Top Stories of the Week: 12/7/24-12/13/24
U.S. telecoms face cybersecurity reform as AWS breaches, DDoS crime, and sanctions against a Chinese firm underscore global risks.
Wyden Legislation Would Mandate Fcc Cybersecurity Rules for Telecoms
by Tim Starks
Sen. Ron Wyden introduced legislation requiring the FCC to enforce cybersecurity regulations on telecommunications companies under CALEA, following breaches by Chinese-linked hackers, Salt Typhoon. These hackers infiltrated telecom networks for years, accessing calls, messages, and records, posing a national security risk. Wyden blamed the hacks on the FCC’s lack of mandatory cybersecurity rules and now proposes mandating FCC regulations, collaborating with CISA and DNI, annual system testing for security gaps, and independent compliance audits. This legislation surpasses the FCC's recent proposals, aiming to secure telecom systems against unauthorized communication interception and advanced persistent threats. Wyden also urged the Defense Department to enhance telecom cybersecurity after labeling the Salt Typhoon breaches as the worst in U.S. telecommunications history.
Cybercrime Gangs Abscond With Thousands of Orgs’ AWS Credentials
Cybercriminal groups exploited vulnerabilities in public websites to steal AWS cloud credentials and sensitive data from thousands of organizations, according to recent research. The operation was uncovered in August and linked to Nemesis and ShinyHunters, known for large-scale cybercrimes. Hackers scanned AWS IP ranges, used tools like Shodan to map domains, and targeted specific endpoints to extract credentials, databases, and crypto keys. AWS mitigated the threat by November, emphasizing the shared responsibility model. Security experts recommend proactive measures, including web scans, rotating credentials, and deploying WAFs, to prevent such attacks. AWS highlighted the importance of tools like Secrets Manager in securing credentials.
International Crackdown Disrupts Ddos-For-Hire Operations
by Greg Otto
In a global operation dubbed PowerOFF, law enforcement from 15 countries, including the U.S. and Europe, dismantled 27 major DDoS-for-hire platforms, arrested three administrators, and identified 300 users. The operation coincided with the holiday season, a peak time for such attacks, and included an online ad campaign discouraging cybercrime. Coordinated by Europol, the FBI, and others, the crackdown highlights efforts to disrupt illegal cyber infrastructures and educate potential offenders. These booter and stresser sites that were taken down in the operation enabled users to launch disruptive DDoS attacks with minimal technical skill. PowerOFF follows a broader strategy to combat global cyber threats targeting sectors like finance amid rising geopolitical tensions.
Google Launches Open Source Patch Validation Tool
Google introduced Vanir, an open-source tool to streamline Android security patch validation for OEMs. Updating Android devices is typically complex and time-intensive due to diverse device portfolios and software versions. Vanir automates the process using static code analysis to identify missing patches efficiently, boasting a 97% accuracy rate and covering 95% of known Android vulnerabilities with public fixes, and eliminates reliance on metadata, reducing false alarms to just 2.72%. Google reports Vanir saved over 500 hours in patch fixes internally, demonstrating its efficiency. Originally unveiled in April, the tool supports integration as a Python library or standalone app and can adapt to non-Android ecosystems.
Us Sanctions Chinese Cybersecurity Firm for Firewall Hacks Targeting Critical Infrastructure
by Carly Page
The U.S. sanctioned Chinese firm Sichuan Silence and employee Guan Tianfeng for exploiting a Sophos firewall zero-day in 2020. Guan compromised 81,000 firewalls globally, including 23,000 in the U.S., targeting a government agency and critical infrastructure like an energy company. The attack aimed to steal data and deploy Ragnarok ransomware, posing risks of severe harm.