Infrastructure security

Blogs

Increased Funding on Cyber Offensive operation against Cyber Defense budget cut by Trump Admin; How wise a decision? Lets explore

Major new legislation commits over $1billion to US cyber offensives. Defining Cyber-offensive operations will include exploiting flaws in software or hack devices or deploy spyware.

This also include collecting internet traffic data and may involve targeted cyberattacks using zero-day exploits. Organizations often build the necessary infrastructure for such activities or gathers Intelligence as a part of these activates.

Trump administration, through the Department of Defense, has announced plans to spend $1 billion over four years on “offensive cyber operations.”

Along side recently the Trump regime announced that cyber offensive operation against Russia will be paused, highlighting that US govt now focuses mainly on China, moving away from eastern Europe.

It’s not clear what tools or software would qualify, but the legislation notes that the funds would go towards enhancing and improving the capabilities of the US Indo-Pacific Command, potentially focusing on the US’s biggest geopolitical rival, China.

The ongoing trade war with China is one of the main reason for Trump regime to shift focus from Russia , and in recent months security researchers have seen Chinese state hackers linked to People’s Liberation Army and the Ministry of State Security target companies in the fields of robotics, artificial intelligence, cloud computing and high-end medical device manufacturing. 

The legislation does not provide detailed information on what “offensive cyber operations” entail or which tools and software will be funded. The investment comes at a time when the U.S. has simultaneously reduced its cybersecurity defense budget by $1 billion. Few months back we witnessed how the US Cybersecurity and Infrastructure Security Agency (CISA) reaffirmed its commitment to defending against all cyberthreats after budget cuts was announced.

Over 1,000 CISA staff have departed since early 2025 through a combination of layoffs, buyouts, and voluntary resignations. What remains is a hollowed-out workforce facing rising cyber threats with fewer tools and teammates.

CISA maintained although the continued efforts to undermine and weaken cybersecurity teams capabilities, however counter-productive that may be in protecting US infrastructure.

Senator Ron Wyden has concerns. “Vastly expanding U.S. government hacking is going to invite retaliation — not just against federal agencies, but also rural hospitals, local governments and private companies who don’t stand a chance against nation-state hackers,” Wyden told the news site.

The US administration simultaneously enacted cuts to the nation’s cybersecurity defense allocations, by slashing $1 billion from the U.S. cyber defense budget. The cuts pose a significant risk as the country faces increasing cyber threats, particularly from Chinese adversaries.

However, the move to a more offensive cyber stance has been critiqued by Democratic Senator and Senate intelligence committee member Ron Wyden, who said that the offensive strategy, combined with Trump and DOGE’s massive cuts to defensive cyber operations such as slashing the budget and the termination of staff from the US Cybersecurity and Infrastructure Security Agency (CISA), only invites retaliation from the US’ largest geopolitical rival.

“The Trump administration has slashed funding for cyber security and government technology and left our country wide open to attack by foreign hackers,” Wyden told TechCrunch.

How wise decision it is to cut cyber defense budget while increasing Cyber offensive spending?

The layoffs at CISA have led to concerns the U.S. is less well protected against cyber threats from the likes of China, Russia and Iran.

Obviously there will be reduction in capacity to defend against cyberattacks, especially large-scale coordinated campaigns. The federal government has inadvertently provided adversaries with a map of its blind spots by scaling back critical cybersecurity programs.

This increase in budget for Cyber offensive operation is seen as an aggressive push and might provoke retaliatory attacks on vulnerable targets, such as local governments and healthcare entities. According to the report, the bill does not specify what the “offensive cyber operations” are or what software would qualify for funding.

At the same time The Trump administration has halted US offensive cyber operations against Russia, sparking concerns over national security and potential Russian cyber threats.

The Trump administration is well aware of the nation state attack and advance techniques cyber adversaries adopt to, a national threat to infrastructure security that cannot be compromised.

Every year there has been increase in cyber security budget if we take a look at from 2017 to 2024. The US government civilian agencies spent more on cybersecurity in each successive year than they did the prior year.

(Source: https://techcrunch.com)

Soucrce: Trump seeks unprecedented $1.23 billion cut to federal cyber budget | CSO Online

Blogs

Scattered Spider Group Target Aviation Sector; Third Party Providers to Vendors at Risk. Solutions to Improve Security Posture

Recently the Scattered Spider Hacker group or cybercriminals are targeting the airline industry at large and keen interest on aviation sector.

The Scattered Spider group relies mostly on social engineering techniques that can impersonate employees or contractors to deceive IT help desks into granting access” and frequently involves methods to bypass multifactor authentication (MFA), as per observation by FBI.

Earlier the group breached at least two major US airlines in June, bypassed security protocols by exploiting remote access tools and manipulating support staff as reported by CNN .

There is a growing cyber risk on aviation sector and how the air traffic control is managed during attack which makes subsequent aviation systems vulnerable to cyberattacks due to outdated technology in many cases.

And cyber criminals are resorting to advanced techniques by which they can halt operations via cyberattacks that have the ability to take over or invade technology systems which in turn disrupt information flow from the aircraft to pilots to the airlines’ operations center resulting in chaos and delay in flight operations.

Every operation and service delivered by airlines is supported by technology and once that is not responding ,subsequent operations are halted i.e. flight management software, air traffic control communications, baggage handling systems and in-flight entertainment platforms will fail inevitability.
Recently the Scattered Spider group was behind a big data breach potentially exposing Social Security numbers, insurance claims and health information of tens of millions of customers.

Repercussions of Data Breaches Impacting Third parties

Cybercriminals often take advantage of fragile cyber security posture linked to smaller third parties that provide services to larger, well-established enterprises or industry. In-fact many vendors dont have cybersecurity protection and proper cybersecurity awareness in place to mitigate against attacks.

Cyber attacks have evolved to become increasingly complex, making vendor risk management critical. With rise in digital transformation, cloud services and AI technology has given cyber criminals greater potential to penetrate unsecured networks and systems more then ever.

Address the Threat Landscape with Best Practices

Data breaches that originate from third-party vendors cause big fines and legal consequences are huge and affect primary organization. Along with these challenges, organizations often rely on third parties for critical services and cyber criminals take advantage of these vulnerability.

Organizations can still take steps to mitigate and defend against these attacks even as they onboard new vendors or service providers.

Let us see the emerging threats across third-party vendors:

  • Supply chain attacks by cybercriminals often target companies that supply services to many different companies (e.g. MSPs, IT) they cause great impact as IoT and other hardware devices manufactured by third parties can be infected malicious firmware .These malware can steal sensitive data. 
  • Ransomware-as-a-Service (RaaS)The dark web often sells kits (RaaS) and now it is combined with generative AI making attractive for cyber criminals to launch attacks. RaaS can disrupt critical services of organizations.
  • Threat from third parties Unintentional human error occur where providers misconfigure not so accurate data or data deletion happens or poor cybersecurity practices of easy passwords circulating among users. There could also be vendors with financial motives who don’t go through the same security process known as insider threat and don’t pass security test laid for regular employees.
  • Software supply chain attacks As we witnessed outsourcing third-party SaaS services and cloud technology makes it easy to target vulnerabilities in software code. This impacting hundreds of well-established organizations using the same software and same chain of malware flows.
  • Cloud vulnerabilities The provider or cloud service is responsible for securing the cloud infrastructure while the customer or vendor is responsible for securing their data and applications. A lack of proper security measures by the customer or third party can result in data breaches, data loss or supply chain attacks. Since cloud service or data center is all outsources so security lapse may happen
  • Advanced Persistent Threats (APTs) is linked to State-sponsored attacks who generally target third parties to penetrate into systems over an extended period of time. For example, they might compromise a third-party network to gain lateral access to the main organization’s IT infrastructure, making it difficult to detect in time.   
  • Deepfake and social engineering attacks. Emerging AI-technology can manipulate employee or C-level executives to trick users into divulging information to execute identity fraud, phishing attacks, sign fraudulent contracts, or gain unauthorized access to restricted systems and networks. 
  • Zero-day exploits exploited by cyber criminals before they are identified by developers and third-party providers and patched. At times if patch is slow process attackers launch attacks during this delay.   

Solutions that will improve Security Posture with Intru360 from Intruceptlabs

The new business environment demands IT support for a wider range of monitoring, security and compliance requirements. This creates significant burdens on network performance and network security as more appliances need access to incoming data.

Intrucept platform (Intru360) cover overall risk, detection, prevention, correlation, investigation, and response across endpoints, users, networks, and SaaS applications, offering end-to-end visibility.

Intru360 gives security analysts and SOC managers a clear view across the organization, helping them fully understand the extent and context of an attack. It also simplifies workflows by automatically handling alerts, allowing for faster detection of both known and unknown threats.

Identify latest threats without having to purchase, implement, and oversee several solutions or find, hire, and manage a team security analyst.

Sources: https://www.darkreading.com/cyberattacks-data-breaches/scattered-spider-hacking-spree-airline-sector

Scroll to top