FCC GIVES TELECOM COMPANIES 7 DAYS TO ALERT AUTHORITIES OF DISCOVERED DATA BREACHES BY DAVID DIMOLFETTA
The Federal Communications Commission (FCC) will implement a rule mandating telecom and voice over IP (VoIP) providers to report data breaches to authorities within seven business days, responding to increased cyber threats and emphasizing consumer privacy and data protection. Modeled after state and federal laws, phone carriers must notify the FCC, Secret Service, and FBI promptly and inform customers "without unreasonable delay" after notifying federal agencies. The new rule additionally expands the definition of a breach to include unintended access, use, or sharing of customer data. If providers reasonably determine the incident won't harm customers, notifying them is optional. The final rule, which was published this past Monday, is set to take effect next month.
DOJ, FBI DISRUPT RUSSIAN INTELLIGENCE BOTNET BY AJ VICENS
The FBI and DOJ took down a network of compromised small office and home office routers used by Russian military intelligence (GRU) in global cyber espionage. According to the DOJ's recent press release, the operation targeted GRU Military Unit 26165, dismantling its botnet targeting Ubiquiti Edge OS routers with known default passwords. The state hackers used the Moobot malware to repurpose the botnet for global cyber espionage against U.S. and foreign governments, military, security, and corporate organizations. This marks the second U.S. disruption of state-backed botnets in two months, following the Chinese-sponsored Volt Typhoon operation. The FBI leveraged Moobot to copy and delete data, modify firewall rules, and expose GRU attempts to thwart the operation.
CISA ESTABLISHING NEW OFFICE FOCUSED ON ZERO TRUST BY MATT BRACKEN
The Cybersecurity and Infrastructure Security Agency (CISA) is launching the Zero Trust Initiative Office, dedicated to assisting federal agencies in implementing zero trust security principles. The office will provide comprehensive training, resources, and playbooks to support agencies in adopting the zero trust framework. It aims to identify the skills and knowledge needed for successful implementations, enhance community building and collaboration, and assess agencies' zero trust maturity. This initiative aligns with the broader push toward zero trust security in the Biden administration, focusing on NIST's Zero Trust Architecture, OMB's zero trust strategy, and the 2021 executive order on cybersecurity.
ONGOING MICROSOFT AZURE ACCOUNT HIJACKING CAMPAIGN TARGETS EXECUTIVES BY BILL TOULAS
A phishing campaign discovered in late November 2023 has compromised numerous user accounts across multiple Microsoft Azure environments, including those of senior executives. Leveraging links disguised as "View document" buttons that lead to phishing pages, the attackers target executives due to their potential access to confidential information, ability to self-approve financial transactions, and use of critical systems as a foothold for broader attacks. Various post-compromise activities have been identified by researchers, including MFA manipulation, data exfiltration, internal and external phishing, and financial fraud. The operational infrastructure of the attackers includes proxies, data hosting services, and hijacked domains. Defense measures include monitoring for specific user-agent strings, password resets, and implementing industry-standard mitigations against phishing and password attacks.
MICROSOFT, OPENAI: NATION-STATES ARE WEAPONIZING AI IN CYBERATTACKS BY NATE NELSON
Nation-state advanced persistent threat (APT) groups aligned with China, Iran, North Korea, and Russia have been using large language models (LLMs) for various malicious purposes, according to OpenAI and Microsoft. The APTs include Fancy Bear (Russian Federation), Charcoal Typhoon and Salmon Typhoon (China), Crimson Sandstorm (Iran), and Emerald Sleet (North Korea). The threat actors utilized LLMs for scripting tasks, intelligence gathering, research, generating malicious code, phishing, and more. While AI enhances efficiency for attackers, it hasn't led to notably impactful breakthroughs yet. The importance of remaining vigilant and maintaining basic security measures is emphasized for organizations.
