Trump fires investigators, Microsoft 365 Threats, US Cybersecurity Insufficient
Every day we wake up to the news of a fresh new threat attack in one or the other corner of the world. With governments around the world putting in so much effort to keep their people cyber-safe, this is our humble attempt at keeping you aware of what’s happening around the cyber ecosystem. By keeping yourself updated, you reduce the chance of being a cyber victim significantly.
It’s your vigilance and cyber knowledge that will enable you to stay out of the clutches of cybercriminals.
This is the 4th bulletin of the month, where we will talk about the sudden dismissal of the Salt Typhoon investigation team. Then, we will focus on Microsoft 365 attacks. Lastly, we will shed light on the TikTok ban and its impact on US cybersecurity.
Are you all geared up to walk around the lanes of cybersecurity?
Let’s get started!
Salt Typhoon hacking case investigators get fired by Donald Trump!
The very first day of Trump’s administration didn’t turn out to be smooth for the advisory committee members of the Department of Homeland Security. This includes the members of CISA (Cybersecurity and Infrastructure Security Agency) and CSRB (Cyber Safety Review Board). Basically, the CSRB was involved in the investigation of the Salt Typhoon hacking case. Salt Typhoon is a China-based state-sponsored group of hackers who allegedly carried out data breaches across nine telecommunications networks in the last couple of months.
The reason behind the sudden dismissal is said to be a well-thought-out plan for preventing ‘misuse of resources.’
The CSRB members who have been fired include reputed cybersecurity personnel such as Chris Krebs as well as former Biden administration officials.
There’s no clarity about the new participants.
Email bombing and Vishing most common in Microsoft 365 attacks!
Two different ransomware attack groups are using email bombing and vishing tactics through Microsoft Office 365. Certain cyber incidents that took place back in November and December 2024, respectively, led to a thorough investigation conducted by Microsoft. The two groups have been tracked by cybersecurity experts as STAC5777 and STAC5143. STAC5777 is also known as Storm-1811. It is believed that STA5143 is applying the tactics which it has learnt from Storm-1811.
Sophos MDR (Managed Detection and Response) has stated that within the past two weeks, there have been more than 15 cyber incidents that include vishing and email bombing. Basically, the threat actors try to gain access to Microsoft’s remote control tools such as Teams screen sharing and Quick Assist. Then, the attackers try to gain control over the victim’s device.
Eventually, they install malware on those devices. Next, they make Teams calls or send Teams messages from any of the cybercriminal-controlled Officen365 devices. Throughout the call, they pretend to be from the tech support team. These threat actors also send out multiple spam emails so that the Outlook mailboxes get overwhelmed.
STAC5777 and STAC5143 deployed Black Basta and Python ransomware to attack all the users.
Sophos has urged organizations to take vigilant moves in order to prevent similar ransomware attacks in the future.
To further secure your organization’s communication channels, it is essential to implement SPF, DKIM, and DMARC protocols, which work together to authenticate email sources, reduce phishing risks, and ensure that only legitimate communications are delivered to your inbox.
TikTok ban isn’t enough for US cybersecurity!
Experts like Miracco from Approov, the mobile app protection company, believe that the TikTok ban is not adequate in terms of US cybersecurity. The ban is purely centered on TikTok, which experts urge is an incomplete move. They want authorities to consider both foreign as well as domestic social media platforms and monitor their activities closely. Every social media app, irrespective of its developer country, should be held accountable for its data management and privacy systems.
They also think that US legislation and law-making bodies are not yet as advanced as the latest technology. Hence the legalities are not adequate to cater to deal with such bans and social media requirements. The extra slow speed of legal actions makes it too hard for lawmakers to keep up with the ever-dynamic social media trends and technological advancements. As a result, users tend to stay vulnerable to potential threats around social media platforms.
Another cause of concern is that because of the sudden ban on TikTok, users may switch to its alternatives without conducting a thorough background check. These considerably new TikTok alternatives are highly likely to be less secure in nature.
The Chief Marketing Officer of AppSoc, Willy Leichter, suggests that users, as well as authorities, must be prepared to face the consequences because of the out-of-the-blue ban on TikTok and its miraculous restoration within 12 hours. While users should wait patiently to find out the reality around TikTok’s ban, they should also be careful enough before jumping onto another alternative. Also, authorities should pay close attention to TikTok alternatives and check whether or not they are absolutely safe options for users.