FCC Drops the Hammer on Foreign Routers While Attackers Get Creative with Tax Season

Page content

FCC Drops the Hammer on Foreign Routers While Attackers Get Creative with Tax Season

Hey everyone – Emma here with some updates that caught my attention this week. We’ve got everything from sweeping policy changes to some pretty clever attack techniques that are worth discussing.

The Big Policy Move: FCC Says No More Foreign Routers

The biggest news this week is probably the FCC’s decision to ban all new consumer routers made outside the USA. They’ve updated their Covered List to include essentially any router manufactured in a foreign country, which is a pretty dramatic expansion from their previous approach of targeting specific companies or models.

This is interesting from a policy perspective, but I’m honestly not sure how practical it’s going to be in the short term. Think about it – how many router manufacturers are actually based in the US? We’re looking at a market that’s been dominated by companies like TP-Link, ASUS, Netgear (though they design in the US, manufacturing is often overseas), and others for years. The supply chain implications alone are going to be fascinating to watch unfold.

From our perspective as security professionals, I get the intent. We’ve seen enough backdoors and questionable firmware practices to know that router security has been a mess for a long time. But I wonder if this broad-brush approach is the right solution, or if we’re going to see some unintended consequences in terms of availability and cost.

Critical Vulnerability Alert: IDrive Users Need to Update

Speaking of things that need immediate attention, there’s a nasty privilege escalation bug in IDrive’s Windows client that affects versions 7.0.0.63 and earlier. Any authenticated user can basically run whatever they want with SYSTEM permissions, which is about as bad as local privilege escalation gets.

If you’re using IDrive for backup (and honestly, a lot of people are), you need to check your version and update immediately. This is one of those vulnerabilities that could turn a compromised user account into full system compromise pretty quickly. The good news is that it requires local access, but in our current threat landscape, that’s not much of a barrier for determined attackers.

Poland’s Rough Year Gets Documented

We’re also seeing some interesting reporting about Poland’s cybersecurity challenges in 2025, including what sounds like a significant attack on their energy sector in December that’s being attributed to Russian actors.

This fits the pattern we’ve been seeing across Europe, where critical infrastructure is increasingly becoming a target. The energy sector attacks are particularly concerning because they can have such immediate real-world impact. It’s a reminder that our work isn’t just about protecting data anymore – we’re often protecting physical systems that people depend on for basic services.

Tax Season Malvertising Gets Sophisticated

Now here’s where things get really interesting from a technical standpoint. Security researchers have identified a large-scale malvertising campaign that’s been running since January, targeting people searching for tax documents through Google Ads.

What makes this campaign particularly clever is the execution. They’re serving fake ScreenConnect installers, which is smart because ScreenConnect is legitimate remote access software that many people recognize. But here’s the kicker – the malware includes something called HwAudKiller that uses a vulnerable Huawei driver to disable EDR systems through a bring-your-own-vulnerable-driver (BYOVD) attack.

This is exactly the kind of technique evolution we need to be watching for. The attackers aren’t just relying on social engineering anymore; they’re combining it with sophisticated technical methods to bypass our defenses. The use of a legitimate but vulnerable driver to disable security tools shows they’re really doing their homework.

Silver Fox Changes Up Their Game

Finally, we’re seeing Silver Fox shift their tactics from their previous ValleyRAT campaigns to something that looks more like WhatsApp-style stealers. This dual approach of combining espionage with more traditional phishing techniques is worth noting because it suggests these groups are getting more flexible in their operations.

What This Means for Us

Looking at these stories together, I see a few themes worth discussing. First, we’re seeing policy responses that are pretty dramatic – the FCC router ban being a prime example. Whether these broad approaches will be effective remains to be seen, but they’re definitely going to change how we think about procurement and supply chain security.

Second, the technical sophistication of attacks continues to evolve. The tax season campaign using BYOVD techniques and the Silver Fox pivot both show that attackers are constantly adapting their methods. We need to make sure our detection and response capabilities are keeping up.

Finally, the geopolitical dimension of cybersecurity continues to be front and center, whether we’re talking about router bans or energy sector attacks in Poland. Our technical security decisions are increasingly intertwined with broader policy and international relations considerations.

Sources