At a glance.

  • Interpol-led operation hits BEC and other fraud.
  • US Federal zero-trust implementation.
  • Proposed CISA budget increase.

First Light 2022 cracks down on social engineering scammers. 

An Interpol-led operation combining the forces of police from seventy-six countries successfully shut down over 1,770 call centers involved in social engineering operations, leading to the seizure of $50 million and the arrests of thousands of the scammers involved. Codenamed First Light 2022, the two-month global operation focused on cybercriminals involved in telephone deception, romance scams, business email compromise (BEC) scams, and the money laundering and other financial crimes they entailed. As Bleeping Computer notes, Americans lost $547 million to romance scams in 2021, and BEC scams have led to nearly $2.4 billion in losses. 

Operations taken down by First Light include a Chinese national who had scammed 24 thousand victims out of over $35 million, and a fake kidnapping that demanded a ransom of $1.5 million from the victim’s parents. CyberScoop adds that the investigators found that some of the scams were linked to human trafficking. Duan Daqi, head of the INTERPOL National Central Bureau in Beijing, stated, “The transnational and digital nature of different types of telecom and social engineering fraud continues to present grave challenges for local police authorities, because perpetrators operate from a different country or even continent than their victims and keep updating their fraud schemes.” 

Implementing zero-trust at the federal level.

US think tank the Center for Strategic and International Studies (CSIS) offers an in-depth look at the adoption of zero trust architecture (ZTA) to modernize and increase the resilience of federal information systems. The “never trust, always verify” philosophy relies heavily on a wide array of endpoint security tech for a vast pool of devices, and finding the perfect combination of measures for each agency poses a daunting challenge. CSIS conducted a six-month research project, based on CISA’s existing Zero Trust Maturity Model guidance, analyzing what obstacles might be in store for federal agencies as they implement ZTA. Through independent research, as well as interviews with cybersecurity experts in the private and public sectors, CSIS identifies some of the main barriers slowing down federal government adoption of ZTA, which include cost and budget constraints, a lack of urgency among agency officials, and confusion regarding agency policies and Office of Management and Budget guidance. 

US lawmakers propose hefty increase to CISA budget.

As the Cybersecurity and Infrastructure Security Agency (CISA) continues to warn private entities about the threat of Russian cyberagression, Democrats in the US House of Representatives yesterday proposed increasing CISA’s budget request by over $400 million as a show of support for CISA’s efforts. The Record by Recorded Future reports that the House Appropriations Committee’s draft fiscal year 2023 Homeland Security spending bill includes $2.93 billion in funding for CISA, $334 million more than CISA’s enacted fiscal 2022 budget. Homeland Security Appropriations Subcommittee Chair Lucille Roybal-Allard said the proposed legislation “provides significant new resources to improve the nation’s ability to prevent and respond to cyberattacks and threats to critical infrastructure.” The spending bill, which will be marked up by the Homeland Security Appropriations subcommittee today, recommends over $235 million for CISA’s cybersecurity efforts, as well as $46.1 million for infrastructure security, $41.2 for integrated operations, and $41.6 million for risk management operations.