Friday Five: IT Double Agents, CMMC, Hybrid Work Woes, & More
Contact Us | |
Free Demo | |
Chat | |
As CMMC's final rule was released this past week, organizations—particularly those with hybrid environments—continue to ward off a variety of sophisticated insider and outsider threats. Get the latest on these stories in this week's Friday Five.
UNDERCOVER NORTH KOREAN IT WORKERS NOW STEAL DATA, EXTORT EMPLOYERS BY BILL TOULAS
North Korean IT professionals are deceiving Western companies to steal data and demand ransoms, supporting the country’s cyber operations and weapons programs. Using false identities, they secure contractor roles and access sensitive data, which they transfer to personal cloud storage. Upon termination, companies receive extortion emails demanding cryptocurrency payments. Tactics include routing traffic through U.S.-based points, avoiding video calls, and using tools like AnyDesk for remote access. The group, tracked as "Nickel Tapestry," employs VPNs and proxies to mask their locations. Organizations are urged to watch for signs of fraud before a breach can take place, such as generic resumes, changes in payment accounts, and reluctance to enable cameras during interviews.
CMMC'S FINAL RULE HAS NOW LANDED BY NICK WAKEMAN
The Defense Department released the final rule for the Cybersecurity Maturity Model Certification (CMMC) program, which was officially published this past Monday, October 14, initiating a 60-day Congressional Review Act period ending December 13. The program aims to ensure contractors protect Controlled Unclassified Information (CUI) by requiring third-party certification for compliance with NIST cybersecurity standard 800-171, replacing self-certification. The final roll-out of CMMC will occur only when both the part 32 internal mechanisms and the part 48 external rule, which changes Federal Acquisition Regulations, are finalized, likely by late 2024 or early 2025.
CISA ADVISORY COMMITTEE APPROVES FOUR DRAFT REPORTS ON CRITICAL INFRASTRUCTURE RESILIENCE BY CHRISTIAN VASQUEZ
CISA's Cybersecurity Advisory Committee approved reports focused on boosting national cyber resilience, addressing threats from foreign state hackers, and securing digital ecosystems. Chinese state-sponsored cyber threats targeting critical infrastructure in particular remain a key concern, particularly with complex “living off the land” tactics. The reports list a wealth of recommendations including strengthening critical infrastructure resilience, promoting CISA's secure-by-design initiative, enhancing contingency planning, filling resource gaps for smaller entities, and conducting studies on breach impacts. The reports also highlight the need for more effective public communication strategies and mitigating risks in the open-source software supply chain by involving accountable intermediaries.
HYBRID WORK EXPOSES NEW VULNERABILITIES IN PRINT SECURITY BY JAI VIJAYAN
The shift to hybrid work models has progressively exposed vulnerabilities in corporate print infrastructure, including unmanaged printers, insecure networks, inadequate user authentication, and inconsistent patching, all of which increase security risks. Recent print-related vulnerabilities, such as some found in Windows and Unix systems, have worsened these risks, with a rise in printer-related breaches reported—67% of organizations faced such incidents in 2024. Legacy printer environments, often unmonitored, remain susceptible to attacks, but the adoption of cloud print services is hindered by security concerns, particularly around resting data and zero-day threats. Experts recommend incorporating zero-trust principles and native cloud architecture for better security in cloud print management.
AGENCIES WARN ABOUT RUSSIAN GOVERNMENT HACKERS GOING AFTER UNPATCHED VULNERABILITIES BY TIM STARKS
Russian SVR hackers are exploiting unpatched software vulnerabilities to target governments, defense contractors, and other organizations, while also scanning for any vulnerable systems globally, according to a joint U.S.-U.K. law enforcement alert. The hackers target "intent" entities like tech companies for intelligence gathering and "opportunity" entities with exposed internet-facing infrastructure. Along with the exploitation of multiple software products, threat actors have also turned to impersonating tech support via Microsoft Teams. SVR hackers operate stealthily, often using TOR and destroying infrastructure upon detection. The advisory recommends disabling unnecessary internet services, using multi-factor authentication, and auditing cloud accounts for unusual activity to mitigate risks.
Recommended Resources
All the essential information you need about DLP in one eBook.
Expert views on the challenges of today & tomorrow.
The details on our platform architecture, how it works, and your deployment options.
Don't Fall Behind
Get the latest security insights
delivered to your inbox each week.
Thank you for subscribing!