The United States is confronting a rising wave of cybersecurity threats that are straining its digital defenses. Amid growing concerns about critical infrastructure vulnerabilities, staffing reductions at key agencies, and an evolving landscape of cyberattacks, experts and lawmakers are calling for urgent action to safeguard national systems.
Former NSA Cyber Official Warns of Infrastructure Vulnerabilities
At the AI Expo for National Competitiveness, Anne Neuberger, former deputy national security adviser and cybersecurity director at the National Security Agency (NSA), raised alarms about the country’s readiness to withstand a large-scale cyberattack. She pointed to systemic vulnerabilities in U.S. critical infrastructure, citing outdated technology and a lack of security around operational systems—components often not originally designed to connect to the internet.
Neuberger also highlighted federal workforce reductions, especially during the Trump administration, which she argued had weakened the Cybersecurity and Infrastructure Security Agency (CISA). She recommended increased use of artificial intelligence to help identify and patch security gaps in aging infrastructure systems and suggested technologies like digital twins could simulate infrastructure systems to help predict vulnerabilities.
CISA Faces Budget Cuts Amid Growing Demands
CISA, the lead federal agency responsible for securing civilian government networks and protecting critical infrastructure, is operating under increasing pressure. The Trump administration has proposed a 17% reduction in the agency’s budget—approximately $491 million—as part of broader federal cost-cutting efforts. If implemented, these cuts would reportedly eliminate nearly one-third of CISA’s staff.
Staffing shortages have already impacted the agency’s ability to retain high-ranking cybersecurity officials. Analysts warn that this trend could result in reduced institutional knowledge, operational capacity, and overall cybersecurity effectiveness at a time when threats are becoming more sophisticated and frequent.
FBI Warns of Badbox 2.0 Malware in Consumer Devices
The FBI recently issued a public advisory warning that Badbox 2.0, a new version of a previously known botnet, has compromised numerous Android-based consumer devices. These include streaming boxes, projectors, digital picture frames, and similar products.
Infected devices have often been shipped with the malware pre-installed or later infected through third-party app stores. The FBI said that operators of the botnet are selling access to these compromised devices, raising alarms about the potential use of the botnet for distributed denial-of-service (DDoS) attacks or broader cyber operations.
The resurgence of Badbox highlights the cybersecurity risks posed by poorly regulated supply chains and software ecosystems—particularly those involving low-cost, internet-connected consumer electronics.
Kaspersky Finds New Mirai Botnet Variant Exploiting DVR Flaws
Security researchers at Kaspersky identified a new variant of the Mirai botnet exploiting a vulnerability (CVE-2024-3721) in internet-connected digital video recorders (DVRs) manufactured by TBK. The flaw, classified as a command injection vulnerability, allows attackers to take control of affected DVRs and use them as part of a botnet.
Kaspersky reported that approximately 50,000 internet-exposed devices were vulnerable and discoverable online. The firm urged immediate patching, as exploits targeting unpatched DVRs could result in the devices being co-opted into malicious cyber activities.
Congressional Scrutiny Over Termination of Mobile App Vetting Program
CISA’s internal decision to discontinue its Mobile App Vetting (MAV) program has drawn criticism from Congress. Representative Andrew Garbarino (R-NY), chair of the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection, raised concerns about the plan in a letter to Secretary of Homeland Security Kristi Noem.
The MAV program provided mobile application assessments for government agencies, helping ensure apps deployed on federal devices were secure and free from vulnerabilities. These assessments applied to both commercial applications and custom-developed government software.
Garbarino questioned why the program was being shut down amid persistent threats, particularly in light of recent incidents like the “Volt Typhoon” campaign, attributed to Chinese state-sponsored actors. That campaign reportedly compromised U.S. critical infrastructure and telecommunications systems, prompting increased government vigilance.
Secretary Noem has been asked to provide an explanation for the program’s termination by June 13.
Kettering Health Confirms Data Breach by Ransomware Group Interlock
Kettering Health, a healthcare provider, confirmed that ransomware group Interlock was responsible for a major data breach involving 941 gigabytes of sensitive information. The compromised data, later leaked online, included patient identification cards, financial documents, staff records, and payment information.
Kettering acknowledged that patient care was temporarily disrupted during the incident and stated that the group had been removed from its network. The breach is the latest in a string of ransomware attacks targeting healthcare institutions, where the exposure of medical and personal data can have particularly devastating consequences for victims.
Two U.S. Hackers Sentenced in Federal Doxxing Case
The U.S. Department of Justice announced the sentencing of two individuals involved in cyber extortion and doxxing schemes. Sagar Steven Singh and Nicholas Ceraolo were sentenced to 27 and 25 months in prison, respectively, after pleading guilty to conspiracy to commit computer intrusion and aggravated identity theft.
The pair were affiliated with an online group known as “ViLE” and used stolen login credentials from a law enforcement officer to access a federal law enforcement database. They then obtained sensitive, nonpublic data—including police records and intelligence reports—and used the information to extort victims by threatening to release personal details unless demands were met.
Federal investigators emphasized that the case underscores the serious risks posed by stolen credentials and insider access to sensitive government systems.
