Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyberspace Threats. Show all posts
Cyberspace Threats
AI Security AI technology Cyber Protection Cyber Security Cybersecurity Strategy Cyberspace Cyberspace Threats

US Cybersecurity Strategy Shifts Toward Prevention and AI Security

 

Early next month, changes to how cyber breaches are reported will begin to surface, alongside a broader shift in national cybersecurity planning. Under current leadership, federal teams are advancing a more proactive approach to digital defense, focusing on risks posed by hostile governments and increasingly complex cyber threats. Central to this effort is stronger coordination across agencies, updated procedures, and shared responsibility models rather than reliance on technology upgrades alone. Officials emphasize resilience, faster implementation timelines, and adapting safeguards to keep pace with rapidly evolving technologies. 

At the Information Technology Industry Council’s Intersect Summit, White House National Cyber Director Sean Cairncross previewed an upcoming national cybersecurity strategy expected to be released soon. While details remain limited, the strategy is built around six pillars, including shaping adversary behavior in cyberspace. The aim is to move away from reactive responses and toward reducing incentives for cybercrime and state-backed attacks. Prevention, rather than damage control, is driving the update, with layered actions and long-term thinking guiding near-term decisions. Much of the work happens behind the scenes, with success measured by systems that remain secure. 

Cairncross noted that cyber harm often occurs before responses begin. The updated approach targets a wide range of threats, including nation states, state-linked criminal groups, ransomware actors, and fraud operations. By reshaping the digital environment, officials hope to make cybercrime less profitable and less attractive. This philosophy now sits at the core of federal cybersecurity policy. 

Another pillar focuses on refining the regulatory environment through closer collaboration with industry. Instead of rigid compliance checklists, officials want cybersecurity rules aligned with real-world threats and operational realities. According to Cairncross, effective oversight depends on adaptability and practicality, ensuring regulations support security outcomes rather than burden organizations unnecessarily. 

Additional priorities include modernizing and securing federal IT systems, protecting critical infrastructure such as power and transportation networks, maintaining leadership in emerging technologies like artificial intelligence, and addressing shortages in skilled cyber professionals. Officials are under pressure to deliver visible progress quickly, given political time constraints. Meanwhile, the Cybersecurity and Infrastructure Security Agency is preparing updates to the Cyber Incident Reporting for Critical Infrastructure Act, or CIRCIA. Although Congress passed the law in 2022, it will not take effect until final rules are issued. 

Once implemented, organizations across 16 critical infrastructure sectors must report significant cyber incidents to CISA within 72 hours. Nick Andersen, CISA’s executive assistant director for cybersecurity, said clarification on the rules could arrive within weeks. Until then, reporting remains voluntary. CISA released a proposed CIRCIA rule in early 2024, estimating it would apply to roughly 316,000 entities. Industry groups and some lawmakers criticized the proposal as overly broad and raised concerns about overlapping reporting requirements. They have urged CISA to better align CIRCIA with existing federal and sector-specific disclosure mandates. 

Originally expected in October 2025, the final rules are now delayed until May 2026. Some Republicans, including House Homeland Security Committee Chairman Andrew Garbarino, are calling for an ex parte process to allow direct industry feedback. Andersen also discussed progress on establishing an AI Information Sharing and Analysis Center, or AI-ISAC, outlined in the administration’s AI Action Plan. The proposed group would facilitate sharing AI-related threat intelligence across critical infrastructure sectors. He stressed the importance of avoiding fragmented public and private efforts and ensuring coordination from the outset as AI adoption accelerates. 

Separately, the Office of the National Cyber Director is developing an AI security policy framework. Cairncross emphasized that security must be built into AI systems from the start, not added later, as AI becomes embedded in essential services and daily life. Uncertainty remains around a replacement for the Critical Infrastructure Partnership Advisory Council, which DHS disbanded last year. A successor body, potentially called the Alliance of National Councils for Homeland Operational Resilience, or ANCHOR, is under consideration. Andersen said the redesign aims to address past shortcomings, including limited focus on cybersecurity and inflexible structures that restricted targeted collaboration.
Read more »
Cyberspace Threats
Check Point research cyber attack Cyber Attacks Cyberspace Threats

Initial Access Brokers Now Central to Cyberattacks: Report

 

The market for initial access brokers has expanded rapidly over the past two years, creating a system that allows advanced threat actors to outsource the early stages of an intrusion, according to new research from Check Point. The report says this growth has made it easier for both nation-state groups and criminal actors to breach a larger number of targets. 

Check Point notes that the rise of the IAB economy coincides with the growing use of cyberspace by governments as a tool for projecting power. The firm is urging policymakers and businesses to strengthen identity security, secure software supply chains and improve the resilience of operational technology systems. 

“Once considered peripheral players, IABs have become a critical node in the cyber-criminal supply chain, lowering barriers to entry for sophisticated operations and enabling rapid campaign scaling,” Check Point said. 

By paying IABs to handle initial access at scale, threat actors can move faster and avoid the risks associated with the early stages of an attack. According to the report, “state-backed groups and sophisticated criminal actors can reduce operational risk, accelerate execution timelines, and scale their campaigns across dozens of targets simultaneously.” 

This growing reliance on brokers also complicates attribution. When an IAB is involved, IT teams and investigators often struggle to determine whether an attack was carried out by a government-backed group or by a criminal operation. 

For this reason, Check Point says that “IAB activity is no longer a peripheral criminal phenomenon but a force multiplier in the broader offensive ecosystem, one that directly supports espionage, coercive operations, and potential disruption of U.S. government and critical infrastructure networks.” 

The report also highlights a sharp rise in IAB activity targeting essential sectors. Healthcare saw nearly 600 percent more IAB-related attacks in 2024 compared with 2023. Government, education and transportation networks were also significantly affected. 

Check Point says these increases reflect both higher demand from adversaries for access to sensitive environments and the growing professionalisation of the IAB marketplace, where access to critical systems is treated as a commodity. 

The research links this broader trend to rising geopolitical tensions and the changing role of nation-state hacking. “Cyber operations have evolved from opportunistic disruptions and intelligence-gathering into deliberate, coordinated campaigns designed to achieve political, economic, and strategic outcomes,” the report says. 

According to Check Point, the line between geopolitics and cyber activity has largely disappeared. State-aligned groups are using digital operations to shape crises, signal intent and impose costs on rivals, often below the threshold of open conflict. 

The firm notes that spikes in geopolitical risk are closely followed by spikes in targeted cyberattacks against U.S. government systems. “Cybersecurity is no longer just a technical issue; it is a strategic imperative,” Check Point said. The report argues that resilience, deterrence and rapid recovery must now be treated as national security priorities on the same level as traditional defence planning.
Read more »
Guardian App
Cyberspace Threats Data Breach Data breach threats Guardian App

Global Breach of Mobile Guardian Wipes Data from 13,000 Students' Devices in Singapore

 

Mobile Guardian, a widely-used digital classroom management platform, has experienced a significant security breach affecting thousands of students globally. The platform, which is a Google for Education partner, offers services such as device management, parental controls, secure web filtering, and classroom tools across multiple operating systems including Android, iOS, Windows, ChromeOS, and macOS. 

The Ministry of Education (MOE) in Singapore disclosed that the breach impacted around 13,000 students across 26 secondary schools, resulting in the complete wipe of their devices. In response, the MOE promptly removed the Mobile Guardian app from all student learning devices and is currently aiding students in recovering their lost data. 

Service Disruption As a precautionary measure, Mobile Guardian has temporarily suspended its services, preventing users from accessing the platform. Students affected by the breach now face limited functionality on their devices, hindering their ability to fully utilize them for educational purposes. The extent of the breach's impact on students in other regions, such as North America and Europe, remains under investigation. 

It is important to note that this security breach is unrelated to a previous IT outage that occurred on July 30, 2024, which was attributed to a misconfiguration issue. Rising Threat of Supply Chain Attacks The incident with Mobile Guardian serves as a clear example of the growing threat posed by software supply chain attacks. In these attacks, hackers focus on compromising service providers to gain access to the end users who rely on them. 

To guard against such risks, cybersecurity experts recommend a few key practices: using strong, unique passwords, enabling two-factor authentication, keeping all software updated, staying vigilant for any unusual activity, and performing regular security checks. This breach underlines the critical need for solid cybersecurity measures, especially in the education sector, where digital platforms are essential for learning.
Read more »
Subscribe to: Comments (Atom)