Cyber Security Headlines Week in Review: Industrial infrastructure threat,  BEC attempts on the rise, TikTok’s Texas progress

Cyber Security Headlines – Week in Review, May 22-26, is hosted by Rich Stroffolino with our guest, Rich Greenberg, ISSA Distinguished Fellow and Honor Roll, ISSA-LA.

Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at

Mysterious malware designed to cripple industrial systems linked to Russia

A rare form of malicious software designed to infiltrate and disrupt critical systems that run industrial facilities such as power plants has been uncovered and linked to a Russian telecom firm, according to a report released Thursday from the cybersecurity firm Mandiant. The discovery of the malware dubbed “CosmicEnergy” is somewhat unusual since it was uploaded to VirusTotal — a service that Google owns that scans URLs and files for malware — in December 2021 by a user with a Russian IP address and was found through threat hunting and not following an attack on a critical infrastructure system. CosmicEnergy joins a highly specialized group of malware such as Stuxnet, Industroyer and Trisis that are purpose built for industrial systems. 


Chinese hackers that triggered US alarm hit defense targets

A group of Chinese hackers who recently triggered a multi-nation alert have been conducting a cyberespionage campaign against military and government targets in the United States, researchers said on Thursday. The group – dubbed “Volt Typhoon” by Microsoft – was the subject of an alert issued by cybersecurity and intelligence agencies in the United States, Britain, and their close allies. That warning said Volt Typhoon was developing capabilities “that could disrupt critical communications infrastructure between the United States and Asia region during future crises.” The group has targeted critical infrastructure organizations in the U.S. Pacific territory of Guam, Microsoft said.(Reuters)

BEC attempts on the rise

Microsoft’s latest Cyber Signal report shows that the company detected 35 million business email compromise attempts in the last year, seeing an average of 156,000 attempts per day. This came as part of an overall 38% increase in cybercrime as a service attacks against business email since 2019. These attacks generally don’t target unpatched vulnerabilities. Rather they generally focus on using the sheer volume of email to get victims to accidentally share financial information or otherwise facilitate a transfer of funds. Microsoft observed attackers using multichannel spamming campaigns, including fake 2FA authentication, to eventually wear down victims. 

(CSO Online)

NIST helps small businesses with cyber readiness

When we cover ransomware attacks on this show, often we highlight attacks against large organizations. But in terms of ransomware volume, these represent the exception not the rule. A recent Coveware study found 72% of ransomware attacks impacted organizations with less than 1,000 employees, with 29% hitting those with less than 100. To respond to this reality, the National Institute of Standards and Technology launched the  Small Business Cybersecurity Community of Interest, or COI. This aims to provide a two-way street to communicate with small businesses. The COI will provide company reps to provide NIST feedback about cybersecurity issues. These will inform how NIST issues guidance and develops tools specifically for small businesses. 

(Security Intelligence)

Thanks to today’s episode sponsor, Sonrai Security

Did you know that 81% of breaches are due to compromised identities? It’s a sobering statistic and one that enterprise organizations cannot afford to ignore. Sonrai Security has made a name for itself by securing enterprise clouds from the inside out, securing every identity, access, and permission in the cloud. Download Sonrai Security’s new CIEM Buyer’s Guide to learn more about fortifying your cloud from the inside out at

Fake images on Twitter briefly spook the stock market 

This week a fake photo, some speculate was created using generative AI, surfaced on social media and appeared to show an explosion near the Pentagon. The fake image was shared by several Twitter blue accounts (who paid the $8 blue checkmark fee) including in a post appearing to be associated with Bloomberg News reading, “Large explosion near the Pentagon complex in Washington DC. – initial report.” The false reports were picked up by other media outlets including major Indian network, Republic TV. Just moments after the image began circulating on Twitter, the US stock market took a noticeable dip with the Dow Jones Industrial Average falling about 80 points for about four minutes, but fully recovering several minutes later. Similarly, the S&P 500 went from up 0.02% to down 0.15% during the same period before returning to positive. Though the impact was brief, it’s likely that some people lost and gained a lot of money. It’s also noteworthy that the main vector that made it possible for the image to have even a slight (and temporary) impact is use of the faux Twitter blue “verification” checkmark.


Ransomware gang pulls Philadelphia Inquirer listing after victim questions documents

The Cuba ransomware group removed its listing of The Philadelphia Inquirer on its darknet extortion site on Wednesday after the paper cast doubts on the authenticity of documents the criminals provided for download. Cuba claimed to have posted a trove of files stolen from the Inquirer, including “financial documents, correspondence with bank employees, account movements, balance sheets, tax documents, compensation, source code,” but the publisher said that the company had seen no evidence that the information was actually related to the newspaper.

(The Record)

TikTok makes progress on Project Texas

This project marks TikTok’s attempt to ease US concerns about it sharing user data with China. This would see US user data stored domestically and overseen by the TikTok US Data Security Committee. In an update on this project, TikTok CEO Shou Zi Chew announced that Oracle began reviewing TikTok’s source code. Chew also said TikTok is “on track” to have all US user data hosted in the US. Oracle data centers are now the default destination for US user data, eventually the company will migrate existing US data there from its Singapore-based servers. 


GDPR is 5 years old, and over 1 million people have asked to be forgotten

On the 5th birthday of GDPR, a new study from Surfshark shows that between 2015 to 2021, over 1 million “right to be forgotten” requests to delist certain search results were submitted to Google and Microsoft Bing, from 32 countries. Points from the study show France is in first place with over 255,000 requests; when the Covid-19 pandemic started, “right to be forgotten” cases rose nearly 30%; Estonia had the most requests per 10,000 people, more than 2.5 times higher than average, and 1 in 10 “right to be forgotten” web page delisting requests are crime-related.