Cybersecurity Threats Amidst US Government Shutdown: CISA Furloughs, Data Breaches, and Quantum Preparedness

CISA Furloughs and Government Shutdown Impact

• ⚠️ The US Cybersecurity and Infrastructure Security Agency (CISA) has furloughed most of its workforce due to the government shutdown, leaving only 35% of staff active.
• 📉 This disruption coincides with the expiration of CISA 2015, a law shielding companies from liability when sharing cyber threat information, leading to fears of weakened collective defense.
• ⏳ Experts warn that government shutdowns naturally slow down crucial cybersecurity work, creating partial pictures of cyber activity and a need to play catch-up.

Major Data Breaches and Cyber Incidents

• 🛡️ The US Air Force is investigating a SharePoint-related breach that may have exposed personally identifiable and health information.
• 💰 Google warns of a large-scale extortion campaign targeting executives, linked to the Klopp ransomware gang, demanding ransoms of up to $50 million.
• 📱 Researchers uncovered two Android spyware campaigns, Pro Spy and Tuspy, disguised as popular messaging apps, targeting users in the UAE.
• 💻 An extortion group claims to have stolen 570 gigabytes of data from Red Hat's private GitHub repositories, though Red Hat confirmed a security incident affecting its consulting business but not the software supply chain.
• 🚗 Motility Software Solutions, a provider for RV and powersport dealers, is notifying over 750,000 people of a ransomware breach that stole personal data.
• ⚙️ Patchwork APT is deploying a new PowerShell loader that abuses Windows scheduled tasks for persistence and payload delivery.

Quantum Computing and Future Security

• ⚛️ Senator Marsha Blackburn is urging aggressive US action to prepare for a post-quantum future where current encryption may be broken.
• 📈 Legislation is being promoted to require agencies to move at least one high-risk system to quantum-resistant encryption by 2027.
• 🚀 Priorities include countering Chinese ambitions in emerging technologies, workforce development, commercial involvement, and stronger encryption.

Crypto Fraud and Health Information Misuse

• ⚖️ A Malaysian man pleaded guilty in London to supporting a massive crypto fraud scheme that stole $6.2 billion from over 128,000 victims.
• 🏥 Kadia Healthcare was fined $182,000 for posting patient photos and medical details online without required consent, highlighting that protected health information is not a marketing tool.