Cyber Security Headlines: CISA incident reporting, Linux-focused IoT malware, Albania cuts ties over cyberattack

CISA asks for feedback on reporting rules

Back in March, President Biden signed a new law requiring critical infrastructure owners and operators to report major cyberattacks to CISA within 72 hours and ransomware within 24 hours. CISA Director Jen Easterly said officials will formally begin asking industry leaders for feedback on the regulatory structure for this reporting “in the next couple of days.” The agency will use the feedback to better understand what’s going on in private industry ecosystems to build an effective regulatory apparatus. Easterly emphasizes she wants a “consultative” rule-making process.


New Linux-focused malware targets IoT

Researchers at AT&T Alien Labs detailed the new malware, dubbed Shikitega. This uses a unique multistate infection chain using a series of modules. These modules each serve a specific purpose in the infection chain, along with downloading and executing the next one. It uses a polymorphic encoder to avoid antivirus detection and uses legitimate cloud services for C2 servers. The chain ends with a full device takeover and the installation of the XMRig cryptominer. Alien Labs says this demonstrates the overall rise in Linux-based malware over the last 12-months, up 650% on the year. 

(Dark Reading)

Albania cuts diplomatic ties over cyberattack

Albania’s Prime Minister Edi Rama said the country cut diplomatic ties with Iran, citing a major cyberattack in July that shut down several government services and websites. This marks the first time a nation severed diplomatic ties directly over such an incident. A group referred to as “HomeLand Justice” took credit for the attack. Rama said an investigation found “undeniable evidence” that the attack “was orchestrated and sponsored by the Islamic Republic of Iran.” The security firm Mandiant expressed “moderate confidence” the attackers acted in support of Teharn’s anti-dissident efforts.


Twitter will face Mudge allegations in lawsuit

In the latest update to Twitter’s lawsuit against Elon Musk, the billionaire got both good and bad news. Delaware Chancellor Kathaleen St. Jude McCormick denied Elon Musk’s attempt to push back the October trial date for Twitter’s lawsuit, saying Twitter would be unduly harmed in a delay. However she said that Musk should be granted a wide latitude to amend claims before the start of the trial, including incorporating claims made by Twitter’s former security chief Peiter Zatko. The two sides must negotiate to allow for “limited” discovery of Zatko’s documents in the case. 

(The Verge)

Thanks to today’s episode sponsor, Snyk

Developers want to code fast and security wants to ship securely — and they want to do it all from the cloud. That’s why they both choose Snyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use.
Code, dependencies, containers, cloud environments… all of it.

And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects and cloud environments, so they can prioritize and focus their efforts in the right places.

Developer tested. Security approved. Start your free Snyk account at

Hotel group discloses cyberattack

In a filing with the London Stock Exchange, InterContinental Hotels Groups disclosed “parts of the company’s technology systems have been subject to unauthorized activity.” This began on September 5th and was described as “ongoing.” Customers attempting to book rooms or access rewards saw a maintenance message on hotel sites. Messaging around the attack suggests ransomware. There’s no indication the attack compromised guest data at this time. InterContinental Hotels Group oversees many hotel brands including InterContinental, Crowne Plaza, and Holiday Inn. 


ISPs drop lawsuit against Maine privacy law

Back in 2019, Maine passed an internet privacy law. This required internet service providers to obtain opt-in approval before they could use, disclose, sell or provide access to customers’ personal information. A group of industry associations representing ISPs filed a lawsuit in February 2020 on First Amendment grounds. A judge had already dismissed the First Amendment argument last year, but the industry group had still been involved in legislation challenging the law. Now, Maine Attorney General Aaron Frey announced that the group filed to dismiss its lawsuit challenging the state’s internet privacy law. 


KillNet strikes Japanese government sites

The Russian-affiliated group claimed credit for a series of cyberattacks across Japan, hitting several companies as well as 20 sites across four government agencies. The Japanese government said it began investigating if a denial-of-service attack took down the sites. It didn’t confirm KillNet’s involvement in recent outages at its e-Gov portal. Security researchers at Check Point Software believe KillNet caused these outages, saying it lines up with Japan’s support for Ukraine in its ongoing conflict with Russia. If true, this follows other attacks by KillNet impacting  Italy, Lithuania, Estonia, Poland and Norway.

(InfoSecurity Magazine)

Cisco passes on patching end-of-life routers 

Cisco issued a security advisory, warning that it will not patch a zero-day on its RV110W, RV130, RV130W, and RV215W routers, as they have reached end of life. The company last sold these routers on December 2, 2019. The flaw results from a faulty password validation algorithm that could be used to log into a VPN using “crafted credentials” with IPSec VPN Server enabled. This could ultimately allow the attack to gain admin privileges. Cisco found no evidence of the flaw in the wild, and didn’t find any proof-of-concept exploits. 

(Bleeping Computer)

Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.