Chinese-sponsored groups are using the popular Brickstorm backdoor to access and gain persistence in government and tech firm networks, part of the ongoing effort by the PRC to establish long-term footholds in agency and critical infrastructure IT environments, according to a report by U.S. and Canadian security offices.
The post China Hackers Using Brickstorm Backdoor to Target Government, IT Entities appeared first on Security Boulevard.
Warp Panda has been using the BrickStorm, Junction, and GuestConduit malware in attacks against US organizations.
The post US Organizations Warned of Chinese Malware Used for Long-Term Persistence appeared first on SecurityWeek.
Federal agencies face an ever-evolving threat landscape, with cyberattacks escalating in both frequency and sophistication. To keep pace, advancing digital modernization isn’t just an aspiration; it’s a necessity. Central to this effort is the Trusted Internet Connections (TIC) 3.0 initiative, which offers agencies a transformative approach to secure and modernize their IT infrastructure.
TIC 3.0 empowers agencies with the flexibility to securely access applications, data and the internet, providing them with the tools they need to enhance their cyber posture and meet the evolving security guidance from the Office of Management and Budget and the Cybersecurity and Infrastructure Security Agency. Yet, despite these advantages, many agencies are still operating under the outdated TIC 2.0 model, which creates persistent security gaps, slows user experience, and drives higher operating costs, ultimately hindering progress toward today’s modernization and adaptive security goals.
TIC 2.0, introduced over a decade ago, aimed to consolidate federal agencies’ internet connections through a limited number of TIC access points. These access points were equipped with legacy, inflexible and costly perimeter defenses, including firewalls, web proxies, traffic inspection tools and intrusion detection systems, designed to keep threats out. While effective for their time, these static controls weren’t designed for today’s cloud-first, mobile workforce. Often referred to as a “castle and moat” architecture, this perimeter-based security model was effective when TIC 2.0 first came out, but is now outdated and insufficient against today’s dynamic threat landscape.
Recognizing these limitations, OMB introduced TIC 3.0 in 2019 to better support the cybersecurity needs of a mobile, cloud-connected workforce. TIC 3.0 facilitates agencies’ transition from traditional perimeter-based solutions, such as Managed Trusted Internet Protocol Service (MTIPS) and legacy VPNs, to modern Secure Access Service Edge (SASE) and Security Service Edge (SSE) frameworks. This new model brings security closer to the user and the data, improving performance, scalability and visibility across hybrid environments.
In addition to the inefficiencies of a “castle and moat” architecture, TIC 2.0 presents significant trade-offs for agencies operating in hybrid and multi-cloud environments:
TIC 3.0 was designed specifically to overcome these challenges, offering a more flexible, distributed framework that aligns with modern security and mission requirements.
“TIC tax” on agencies — and users
TIC 2.0 also results in higher operational and performance costs. Since TIC 2.0 relies on traditional perimeter-based solutions — such as legacy VPNs, expensive private circuits and inflexible, vulnerable firewall stacks — agencies often face additional investments to maintain these outdated systems, a burden commonly referred to as the “TIC Tax.”
But the TIC Tax isn’t just financial. It also shows up in hidden costs to the end user. Under TIC 2.0, network traffic must be routed through a small number of approved TIC Access Points, most of which are concentrated around Washington, D.C. As a result, a user on the West Coast or at an embassy overseas may find their traffic backhauled thousands of miles before reaching its destination.
In an era where modern applications are measured in milliseconds, those delays translate into lost productivity, degraded user experience, and architectural inefficiency. What many users don’t realize is that a single web session isn’t just one exchange; it’s often thousands of tiny connections constantly flowing between the user’s device and the application server. Each of those interactions takes time, and when traffic must travel back and forth across the country — or around the world — the cumulative delay becomes a real, felt cost for the end user.
Every detour adds friction, not only for users trying to access applications, but also for security teams struggling to manage complex routing paths that no longer align with how distributed work and cloud-based systems operate. That’s why OMB, CISA and the General Services Administration have worked together under TIC 3.0 to modernize connectivity, eliminating the need for backhauling and enabling secure, direct-to-cloud options that prioritize both performance and protection.
For example, agencies adopting TIC 3.0 can leverage broadband internet services (BIS), a lower-cost, more flexible transport option that connects users directly to agency networks and cloud services through software-defined wide area network (SD-WAN) and SASE solutions.
With BIS, agencies are no longer constrained to rely on costly, fixed point-to-point or MPLS circuits to connect branch offices, data centers, headquarters and cloud environments. Instead, they can securely leverage commercial internet services to simplify connectivity, improve resiliency, and accelerate access to applications. This approach not only reduces operational expenses but also minimizes latency, supports zero trust principles, and enables agencies to build a safe, flexible and repeatable solution that meets TIC security objectives without taxing the user experience.
Another inefficiency — and perhaps one of the most significant — of TIC 2.0 is its incompatibility with zero trust principles. As federal leaders move into the next phase of zero trust, focused on efficiency, automation and rationalizing cyber investments, TIC 2.0’s limitations are even more apparent.
Under TIC 2.0’s “castle and moat” model, all traffic, whether for email, web services or domain name systems, must be routed through a small number of geographically constrained access points. TIC 3.0, in contrast, adopts a decentralized model that leverages SASE and SSE platforms to enforce policy closer to the user and data source, improving both security and performance.
To visualize the difference, think of entering a baseball stadium. Under TIC 2.0’s “castle and moat” approach, once you show your ticket at the entrance, you can move freely throughout the stadium. TIC 3.0’s decentralized approach still checks your ticket, but ushers and staff ensure you stay in the right section, verifying continuously rather than once.
At its core, TIC 3.0 is about moving trust decisions closer to the resource. Unlike TIC 2.0, where data must travel to centralized security stacks, TIC 3.0 brings enforcement to the edge, closer to where users, devices and workloads actually reside. This aligns directly with zero trust principles of continuous verification, least privilege access and minimized attack surface.
By decentralizing security and embracing SASE-based architectures, TIC 3.0 reduces latency, increases efficiency and enables agencies to apply modern cybersecurity practices more effectively. It gives system owners better visibility and control over network operations while allowing IT teams to manage threats in real time. The result is smoother, faster and more resilient user experiences.
With TIC 3.0, agencies can finally break free from the limitations of earlier TIC iterations. This modern framework not only resolves past inefficiencies, it creates a scalable, cloud-first foundation that evolves with emerging threats and technologies. TIC 3.0 supports zero trust priorities around integration, efficiency and rationalized investment, helping agencies shift from maintaining legacy infrastructure to enabling secure digital transformation.
Federal IT modernization isn’t just about replacing technology; it’s about redefining trust, performance and resilience for a cloud-first world. TIC 3.0 provides the framework, but true transformation comes from operationalizing that framework through platforms that are global, scalable, and adaptive to mission needs.
By extending security to where users and data truly live — at the edge — agencies can modernize without compromise: improving performance while advancing zero trust maturity. In that vision, TIC 3.0 isn’t simply an evolution of policy; it’s the foundation for how the federal enterprise securely connects to the future.
Sean Connelly is executive director for global zero trust strategy and policy at Zscaler and former zero trust initiative director and TIC program manager at CISA.
The post How the inefficiencies of TIC 2.0 hinder agencies’ cybersecurity progress first appeared on Federal News Network.
© Getty Images/iStockphoto/go-un lee
CISA has described the techniques used by attackers and pointed out that the focus is on high-value individuals.
The post CISA Warns of Spyware Targeting Messaging App Users appeared first on SecurityWeek.
Federal agencies have reported as ‘patched’ ASA or FTD devices running software versions vulnerable to attacks.
The post CISA Updates Guidance on Patching Cisco Devices Targeted in China-Linked Attacks appeared first on SecurityWeek.
The Cybersecurity Information Sharing Act (CISA), a cornerstone of U.S. cybersecurity policy passed in 2015, now faces expiration on September 30, unless Congress renews it. The legislation facilitates the sharing of cyber threat intelligence (CTI) between the federal government and the private sector. It specifically provides legal cover to companies that voluntarily share threat information, encouraging collaboration and transparency without fear of regulatory or legal consequences. The faster, free exchange of information enables better detection of cyber threats, say experts, quickening response and recovery time after an attack.
In August, the FBI released a warning about two hacker groups targeting Salesforce platforms to access sensitive customer data. Over 700 companies are believed to have been affected so far. Other attacks continue to plague utilities, critical infrastructure and businesses across the private sector, with experts warning there will be no let up any time soon.
There is wide consensus of the law’s importance. The House of Representatives is considering the Widespread Information Management for the Welfare of Infrastructure and Government (WIMWIG) Act, which calls for the reauthorization of CISA 2015 for another decade.
The White House has also signaled that it is a near-term priority. National Cyber Director Sean Cairncross said earlier this month, “This law galvanized our collaboration a decade ago, and the White House understands the advantages and liability protections this legislation provides.” He added that he is “actively working” with Congress on reauthorization.
House Republicans have included a short-term extension of CISA 2015 to a stopgap government funding bill that would sustain the law through November 21, giving a little more time to finalize longer-term reauthorization.
Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.
A Pillar to Public-Private Collaboration
A number of notable cybersecurity experts with experience spanning multiple administrations noted at this week’s Cyber Initiatives Group Fall Summit that the measure is critical to U.S. cybersecurity. Executive Assistant Director for Cyber at CISA, Nick Andersen described the legislation as “foundational” for information sharing. He warned that without the liability protections provided under the law, private companies may hesitate to share critical threat intelligence information with the government.
“[If] we’re not able to provide some assurance that somebody can share information with us, whether it is a threat indicator or as a defensive measure, that their exercise within their own environment … won’t expose them to regulatory or legal risk, that makes it a lot harder for us to all do our jobs,” Andersen said.
“Getting CISA 2015 reauthorized is such a key priority for us as an agency and should really be a priority for all of us interacting with the critical infrastructure owner and operator community day to day,” said Andersen.
The bulk of the U.S. cyberattack surface is privately owned, leaving companies on the front lines of defense. Gloria Glaubman, who served as Senior Cyber Advisor at the U.S. Embassy in Tokyo, noted that “most of the target surface is owned by private industry… So they're the ones that first detect the state sponsored campaigns and we are relying on them to have robust security architecture.”
Experts also stress that private companies are often not equipped with the cyber expertise needed to respond quickly enough to an intrusion. And the threats are getting even harder to spot. Speaking on threats from China, like Volt and Salt Typhoon, Glaubman noted: “They’re using legitimate tools, routers, vendor gear rather than noisy custom malware. And that’s completely different from what we’ve seen in the past, which allows them again to live off the land, which makes it hard to detect.”
Matt Hayden, former Assistant Secretary for Cyber, Infrastructure, Risk and Resilience Policy at DHS, said companies need to ask themselves: “Can they react when given nuanced threat intel dynamically, quickly … Can you actually generate a time to detect, a time to respond when provided with authentic CTI-based data on the enterprises you manage and control?”
“If we’re talking in days or weeks of CTI data being provided to a CISO, and they’re still checking patches and assessing their environment, they’re the ‘have nots’,” Hayden said. “You really have a preparedness challenge from the defender’s perspective.”
It is here that CISA 2015 comes in, say the experts, allowing private companies to share the needed information to enable the government to counter and publicize the threat.
Beyond Information Sharing
Experts say the conversation must extend beyond sharing threat intelligence to include rethinking how we view targeted companies. There are still fears that companies will be penalized for having systems that are vulnerable to cyber intrusions, which creates conflicting pressure that may stop them from sharing information with the government and asking for help. John Carlin, former Acting Deputy U.S. Attorney General, emphasized that when a U.S. company is targeted by a nation-state actor, “we must treat the U.S. company as a victim … but it is not baked into our legal regulatory framework.”
“It’s still too often the case that at the same time they’re getting help from some government agencies, others are looking to punish the victim,” Carlin said. “The cost of that in terms of impeding… sharing information is too high given the threat that we face.”
General Timothy Haugh (Ret.), former NSA Director and Commander of U.S. Cyber Command, argued during an interview at the summit that true cybersecurity resilience requires more than rapid information sharing, but real whole-of-society cooperation. “We need to evaluate public-private partnerships not just by how much information is shared, but by how they make us more secure as a nation,” he said. “Where can industry receive assurances that if they collaborate with the federal government for a nation state hacking activity, how can they get some form of protection when they share that information that won't be used for a response from certain regulatory bodies?”
“There's that conversation not about information sharing as a metric,” Haugh said, “but as security of our nation and security of intellectual property, denial of foreign intelligence collection, and securing our critical infrastructure.”
Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.
OPINION / EXPERT PERSPECTIVE — The clock is ticking toward September 30, 2025, when one of America's most vital cybersecurity protections will expire unless Congress acts. The Cybersecurity Information Sharing Act of 2015 (CISA 2015) has quietly become the backbone of our nation's cyber defense. Without creating any additional regulations, it enabled the rapid sharing of threat intelligence between government and businesses that has prevented countless cyberattacks over the past decade. The Act’s protections have facilitated threat warnings to thousands of organizations just this year. Its potential sunset threatens to unleash a wave of cyberattacks that will devastate the small and medium-sized businesses (SMBs) that form a foundational part of our economy.
As someone who has worked on both sides—first leading public-private partnerships at the FBI and now facilitating industry collaboration—I've witnessed firsthand how CISA 2015 transformed our cybersecurity landscape. The law provides crucial liability protections that encourage companies to share threat indicators with the government and each other, while offering antitrust protection for industry-to-industry collaboration. Without these safeguards, the robust information sharing that has made American networks more secure simply stops.
The SMB Crisis Waiting to Happen
The consequences of letting CISA 2015 lapse will fall most heavily on America's small and medium-sized businesses. Recent data from NetDiligence’s 2024 Cyber Claims Study shows that ransomware cost SMBs an average of $432,000 per attack. These businesses don't have the cash reserves to weather extended downtime. At most, many can only survive three to four weeks of operational disruption before facing permanent closure.
According to industry analysis, small and medium enterprises represent 98% of cyber insurance claims while accounting for $1.9 billion in total losses, underscoring their vulnerability in today's threat landscape. CISA 2015’s expiration will significantly weaken the early warning system that has helped businesses stay ahead of emerging threats. Without the government's ability to share robust intelligence about new attack methods, SMBs become sitting ducks for cybercriminals who specifically target organizations that can't afford to lose days or weeks.’’
The Cyber Initiatives Group Fall Summit on Wednesday, September 17 from 12p – 3p is convening experts to engage on the most pressing cybersecurity risks. Save your virtual seat now.
Healthcare: Where Cybersecurity Becomes Life and Death
The stakes become particularly dire in healthcare, where ransomware attacks don't just threaten profits—they threaten lives. The University of Minnesota School of Public Health’s experts estimate that ransomware attacks killed 42 to 67 Medicare patients between 2016 and 2021. These numbers represent a horrifying trend: threat actors deliberately target hospitals because they know healthcare systems will pay quickly to avoid putting patients at risk.
If information sharing degrades after CISA 2015's sunset, hospitals–and all other critical infrastructure–very likely will lose crucial early warnings about ransomware variants and other attack methods. When a hospital's systems are threatened, rapid information sharing matters. Minutes count in medical emergencies, and delays can be fatal.
Economic Ripple Effects
The economic impact extends far beyond individual companies. SMBs make up the vast majority of (99%) businesses in the U.S., and employ nearly half of the private sector’s workforce. According to the U.S. Chamber of Commerce, they’re responsible for 43.5% of our GDP, so their widespread failure would create devastating ripple effects throughout the economy.
More concerning, America's technological leadership depends on the robust threat intelligence sharing that CISA 2015 enables. Our cybersecurity companies lead the world precisely because they have access to comprehensive threat data that helps them develop superior products and services.
Other countries modeled its cybersecurity information sharing after our system, recognizing that America's approach gives us a competitive advantage. If we allow this framework to collapse, we're not just making individual businesses more vulnerable—we're undermining the foundation of American cybersecurity leadership that other nations seek to emulate.
Sign up for the Cyber Initiatives Group Sunday newsletter, delivering expert-level insights on the cyber and tech stories of the day – directly to your inbox. Sign up for the CIG newsletter today.
The Path Forward: Clean Reauthorization Now
There's bipartisan agreement that CISA 2015 should be reauthorized, with experts from across the political spectrum recognizing its vital importance. DHS Secretary Kristi Noem has urgently called for reauthorization, emphasizing that public-private partnerships have grown stronger because of the information-sharing guidelines established in CISA 2015.
The cleanest path forward is a straightforward reauthorization while Congress works through any technical improvements. The core framework has proven its worth over a decade of operation, facilitating billions of dollars in prevented losses and creating a culture where information sharing is the default rather than the exception.
Beyond Politics: A National Security Imperative
In an era of political division, cybersecurity remains one of the few areas where Americans across the political spectrum can find common ground. We need to defend against constant attacks coming from the likes of Chinese actors using ransomware during SharePoint vulnerabilities to Iranian groups deploying ransomware as a political weapon to hundreds of criminal ransomware groups operating at any given time.
The solution isn't more regulation or government overreach. It's the collaborative approach that CISA 2015 has fostered. As I used to tell businesses when I was at the FBI: we can't help you if we don't hear from others, and we can't help others if we don't hear from you. This principle of mutual aid and shared defense has made America stronger, and we cannot afford to abandon it now.
Congress must act before September 30. If we allow our cybersecurity information sharing framework to collapse it will devastate small businesses, endanger the sick, and undermine America's position as the global leader in cybersecurity. The time for action is now, before the attacks that could have been prevented become the disasters we failed to stop.
This column by Cipher Brief Expert Cynthia Kaiser was first published in Fortune.
Are you Subscribed to The Cipher Brief’s Digital Channel on YouTube? There is no better place to get clear perspectives from deeply experienced national security experts.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief because National Security is Everyone’s Business.
EXECUTIVE SUMMARY:
One of the leading cyber security conferences globally, Black Hat USA is where intellect meets innovation. The 2024 event is taking place from August 3rd – 8th, at the Mandalay Bay Convention Center in Las Vegas.
The conference is highly regarded for its emphasis on cutting-edge cyber security research, high-caliber presentations, skill development workshops, peer networking opportunities, and for its Business Hall, which showcases innovative cyber security solutions.
Although two other cyber security conferences in Las Vegas will compete for attention next week, Black Hat is widely considered the main draw. Last year, Black Hat USA hosted roughly 20,000 in-person attendees from 127 different countries.
The Black Hat audience typically includes a mix of cyber security researchers, ethical hackers, cyber security professionals – from system administrators to CISOs – business development professionals, and government security experts.
On the main stage this year, featured speakers include Ann Johnson, the Corporate Vice President and Deputy CISO of Microsoft, Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), and Harry Coker Jr., National Cyber Director for the United States Executive Office of the President.
The Black Hat CISO Summit, on Monday, August 5th through Tuesday, August 6th, caters to the needs and interests of CISOs and security executives. This track will address topics ranging from the quantification of cyber risk costs, to supply chain security, to cyber crisis management.
Professionals who are certified through ISC2 can earn 5.5 Continuing Professional Education (CPE) credits for CISO Summit attendance.
If you’re attending the event, plan ahead to make the most of your time. There’s so much to see and do. Looking for a short-list of must-see speaking sessions? Here are a handful of expert-led and highly recommended talks:
Be ready for anything and bring the best version of yourself – you never know who you’ll meet. They could be your next software developer, corporate manager, business partner, MSSP, or cyber security vendor. Meet us at booth #2936. We can’t wait to see you at Black Hat USA 2024!
For more event information, click here. For additional cutting-edge cyber security insights, click here. Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.
The post A preview of the upcoming Black Hat conference… appeared first on CyberTalk.
It’s no secret that cyberattacks in the U.S. are increasing in frequency and sophistication. Since cyber crime impacts millions of businesses and individuals, many look to the government to see what it’s doing to anticipate, prevent and deal with these crimes.
To gain perspective on what’s happening in this area, the U.S. government’s budget and spending plans for cyber is a great place to start. This article will explore how much the government is spending, where that money is going and how its budget compares to previous years.
In June 2022, the U.S. announced new spending bills for the fiscal year 2023, including an allocation of $15.6 billion for cybersecurity. The majority of the money — $11.2 billion — will be appropriated for the Department of Defense (DoD), and $2.9 billion will go to the Cybersecurity and Infrastructure Security Agency (CISA).
The money going to the DoD will be used in a variety of ways. For example, Paul Nakasone, commander of the U.S. Cyber Command, has discussed plans to grow five Cyber Mission Force teams. Approximately 133 of these already exist and focus on carrying out defensive cyber operations.
Clearly, the majority of funds in the new budget will go to government agencies. However, the government also plans to invest in the private sector and has discussed the importance of strengthening relationships with companies and private organizations.
One key area here is information sharing; after all, cybersecurity is a team sport. However, the government has faced criticism in the past for expecting detailed data from companies while failing to provide adequate information on their end. Recently, government agencies have spoken more about working towards more open and two-sided information sharing, but only time will tell how successful that strategy will be.
U.S. lawmakers have asked the defense secretary to work more closely with CISA and the private organizations within it, especially in areas related to Russian and Chinese activity. CISA has also received $417 million more in funding than was initially requested by the White House.
Compared to the previous few years, investment in cybersecurity is gradually increasing. 2021 saw $8.64 billion in spending, followed by a slight increase in 2022.
It’s a positive trend that signals the government is taking the issue seriously. But are state and local governments keeping up?
The data shows that the government is also investing in cybersecurity in non-financial capacities at the local and state level. In 2021, for instance, state legislative sessions saw more than 285 pieces of cybersecurity-related legislation introduced, and in 2022 that number increased to 300.
In addition, President Biden introduced the Infrastructure Investment and Jobs Act in 2021, which allocated $1 billion in grants to bolster cybersecurity at the local, state, tribal and territorial levels. The government will distribute this amount over four years until 2025.
It adds up to a promising development for local and state governments, who are finally gaining the resources to protect their communities more effectively. Plus, it demonstrates a growing understanding of the importance of cybersecurity at the federal level and, hopefully, a more informed approach in the future.
While cybersecurity funding is one truly positive sign, there are more reasons to be hopeful — such as the appointment of the USA’s first-ever National Cyber Director, Chris Inglis.
Looking to the future, the U.S. will need to constantly readjust its cyber defense posture and adapt to this ever-changing landscape, especially as cyber crime becomes not only more common but also more challenging and complex. It costs money to do that effectively, so the government must prioritize cyber funding for the foreseeable future.
Of course, individual organizations will need to take responsibility for their own security, too.
IBM can help — with solutions like the Security QRadar XDR, you get a suite of tools and powerful features to help you defend your organization against attacks and keep your teams focused on what’s important. Find out more here.
The post How Much is the U.S. Investing in Cyber (And is it Enough)? appeared first on Security Intelligence.
Login