Weekly Security Sprint EP 152. Information sharing, new cyber reporting, and weather!

In this week's Security Sprint, Dave and Andy covered the following topics:Opening:• Senate confirms Markwayne Mullin to lead Homeland Security as TSA standoff deepens • Auto-ISAC 2025 Annual Report — Auto-ISAC • ISACs confront AI’s promise and peril for threat intelligence-sharing — Cybersecurity Dive Podcast: What healthcare leaders face after a cyberattack — Health-ISAC• New Jersey Sign-Ups for MS-ISAC Remain Low Amid Attacks Main Topics:Cybersecurity Reports, Ransomware & Resilience• M-Trends 2026 — Google Cloud Mandiant — 24 Mar 2026. The PDF version of M-Trends 2026 shows that high tech was the most targeted industry in 2025 at 17 percent of investigations, followed by financial services at 14.6 percent, business and professional services at 13.3 percent, and healthcare at 11.9 percent. It also shows voice phishing at 11 percent of initial intrusion vectors and says ransomware appeared in 13 percent of incidents that Mandiant investigated in 2025. • M-Trends 2026 Report — Google Cloud • M-Trends 2026 reveals threat landscape shaped by faster, coordinated, and industrialized cyberattacks • High-Tech Sector Overtakes Finance as Top Target of Cyber-Attacks in 2025 • The phone call is the new phishing email • M-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 Seconds • Top 50 Cybersecurity Threats — Splunk • If threat actors gave you a chance to redact the patient data they hacked before they leak it, would you take them up on the offer? Read about the Woundtech incident. • Iran-Linked Pay2Key Ransomware Group Re-Emerges • Waterfall Threat Report 2026 finds ransomware slowdown masks deeper shift toward nation-state attacks on critical infrastructure Atlantic hurricane season forecast 2026: 11-16 named storms predicted by AccuWeather — AccuWeather — 25 Mar 2026. AccuWeather forecasts a near-average Atlantic hurricane season with 11 to 16 named storms and several potential hurricanes. Target is coastal communities, emergency planners, and critical infrastructure operators preparing for seasonal storm impacts. Dig is that even an average season can produce high-impact storms that stress preparedness and response capabilities. The outlook is significant for planning purposes as organizations begin to align resources and contingency plans ahead of peak hurricane activity.• Ready.govQuick Hits:• Treasury asks whether terrorism risk insurance program should bolster cyber coverage — CyberScoop | 25 Mar 2026. Treasury is seeking public comment for a report to Congress on the effectiveness of the Terrorism Risk Insurance Program and specifically asked whether changes should better address cyber related losses arising from acts of terrorism. The notice highlights a persistent gap because even catastrophic cyber incidents may fall outside the program unless Treasury certifies them as terrorism under current law. Target: insurers, critical infrastructure operators, large enterprises, and policymakers evaluating how to manage systemic cyber loss from high consequence attacks. Dig: this is an important resilience and policy signal because it could shape future federal backstop discussions for cyber insurance ahead of the law’s scheduled 2027 expiration. (CyberScoop)

In the latest Nerd Out, Dave and Alec welcome back some old friends - Bridget Johnson and Joe Levy - to talk about Iran, including the threat tactics and capabilities, how individuals and organizations can be prepared and what could come next. The group then talked about some pop culture items and what they are currently watching and looking forward to.Some items reference in the discussion include:Iran and Terrorism: What the U.S. Strikes Could Mean for Homeland Security - https://www.cfr.org/articles/iran-and-terrorism-what-the-u-s-strikes-could-mean-for-homeland-securityWill Iran Turn to Terrorism? - https://www.foreignaffairs.com/iran/will-iran-turn-terrorismHybrid Threat Signals: Assessing Possible Iranian Involvement in Recent Attacks in Europe - https://icct.nl/publication/hybrid-threat-signals-assessing-possible-iranian-involvement-recent-attacks-europeGroup claiming Europe antisemitic attacks tells CBS News it will target "U.S. and Israeli interests worldwide" - https://www.cbsnews.com/news/europe-antisemitism-attacks-group-threatens-us-israel-interests-worldwide/Stryker attack highlights nebulous nature of Iranian cyber activity amid joint U.S.-Israel conflict - https://cyberscoop.com/stryker-cyberattack-iranian-hackers-handala/Competing Narratives: Understanding All Sides’ Approach to the War in Iran - https://thesoufancenter.org/intelbrief-2026-march-24/

On this week's Security Sprint, Dave and Andy covered the following topics:Opening:• President Donald J. Trump Unveils National AI Legislative Framework - The White House • Emerging Attack Vectors: AI Agents & Prompt Injection Gate 15 | 16 Mar 2026• The AI Landscape in Cybersecurity • An AI cyberattack could trigger a satellite apocalypse in the next 2 years. Are we prepared? • WaterISAC & EPA National Security Information Sharing Bulletin – Q1 2026 WaterISAC • Food and Ag-ISAC finds 72 active threat actors behind persistent, sophisticated cyber attacks targeting food supply chains • The E-ISAC's 2025 Report: Real Progress, Remaining Constraints Main Topics:Severe Weather• Spring outlook: Drought forecasted to expand in U.S. West, parts of Plains — NOAA | 21 Mar 2026• Get Ready for a Year of Chaotic Weather in the US — Wired, 19 Mar 20262026 Annual Threat Assessment of the U.S. Intelligence Community — Office of the Director of National Intelligence, 18 Mar 2026. The ODNI released its 2026 Annual Threat Assessment outlining key threats including China’s cyber and military expansion, Russia’s hybrid operations, Iran’s regional aggression, and persistent cyber threats from nation-state and criminal actors. The report underscores increasing convergence between cyber operations, information operations, and physical-world impacts across critical infrastructure sectors.Islamic State group activity in the US in 2025 Institute for Strategic Dialogue | 11 Mar 2026. ISD assesses that Islamic State inspired activity in the United States remained persistent in 2025, with two successful attacks, five disrupted plots, and six material support arrests, and says most cases involved teenagers. The dispatch highlights continued use of firearms, explosive devices, vehicle attacks, and newer surveillance tools such as Meta glasses and drones during pre attack planning. It also notes that targets varied widely, including public celebrations, military interests, nightlife venues, law enforcement, schools, and religious institutions, which complicates protective prioritization. Quick Hits:• Government of Iran Cyber Actors Deploy Telegram C2 to Push Malware to Identified Targets — FBI IC3• CISA Urges Endpoint Management System Hardening After Cyberattack Against U.S. Organization • CISA and FBI Release Public Service Announcement About Russian Intelligence Services Targeting Commercial Messaging Apps• Ransomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat Landscape — Google Cloud Blog• Ransomware Spotlight: Agenda • Amazon Threat Intelligence teams identify Interlock ransomware campaign targeting enterprise firewalls• Hastalamuerte and Gentlemen RaaS: Analyzing TTPs of a Growing Ransomware Threat • Beast ransomware server toolkit analysis • Beast ransomware’s toolkit revealed by exposed directory • Marquis ransomware gang stole data of 672,000 people in 2025 cyberattack • ESET Research: A Deep Dive into EDR Killers - a Cornerstone of Modern Ransomware Operations • Ransomware Affiliate ‘Gentlemen’ Emerges as Key Player • LeakNet Ransomware: What You Need to Know

In this special Joint episode Andy Jabbour and Toni Pepper connect at the 6th Annual Cybersecurity Summit in Jacksonville, Florida to talk Tribal-ISAC, key insights and takeaways, and other fun conversations along the way.

In this week's Security Sprint, Dave is solo and covered the following topics:Opening:• Business Continuity & Resilience: AI’s Double-Edged Impact — Gate 15 — 10 Mar 2026 — The article examines how artificial intelligence is reshaping business continuity and resilience planning across organizations. • Joint Advisory: Middle East Conflict and Critical Infrastructure — Gate 15 — 11 Mar 2026. On 11 March 2026, ten Information Sharing and Analysis Centers (ISACs) joined together to release a joint advisory on the Middle East conflict and the ongoing security implications to critical infrastructure. • U.S.: Why now: Cyber policy veterans weigh in on pivotal moment in evolution of security strategy — Inside Cybersecurity — 12 Mar 2026 Cyber policy veterans told Inside Cybersecurity that the United States has reached a pivotal moment in reshaping national cyber strategy as the Trump administration promotes a more aggressive model built around offensive and defensive capabilities, emerging technology, and reduced regulation. Main Topics:Operation Epic Fury & Related: • Iran’s threat on U.S. soil: sleeper cells, lone wolves and cyberattacks — Los Angeles Times — 10 Mar 2026 U.S. security officials warn that Iran could attempt retaliation through sleeper cells, lone wolf actors, or cyber operations targeting American interests if regional conflict escalates. • DOGE government spending cuts complicate US response to Iran cyber threats — CNN — 10 Mar 2026 —— Reporting describes how federal government restructuring and spending cuts tied to the Department of Government Efficiency have disrupted cyber coordination during heightened tensions with Iran. • How ‘Handala’ Became the Face of Iran’s Hacker Counterattacks — WIRED — 12 Mar 2026 WIRED reports that Handala has become the most visible face of Iran’s retaliatory cyber campaign after the destructive breach of medical technology firm Stryker. • Iranian Hacktivists Strike Medical Device Maker Stryker in Severe Attack That Wiped Systems — Zetter Zero Day — 11 Mar 2026 Iranian hacktivist group Handala claimed responsibility for a destructive cyberattack that wiped systems belonging to medical device manufacturer Stryker. Michigan Synagogue Attack: • Michigan synagogue attack: FBI investigating as ‘targeted act of violence’ Bridge Michigan | 12 Mar 2026. Target: Temple Israel in West Bloomfield and the broader Jewish community in the Detroit area. ODU Attack: • FBI releases more details in deadly Virginia shooting — Post and Courier — 14 Mar 2026. Federal investigators released additional information about a deadly shooting in Virginia that left multiple people dead and triggered a large law enforcement response. Cyber Threats:• INTERPOL report warns of increasingly sophisticated global financial fraud threat — INTERPOL — 16 Mar 2026. INTERPOL released a report warning that global financial fraud schemes are becoming more complex and technologically enabled. • Public Service Announcement: Criminals Use Stolen Personal Information to Target Victims Through Government Impersonation Schemes — FBI Internet Crime Complaint Center — 09 Mar 2026 Ransomware:• Industrial Ransomware Analysis: Q4 2025 — Dragos — 11 Mar 2026 — Dragos reported that ransomware groups continue to target industrial organizations and operational technology environments, with manufacturing and industrial sectors representing a significant portion of victims. • France’s ANSSI warns ransomware gangs shifting tactics amid surge in attacks — Infosecurity Magazine — 11 Mar 2026 France’s national cybersecurity agency ANSSI warned that ransomware groups are adapting their tactics as attacks continue to increase across multiple sectors.

In this week's Security Sprint, Dave and Andy covered the following topics:Opening:• Insider Threat: AI-equipped Employees - Gate 15 - 04 Mar 2026 • Communication and Collaboration Key Themes in GridEx VIII Lessons Learned Report • Health-ISAC Annual Report 2025 Shows Surge in Threat Intel and Tabletop Drills, Putting Resilience in Focus • The Gate 15 Special Edition: Iran, ISACs, & insomnia: What’s happening, and not happening, in information sharing — Gate 15 | 06 Mar 2026• White House Unveils President Trump’s Cyber Strategy for America — The White House | 06 Mar 2026o Fact Sheet: President Donald J. Trump Combats Cybercrime, Fraud, and Predatory Schemes Against American Citizens — The White House o Ranking Member Thompson Statement on Trump’s 3-Page Cyber Strategy — Democrats on the House Homeland Security Committee, 06 Mar 2026 • Fact Sheet: President Donald J. Trump Combats Cybercrime, Fraud, and Predatory Schemes Against American Citizens — The White House | 06 Mar 2026Main Topics:Operation Epic Fury & Related: • White House blocks intelligence report warning of rising US homeland terror threat linked to Iran war • Iran may be activating sleeper cells in the United States, officials warn • Cyber threat bulletin: Iranian cyber threat response to US–Israel strikes February 2026, Canadian Centre for Cyber Security, 03 Mar 2026• Alert: NCSC advises UK organisations to take action following conflict in the Middle East, NCSC, 02 Mar 2026• U.S. threat intelligence units identify hacktivists as prime cyber vector in Iran conflict • Iran-linked hacktivists could target US state and local targets, experts warn • Trump Says ‘I Guess’ Americans Should Worry About Iran Attacks Cyber Reports• NCC Group Annual Threat Monitor Review of 2025 NCC Group, 05 Mar 2026• Patch, track, repeat: The 2025 CVE retrospective — Cisco Talos, 05 Mar 2026• Look What You Made Us Patch: 2025 Zero-Days in Review Google Cloud Blog, 05 Mar 2026• Coalition report finds sharp rise in ransomware demands as most businesses refuse to pay — Reinsurance News | 07 Mar 2026• INC Ransom Affiliate Model Enabling Targeting of Critical Networks Australian Cyber Security Centre, 05 Mar 2026Quick Hits:• Top 10 artificial intelligence security actions: A primer Canadian Centre for Cyber Security, 05 Mar 2026• Artificial Intelligence and Machine Learning Supply Chain Risks and Mitigations Australian Signals Directorate, 04 Mar 2026• How AI Assistants Are Moving the Security Goalposts — Krebs on Security | 07 Mar 2026• Preparation hardening destructive attacks — Google Cloud Threat Intelligence | 08 Mar 2026• Tornadoes kill 6 people in Michigan and Oklahoma as powerful storms hit nation’s midsection

In this special episode of The Gate 15 Interview, Andy Jabbour speaks with experts from the Information Sharing and Analysis Center (ISAC) community on the ongoing war with Iran, implications for critical infrastructure and how the community is responding, and related conversation. Leaders and experts include:Denise Anderson, President and CEO, Health-ISAC and Chairwoman of the National Council of ISACs (NCI)Michael Ball, CEO, E-ISAC, and SVP NERCJonathan Braley, Director of Threat Intelligence, IT-ISACChuck Egli, Director of Security and Resilience Operations, WaterISACAnna Mentzer-Hernández, Cyber Threat Intelligence Senior Analyst, ONE-ISACIn the discussion the panel covers:What has been happening in information sharing, security and resilience since Operation Epic Fury beganCritical infrastructure resilienceWhat the ISACs have been doing, with members, cross-sectorally, and with government and other partnersWhat we’re seeing, not seeing, and would like to see from the U.S. Government and CISA at this timePlaying guitar, baking bread and staying sane and not burning out during crisis and incident responseAnd more, including some encouraging closing thoughtsSelected links:National Council of ISACsE-ISACHealth-ISACIT-ISACONE-ISACWaterISAC

In this week's Security Sprint, Dave and Andy covered the following topics:Open:• Ransomware Reinvented: AI-Powered and Autonomous Attacks — Gate 15 — 26 Feb 2026o Across party lines and industry, the verdict is the same: CISA is in trouble “We’re asking states to do a job they’re not resourced to do, while weakening the one federal agency designed to help them,” said Errol Weiss, chief security officer at the Health-ISAC, adding that “this is precisely where you do need a strong, centralized federal security function” and that “we already have a national shortage of cybersecurity experts, and you can’t just replicate that expertise 50 times over.” Overall, Weiss said industry partners have felt the lack of outreach from the agency and are experiencing “fewer touchpoints, fewer briefings, fewer problem-solving calls,” which contributes to “a growing perception that CISA is being hollowed out where it matters most to industry: stakeholder engagement, collaborative forums, and operational support during incidents.” o Gottumukkala out, Andersen in as acting CISA director o States feel the squeeze of CISA shutdown Main Topics:Operation Epic Fury & Related: • Department of Homeland Security warns of potential attacks amid Iran operation • Peace Through Strength: President Trump Launches Operation Epic Fury to Crush Iranian Regime, End Nuclear Threat The White House• U.S. Forces Launch Operation Epic Fury U.S. Central Command• Israel performs largest cyberattack in history against Iran • X Is Drowning in Disinformation Following US and Israeli Attack on Iran • Potential Iran Nexus: Texas gunman wore "Property of Allah" hoodie during attack, had photos of Iranian leaders at home, sources say Cyber Threat Reports• CrowdStrike 2026 Global Threat Report: The Evasive Adversary Wields AI• Speed Wins When Identity Fails: 2026 Annual Threat Report • Total Ransomware Payments Stagnate for Second Consecutive Year, While Attacks Escalate • Quarterly Threat Report: Fourth Quarter, 2025 • IBM X-Force reports 44% surge in exploitation of public-facing applications as supply chain and identity attacks intensify 2026 Cost of Insider Risks Global Report — DTEX Systems and Ponemon Institute —The 2026 Cost of Insider Risks Global Report from Ponemon Institute and DTEX estimates that insider security incidents now cost organizations an average of 19.5 million United States dollars per year, driven mostly by negligent employees in complex digital environments. The study finds that companies with mature insider risk management programs avoid seven incidents and save about 8.2 million dollars annually, while cutting average time to contain from 86 days in 2023 to 67 days as budgets for insider programs nearly double. Researchers highlight the impact of shadow artificial intelligence, reporting that negligent insiders now account for 10.3 million dollars in average costs and that more than nine out of ten respondents say generative artificial intelligence has changed how staff access and share information, even though only a small share have formally integrated artificial intelligence into business strategies. Quick Hits:• AccuWeather's 2026 Severe Weather Forecast: What Business Leaders Need to Know About Severe Weather Risk

In this week's Security Sprint, Dave and Andy covered the following topics:Opening:• Tribal-ISAC and WaterISAC events!• Check out our newest webpage and our new blog post, kicking off this new Gate 15 blog series!• AI Threat Landscape: Fact vs. Fiction As We Start 2026• AI Threats Resilience, a new Gate 15 service page outlines a suite of AI threat informed workshops and tabletop exercises designed to help organizations understand AI driven risks, clarify ownership of AI exposure and rehearse response to AI enabled incidents. • TLP: CLEAR – WaterISAC Top Actions to Enhance Your Utility’s Cybersecurity • (TLP:CLEAR) WaterISAC – TOP ACTIONS to Enhance Your Utility’s Physical Security • Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) – Cybersecurity and Infrastructure Security Agency – 18 Feb 2026: CISA posted an update stating that due to a lapse in DHS appropriations it may be unable to hold scheduled CIRCIA Town Halls and will not conduct meetings during any lapse in appropriations. Main Topics:Cyber Resilience: An Incident Doesn’t Have to Be a Crisis Binary Defense, 19 Feb 2026. This blog reframes security operations around limiting business impact instead of chasing security perfection, noting that incidents are inevitable in complex enterprises and that the true differentiator is whether they escalate into crises. • The ENISA Cybersecurity Exercise Methodology ENISA | 16 Feb 2026 & ENISA publishes Cybersecurity Exercise Methodology to guide and standardize EU cybersecurity exercises) • Information Sharing – U.S. Legal and Regulatory Guidance – Health ISAC – 18 Feb 2026• Businesses urged to ‘lock the door’ on cyber criminals as new government campaign launches – UK Government, 19 Feb 2026Violence & Extremism • Man Targets DHS Building With Stolen Ambulance In Attempted Arson Attack Source: The Daily Wire, 19 Feb 2026 • Armed man shot and killed after "unauthorized entry" into Mar-a-Lago perimeter, Secret Service says — CBS News, 22 Feb 2026• Mar-a-Lago Gunman Was Reportedly ‘Fixated’ on Epstein Files and Believed There Was a Trump Government Cover-Up • USCP Officers Stop & Arrest Man with Loaded Shotgun Outside the U.S. Capitol — United States Capitol Police — 17 Feb 2026• FBI Albany, in Coordination with Nevada and New York Law Enforcement Partners, Investigating Vehicle Ramming at Electrical Substation in Nevada — FBI, 20 Feb 2026Quick Hits:• Launched: 9th Annual Dragos OT Cybersecurity Year in Review Dragos — 17 Feb 2026 • Significant Rise in Ransomware Attacks Targeting Industrial Organizations)• 3 Threat Groups Started Targeting ICS/OT in 2025: Dragos • CISA: Recently patched RoundCube flaws now exploited in attacks — BleepingComputer, 23 Feb 2026• CISA Adds Two Known Exploited Vulnerabilities to Catalog (RoundCube)• Government of Canada Alerts & Advisories: Roundcube security advisory (AV25-309) - Update 1 • CISA: BeyondTrust RCE flaw now exploited in ransomware attacks — Bleeping Computer, 20 Feb 2026 • 90% of Ransomware Incidents Exploit Firewalls • Ransomware Groups Shift Targets Mid-Sized Businesses Enterprise Defenses Harden, Research Shows • Searchlight Cyber Report: Ransomware Groups Claimed Record Number of Victims in 2025 with 30% Annual Increase — Searchlight Cyber — 17 Feb 2026• Securin 2025 Ransomware Report Finds AI Accelerating, Not Replacing, Human-Led Attacks • Record Number of Ransomware Victims and Groups in 2025 • Arctic Wolf Threat Report Highlights 11x Growth in Data Extortion Incidents and Continued Dominance of Ransomware Arctic Wolf | 17 Feb 2026 • 2026 Unit 42 Global Incident Response Report — Attacks Now 4x Faster Palo Alto Networks | 17 Feb 2026 • Blizzard slams Northeast with heavy snow and powerful winds • East Coast Blizzard Halts Travel, Cancels 8,000 Flights • El Nino is brewing: Here's what it means for U.S. weather in 2026

In the latest episode of Nerd Out, Dave and Alec talked about the weekend violence in Mexico after the death of a drug lord, and looked at the ramifications. Then they looked at Iran, the other potential hot spot and the similarities. They discussed travel considerations and being aware of potential cyber and physical risk. This led to a further discussion of extremist activity, the growth of Al Qaeda and domestic extremist activity around critical infrastructure. They wrapped up the pod talking about Knights of the Seven Kingdoms and the latest trailers for House of the Dragon and the Mandalorian and Grogu.References discussed in the pod include:Mexico Violencehttps://www.cbsnews.com/news/violence-mexico-jalisco-new-generation-cartel-killed-military-puerto-vallarta/https://www.cnn.com/world/live-news/mexico-el-mencho-killed-travel-chaos-02-23-26-intl-hnkhttps://thesoufancenter.org/research/war-against-the-cartels-prospects-and-perils-for-the-trump-administrations-military-led-campaign/Iran Tensionshttps://www.nytimes.com/2026/02/22/us/politics/iran-terrorist-attacks-proxies-trump.htmlhttps://www.dhs.gov/ntas/advisory/national-terrorism-advisory-system-bulletin-june-22-2025Substation Attack in Nevadahttps://www.cnn.com/2026/02/20/us/nevada-counterterrorism-incident-investigation-fbihttps://www.ktnv.com/news/authorities-investigate-possible-terrorism-threat-after-a-car-ran-into-facility-in-boulder-city-sources-sayNor’easter Snowstormhttps://www.usatoday.com/live-story/news/nation/2026/02/23/storm-snow-wind-northeast-live-updates/88814627007/https://sundayguardianlive.com/science/the-science-behind-nycs-severe-snow-storm-arctic-air-atlantic-winds-and-a-historic-noreaster-171924/