• Neeve
  • Posts
  • 🎯 Layered Defense Against AI and Nation-State Threats

🎯 Layered Defense Against AI and Nation-State Threats

Fines, leaks, and hacks—key cyber updates

Author

Alison Bridge
August 26, 2025

Welcome to your essential briefing on threats at the intersection of cybersecurity and critical infrastructure, brought to you by Neeve, the edge cloud security platform for smart buildings, making built spaces secure, intelligent, and sustainable.

This Week’s Cyber Insights

The National Institute of Standards and Technology unveils comprehensive cybersecurity control overlays for AI systems, addressing critical security gaps as artificial intelligence becomes deeply integrated into critical infrastructure and business operations.

  • New SP 800-53 Control Overlays extend proven security framework methodology to address unique AI risks including prompt injection attacks, model poisoning, and adversarial manipulation

  • Framework covers multiple AI deployment scenarios from generative content creation to predictive decision-making systems, plus single and multi-agent AI architectures

  • Dedicated community engagement through NIST Slack channel enables stakeholders to collaborate on developing real-world security controls based on implementation experiences

  • Initiative addresses AI-specific vulnerabilities that traditional cybersecurity frameworks cannot adequately protect against, including data exfiltration through AI interfaces

🤔 The Bigger Picture:

Physical and digital security boundaries dissolve as BMS systems require enterprise IT-level rigor. Building operators need holistic approaches integrating operational technology with information systems for enhanced security and efficiency.

The National Institute of Standards and Technology unveils comprehensive cybersecurity control overlays for AI systems, addressing critical security gaps as artificial intelligence becomes deeply integrated into critical infrastructure and business operations.

  • New SP 800-53 Control Overlays extend proven security framework methodology to address unique AI risks including prompt injection attacks, model poisoning, and adversarial manipulation

  • Framework covers multiple AI deployment scenarios from generative content creation to predictive decision-making systems, plus single and multi-agent AI architectures

  • Dedicated community engagement through NIST Slack channel enables stakeholders to collaborate on developing real-world security controls based on implementation experiences

  • Initiative addresses AI-specific vulnerabilities that traditional cybersecurity frameworks cannot adequately protect against, including data exfiltration through AI interfaces

🤔 The Bigger Picture:

Building automation systems increasingly incorporate AI for predictive maintenance and threat detection. This framework provides structured methodology for securing AI integrations where compromised systems could manipulate HVAC, access management, or safety controls.

Federal Bureau of Investigation issues critical alert regarding Russian Federal Security Service Center 16 operations targeting networking infrastructure globally, with threat actors exploiting vulnerable devices to compromise essential services and industrial control systems.

  • FSB Center 16 (aka "Berserk Bear," "Dragonfly," "Static Tundra") systematically exploits CVE-2018-0171 Cisco Smart Install vulnerability alongside SNMP weaknesses in end-of-life devices

  • Threat actors collected configuration files from thousands of networking devices across US critical infrastructure sectors through sophisticated manipulation techniques

  • Attack methodology establishes persistent backdoor access by modifying device configurations to blend with legitimate network settings, evading standard monitoring

  • Configuration file manipulation enables extended reconnaissance operations targeting protocols and applications associated with industrial control systems

🤔 The Bigger Picture:

Russian targeting highlights critical vulnerabilities in facility management systems using legacy networking equipment. Building operators must assess network infrastructure for end-of-life devices that could provide persistent access to building automation networks.

Further Alerts & Insights

🏭 CISA Releases Four ICS Advisories on Critical Infrastructure Vulnerabilities

CISA issued comprehensive advisories addressing serious vulnerabilities in Siemens, Tigo Energy, and EG4 systems affecting critical infrastructure sectors. Critical flaws include authentication bypass and command injection vulnerabilities with CVSS scores up to 9.8.

💼 Businesses Focus on AI and Cloud Despite Cyber Defense Oversights

Recent surveys reveal enterprises enthusiastically adopt AI technologies while neglecting basic cybersecurity measures. Only 62% implement zero-trust architecture and 42% use digital identity management despite increasing threats.

🎭 BQTLOCK Ransomware Operates as RaaS with Advanced Evasion Techniques

New ransomware strain BQTLOCK emerged in July 2025 operating as Ransomware-as-a-Service with tiered subscription models. The malware demands 13-40 Monero ($3,600-$10,000) using advanced evasion and persistent access techniques.

🇷🇺 Russian Hackers Exploit 7-Year-Old Cisco Vulnerability in Industrial Systems

Russian FSB-linked Static Tundra group actively exploits CVE-2018-0171 in Cisco networking devices to steal configuration data from critical infrastructure. The group maintains persistent access for years while conducting long-term espionage operations.