This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Caitlin Sarian, owner and CEO, Cybersecurity Girl LLC
Missed the live show? Check it out on YouTube
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Google says APTs using Gemini AI
Researchers at Google’s Threat Intelligence Group say they have detected government-linked APT groups that are using Gemini primarily for what they call “productivity gains” rather than to develop new AI-enabled cyberattacks. As an example, Google says, Gemini can help them shorten the preparation period in “coding tasks for developing tools and scripts, research on publicly disclosed vulnerabilities…finding details on target organizations, and searching for methods to evade detection, escalate privileges, or run internal reconnaissance in a compromised network. Google has identified APT groups from more than 20 countries that are using this technique, with the top four being Iran, China, North Korea and Russia.
Exploited vulnerabilities up significantly from previous year
The number of exploited vulnerabilities surged in 2024, with 768 CVEs actively targeted, that’s a 20% increase from the year before. Nearly a quarter of these were weaponized on or before their public disclosure. Chinese threat actors remain a major player, with 15 groups linked to exploiting top vulnerabilities, including Log4j. These security shortcomings are linked to the exploitation of Citrix, Cisco, Zoho, and Microsoft to name a few.
Ransomware payments decreased 35% year-over-year
According to a new report from Chainalysis, in 2024, ransomware attackers racked up $813.55 million in victim payments, a 35% decrease from 2023’s record-setting year of $1.25 billion. The drop is attributed to increased law enforcement actions, improved international collaboration, and a growing refusal by victims to pay. The report highlighted ransomware gang disruption including the LockBit takedown in February 2024 and BlackCat’s apparent ‘exit scam’ following its attack on Change Healthcare. While LockBit has rebranded and made a comeback, payments to the group fell by around 79% in H2 2024 compared to H1. Chainalysis observed many attackers shifting tactics, with new ransomware strains and also getting quicker with ransom negotiations, often beginning within hours of data exfiltration.
(Chainalysis and Infosecurity Magazine)
Huge thanks to our sponsor, ThreatLocker
Abandoned AWS cloud storage is a major cyber risk
Researchers from watchTowr discovered around 150 Amazon Web Services S3 buckets that were formerly used by organizations for software deployment and updates but were then abandoned. The researchers registered the unused buckets using their original names for a total of around $400, and enabled logging on them to see what requests might flow into them. In a two-month period, the S3 buckets received a staggering 8 million file requests including those from government agencies in the U.S., the UK, Australia, Fortune 100 companies, banking institutions, and cybersecurity companies. Had the researchers been threat actors, they could have responded to any of these requests with malicious software updates allowing them access to the requesting organization’s AWS environment or virtual machine. AWS quickly sinkholed the S3 buckets that watchTowr identified but the broader risk posed by abandoned cloud services still persists.
Meta says it may stop development of AI systems it deems too risky
Meta CEO Mark Zuckerberg has pledged to make artificial general intelligence (AGI) openly available, but Meta’s new Frontier AI Framework outlines scenarios where it may withhold highly capable AI systems due to safety concerns. Meta classifies such systems as “high risk” or “critical risk,” based on their potential to aid in cybersecurity breaches or biological attacks, with critical-risk systems posing catastrophic, unmitigable threats. The framework, guided by expert input rather than strict empirical tests, reflects Meta’s attempt to balance openness with security, especially amid criticism of its open AI strategy.
Remembering Shawn Bowen
It’s with profound sadness that we here at the CISO Series mourn the loss of Shawn Bowen, who died tragically in a parachuting accident over the weekend. If you’ve listened to any of our shows for any length of time, you’ve likely heard Shawn’s keen insights and quick wit. He was a relentless advocate for what we try to bring to the cybersecurity community and unfailingly generous with his time and expertise. We extend our condolences to all of his family, friends, and co-workers, and especially to his wife and two children. David Spark put together a tribute to Shawn on our LinkedIn newsletter with some remembrances from our staff. If you’d like to read them or share your own in the comments, check out the link in our show notes.
(LinkedIn)