News: Deep freeze from Midnight Blizzard

Monday, July 1, 2024

Deep freeze from Midnight Blizzard

Jul 01, 2024

Presented by

Driving the day

— Microsoft's email breach goes deeper than first thought.

HAPPY MONDAY and welcome to MORNING CYBERSECURITY! I’m just coming back from a weeklong vacation at my parents' house in my hometown, and I’m here to remind you that there’s nothing better than home-cooked meals.

Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Find me on X at @JGedeon1 or email me at jgedeon@politico.com. You can also follow @POLITICOPro and @MorningCybersec on X. Full team contact info is below.

A message from ThreatLocker®:

The White House has banned Kaspersky products due to cybersecurity concerns. In response, ThreatLocker® is now offering a complimentary system cyber health report, highlighting vulnerabilities associated with foreign software. This report details all applications, their origins, and data access implications, promoting informed decision-making.

Today's Agenda

Director of international narcotics and law enforcement at the U.S. Embassy in Hanoi Ryan McKean is joining experts at the United States Institute of Peace for a virtual discussion on cyber scams and human trafficking in Cambodia and Vietnam. 9 p.m.

On the Hill

NOT AGAIN — The Kremlin-backed hackers who breached Microsoft’s systems earlier this year didn't just peek at staff inboxes — they also nabbed customer emails. This revelation, coming six months after the initial disclosure, significantly broadens the impact of the Midnight Blizzard attack.

The timing couldn't be worse for Microsoft. Already under the congressional microscope for a separate Chinese hack that snagged U.S. government emails, the company again faces tough questions about its cybersecurity chops and transparency.

"We are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor, and we are providing the customers the email correspondence that was accessed by this actor,” company spokesperson Kate Frischmann said in a statement over the weekend.

— Cyber woes far from over: House Homeland Security Committee ranking member Bennie Thompson (D-Miss.) tells MC he’s keeping tabs on Microsoft’s promised security reforms. When asked whether this could trigger another Microsoft hearing down the line, Thompson said he will “closely monitor” both the federal response and the company’s efforts to deal with the “entirely avoidable” breach.

“These new notifications serve as a reminder that the government has a national security obligation to evaluate the degree to which reliance in a single vendor creates risk and how that risk can be mitigated and I am committed to making sure that happens,” Thompson said.

— Action on the horizon: Senate Armed Services Committee member Sen. Eric Schmitt (R-Mo.) in June introduced two amendments taking aim at Microsoft in the 2025 National Defense Authorization Act.

Those amendments would:

Allow Pentagon entities to seek alternative cybersecurity services.
Require defense contractors operating in China to disclose if forced to share vulnerabilities with Beijing.

— The intrigue: Microsoft's dominance in federal IT has long been a given. But with these security slip-ups piling up, that could change. The Senate amendments, while not naming names, are a thinly veiled swipe at Microsoft's cozy relationship with the Pentagon and its presence in China.

Still, Microsoft’s cyber troubles are looking like they’re more than just a PR headache. National security concerns for the company could kick-start another round of grueling congressional hearings.

CYBER CASH — In a razor-thin 212-203 vote, House Republicans pushed through a contentious Homeland Security appropriations bill that includes a $2.9 billion cybersecurity funding package late last week.

The near party-line vote hands a solid budget boost to CISA for 2025, but not without some controversy.

— Under the hood: The bill earmarks $2.4 billion for CISA operations and another $494 million for procurement, which promises to amp up America’s cyber defenses. A key provision also allows CISA to share threat feeds with state and local entities.

— What’s next: The bill in general lurches to the Republican right, and the Democrat-led Senate hasn’t even introduced their version of the appropriations bills yet. Nothing is on the schedule yet, and the Senate is off for holiday this week, but we expect a rocky road ahead.

Understand 2024’s big impacts with Pro’s extensive Campaign Races Dashboard, exclusive insights, and key coverage of federal- and state-level debates. Focus on policy. Learn more.

Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.

Election Security

TOOK THE NIGHT OFF — While all the pundits and bloggers were buzzing about the Biden-Trump presidential debate, attackers were certainly not.

Data from website security firm Cloudflare shows the debate didn’t trigger a surge in cyberattacks. That’s a somewhat surprising development, considering how attackers are usually galvanized by big events to flex their disinformation or hacking prowess.

But don’t expect them to be going anywhere: the relative calm follows months of sustained assaults to overwhelm and crash networks on government and political websites, according to Cloudflare.

— Internet traffic nosedive: Cloudflare’s analysis shows that internet usage plummeted across the nation during the debate. Vermont was the highest at a 17 percent drop, followed closely by South Dakota, Wyoming and Alaska at 16 percent each. Battleground states also weren’t immune, experiencing traffic dips between 5 and 8 percent.

— Opposite it true for social media: Social media platforms saw a notable uptick, as video-sharing giants TikTok and YouTube experienced a 4 percent boost in DNS traffic — which is quite rare for those already popular sites. As for X and Threads, traffic growth peaked at 41 percent as the debate kicked off.

— Still some red flags: Email campaigns featuring “Trump” were significantly more likely to contain spam or malicious content than those mentioning “Biden.”

That’s a real concern to pay attention to when it comes to incoming disinformation campaigns and other cyber threats as election season gets hotter.

A message from ThreatLocker®:

The International Scene

ELECTION WEEK IN THE U.K. — While a segment of the United Kingdom narrowly avoided a hot L in the Euros, trouble is still on the horizon as the country gears up for elections later this week.

— The details: Cybersecurity firm ZeroFox assesses foreign entities pose a “significant risk” to the U.K., and are poised to launch disinformation campaigns, hack voter databases, and disrupt voting processes. The situation is further exacerbated by increased campaign spending limits and the advent of AI in political advertising.

ZeroFox researchers say the tactics take the shape of stealthy, yet mass-scale disinformation campaigns, deepfakes and “half-truths” that appear designed to influence voter behavior.

— Look a bit closer: Andrew Borene, executive director of threat intelligence firm Flashpoint, warns of a broader pattern.

"This kind of election interference is exactly the kind of concerted malign influence that we've been observing in all open societies by actors like Russia's Federal Security Service and Chinese Ministry of State Security since at least 2016," Borene said.

— Key date: Election day in the U.K. is this Thursday, July 4.

SUBSCRIBE TO GLOBAL PLAYBOOK: Don’t miss out on POLITICO’s Global Playbook, our newsletter taking you inside pivotal discussions at the most influential gatherings in the world. Suzanne Lynch delivers the world's elite and influential moments directly to you. Stay in the global loop. SUBSCRIBE NOW.

Tweet of the Day

Our secrets are being exposed.

Source: https://x.com/Cyberknow20/status/1807380421723988146

@Cyberknow20/X

Quick Bytes

YEAR OF THE ATTACKS — Data breaches in 2024 have been massive, exposing more than a billion personal and medical records, writes Zack Whittaker for TechCrunch.

FAKE IT TILL YOU MAKE IT — Fake IT support sites are using malicious PowerShell scripts disguised as fixes for common Windows errors to steal user information, reports BleepingComputer’s Lawrence Abrams.

“Some western Canada Co-ops still closed following cybersecurity incident” (CBC)

Chat soon.

Stay in touch with the whole team: Joseph Gedeon (jgedeon@politico.com); John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com); and Heidi Vogt (hvogt@politico.com).

A message from ThreatLocker®:

The White House has recently banned the use of Kaspersky products across the United States, citing concerns over potential data access risks and allegations of incorporating "backdoors" in their software.

In response, ThreatLocker®, a prominent provider of Zero Trust cybersecurity solutions, has introduced a complimentary system cyber health report. This tool offers businesses insights into their IT environments, highlighting vulnerabilities associated with foreign software. This proactive measure assists organizations in assessing and securing their software ecosystems, ensuring compliance and preemptively addressing security threats.

While acknowledging national security concerns raised by foreign software, ThreatLocker® emphasizes the broader scope of vulnerabilities, exemplified by incidents like the 2020 SolarWinds attack. The ThreatLocker® cyber health report comprehensively details all applications in use, their countries of origin, and potential data access implications, promoting informed decision-making and robust security protocols.

Lean More About the ThreatLocker® Cyber Health Report Here.