China's Salt Typhoon, Google Outages, and IT/OT Convergence in Cybersecurity

Global Cyber Threats and Incidents

• 🇨🇳 Salt Typhoon is highlighted as China's most ambitious cyber campaign, impacting telecommunications and other sectors in over 80 countries and potentially nearly every American.
• 🌍 A major Google outage disrupted services like YouTube and Maps across Southeastern Europe, including Bulgaria, Turkey, and Greece.
• 🔓 A critical zero-day flaw in FreePBX (CVSS 10) was patched after being exploited in the wild since August 21st, impacting multiple versions and leading to its addition to CISA's KEV catalog.
• 🕵️‍♀️ Researchers uncovered an evolution in the XWorm backdoor campaign, now employing deceptive tactics like disguised executables and multi-stage infection chains.
• 👻 Ghost Redirector, a new China-aligned threat actor, has compromised at least 65 Windows servers, primarily in Brazil, Thailand, and Vietnam, using custom tools and public exploits.
• 🪤 CISA added two TP-Link router flaws to its KEV catalog, linked to the China-linked Storm0940 and the Quad 7 botnet.
• 💰 The U.S. State Department is offering a $10 million bounty for information on three Russian FSB officers linked to cyber attacks against U.S. critical infrastructure.

IT/OT Convergence for Critical Systems

• 💧 IT/OT convergence in securing critical water and wastewater systems is challenging due to smaller, municipally funded entities lacking deep IT and OT expertise and budgets.
• 🧠 Effective convergence requires blending IT and OT skill sets to solve problems safely, considering the antiquated nature and potential environmental/safety impacts of OT systems.
• 📊 Success in IT/OT convergence starts with contextual data, understanding an asset's function within a facility, not just a list of assets or vulnerabilities.
• 🤝 The burden of learning the other side of the IT/OT fence is increasingly expected from boards and insurers, with decision-making often originating from IT but operations remaining paramount.
• 🏭 For greenfield facilities, security can be built-in from the start, unlike legacy brownfield systems which require more complex context to make informed decisions.
• 📈 Best practices for limited resources involve viewing cybersecurity efforts as part of a program, with each step supporting ultimate goals like life cycle management and backup/restoration plans.

Cybersecurity Misinformation

• 📰 Rumors of a catastrophic Gmail breach affecting 2.5 billion users were clarified by Google, stating the company never issued such a warning and that Gmail blocks over 99.9% of phishing and malware.