Friday Five: IT Double Agents, CMMC, Hybrid Work Woes, & More

UNDERCOVER NORTH KOREAN IT WORKERS NOW STEAL DATA, EXTORT EMPLOYERS BY BILL TOULAS

North Korean IT professionals are deceiving Western companies to steal data and demand ransoms, supporting the country’s cyber operations and weapons programs. Using false identities, they secure contractor roles and access sensitive data, which they transfer to personal cloud storage. Upon termination, companies receive extortion emails demanding cryptocurrency payments. Tactics include routing traffic through U.S.-based points, avoiding video calls, and using tools like AnyDesk for remote access. The group, tracked as "Nickel Tapestry," employs VPNs and proxies to mask their locations. Organizations are urged to watch for signs of fraud before a breach can take place, such as generic resumes, changes in payment accounts, and reluctance to enable cameras during interviews.

Read more

CMMC'S FINAL RULE HAS NOW LANDED BY NICK WAKEMAN

The Defense Department released the final rule for the Cybersecurity Maturity Model Certification (CMMC) program, which was officially published this past Monday, October 14, initiating a 60-day Congressional Review Act period ending December 13. The program aims to ensure contractors protect Controlled Unclassified Information (CUI) by requiring third-party certification for compliance with NIST cybersecurity standard 800-171, replacing self-certification. The final roll-out of CMMC will occur only when both the part 32 internal mechanisms and the part 48 external rule, which changes Federal Acquisition Regulations, are finalized, likely by late 2024 or early 2025.

Read more

CISA ADVISORY COMMITTEE APPROVES FOUR DRAFT REPORTS ON CRITICAL INFRASTRUCTURE RESILIENCE BY CHRISTIAN VASQUEZ

CISA's Cybersecurity Advisory Committee approved reports focused on boosting national cyber resilience, addressing threats from foreign state hackers, and securing digital ecosystems. Chinese state-sponsored cyber threats targeting critical infrastructure in particular remain a key concern, particularly with complex “living off the land” tactics. The reports list a wealth of recommendations including strengthening critical infrastructure resilience, promoting CISA's secure-by-design initiative, enhancing contingency planning, filling resource gaps for smaller entities, and conducting studies on breach impacts. The reports also highlight the need for more effective public communication strategies and mitigating risks in the open-source software supply chain by involving accountable intermediaries.

Read more

HYBRID WORK EXPOSES NEW VULNERABILITIES IN PRINT SECURITY BY JAI VIJAYAN

The shift to hybrid work models has progressively exposed vulnerabilities in corporate print infrastructure, including unmanaged printers, insecure networks, inadequate user authentication, and inconsistent patching, all of which increase security risks. Recent print-related vulnerabilities, such as some found in Windows and Unix systems, have worsened these risks, with a rise in printer-related breaches reported—67% of organizations faced such incidents in 2024. Legacy printer environments, often unmonitored, remain susceptible to attacks, but the adoption of cloud print services is hindered by security concerns, particularly around resting data and zero-day threats. Experts recommend incorporating zero-trust principles and native cloud architecture for better security in cloud print management.

Read more

AGENCIES WARN ABOUT RUSSIAN GOVERNMENT HACKERS GOING AFTER UNPATCHED VULNERABILITIES BY TIM STARKS

Russian SVR hackers are exploiting unpatched software vulnerabilities to target governments, defense contractors, and other organizations, while also scanning for any vulnerable systems globally, according to a joint U.S.-U.K. law enforcement alert. The hackers target "intent" entities like tech companies for intelligence gathering and "opportunity" entities with exposed internet-facing infrastructure. Along with the exploitation of multiple software products, threat actors have also turned to impersonating tech support via Microsoft Teams. SVR hackers operate stealthily, often using TOR and destroying infrastructure upon detection. The advisory recommends disabling unnecessary internet services, using multi-factor authentication, and auditing cloud accounts for unusual activity to mitigate risks.

Read more