In today’s cybersecurity news…
Five Eyes launches startup security program
Last year, the UK’s GCHQ National Cyber Security Centre and MI5’s National Protective Security Authority launched Secure Innovation, a program designed to help secure tech startups from state-backed threats. After the first-ever public meeting of the heads of the Five Eyes domestic intelligence agencies, the UK, US, Canada, New Zealand, and Australian governments agreed to launch regionalized versions. Secure Innovation provides basic advice on protecting technology, using simple questions to create a personalized action plan. The UK found over 500 startups engaged with the Secure Innovation program in its first year.
Canada and the Netherlands seeing increased Chinese activity
The Canadian Centre for Cyber Security said it observed a Chinese-linked threat actor performing scans on government organizations over several months earlier this year, including networks for political parties, the House of Commons, and critical infrastructure. Canadian authorities say there is no sign of compromise at these entities, but the threat actor could be preparing for future malicious activity.
In other news, the Dutch counterterrorism unit NCTV released a research paper showing a marked increase in cyberattacks from China and Russia against Dutch organizations. This increase primarily comes from the activities of non-state actors in both countries. In Russia, this is tied to increased hacktivist attacks. NCTV warns that while the Netherlands sees persistent activity from both threat actors in both countries, in the last year, it saw an increase in the intensity, scope and technical sophistication.
Russia might fork the Linux community
In a statement to local media, the Russian digital ministry said it plans to create an “alternative structure” and an independent development community around Linux. This statement came after the Linux community delisted 11 Russian kernel maintainers, later explaining that it would add restrictions to developers whose companies are controlled by anyone named on the US Office of Foreign Assets Control list. Russia called this “an act of discrimination.” Linux creator Linus Torvalds doubled down on the action, saying the decision “is not getting reverted.”
The state of ransomware in education
K-12 Dive put together a report on the threat education faces from ransomware. From 2016 to 2022, ransomware attacks on education increased by 393%, from 14 to 69 attacks. From 2024 through October 3rd, 85 attacks were found. K-12 co-founder Doug Levin said some of this comes from a failure to implement security basics like MFA. Edtech proliferation is also an issue, with school districts using an average of 2,739 edtech tools. Last year, the Consortium for School Networking found that roughly two-thirds of districts had no full-time cybersecurity positions. Sophos previously reported that 62% of lower education systems hit with ransomware make a payment, with an average payment of $7.5 million, while the cost of restoring from backups averaged $3.76 million. There are also issues with underreporting attacks. The Cyber Incident Reporting for Critical Infrastructure Act is set to take effect in 2026. This will require school districts with over 1000 students to report incidents to CISA within 72 hours and report ransom payments within 24 hours.
(K12Dive)
Thanks to today’s episode sponsor, Dropzone AI
Russia makes arrests for election interference
Russia’s Federal Security Service announced it arrested a Moscow resident for operating DDoS attacks, targeting local critical information infrastructure. The agency said the attacks prevented ISPs “ from providing internet access to customers and hindering voters from participating in remote electronic voting.” It’s unclear if the suspect has ties to Ukraine, but the FSB said it found Ukrainian software on his personal devices but didn’t say anything more specific. Authorities are looking for accomplices, and the suspect could face up to five years in prison based on the current charges.
NIS2 compliance comes at a cost
The EU’s Network and Information Security Directive, or NIS2, came into effect on October 17th with new rules for incident response reporting, supply chain security, and training. A survey by Veam found that 95% of respondents diverted funds from other areas to come into compliance. A third of firms used money from risk management budgets. Compliance funding also came from recruitment, crisis management, and emergency reserves. Overall, 68% of firms said they received enough additional budget to come into compliance. NIS2 applies to roughly 150,000 large and medium companies in the bloc designated as “essential” or “important.”
A call for a proactive approach to healthcare security
In an op-ed for Cyberscoop, US Representative Mark Green made the case for a proactive approach to healthcare security with closer collaboration between the public and private sectors. He called for greater accountability from the small group of vendors that dominate most IT systems and asked for a mandate for CISA to identify cross-sector points of vulnerability. The piece also made the case for treating basic cybersecurity hygiene as a critical investment, noting that almost 40% of healthcare providers have no data leak contingency plans. He closed by calling for collaboration to streamline federal cybersecurity hiring and better secure the open-source supply chain.
Shared Strava data leaks French GSPR locations
An investigation by Le Monde found that members of French President Emmanuel Macron’s security detail, the GSPR, published location data when working out with the fitness app Strava. Since these agents traveled with Macron, they effectively leaked his location across hotels, meetings, and other trips. Le Monde also said it would publish a similar kind of tracking that impacts both President Biden and Vladimir Putin. While Strava users can choose to keep location data private, by default, it opts to share map data. As the Register pointed out, back in 2018, the US military ordered a review of soldiers using the app after discovering it could be used to show the location of military bases.