**Databarracks Launches Air Gap RecoverDatabarracks Launches Air Gap Recover**

PRESS RELEASE

Databarracks has announced the launch of Air Gap Recover, a new service that provides enhanced protection against cyber threats, including ransomware attacks.

Designed specifically for cloud-native environments, Air Gap Recover provides isolated, air-gapped data protection and automated failover to guarantee rapid recovery from any cyber attack.

“Traditional data protection solutions don’t work for cloud-native systems and businesses,” said James Watts, Managing Director of Databarracks.

“Native cloud tools are designed more for simplicity than resilience and lack the functionality you need to fully protect your data. Enterprise backup solutions, on the other hand, struggle to scale and can’t handle the volume of data stored in modern cloud systems. Whichever you choose, your recovery is compromised – it either takes too long to restore operations or, in a worst-case scenario, you’re left with no clean copy of data to recover from at all.

“Air Gap Recover addresses these shortcomings. It’s equipped to protect the petabytes of data and globally distributed architectures within cloud-native environments – allowing for complex cloud-scale recovery.

“In 2025, cyber remains the number one threat to business continuity. We know it is no longer a question of “if” but “when”. But no matter the scale or severity of the cyber event – and cloud-native environments are not immune – Air Gap Recover ensures your critical data is protected. If the worst happens – your cloud account is breached, and your data is encrypted or deleted – you failover instantly to a secure and separate account. Your business stays operational while others would scramble to recover.”

Key features include:

*   Advanced air-gapped security: Data is stored in immutable, isolated cloud accounts to protect against ransomware and other cyber threats.
    
*   Automated failover: Provides immediate cross-region failover to a segregated cloud account, ensuring instant recovery with near-zero downtime.
    

Stepping in where traditional solutions fall short, Air Gap Recover sets a new standard for cloud-native data protection to further strengthen Databarracks’ IT resilience offering.

About Databarracks

Databarracks is the technology and business resilience specialist.

In 2003, we launched one of the world’s first managed Backup services to bring indestructible resilience to mission-critical data.

Today, we deliver award-winning IT resilience and continuity services. We help organisations get the most out of the cloud and protect their data, wherever it lives.

And we back this up with unbeatable support. There’s no such thing as ‘above and beyond’ for our engineers because they only work to one standard: to keep your systems running perfectly.

Enterprise-class continuity, security, and resilience. Accessible for all. 

You May Also Like

Databarracks Launches Air Gap Recover

A year after Google and Yahoo started requiring DMARC, the adoption rate of the email authentication specification has doubled; and yet, 87% of domains remain unprotected.

Source: Tapati Rinchumrus via Shutterstock

A year after Google and Yahoo forced bulk email senders to implement the Domain-based Message Authentication, Reporting, and Conformance (DMARC) standard, the rate of the adoption of DMARC among domains has doubled, although many of the same email threats continue to successfully deliver payloads or redirect unwary users to phishing sites.

The increase in adoption started in February 2024, when Google and Yahoo started requiring bulk email senders — defined as any company sending more than 5,000 email messages daily — to use DMARC. The email authentication standard uses two authentication specifications — Sender Policy Framework (SPF) and DomainsKeys Identified Mail (DKIM) — to confirm that an email comes from an authorized email server and on behalf of the purported sender. The technology makes it much more difficult to spoof email from a legitimate company or brand.

In the past year, adoption has increased by about 2.3 million domains, but that still leaves about 87% of domains without a DMARC record, according to data published by cyber-resilience firm Red Sift on Feb 5. Adoption is also uneven, with organizations in Austria, Japan, and Indonesia seeing some of the highest growth and publicly traded companies making the most significant gains.

Related:Microsoft: Thousands of Public ASP.NET Keys Allow Web Server RCE

While doubling the adoption rate of DMARC is a significant success, the private sector needs to do better, says Sean Costigan, managing director of resilience strategy at Red Sift.

"DMARC is considered an indicator of cyber maturity in many sectors, and we are still in the early days — healthcare, for example, is struggling to surpass 40% to 50% adoption," he says, adding that "widely, properly managed DMARC adoption will reduce spoofing, phishing and other forms of cybercrime."

Source: Red Sift

Google, for example, has seen a significant reduction in questionable email. In 2024, Gmail users saw 265 billion fewer unauthenticated emails, or about 65% less. During the 2024 holidays, a season that typically sees a massive spike in phishing attacks, users encountered 35% fewer scams, says Neil Kumaran, group product manager at Google.

"We think these improvements represent a huge boost in the health of the email ecosystem overall," he says. "We are actually seeing the industry embrace these requirements, seeing how important they are to increase the healthy ecosystem for everybody."

**DMARC Adoption Likely to Accelerate**

Large email senders are not the only groups quickening the pace of DMARC adoption. The latest Payment Card Industry Data Security Standard (PCI DSS) version 4.0 requires DMARC for all organizations that handle credit card information, while the European Union's Digital Operational Resilience Act (DORA) makes DMARC a necessity for its ability to report on and block email impersonation, Red Sift's Costigan says.

Related:Abandoned AWS Cloud Storage: A Major Cyberattack Vector

"Mandatory regulations and legislation often serve as the tipping point for most organizations," he says. "Failures to do reasonable, proactive cybersecurity — of which email security and DMARC is obviously a part — are likely to meet with costly regulatory actions and the prospect of class action lawsuits."

Overall, the authentication specification is working as intended, which explains its arguably rapid adoption, says Roger Grimes, a data-driven-defense evangelist at security awareness and training firm KnowBe4. Other cybersecurity standards, such as DNSSEC and IPSEC, have been around longer, but DMARC adoption has outpaced them, he maintains.

"DMARC stands alone as the singular success as the most widely implemented cybersecurity standard introduced in the last decade," Grimes says.

**Subdomain Attacks Exploit Gaps**

Yet that does not mean that threats have diminished. Attackers have adapted, Grimes says. Typically, attackers will just use lookalike domains — or use creative punctuation to create confusion — and fool the end user while still sending messages from an authenticated domain.

Related:Name That Toon: Incentives

"Since the creation and wide-scale adoption of DMARC, the percentage and number of phishing emails claiming to be from a particular legitimate domain are significantly less, perhaps just a few percent of what they used to be," Grimes says. "Unfortunately, phishers just created new illegitimate domains, often with lookalike names, that they then applied DMARC on so that the new, illegitimate domains passed DMARC inspection."

One technique used to dodge DMARC is "subdomail," where attackers seek out SPF records that include unregistered domains, and then take control of the orphaned domains as a way to conduct massive spamming campaigns. In one case, an SPF record for msnmarthastewartsweeps.com "included" two domains, allowing any authorized mail servers listed in those domain records to send authenticated email. In the Sender Policy Framework, the "include" keyword allows on domain to specify that those domains' lists of authenticated email servers should be trusted. For msnmarthastewartsweeps.com, that resulted in nearly 18,000 domains being authorized to send email on behalf of the domain.

Because the email messages make it past DMARC checks, they are more likely to successfully impersonate other companies, says Red Sift's Costigan.

"SubdoMailing exploits gaps in DMARC safeguards, allowing attackers to send emails from subdomains that pass both SPF and DMARC checks," he says. "These messages appear legitimate and are incredibly deceptive."

**BIMI on Deck for Email Security**

Still, companies gain much more visibility into their email by using DMARC, as the standard includes a reporting function that allows companies — or service providers on their behalf — to track email failures. Thus, companies should rapidly move from "none" to "quarantine" to "reject" as their policy, experts say.

In addition, companies should also look to take the next step, moving to Brand Indicators for Message Identification or BIMI, which allows companies to present a logo to email recipients. BIMI requires strict DMARC, however, and only about a third of domains currently comply, according to Red Sift's data.

While none of these technologies solve the problem of malicious emails, they all give companies and their email service providers more reliable signals to use to filter out unwanted messages and potential attacks, says Google's Kumaran. DMARC adoption does not boil down to "authenticated mail is good, and unauthenticated email is bad," he says.

"The idea is that authentication gives you confidence of the source of the message, and then you can start to do a better job of classification and actually providing protections to users," Kumaran says. "So I think it's a very desirable behavior if 100% of attacks are actually authenticated, because it makes the job of protecting people — and gives those the folks working in defending — stronger signals on which to operate."

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Google's DMARC Push Pays Off, but Email Security Challenges Remain

As the cost of data breaches continues to climb, the role of user and entity behavioral analytics (UEBA) has never been more important.

Jackie Wyatt, Adjunct Professor of Cyber Studies, University of Tulsa

February 7, 2025

4 Min Read

Source: Igor Stevanovic via Alamy Stock Photo

COMMENTARY

Last year, the cost of a data breach rose 10%, from $4.4 million to $4.8 million, as stated by IBM's annual "Cost of a Data Breach Report." According to cybersecurity firm Vectra AI, more than 70% of security operations center (SOC) leaders fear that a real attack will be hidden under an overwhelming flood of false-positive alerts and other security noise. The resulting burnout may be contributing to the labor shortage plaguing the industry. 

As the cost of data breaches continues to climb along with the deluge of meaningless alerts on an increasingly stressed workforce, the role of behavioral analytics in cybersecurity, or user and entity behavioral analytics (UEBA), has never been more important. That role is even more critical for schools, government agencies, and hospitals and other healthcare facilities. These entities play crucial roles in our day-to-day lives but operate with limited resources. They tend to have smaller cybersecurity teams and less money, amplifying the potential perils of a breach. In fact, the smaller the team, the greater the need for UEBA, which has a number of benefits.

**Weeds Out the Noise **

In the absence of behavioral analytics, every login and machine connection can result in an alert for the SOC. Without the ability to differentiate true threats from false positives, every threat detected is treated with high priority, which may cause the true positives to either get missed or not be addressed in a timely fashion. In places like schools, government offices, and medical facilities the consequences of missing an actual threat are monumental. These establishments thrive on their reputation while accumulating critical information that could mean life or death for a person.   

The danger of alert fatigue is real, causing SOC analysts to eventually ignore certain signals or attempt to address them all with no sense of which ones indicate actual risk. UEBA tracks access patterns across people, machines, and systems; eventually detecting and alerting the SOC only when there's a true risk. Not only does this approach cut out alert noise, it also limits the information bombarding the security team, reduces false positives, and virtually eliminates alert fatigue so analysts can focus on important alerts. Using behavioral analytics to detect the patterns that are normal makes it much easier to spot the ones that aren't. 

**Allows for Prioritization**

Using UEBA is already a no-brainer for many SOCs, but it has not been implemented for most hospitals, government institutions, and schools. Analyzing behavior patterns could have an even bigger payoff for those types of entities, in part because their teams are small. With a fully functioning, automated UEBA system, analysts know alerts are far more likely to be credible and worth their time to investigate. 

When discussing pattern detection and automation, AI naturally springs to mind. This makes perfect sense because UEBA is an excellent use case for AI. The kind of public sector/public good entities that have the most limited resources are best suited to leverage the power of AI combined with UEBA. It could virtually eliminate the disadvantage of fewer resources because a well-trained AI would only surface credible threats for human vetting. AI is not susceptible to alert fatigue, burnout, or the lure of a higher salary elsewhere. An automated system may be able to handle threat response, however its greatest potential lies in prioritizing potential threats for SOC analysts to analyze them more efficiently. This saves engineers and analysts countless hours, since they do not have to craft rules and queries to achieve the desired outcome.

**Reduces Risk **

It may be difficult for some executives to wrap their heads around placing an automated system at the heart of their security operations. Some worry about all the company data being in one place. Others fear AI might miss something, but it seems that the risk of a small and overwhelmed team subject to burnout is greater. While it's possible for a problem to surface with AI, it's more likely that a problem will arise with stressed out people.  

Some companies have already seen the benefit of involving AI in their security operations. About 70% of those that responded to a Vectra AI survey said AI has already reduced burnout and increased threat detection and response abilities. Imagine moving the needle that much for the places that instruct our kids, provide healthcare, and keep the lights on. 

**About the Author**

Adjunct Professor of Cyber Studies, University of Tulsa

Jackie Wyatt is an adjunct professor of cyber studies at the University of Tulsa and a cybersecurity operations analyst at QuikTrip. Jackie received a master’s degree in cybersecurity from Maryville University. She holds the Certified Enterprise Defender (GCED) certification and Coin from SANS, marking her as an expert in network defense and incident response. Her combination of advanced education and hands-on experience makes her a valuable figure in the cybersecurity field.

Behavioral Analytics in Cybersecurity: Who Benefits Most?

Local law enforcements need to steer away from "place-based policing" when investigating cybercrimes.

Source: motortion via Adobe Stock Photo

Last November, an Idaho man was sentenced to 10 years in prison for hacking into the computer servers of 19 victims across the United States, stealing personally identifiable information (PII) belonging to more than 132,000 people, and attempting to extort a Florida orthodontist for payment in Bitcoin cryptocurrency.

The perpetrator, Robert Purbeck, had also purchased access to the computer server belonging to a medical clinic in Griffin, Ga., from a cybersecurity forum and used stolen credentials to remove records containing sensitive PII, such as birth dates and Social Security numbers for 43,000 individuals, according to the US Department of Justice. In addition, Purbeck purchased access to a server belonging to the police department of Newnan, Ga., and stolen police reports and other documents, including the PII for over 14,000 people.

This case illustrates some of the challenges law enforcement currently face trying to investigate and arrest criminals in an increasingly digital world where cybercriminals operate across state — and often national — lines, employing a variety of tools. While the FBI plays a significant role in investigating cybercrime, most of the responsibility often falls to local law enforcement — municipal police departments, county sheriff's offices, and other local agencies. These groups have to determine jurisdiction and secure limited resources while staying on top of the ever-evolving threat landscape.

In 2023, the Federal Bureau of Investigation's Internet Crime Complaint Center (IC3) received 880,418 cybercrime complaints, a nearly 10% increase from 2022. Potential losses exceeded $12.5 billion, up 22% from 2022. While the figures for 2024 are not yet available, the numbers are expected to be even higher.

At the top of the list is a need to evolve beyond place-based policing, says Dr. Chris Moloney, an instructor at Colorado State University whose research focuses on the digital transformation of public safety agencies.

"One of the greatest challenges is that \[local\] agencies have historically evolved to be place-based, and they've been resourced to deal with physical, tangible crimes, burglaries, robberies, arsons, homicides, all those that show up on TV shows and in the newspapers," he says. "But cybercrime is borderless. Your perpetrator could be thousands of miles away, and your victims could be in your small local town that has a police department with 15 employees. That's a fundamental challenge."

In addition to questions of place and jurisdiction, Moloney says local law enforcement also suffers from resource and "capability gaps." Local police departments may struggle to allocate budgets for software that can analyze forensic evidence or hire personnel with expertise in areas like encryption or blockchain.

And prioritizing cybercrime often takes a back seat to the day-to-day issues facing a local community.

“When I want to make sure that my neighborhood's safe, it's a very, very challenging dynamic for leadership to go to the community or to go to their local government and say, 'We need more money specifically for these technological resources,'" Moloney says.

**Public-Private Partnerships Are Key**

Law enforcement also has to compete for talent with the private sector, which can afford to pay higher salaries to those with cyberskills, Moloney says. However, law enforcement also needs to work in partnership with the private sector to investigate and prosecute some kinds of cybercrime. 

"One of the best solutions is a better defense, right? And that's where the private sector comes in in a big way," he says. "And that's where education comes in a big way."

In addition to enhanced partnerships with the private sector, fighting the rise of cybercrime will require finding ways to bring agencies and law enforcement groups together and making cybercrime a priority by providing increased financial and technological resources and staffing.

"We do not have a unified or coherent strategy or set of tactics or solutions that unify how everybody's approaching this issue," Moloney says. "It's a challenging environment, and it's really complicated. How do we navigate all those different issues that are all coming together at the same time and recognize that if you don't do it, it's only going to get worse?"

**About the Author**

Contributing Writer

Jennifer Lawinski is a writer and editor with more than 20 years experience in media, covering a wide range of topics including business, news, culture, science, technology and cybersecurity. After earning a Master's degree in Journalism from Boston University, she started her career as a beat reporter for The Daily News of Newburyport. She has since written for a variety of publications including CNN, Fox News, Tech Target, CRN, CIO Insight, MSN News and Live Science. She lives in Brooklyn with her partner and two cats.

Cybercrime Forces Local Law Enforcement to Shift Focus

Cybereason co-founders launch their second act with a security startup focused on offering a platform that uses agentic AI to offload repetitive tasks commonly performed by security analysts.

Source: Laurent Davoust via Alamy Stock Photo

The co-founders of EDR provider Cybereason have regrouped with a new security startup, 7AI, to help organizations shift the burden of performing repetitive and routine security tasks currently performed by human analysts onto AI. 7AI's Agentic AI Platform frees security professionals from time-consuming tasks, such as triaging alerts, interpreting signals, correlating telemetry, and hunting for known threats, says Lior Div, one of the co-founders.

Div and Yonatan Striem-Amit left Cybereason two years ago after Softbank took a majority stake in the company; they founded 7AI in April 2024. The startup, which emerged from stealth on Thursday, says more than a dozen companies, mostly large and midsize enterprises, are already using its Agentic AI Platform. 7AI also received $36 million in seed funding from Greylock Partners, Spark Capital, and CRV.

Div describes agentic AI as "swarms of AI agents" capable of autonomously taking on routine security tasks. Unlike isolated generative AI agents, these swarms can enable autonomous operations by pooling and communicating their intelligence to investigate and prioritize threats while optimizing system resources. A swarm of agents working in tandem means that one agent could be configured to discover suspicious telemetry in an endpoint detection and response (EDR) system while another could be configured to validate the potential threat by correlating cloud logs. Yet another agent could be configured to observe user behavior patterns in identity and access management (IAM) systems. 

"Instead of spending their time on repetitive work to respond to alerts, our early customers are able to start their work with full context, drastically fewer false positives, and the results of full investigations," Div explained in a blog post announcing the company's new platform. The platform documents how each agent reached its conclusions and can be reviewed at any time by human analysts.

7AI's agentic AI capabilities, which is hosted in the Amazon Web Services cloud, is built with generative AI tools from Open AI and Anthropic.

"When it comes to reasoning, we're using Open AI," Div tells Dark Reading. "But when it comes to actually implementing and writing code, we're using Anthropic."

**A Replacement for SOAR?**

The platform is not designed to replace security administrators and analysts but rather allow them to take mundane tasks off their plates so they can allocate their time to more strategic functions.

"AI will take away 90% of the boring, toiling work," Div says.

Besides handling repetitive tasks, 7AI's platform is designed to correlate telemetry without moving data into another system. For example, in a typical threat hunting scenario, the data would have to be pushed into a security information and event management (SIEM). Instead, 7AI correlates the information at its source. The platform can also detect threat activity and anomalies in IAM systems such as Okta, Div says.

"We believe our AI will meet the data where the data was born," he says. "You don't have to send a lot of those pieces to the SIEM anymore."

This could also reduce organizations' reliance on managed security and service providers or managed detection and response providers, Div suggests.

"We don't think that you will need a SOAR once you have our system because it will decide on the fly what is the right playbook to run and what type of investigation to conduct without the need for human beings to specify it step by step," Div says.

**About the Author**

Contributing Writer

Jeffrey Schwartz is a journalist who has covered information security and all forms of business and enterprise IT, including client computing, data center and cloud infrastructure, and application development for more than 30 years. Jeff is a regular contributor to Channel Futures. Previously, he was editor-in-chief of Redmond magazine and contributed to its sister titles Redmond Channel Partner, Application Development Trends, and Virtualization Review. Earlier, he held editorial roles with CommunicationsWeek, InternetWeek, and VARBusiness. Jeff is based in the New York City suburb of Long Island.

7AI Streamlines Security Operations With Autonomous AI Agents

OpenAI's latest tech can reason better than its previous models could, but not well enough to ferret out careful social engineering.

Source: SOPA Images Limited via Alamy Stock Photo

A prompt engineer has challenged the ethical and safety protections in OpenAI's latest o3-mini model, just days after its release to the public.

OpenAI unveiled o3 and its lightweight counterpart, o3-mini, on Dec. 20. That same day, it also introduced a brand new security feature: "deliberative alignment." Deliberative alignment "achieves highly precise adherence to OpenAI's safety policies," the company said, overcoming the ways in which its models were previously vulnerable to jailbreaks.

Less than a week after its public debut, however, CyberArk principal vulnerability researcher Eran Shimony got o3-mini to teach him how to write an exploit of the Local Security Authority Subsystem Service (lsass.exe), a critical Windows security process.

**o3-mini's Improved Security**

In introducing deliberative alignment, OpenAI acknowledged the ways its previous large language models (LLMs) struggled with malicious prompts. "One cause of these failures is that models must respond instantly, without being given sufficient time to reason through complex and borderline safety scenarios. Another issue is that LLMs must infer desired behavior indirectly from large sets of labeled examples, rather than directly learning the underlying safety standards in natural language," the company wrote.

Deliberative alignment, it claimed, "overcomes both of these issues." To solve issue number one, o3 was trained to stop and think, and reason out its responses step by step using an existing method called chain of thought (CoT). To solve issue number two, it was taught the actual text of OpenAI's safety guidelines, not just examples of good and bad behaviors.

"When I saw this recently, I thought that \[a jailbreak\] is not going to work," Shimony recalls. "I'm active on Reddit, and there people were not able to jailbreak it. But it is possible. Eventually it did work."

**Manipulating the Newest ChatGPT**

Shimony has vetted the security of every popular LLM using his company's open source (OSS) fuzzing tool, "FuzzyAI." In the process, each one has revealed its own characteristic weaknesses.

"OpenAI's family of models is very susceptible to manipulation types of attacks," he explains, referring to regular old social engineering in natural language. "But Llama, made by Meta, is not, but it's susceptible to other methods. For instance, we've used a method in which only the harmful component of your prompt is coded in an ASCII art."

"That works quite well on Llama models, but it does not work on OpenAI's, and it does not work on Claude whatsoever. What works on Claude quite well at the moment is anything related to code. Claude is very good at coding, and it tries to be as helpful as possible, but it doesn't really classify if code can be used for nefarious purposes, so it's very easy to use it to generate any kind of malware that you want," he claims.

Shimony acknowledges that "o3 is a bit more robust in its guardrails, in comparison to GPT-4, because most of the classic attacks do not really work." Still, he was able to exploit its long-held weakness by posing as an honest historian in search of educational information.

In the exchange below, his aim is to get ChatGPT to generate malware. He phrases his prompt artfully, so as to conceal its true intention, then the deliberative alignment-powered ChatGPT reasons out its response:

Source: Eran Shimony via LinkedIn

During its CoT, however, ChatGPT appears to lose the plot, eventually producing detailed instructions for how to inject code into lsass.exe, a system process that manages passwords and access tokens in Windows.

Source: Eran Shimony via LinkedIn

In an email to Dark Reading, an OpenAI spokesperson acknowledged that Shimony may have performed a successful jailbreak. They highlighted, though, a few possible points against: that the exploit he obtained was pseudocode, that it was not new or novel, and that similar information could be found by searching the open Web.

**How o3 Might Be Improved**

Shimony foresees an easy way, and a hard way that OpenAI can help its models better identify jailbreaking attempts.

The more laborious solution involves training o3 on more of the types of malicious prompts it struggles with, and whipping it into shape with positive and negative reinforcement.

An easier step would be to implement more robust classifiers for identifying malicious user inputs. "The information I was trying to retrieve was clearly harmful, so even a naive type of classifier could have caught it," he thinks, citing Claude as an LLM that does better with classifiers. "This will solve roughly 95% of jailbreaking \[attempts\], and it doesn't take a lot of time to do."

Dark Reading has reached out to OpenAI for comment on this story.

**About the Author**

Nate Nelson is a writer based in New York City. He formerly worked as a reporter at Threatpost, and wrote "Malicious Life," an award-winning Top 20 tech podcast on Apple and Spotify. Outside of Dark Reading, he also co-hosts "The Industrial Security Podcast."

Researcher Outsmarts, Jailbreaks OpenAI's New o3-mini

While President Trump supported federal space efforts during his first administration, the addition of SpaceX chief Elon Musk to his circle likely means challenges for regulating spacecraft cybersecurity, experts say.

Source: Andrei Armiagov via Shutterstock

The cybersecurity of satellites, spacecraft, and other space-based systems continues to lag behind current threats, despite efforts by the National Aeronautics and Space Administration (NASA) to require that contractors shore up electronic protections for the hardware and software provided to the US space program.

The cybersecurity gaps will likely only grow worse as the Trump administration's efforts to deregulate private industry accelerates, and as Elon Musk — the CEO of the largest private space company, SpaceX —  pushes for less stringent requirements for spacecraft and launch-system manufacturers, experts say. The company's lobbyists have already reportedly pushed to disband the National Space Council (NSpC), a group of experts established during the George H.W. Bush administration that develops policies and guidelines for US space programs.

Meanwhile, the United States and its commercial contractors must keep up with an accelerating threat landscape, says Samuel Sanders Visner, a technical fellow at the Aerospace Corporation, a federally funded research and development center, who also serves as chairman of the board of the Space Information Sharing and Analysis Center (Space ISAC).

"Our potential adversaries understand the critical nature of our space systems to our national and economic security, \[so\] we can expect they will continue to develop the means to hold at risk these systems," he says. "We must redouble our own efforts to stay ahead of adversaries' capabilities."

Related:Credential Theft Becomes Cybercriminals' Favorite Target

And indeed, threats to space-based systems have increased. Russia-linked hackers disrupted satellite communications in Ukraine during the opening months of its invasion, and researchers are concerned about the potential satellite-hacking capabilities of China and Iran.

Because so much of the US space infrastructure now relies on private manufacturers, those organizations need to make sure they meet stringent levels of cybersecurity, says Josh Taylor, lead cybersecurity analyst at Fortra, an automated cybersecurity provider. In July 2024, two Democratic US representatives, Maxwell Alejandro Frost (Fla.-10) and Don Beyer (Va.-8) introduced a bill, the Spacecraft Cybersecurity Act, that would require manufacturers to adopt cybersecurity requirements to supply NASA with spacecraft. No actions have been taken on the bill.

"Spacecraft manufacturers are not proactively doing enough to ensure cybersecurity best practices, as evidenced by the original need for the Spacecraft Cybersecurity Act and the lack of progress in adopting large-scale changes since its proposal," Taylor says. "The delay is particularly concerning in today's heightened threat environment, given the recent renewed attention on supply chain breaches targeting government systems."

Related:Ferret Malware Added to 'Contagious Interview' Campaign

**Trump & Policy: Not Politics as Usual**

Such legislation may not get much attention in the current political climate. The Trump administration's off-the-cuff approach to setting policy has made the future of the space program — never mind its cybersecurity — a large question mark. While Trump has focused on space-based initiatives in the past — such as establishing the US Space Command in his first administration, and pledging last month to support programs to land Americans on Mars (a Musk pet project) — cybersecurity-focused regulatory efforts will likely face significant hurdles.

The Biden administration made some progress in cybersecurity but failed to require private contractors to commit to cybersecurity plans. In a flurry of eleventh-hour executive orders in January, the Biden administration issued a wide-ranging mandate to boost cybersecurity using contract requirements and the federal government's purchasing power. Among the provisions are stipulations that NASA and other civilian agencies create cybersecurity requirements for government-contracted systems, and inventory the existing cybersecurity protections of the ground systems that support space missions.

Related:Cybercriminals Court Traitorous Insiders via Ransom Notes

Yet the Trump administration has already reversed several of the previous administration's executive orders and regulations in general, and the threat to undo the National Space Council remains real.

"How important is outer space to the new administration? That's still an open question," says Patrick Lin, director of the Ethics + Emerging Sciences Group at California Polytechnic State University (Cal Poly), and a member of the NSpC's User Advisory Group. "Without \[the NSpC\], we might see a single point of failure, if it's just the White House trying to tackle space policy alone — which already seems low on their agenda and thus may likely be under-staffed."

**Regulation Remains in Orbit**

Musk, meanwhile, has pushed back on regulations for commercial providers, including SpaceX, the dominant maker of private launch systems and spacecraft. The company accounted for more than half (52%) of 259 worldwide launches in 2024. Before attaching himself to the Trump administration, Musk — and SpaceX — had fallen afoul of environmental regulators and federal reporting standards for handling sensitive information.

A single private citizen has seldom, if ever, wielded as much influence over the US government as SpaceX's Musk, who has been designated a "special government employee" and whose team — the Department of Government Efficiency, or DOGE — has moved to cut specific programs and agencies.

But even without the threat of a private citizen with conflicts of interest cutting NASA's regulatory efforts, boosting cybersecurity for spacecraft is not an easy task.

NASA, a historically popular target of hackers, has focused on organizational and terrestrial cybersecurity, but the focus on cyber protection for space-based systems and communications is relatively recent. In 2019 and 2023, NASA issued its first guidelines to secure spacecraft, such as the Orion Multi-Purpose Crew Vehicle, but has not incorporated the requirements into its acquisition policies, according to a 2024 report by the US Government Accounting Office.

In addition, NASA needs trusted suppliers that also know the provenance of their hardware and software, says Space ISAC's Visner.

"Particular attention should be paid to the increasingly global and commoditized supply chain of hardware and software that comprises our space systems," he says. "Industry should recognize — and it appears many industry leaders do recognize — that the systems they produce for the public and private sectors are potential adversary targets."

**Hope Remains for Cybersecurity Moonshot**

A few weeks into the second Trump administration, experts are split on whether cybersecurity will be a focus in the push to ramp up the United States' efforts in space.

On one hand, the Trump administration has not stated a policy for current space efforts nor announced initiatives to secure space-based systems, but then NASA already issued a best-practices guide for securing space systems in 2023.

"It's worth noting that Space Policy Directive 5 (SPD-5), which described the principles for the cybersecurity of space systems, was promulgated by President Trump's first administration, while the subsequent Biden administration pursued implementation of this directive," Visner explains. "So, we can expect additional, and perhaps increased emphasis, as the new administration shapes its efforts."

CalPoly's Lin, however, is a bit more pessimistic about the chances for more stringent cybersecurity requirements for space-based infrastructure and the commercial contractors that manufacture components for those devices and vehicles.

"It's really anyone's guess how all this will play out, and that uncertainty doesn't give much confidence that space cybersecurity will be strengthened," he says. "\[It\] takes real work and coordination — discipline, competence, safety cultures, \[and\] international and industry cooperation. In the absence of governmental leadership, it may be up to the space industry to watch their own cyber-backs, which unfortunately doesn't bode well for national security."

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

US Cybersecurity Efforts for Spacecraft Are Up in the Air

Riding the wave of notoriety from the Chinese company's R1 AT chatbot, attackers are spinning up lookalike sites for different malicious use cases.

Source: mundissima via Shutterstock

More than two weeks after China's DeepSeek garnered worldwide attention with its low-cost AI model, threat actors have been busy capitalizing on the news by setting up phishing sites impersonating the company.

The fraudulent sites aim to deceive users into downloading malicious software or providing credentials and other sensitive information. Researchers at Israel-based Memcyco spotted at least 16 such sites actively impersonating DeepSeek earlier this week and believe the activity represents a coordinated attack campaign among threat actors.

**Coordinated Campaign?**

"Memcyco observed clusters of fake domains registered in waves, often adjusting their content and branding dynamically and in real time, based on how DeepSeek's website was being perceived and positioned in the market," says Israel Mazin, CEO and co-founder of Memcyco. "Some sites even changed their attack methods based on these trends to cater to what would be most effective." In some cases, the threat actors displayed remarkable agility by shifting their infrastructure to new locations and configurations to dodge takedown attempts, he says.

Dozens of phishing sites have popped up since DeepSeek released its free R1 AI chatbot on Jan. 20. Although many of these sites have been taken down, slow response times from some hosting providers, domain registrars, and other intermediaries continue to give phishing operators a window of opportunity to target users interested in exploring DeepSeek with fake websites.

Users that engage with these sites risk identity theft, financial fraud, and malware infection, Mazin says. Some sites even intercept login credentials in real-time, enabling account takeovers. Others distribute malware that allows remote access to users' devices, putting personal and corporate data at risk. "These attacks are especially dangerous when new, exciting, and hyped-up tools are launched, such as DeepSeek, and users are not yet familiar with the website or platform," he adds.

Others have reported on the threat as well. In a blog post last week, Cyble, for instance, said its researchers had spotted DeepSeek lookalike domains designed to trick users into believing they had landed on the real site. Some of the sites had links to cryptocurrency scams and others to fraudulent investment scams like one touting a nonexistent DeepSeek pre-IPO sale. The DeepSeek-linked cryptocurrency scam site attempted to lure site visitors into scanning a QR code that essentially opened the way for the threat actor to empty their crypto wallets. Another site that Cyble inspected attempted to lure unsuspecting users into purchasing a fake DeepSeekAI Agent crypto token. 

"As DeepSeek continues to gain global recognition, cybercriminals are capitalizing on its popularity to launch phishing campaigns, fake investment scams, and fraudulent cryptocurrency schemes," Cyble noted.

**Phishing Isn't the Only Threat**

Fraudulent websites are not the only concern. Innovative threat actors have found other ways to take advantage of the huge interest around DeepSeek. Researchers from Positive Technologies recently spotted two malicious packages labeled "deepseekai" and "deepseeek" on the popular PyPI Python package repository. The packages were targeted at developers and organizations seeking to integrate DeepSeek into their systems and gave its authors a way to steal information from environments where they had been downloaded.

Many of the phishing sites that Memcyco observed appeared to fit the pattern of phishing-as-a-service (PhaaS) operators that sell impersonation "phish kits" to fraudsters, Mazin notes. "This could include organized cybercriminal groups, state-backed hackers, or even immature phishers, all with financial or espionage motives."

The surge in malicious activity surrounding DeekSeek is typical for major news events. It is a reminder of the need for users to be cautious when approaching new, popular hyped-up services. That means extra vigilance for strange URLs with misspelled words or unprofessional website designs, Mazin advises. "Domain registrars and social media platforms must be proactive in monitoring when new domains and profiles are being registered or created," he says. "Businesses and organizations should improve scam detection \[and\] takedowns and deploy real-time digital impersonation protection capabilities to safeguard their users."

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

DeepSeek Phishing Sites Pursue User Data, Crypto Wallets

CISA and the FDA are warning that Contec CMS8000 and Epsimed MN-120 patient monitors are open to meddling and data theft; Claroty Team82 flagged the vulnerability as an avoidable insecure design issue.

Source: BMumin Mutlu via Alamy Stock Photo

Last week, the Cybersecurity and Infrastructure Security Agency (CISA), alongside the US Food and Drug Administration (FDA), raised an alert for Contec CMS8000 and Epsimed MN-120 healthcare monitors, warning they potentially put patients at risk once connected to the Internet, due to a malicious, hidden backdoor embedded into the devices. But security researchers say the issue isn't actually intentional malware but, rather, just insecure design.

The devices continuously monitor patient vital signs, such as heart rate, blood oxygen saturation, temperature, respiration rate, and more. CISA and the FDA reported findings for three cybersecurity risks in the gear thanks to the "backdoor": an unauthorized user could remotely control a monitor and cause it to function in an unintended manner; attackers could compromise the device and pivot to a network; and an attacker could exfiltrate the data that the monitor collects. 

From a patient health perspective, if an attacker were able to manipulate the information the monitor gives patients, that could prevent them from realizing that there's something wrong. Though they reported no known cybersecurity incidents, deaths, or injuries related to the findings, the FDA still provided recommendations for patients and caregivers: talking to healthcare providers about evaluating their patient monitoring device and following certain steps if it does rely on an Internet connection.

Related:The Cyber Savanna: A Rigged Race You Can't Win, but Must Run Anyway

The FDA also tasked healthcare providers with checking their patients' Contec CMS8000 or Epsimed MN-120 patient monitors to determine if they have been functioning unusually.

**Patient Monitor Cyber Bug: Not Malicious, Just Problematic**

After learning of the alerts, Claroty's Team82 investigated the firmware and reached a different conclusion from CISA and the FDA: It is likely not a hidden backdoor that makes these devices a liability to patients and their medical information, but rather an insecure design that creates a vulnerability open for exploit by threat actors.

The researchers pointed out that the vendors, and any resellers interested in relabeling and selling the monitor publicly, list the IP address on the instruction manuals.

"The CONTEC operator manual specifically mentions this 'hard-coded' IP address as the central management system (CMS) IP address that organizations should use, so it is not hidden functionally as stated by CISA," wrote the Team82 researchers. "This nuance is important because it demonstrates a lack of malicious intent and therefore changes the prioritization of remediation activities."

Related:How Are Modern Fraud Groups Using GenAI and Deepfakes?

The vulnerability still poses real-world consequences, but Noam Moshe, a Team82 researcher, notes that a threat actor would first require knowledge of the device's architecture and protocols. 

"To gain code execution, first the device needs to be put on a system-upgrade process," says Moshe. "From our research, this requires physical access to the device."

After that though, the hardcoded nature of the IP address opens the door to easier exploitation.

"To exploit this vulnerability, an attacker would need to serve devices with malicious binaries on the hardcoded public IP address, giving them code execution on the device," Moshe says. "In the case of the device trying to send personally identifiable information (PII) or personal health information (PHI) to the hardcoded IP address, using the HL7 protocol, this could occur if a certain feature of the device would be enabled."

**Healthcare Devices: Monitoring the Threat**

Perhaps exploitation of this particular vulnerability doesn't seem all that likely, but medical devices have been a point of cyber contention for years.

All the way back in 2011 for instance, Jay Radcliffe took to the Black Hat USA stage to show the audience how insulin pumps like the one he wore could be hacked, in a presentation entitled "Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System."

Related:Backline Tackles Enterprise Security Backlogs With AI

And as healthcare institutions are ravaged by ransomware attacks compromising their resources and putting patient lives at risk, many medical devices still haven't caught up when it comes to bolstering cybersecurity guardrails. Specifically, many of them are aging and running legacy software that hasn't been updated in years, offering plenty of holes for attackers.

However, agencies like the FDA are pushing companies to make strides, such as in 2023 when it began to reject medical devices that don't comply with recent cybersecurity regulation.

But there is still a long way to go: In 2024, researchers cited healthcare and the Internet of Medical Things (IoMT) as the riskiest device sector, even it did have the biggest decline overall in the number of risky devices deployed.

As for the patient monitor, Team82 researchers recommend that healthcare organizations take steps to protect patients, such blocking all access to the subnet from their internal network, and blocking devices attempting to upgrade firmware from a WAN server or potentially send PII.

"Hospitals should implement vulnerability detection and patching processes," Moshe says, "alongside network segmentation, driven by high-quality passive visibility that will ensure the most secure network layout."

Agencies Sound Alarm on Patient Monitors With Hardcoded Backdoor

When it comes to protecting your company from cyberattacks, you don't have to be the fastest gazelle — you just can't afford to be the slowest.

Source: Daniel Lamborn via Alamy Stock Photo

COMMENTARY

Cybersecurity is a relentless, brutal, and unwinnable race. It's a savanna where organizations are gazelles and threat actors are cheetahs. There's no prize for coming first, no trophies for the fastest. It's actually simple: Run or be eaten. Harsh? Yes. But ignoring this reality won't save you. It'll make you the slowest gazelle.

**You're Not Losing to Hackers — You're Losing to Complacency**

Blaming hackers for breaches is a sign of avoidance. Yes, they're relentless and innovate faster than most companies defend, but they're not the reason your systems are wide open. That's on you!

Your real enemy is complacency. It's the decision to rely on the legacy tools you have because upgrading feels "too disruptive." It's adopting buzzwords like "shift-left security" without empowering developers to act on it and saying it doesn't work. This isn't about being perfect. It's about not being the easiest target. And right now, too many organizations are making it too easy.

**Did Anyone Say "Shift Left"?**

Shift-left security is pitched as the savior of modern AppSec. The promise? Catch vulnerabilities early in the development cycle when they're cheapest to fix and pose no immediate risk. The reality? Most organizations are implementing it wrong or not at all.

Let's be honest: When did you last see a developer voluntarily ask security to review their code? Developers are under constant pressure to write code and deliver fast. Security is often seen as an obstacle, not an ally. The result? Insecure code makes it to production, and shift-left becomes just another buzzword.

For shift-left to work, it needs to be invisible and automated. It needs to be Integrated seamlessly into developer workflows. Anything less is just wishful thinking and a sure-fire way to alienate your dev teams.

**The Ugly Truth: Companies Are Being Breached With Old Vulnerabilities**

The painful reality is that many organizations fall prey to cyberattacks exploiting vulnerabilities that were identified. Those vulnerabilities should have been patched years ago. As of 2024, more than 200,000 vulnerabilities have been identified, with more than 40,000 new ones disclosed in 2024 alone, marking a relentless upward trend.

Even when focusing on the Cybersecurity and Infrastructure Security Agency's (CISA's) Known Exploited Vulnerabilities, a list of around 1,250 vulnerabilities actively used in real-world attacks, the industry's response paints a grim picture. According to Verizon's "2024 Data Breach Investigations Report," only 15% of companies patch these vulnerabilities within the first 30 days of their inclusion on this critical list, and 8% remain unremediated even after a year.

This isn't about sophisticated zero-day exploits. Attackers often take the path of least resistance, targeting unpatched, well-documented vulnerabilities with a proven track record of success. The issue is compounded by overburdened security teams, constrained resources, and increasingly complex IT infrastructures, all of which make timely patching a challenge.

If you are slower, you will be breached. You could have prevented it, but due to complacency, misplaced priorities, or the inability to keep pace with the overwhelming number of vulnerabilities disclosed each year, you didn't.

**So, Why Run at All?**

If the race is unwinnable, what's the point? The point is this: You can make the race work for you. Survival isn't about perfection. It's about prioritization. It's about focusing on vulnerabilities that attackers can exploit in your environment and could significantly impact your organization. Concentrating your efforts here can make you a much tougher target, forcing attackers to move on to easier prey.

This isn't a race to fix everything; it's a race to focus on what matters. Smart prioritization is your edge.

**A Race You Can Win (If You Redefine Winning)**

Here's the good news: While you can't "win" this race in the traditional sense, you can succeed within it. Winning isn't about fixing every vulnerability or stopping every attack. It's about managing risk effectively and making it harder for attackers to succeed.

The savanna may be brutal, but it rewards organizations that are resilient, adaptable, and focused on what matters most. By homing in on vulnerabilities that are critical risks to you based on their factual reachability, exploitability, and impact, you can deliver results without being overwhelmed by the sheer volume of threats.

Yes, cybersecurity is hard, and the odds are stacked against you. But you're not powerless. By embracing resilience, prioritizing critical vulnerabilities, and fostering collaboration across teams, you can make the race work for you.

In this savanna, you don't have to be the fastest gazelle. You just can't afford to be the slowest. So, run smart. Run strong. Focus on what matters. And whatever you do — don't stop.

**About the Author**

Field CTO, OX Security

Boaz Barzel is the field CTO at OX Security, specializing in bridging the gap between security, technology, and business. Boaz is aligning product innovation with the real-world needs of customers and is known for transforming complex security challenges into strategic business advantages. With extensive expertise in application security and product innovation, he ensures security solutions are not just reactive but also proactively address emerging threats. Boaz is helping organizations integrate security seamlessly into their operations. He excels in translating technical risks into clear, actionable insights, enabling product teams to develop solutions that drive business growth while strengthening security. A trusted adviser to executives and security leaders, Boaz has helped countless organizations implement security strategies that align with business goals. At OX Security, he shapes product strategy, influences the market, and drives customer success.

Source

DARKReading