International Association of CIP Professionals

DDoS-for-hire empire brought down: Poland arrests 4 administrators, US seizes 9 domains

In the latest blow to the criminal market for distributed denial of service (DDoS)-for-hire services, Polish authorities have arrested four individuals who allegedly ran a network of platforms used to launch thousands of cyberattacks worldwide. The suspects are believed to be behind six separate stresser/booter services that enabled paying customers to flood websites and servers with malicious traffic — knocking them offline for as little as EUR 10.

The now defunct platforms – Cfxapi, Cfxsecurity, neostress, jetstress, quickdown and zapcut – are thought to have facilitated widespread attacks on schools, government services, businesses, and gaming platforms between 2022 and 2025.

The platforms offered slick interfaces that required no technical skills. Users simply entered a target IP address, selected the type and duration of attack, and paid the fee — automating attacks that could overwhelm even well-defended websites.

Global law enforcement response

The arrests in Poland were part of a coordinated international action involving law enforcement authorities in 4 countries, with Europol providing analytical and operational support throughout the investigation.

Dutch authorities have deployed fake booter sites designed to warn users seeking out DDoS-for-hire services, reinforcing the message that those who use these tools are being watched and could face prosecution. Data from booter websites, seized by Dutch law enforcement in data centres in the Netherlands, was shared with international partners, including Poland, contributing to the arrest of the four administrators.

The United States seized 9 domains associated with booter services during the coordinated week of action, continuing its broader campaign against commercialised DDoS platforms.

Germany supported the Polish-led investigation by helping identify one of the suspects and sharing critical intelligence on others.

What are stresser and booter services?

Stresser and booter services offer on-demand cyberattacks, often disguised as tools for legitimate testing but widely used to cause deliberate disruption. These services let users flood a target server or website with enormous volumes of fake traffic, making them inaccessible to real users – a technique known as distributed denial of service.

Unlike traditional botnets, which require the control of large numbers of infected devices, stresser/booter services industrialise DDoS attacks through centralised, rented infrastructure. They are often advertised on underground forums and the dark web, and transactions are typically anonymised.

This coordinated action is part of Operation PowerOFF, an ongoing international law enforcement effort targeting the infrastructure behind DDoS-for-hire activity.

Leave a comment

New Best Practices Guide for Securing AI Data Released

May 22, 2025 Neil Walker Agency News, Cyber Security CII sector, Industry News

CISA, the National Security Agency, the Federal Bureau of Investigation, and international partners released a joint Cybersecurity Information Sheet on AI Data Security: Best Practices for Securing Data Used to Train & Operate AI Systems.

This information sheet highlights the critical role of data security in ensuring the accuracy, integrity, and trustworthiness of AI outcomes. It outlines key risks that may arise from data security and integrity issues across all phases of the AI lifecycle, from development and testing to deployment and operation.

Defense Industrial Bases, National Security Systems owners, federal agencies, and Critical Infrastructure owners and operators are encouraged to review this information sheet and implement the recommended best practices and mitigation strategies to protect sensitive, proprietary, and mission critical data in AI-enabled and machine learning systems. These include adopting robust data protection measures; proactively managing risks; and strengthening monitoring, threat detection, and network defense capabilities.

As AI systems become more integrated into essential operations, organizations must remain vigilant and take deliberate steps to secure the data that powers them.

Leave a comment

Primary Mitigations to Reduce Cyber Threats to Operational Technology

May 6, 2025 Neil Walker Agency News, Cyber Security CII sector, Industry News

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Environmental Protection Agency (EPA), and Department of Energy (DOE)—hereafter referred to as “the authoring organizations”—are aware of cyber incidents affecting the operational technology (OT) and industrial control systems (ICS) of critical infrastructure entities in the United States. The authoring organizations urge critical infrastructure entities to review and act now to improve their cybersecurity posture against cyber threat activities specifically and intentionally targeting internet connected OT and ICS.

Mitigations

The authoring organizations recommend critical infrastructure asset owners and operators implement the following mitigations[1] to defend against OT cyber threats.

- Remove OT connections to the public internet. OT devices are easy targets when connected to the internet. OT devices lack authentication and authorization methods that are resistant to modern threats and are quickly found by searching for open ports on public IP ranges with search engine tools to target victims with OT components [CPG 2.X].

- Cyber threat actors use simple, repeatable, and scalable toolsets available to anyone with an internet browser. Critical infrastructure entities should identify their public-facing assets and remove unintentional exposure.

- Change default passwords immediately and use strong, unique passwords. Recent analysis of this cyber activity indicates that targeted systems use default or easily guessable (using open source tools) passwords. Changing default passwords is especially important for public-facing internet devices that have the capability to control OT systems or processes [CPG 2.A][CPG 2.B][CPG 2.C].

- Secure remote access to OT networks. Many critical infrastructure entities, or contractors working on their behalf, make risk-based tradeoffs when implementing remote access to OT assets. These tradeoffs deserve careful reevaluation. If remote access is essential, upgrade to a private IP network connection to remove these OT assets from the public internet and use virtual private network (VPN) functionality with a strong password and phishing-resistant multifactor authentication (MFA) for user remote access.

- Document and configure remote access solutions to apply principles of least privilege for the specific asset and user role or scope of work [CPG 2.H]. Further, disable dormant accounts.

- Segment IT and OT networks. Segmenting critical systems and introducing a demilitarized zone for passing control data to enterprise logistics reduces the potential impact of cyber threats and reduces the risk of disruptions to essential OT operations [CPG 2.F].

- Practice and maintain the ability to operate OT systems manually. The capability for organizations to revert to manual controls to quickly restore operations is vital in the immediate aftermath of an incident. Business continuity and disaster recovery plans, fail-safe mechanisms, islanding capabilities, software backups, and standby systems should all be routinely tested to ensure safe manual operations in the event of an incident.

The authoring organizations recommend that critical infrastructure organizations regularly communicate with their third-party managed service providers, system integrators, and system manufacturers who may be able to provide system-specific configuration guidance as they work to secure their OT.

- Misconfigurations may be introduced during standard operations, by the system integrator, by a managed service provider, or as part of the default product configuration by the system manufacturer. Working with the relevant groups to address these issues may prevent future unintentional vulnerabilities from being introduced.

Leave a comment

CISA and Partners Issue Fast Flux Cybersecurity Advisory

April 10, 2025 Neil Walker Agency News, Cyber Security CII sector, Industry News

The Cybersecurity and Infrastructure Security Agency (CISA) joined the National Security Agency (NSA) and other government and international partners to release a joint Cybersecurity Advisory (CSA) that warns organizations, internet service providers (ISPs), and cybersecurity service providers about fast flux enabled malicious activities that consistently evade detection. The CSA also provides recommended actions to defend against fast flux.

An ongoing threat, fast flux networks create resilient adversary infrastructure used to evade tracking and blocking. Such infrastructure can be used for cyberattacks such as phishing, command and control of botnets, and data exfiltration. This advisory provides several techniques that should be implemented for a multi-layered security approach including DNS and internet protocol (IP) blocking and sinkholing; enhanced monitoring and logging; phishing awareness and training for users; and reputational filtering.

 "Threat actors leveraging fast flux techniques remain a threat to government and critical infrastructure organizations. Fast flux makes individual computers in a botnet harder to find and block. A useful solution is to find and block the behavior of fast flux itself,” said CISA Deputy Executive Assistant Director for Cybersecurity Matt Hartman. “CISA is pleased to join with our government and international partners to provide this important guidance on mitigating and blocking malicious fast flux activity. We encourage organizations to implement the advisory recommendations to reduce risk and strengthen resilience."

The authoring agencies encourage ISPs, cybersecurity service providers and Protective Domain Name System (PDNS) providers to help mitigate this threat by taking proactive steps to develop accurate and reliable fast flux detection analytics and block fast flux activities for their customers.

Additional co-sealers for this joint CSA are Federal Bureau of Investigation (FBI), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (CCCS), and New Zealand National Cyber Security Centre (NCSC-NZ).

Leave a comment

More than 300 arrests as African countries clamp down on cyber threats

April 9, 2025 Neil Walker Agency News, Cyber Security CII sector, Industry News

Authorities in seven African countries have arrested 306 suspects and seized 1,842 devices in an international operation targeting cyber attacks and cyber-enabled scams.

The arrests were made as part of Operation Red Card (November 2024 – February 2025) which aims to disrupt and dismantle cross-border criminal networks which cause significant harm to individuals and businesses. In particular, the operation targeted mobile banking, investment and messaging app scams. The cases uncovered during the operation involved more than 5,000 victims.

As part of the crackdown, Nigerian police arrested 130 people, including 113 foreign nationals, for their alleged involvement in cyber-enabled scams such as online casino and investment fraud. The suspects, who converted proceeds to digital assets to conceal their tracks, were recruited from different countries to run the illegal schemes in as many languages as possible. Nigerian authorities have established that some of the people working in the scam centres may also be victims of human trafficking, forced or coerced into criminal activities. Overall, the investigation led to the seizure of 26 vehicles, 16 houses, 39 plots of land and 685 devices.

In a significant case from South Africa, authorities arrested 40 individuals and seized more than 1,000 SIM cards, along with 53 desktops and towers linked to a sophisticated SIM box fraud scheme. This setup, which reroutes international calls as local ones, is commonly used by criminals to carry out large-scale SMS phishing attacks.

In Zambia, officers apprehended 14 suspected members of a criminal syndicate that hacked into victims’ phones. The scam involved sending a message containing a malicious link which, when clicked, installed malware to the device. This allowed hackers to take control of the messaging account, and ultimately the phone, giving them access to banking apps. The hackers were also able to use the victim’s messaging apps to share the malicious link within conversations and groups, enabling the scam to spread.

During the operation, Rwandan authorities arrested 45 members of a criminal network for their involvement in social engineering scams that defrauded victims of over USD 305,000 in 2024 alone. Their tactics included posing as telecommunications employees and claiming fake ‘jackpot’ wins to extract sensitive information and gain access to victims’ mobile banking accounts. Another method involved impersonating an injured family member to ask relatives for financial assistance towards hospital bills. Overall, USD 103,043 was recovered and 292 devices were seized.

Leave a comment

Aviation, maritime and telecoms agencies raise alarm over increase in jamming and spoofing of satellite navigation systems

April 8, 2025 Neil Walker Cyber Security CII sector, Industry News

Increasing incidents of interference with aviation, maritime and other satellite telecommunications services mean states must urgently enhance the protection of a critical radio-frequency band, the International Civil Aviation Organization (ICAO), International Telecommunication Union (ITU) and International Maritime Organization (IMO) said with “grave concern" in a joint statement.

These cases of harmful interference are in the form of jamming and spoofing that disrupt Global Navigation Satellite Systems (GNSS) operating in the frequency bands allocated to the Radio Navigation Satellite Service (RNSS).

Global Navigation Satellite Systems are constellations of Earth-orbiting satellites that provide positioning, navigation and timing services worldwide that are critical for the safety and efficiency of civilian aircraft, maritime vessels, humanitarian assistance vehicles, as well as for time synchronization of telecommunications networks.

"Global Navigation Satellite Systems are critical to our safety on land, at sea and in the air," said ITU Secretary-General Doreen Bogdan-Martin. “Member States should ensure the uninterrupted operation of these systems for everyone's safety and the resilience of essential services that our lives depend on."

The joint statement cosigned by the three UN agencies requests Members States to:

- protect the RNSS from transmissions that can adversely cause harmful interference degrading, interrupting or misleading signals used for civilian and humanitarian purposes;

- reinforce resilience of the systems which rely on RNSS for navigation, positioning and timing in relation to this type of interference;

- retain sufficient conventional navigation infrastructure for contingency support in case of RNSS outages and misleading signals, and develop mitigation techniques for loss of services;

- increase collaboration between radio regulatory, civil aviation, maritime, defence and enforcement authorities; and

- report cases of harmful interference affecting RNSS to the appropriate telecommunication, aeronautical and maritime authorities, and to the ITU Radiocommunications Bureau, to enable the monitoring of the situation.

“Protecting radiocommunications systems from harmful interference is at the core of ITU's mandate," said Mario Maniewicz, Director of the ITU Radiocommunication Bureau. “We call on our Members to make responsible use of the radiofrequency spectrum, which is a precious, natural and shared resource we rely on for communicating, travelling and working in our daily lives."

Jamming is an unnecessary transmission, or the transmission of superfluous signals, or the transmission of signals without identification.

Spoofing is the broadcast of GNSS-like signals that can cause a GNSS receiver in a vessel or aircraft to calculate erroneous positions and provide false guidance.

Leave a comment

Tackling cybercrime: common challenges and legislative solutions identified by Europol and Eurojust

April 7, 2025 Neil Walker Agency News, Cyber Security CII sector, Industry News

The latest joint report by Europol and Eurojust, Common Challenges in Cybercrime, explores the persistent and emerging issues that hinder cybercrime investigations. This year’s edition not only identifies key obstacles—particularly in the field of digital evidence—but also examines how new legislative measures could help address them.

The report highlights several pressing challenges faced by law enforcement, including the overwhelming volume of digital data, the risk of data loss, and the persistent barriers to accessing critical information due to legal and technical constraints. The increasing use of anonymisation services has further complicated efforts to track criminal activities online.

To help mitigate these challenges, the report explores the impact of new EU legislative tools, such as the e-Evidence Package, the Digital Services Act, and the EU AI Act. These instruments aim to facilitate data access, improve cross-border cooperation, and enhance investigative capabilities. However, their effectiveness will largely depend on how they are implemented and integrated into existing operational strategies.

The report also underscores the value of the strategic cooperation between Europol and Eurojust, highlighting initiatives such as the SIRIUS Project, which has strengthened collaboration in cybercrime investigations. These efforts continue to play a crucial role in helping law enforcement agencies navigate an increasingly complex digital landscape.

While challenges remain, the report emphasises the potential of these new legislative measures to strengthen the fight against cybercrime. Equipping law enforcement with the right tools and ensuring their effective use in investigations will be key to staying ahead of evolving cyber threats.

Leave a comment

ITU and ESA agree on optimising satellite communications

March 18, 2025 Millicent Walker Agency News, Cyber Security CII sector, Industry News

The International Telecommunication Union (ITU) and the European Space Agency (ESA) have announced a collaborative effort to improve mitigation measures against harmful interference in satellite systems.

The joint initiative, reflecting United Nations objectives under the 2030 Agenda for Sustainable Development, aims to ensure the sustainable and efficient use of limited space-based communication resources.

Both organisations recognise growing complexities in managing finite spectrum and orbital resources. An agreement signed in Barcelona, Spain, formalises their plans for closer cooperation on key issues for global digital communications.

Under the agreement, ITU and ESA will work together on:

Sustainable and efficient spectrum use: Ensuring that radio frequency spectrum for satellite systems is utilised in a responsible and effective manner.
Development of space-based monitoring technologies: Exploring and potentially developing advanced technologies for monitoring the use of radio frequencies to identify and geolocate sources of harmful interference.
Exchange of information and expertise: Facilitating knowledge-sharing between the two organisations to enhance space communication systems and regulatory frameworks.

Space-based communication technologies are increasingly crucial for global connectivity, scientific research, and emergency response systems. At the same time, growing numbers of satellites and increasing risks of signal interference necessitate innovative, increasingly complex, and highly coordinated spectrum management solutions.

“Innovation and regulations are key to facilitate and preserve access to spectrum-orbit resources free from harmful interference,” said Mario Maniewicz, Director of ITU Radiocommunications Bureau. “This agreement is the first step towards a series of joint ESA-ITU efforts to ensure sustainability of space radio-communications systems.”

Preserving radio waves for all

ITU, as the UN specialised agency for information and communication technologies, has long been at the forefront of coordination among countries and regions on radio frequencies and satellite orbits worldwide. ITU Resolution 189 (Rev. Bucharest, 2022) emphasises the importance of transparency and confidence-building in outer space activities.

ESA, an intergovernmental organisation established in 1975, supports space research and technology development for peaceful and scientific purposes. Together, ITU and ESA aim to strengthen international efforts in satellite monitoring and interference mitigation, ensuring reliable and sustainable access to satellite communication services worldwide.

“Promoting the responsible use of spectrum and preserving it from interferences is key to ensure the viability of our operators and ultimately the service delivered to their customers,” said Laurent Jaffart, ESA’s Director of Connectivity and Secure Communications. “Together with ITU, we will promote the importance of ensuring the sustainability of this limited and valuable resource and will collaborate towards establishing good practices for its responsible use for the benefit of society and businesses.”

A step towards a sustainable digital future

By combining their expertise and resources, ITU and ESA could set a precedent for enhanced cooperation in the field of satellite communications.

“The shared commitment to responsible spectrum management and technological innovation marks a significant step toward a sustainable digital future for everyone,” said Mr Maniewicz. “This initiative underscores the importance of international collaboration in addressing the challenges and opportunities presented by space technologies.”

Maniewicz and Jaffart signed for their respective organisations at the Mobile World Congress (MWC2025 Barcelona).

As the demand for satellite-based services continues to grow, partnerships like this will help maintain the integrity and accessibility of global communication networks.

ITU and ESA have reaffirmed their dedication to a future where space technologies contribute positively to societal progress and sustainable development.

Leave a comment

California Strengthens Resiliency with Adoption of 2024 International Wildland-Urban Interface Code

March 12, 2025 Millicent Walker Agency News, Cyber Security CII sector, Industry News

The State of California adopted the 2024 International Wildland-Urban Interface Code® (IWUIC®) as the basis for Title 24, Part 7, 2025 California Wildland-Urban Interface Code to address escalating wildfire risks, enhance fire resilience with science-based standards, and set the benchmark for safer, more sustainable communities in fire-prone areas.

California’s adoption of the 2024 IWUIC is the result of a multi-year collaboration between the CAL FIRE Office of the State Fire Marshal, the California Fire Prevention Officers (CAL FPOs), California Building Officials (CALBO), the International Code Council (ICC), the California Building Industry Association (CBIA), and wildfire stakeholders culminating with rulemaking by the California Building Standards Commission (CBSC).

“Today marks a milestone that represents the hard work of many to update and modernize Wildland-Urban Interface building codes,” said California State Fire Marshal Daniel Berlant. “While these aren’t necessarily new requirements, it’s a reorganization of many sections into a singular code with the goal of making it easier for local officials to ensure that new homes and buildings built in wildfire-prone areas have an increased chance of surviving a wildfire.”

“With the help of expert volunteers, CAL FIRE’s Office of the State Fire Marshal has shifted the basis of Title-24’s Wildland Urban Interface standards to a nationally developed model code. The IWUIC is developed though the collaborative efforts of the foremost experts in the field of wildland construction safety from across our country. By utilizing this model code, California will benefit from the continual code development cycle that the Code Council uses to ensure that all its codes are the best in the world,” said Code Council Immediate Past President Stuart D. Tom, P.E., CBO, FIAE – Superintendent of Building and Fire, Pasadena, California.

“The adoption of the California Wildland-Urban Interface Code as Part 7 of Title 24 marks a significant milestone in protecting communities from the devastating impacts of wildfires. This accomplishment highlights the dedication and collaboration of the CAL FPOs and the California Office of the State Fire Marshal in adapting the IWUIC to address California’s unique challenges. Our members remain dedicated in their commitment to enhancing fire prevention, improving life safety measures and developing codes that safeguard our homes and neighborhoods,” said Tim Spears, Fire Marshal, CAL FPOs North Division President and Joe Morelli, Fire Marshal, CAL FPOs South Division President.

This decision comes after careful consideration and is a testament to the state’s commitment to upholding the highest standards in wildfire resiliency and mitigation.

“There has never been a more essential time for collaboration in the name of public safety, and the newly approved use of the Code Council’s IWUIC is a testament to this shared effort. California’s building, fire and code professionals came together to work in concert with the California State Fire Marshal to usher in a new era of fire-safe development standards and defensible space provisions that will enhance fire safety in the built environment. With the definitive actions of the Building Standards Commission, CALBO looks forward to enforcing the IWUIC and its model provisions into the future,” said Jeff Janes, President of California Building Officials.

“While CBIA was initially concerned with this effort, we are now pleased to strongly support the California State Fire Marshal’s plan to use the Code Council’s IWUIC as the basis for California’s new stand-alone Wildland-Urban Interface fire safety code. This new document will combine three fire safety measures (building standards, defensible space provisions and fire-safe development standards) and publish them all under one cover,” said Christopher E. Ochoa, Esq., CBIA Senior Counsel – Codes, Regulatory and Legislative Affairs.

Leave a comment

Now Open for Public Comment | NIST Cybersecurity Framework 2.0 Profile for Semiconductor Manufacturing

March 10, 2025 Millicent Walker Agency News, Cyber Security CII sector

The NIST National Cybersecurity Center of Excellence (NCCoE) along with the SEMI Semiconductor Manufacturing Cybersecurity Consortium has released Draft NIST Internal Report (NIST IR) 8546, Cybersecurity framework (CSF) 2.0 Semiconductor Manufacturing Community Profile for public comment.

This draft Profile provides a voluntary, risk-based approach for managing cybersecurity activities and reducing cyber risk to semiconductor manufacturing systems. The semiconductor manufacturing environment is a complex ecosystem of device makers, equipment OEMs, suppliers and solution providers. This Profile focuses on desired cybersecurity outcomes and can be used as a guideline to improve the current cybersecurity posture of the semiconductor manufacturing ecosystem.

“NIST, in collaboration with industry leaders and government agencies, has developed and is releasing a comprehensive Framework designed to safeguard semiconductor manufacturing from emerging threats and vulnerabilities,” said Sanjay Rekhi, group leader of the Security Components and Mechanisms Group at NIST. “This initiative is part of a broader, multi-year effort to strengthen the security of critical infrastructure, with a particular focus on the security of semiconductors and their supply chain.”

Leave a comment

1 2 3 … 54 »