoft's crucial cybersecurity role and outlined measures to strengthen security, including transitioning to a new key management system, enhancing detection signals, and prioritizing security in company culture. Additionally, Microsoft delayed the rollout of its Recall AI feature for further security testing following privacy concerns.

Read more

GAO REMINDS WHITE HOUSE OF CYBER BACKLOG BY CHRISTIAN VASQUEZ

The Government Accountability Office (GAO) has reminded the White House of numerous pending cybersecurity regulations as the 2024 election approaches. The GAO's updated "high-risk list" highlights areas needing improvement, including establishing a comprehensive cybersecurity strategy, securing federal systems, protecting critical infrastructure, and safeguarding privacy and sensitive data. Since 2010, the White House has yet to implement 567 out of 1,610 cybersecurity recommendations, with recent criticisms including the lack of performance measures in the national cybersecurity strategy implementation plan. Additionally, over half of the GAO's recommendations for critical infrastructure protection remain unaddressed, with federal agencies needing to ensure the adoption of best practices against ransomware.

Read more

CHINESE CYBER ESPIONAGE CAMPAIGN TARGETS ‘DOZENS’ OF WESTERN GOVERNMENTS, DUTCH OFFICIALS SAY BY AJ VICENS

Dutch intelligence reported that a Chinese-linked cyber espionage operation infiltrated numerous Western governments, international organizations, and defense industry companies using a reported hardware vulnerability. The operation, more extensive than initially known, affected at least 20,000 systems globally in 2022 and 2023. Despite the vulnerability being patched, Chinese hackers maintained access to systems using malware, specifically the remote access trojan "Coathanger." This highlights ongoing risks with edge devices, which often lack adequate security measures. The Chinese Embassy denied supporting cyber attacks, while experts warn of the significant, ongoing threat posed by state-aligned hacking operations.

Read more