Top Stories of the Week: 11/9/24-11/15/24
Gain insight into what could be coming from the DHS and other agencies under Trump's second term, the latest updates on the actions of North Korean state hackers, and more.
Trump 2.0 May Mean Fewer Cybersecurity Regs, Shift in Threats by Robert Lemos
President-elect Donald Trump's administration is expected to reduce federal cybersecurity regulations while prioritizing critical infrastructure protection and responding to new global cyber threats. Experts predict less regulatory enforcement, except where cybersecurity intersects with trade and national security, and as a result, business-friendly federal privacy legislation could emerge to streamline state laws. Despite deregulation, companies may maintain cybersecurity investments due to rising threats like ransomware and geopolitical risks. Tensions with China, Iran, and Russia may escalate, with potential sustained attacks on U.S. infrastructure including power, water, and communications systems.
Moody’s Rating Adds Telecoms, Airlines, Utilities To Highest Risk Category by Christian Vasquez
Moody’s Ratings has identified telecommunications, airlines, and power generation utilities as "high risk" sectors due to increased digitization and weak cybersecurity practices. A new report highlights that digitization expands attack surfaces while many industries fail to implement robust defenses. Telecommunications, now at the highest risk level, has faced repeated breaches, including major attacks on court-ordered wiretaps and customer data. Airlines are also vulnerable, as shown by disruptions from a faulty CrowdStrike update. Additionally, power generation projects have joined other utilities in the "very high risk" category due to rising connectivity and supply chain complexities. The report warns that $7.1 trillion in debt is tied to highly digitized sectors, underscoring the critical need for stronger cyber defenses.
DHS Nominee Kristi Noem Stood Alone for Rejecting Department Cyber Grants To State, Local Governments by Tim Starks
Kristi Noem’s appointment as DHS secretary could jeopardize cybersecurity grants for state and local governments, as she previously criticized the $1 billion program as wasteful and declined funding for South Dakota. While her stance may influence DHS policies, Noem has actively supported the cybersecurity industry in her state, promoting Dakota State University's cyber initiatives and signing legislation to bolster local cybersecurity efforts. Recent achievements include launching a Cybercrime Prevention Consortium and appointing a state CIO focused on modernizing systems and cyber training. Despite opposing federal grants, Noem has emphasized cybersecurity’s importance for South Dakota’s economy and infrastructure resilience.
North Korean Hackers Target Macos Using Flutter-Embedded Malware by Ravie Lakshmanan
North Korean threat actors have developed malware targeting Apple macOS devices by embedding it in Flutter-built applications, marking a first for such tactics. Disguised as a functional Minesweeper game, the malware uses Flutter’s architecture for added obscurity and evades Apple’s notarization process with misused developer IDs, now revoked. While the malware’s distribution methods remain unclear, it aligns with DPRK’s history of targeting cryptocurrency and DeFi businesses via social engineering. The activity was linked to the Lazarus subgroup BlueNoroff due to infrastructure overlaps.
Hackers Now Use Zip File Concatenation To Evade Detection by Bill Toulas
Hackers have been found using ZIP file concatenation to bypass security measures and deliver malware through compressed archives. This technique involves merging multiple ZIP files, with the malicious payload hidden in one, creating a single archive that exploits how different ZIP parsers handle such files. This method was observed in a phishing attack disguised as a fake shipping notice, leveraging AutoIt for malicious automation. To mitigate risks, experts recommend using security tools with recursive unpacking and treating ZIP attachments with caution.
