Full Report
Election interference, American Water and the Internet Archive breaches, new cybersecurity laws, and more – October saw no shortage of impactful cybersecurity news stories
Analysis Summary
# Main Topic
Major cybersecurity incidents and legislative activity that occurred in October 2024, specifically highlighting election interference, breaches at American Water and The Internet Archive, and new cybersecurity laws.
## Key Points
- Heightened foreign interference efforts targeting the US presidential election are being reported as the election nears.
- Nation-state actors are employing influence campaigns, including the use of deepfake videos (one reaching 5 million views on X) falsely accusing candidates of wrongdoing.
- American Water, the largest US water utility, experienced a damaging cyberattack.
- The Internet Archive suffered two separate incidents/breaches within recent weeks.
- LEGO's website was briefly compromised to push a cryptocurrency scam.
- Australia introduced its first national cybersecurity legislation.
- CISA proposed new security requirements in the US aimed at protecting government and personal data.
- Research highlighted attacks by GoldenJackal against air-gapped systems.
## Threat Actors
- **Foreign Nation-State Actors:** Specifically mentioned actors linked to influence campaigns are Russia, Iran, and China.
- **GoldenJackal:** Mentioned in relation to advanced threat research targeting air-gapped systems.
## TTPs
- **Election Influence Campaigns:** Use of deepfake videos to spread disinformation and attempt to undermine the electoral process.
- **Data Exfiltration/Disruption:** Implied through the listed breaches (American Water, Internet Archive).
- **Website Compromise/Infection (Supply Chain/Defacement):** Used in the LEGO incident to serve cryptocurrency scams.
- **Air-Gapped System Attacks:** Use of novel techniques by GoldenJackal to compromise systems previously thought isolated.
## Affected Systems
- **Infrastructure:** American Water (Largest US water utility).
- **Digital Archives:** The Internet Archive (Suffered two distinct incidents).
- **Software/Web Platforms:** X (Platform where a deepfake gained 5 million views); LEGO website (briefly compromised).
- **Government/Data Repositories:** Targets of proposed CISA security requirements.
## Mitigations
- **General Awareness:** Recognizing and countering foreign influence operations utilizing sophisticated media like deepfakes.
- **Infrastructure Hardening:** Specific requirements proposed by CISA seek to better protect government and personal data.
- **Patching/Resilience Planning:** Necessary steps following the large-scale breaches at American Water and The Internet Archive.
- **Isolation Security:** Enhanced security measures are required for air-gapped systems, based on GoldenJackal research findings.
## Conclusion
October 2024 saw a convergence of nation-state influence operations targeting democratic processes alongside successful, high-impact intrusions against critical infrastructure (American Water) and major digital platforms (Internet Archive). Stakeholders must prioritize defense against disinformation tactics while immediately addressing vulnerabilities in critical operational technology and data storage systems. Increased regulatory focus is evident both domestically (CISA) and internationally (Australia).