Cyber Intelligence Weekly (October 19, 2025): Our Take on Three Things You Need to Know // Echelon Risk + Cyber

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe

Before we get started on this week’s CIW, I’d like to highlight an upcoming 𝗗𝗿𝗮𝘁𝗮 𝘅 𝗘𝗰𝗵𝗲𝗹𝗼𝗻 𝗥𝗼𝘂𝗻𝗱𝘁𝗮𝗯𝗹𝗲!

Join Echelon Risk + Cyber and Drata for a live roundtable where industry experts (Matt Hillary, Alyson Pisarcik and Paul Interval) share how automation, smart frameworks, and real-world lessons can make compliance a competitive advantage, not a burden.

If you’re leading security or compliance programs, this is your blueprint for efficiency and confidence. Don’t miss the insights.

Away we go!

1. One Region, Global Chaos: What the AWS Outage Exposed

When a single cloud region stumbles, the ripple effects can be felt across the entire internet. That was the case early Monday when Amazon Web Services’ (AWS) US-EAST-1 region in northern Virginia suffered a significant disruption tied to DNS resolution failures. What began as an obscure technical hiccup quickly became a global incident, knocking offline services ranging from Amazon’s own platforms to major apps like WhatsApp, Venmo, Epic Games services, multiple UK government sites, and even ChatGPT.

At the heart of the problem was a failure in AWS’s DynamoDB DNS management system, a subtle but critical function that helps computers know where to send traffic. DNS, often described as the “phonebook of the internet,” translates familiar web addresses into IP addresses. When that system falters, browsers and applications can’t find their destinations, creating widespread failures across services that rely on AWS’s backbone. In this case, a latent race condition led to the deletion of DNS records, essentially cutting off access to DynamoDB in the region and causing cascading failures.

Amazon engineers eventually identified and mitigated the issue, restoring DNS records and normal operations by mid-day. But the scale and impact of the outage once again highlighted a reality security professionals know well: heavy centralization brings convenience but also concentrated risk. With massive portions of the internet dependent on just a handful of cloud providers, a single operational issue can ripple through banks, hospitals, government agencies, and consumers worldwide.

This incident serves as a powerful reminder that resiliency strategies must extend beyond just uptime guarantees. Organizations that depend heavily on the cloud need layered contingencies, multi-region failover, alternative DNS strategies, and tested incident response plans. In today’s interconnected world, the weakest link isn’t always a hacker. Sometimes, it’s a DNS record.

An Audit Isn’t a Speed Bump—It’s Your Cloud Co-Pilot

When many IT leaders hear “audit,” they think of delays, extra work, and compliance headaches. But in today’s cloud-first world, the audit function can be a strategic partner—helping organizations innovate securely and avoid costly mistakes. Framed correctly, audit isn’t a speed bump; it’s a co-pilot on the cloud journey.

Auditors bring a structured, risk-based perspective. Too often, cloud migrations are driven by speed—developers spin up workloads, migrate data, or implement Infrastructure-as-Code (IaC) without rigorous oversight. The result? Misconfigured identity settings, unencrypted data stores, and insecure backup policies that can expose organizations to breaches or regulatory fines. Early involvement of audit teams can catch these issues before deployment, preventing costly rework.

Real-world cases illustrate this value. In one example, an organization migrating workloads discovered through audit review that legacy datasets containing sensitive PII were left unencrypted in a data lake. Catching this early prevented a potential breach and regulatory violation. In another case, auditors flagged IaC templates that inadvertently exposed admin ports to the internet, helping the security team fix them before launch.

The key is mindset. Audit teams should be embedded in planning and governance forums, not brought in after the fact. IT and security leaders should educate auditors on cloud constructs—so they can ask the right questions about shared responsibility, cloud-native controls, and vendor lock-in. This builds trust and accelerates transformation, rather than slowing it.

Best practices for making audit a co-pilot:

· Early engagement: Involve auditors during planning, not just after implementation.

· Education: Provide auditors with cloud security training and certifications.

· Embed in governance: Include audit in steering committees and architecture reviews.

· Risk-based focus: Shift from checklist compliance to prioritizing material risks.

· Collaborative culture: Position audit as an enabler of innovation and trust.

In a world where cloud adoption is accelerating and risks are multiplying, treating audit as a partner, not an obstacle, can help organizations move faster, safer, and with greater confidence.

2. UN Cybercrime Treaty Signing in Hanoi: Global Response and Concerns

EA State Department spokesperson confirmed that U.S. officials will join a multilateral ceremony in Hanoi this weekend for the signing of a landmark United Nations cybercrime convention. The new pact, adopted by consensus after five years of negotiations, establishes a formal framework for law-enforcement agencies worldwide to cooperate on digital crimes and cut off safe havens for cyber attackers. It requires ratification by at least 40 countries to enter into force and is expected to be signed initially by roughly 30–36 nations in Hanoi. The Biden administration says it is still “reviewing” the text, but has sent Ambassador Marc Knapper and other delegates to attend. The presence of U.N. Secretary-General António Guterres and several heads of state underscores the pact’s global significance.

Even as governments prepare to sign, critics warn that the treaty’s sweeping language could be used to expand digital surveillance. A joint letter from Human Rights Watch, Access Now and other NGOs says the text “obligates states to establish broad electronic surveillance powers” over a wide range of crimes and encourages cross-border data sharing with minimal privacy safeguards. Observers also note the irony of holding the ceremony in Vietnam, where activists point to an ongoing crackdown on online dissent. Tech companies and cybersecurity experts have been vocal too: a global industry coalition has dubbed the agreement a “surveillance pact” that could even criminalize legitimate security research. Access Now’s negotiator warns that signing the convention in its current form risks legitimizing “cyber-authoritarianism” unless implementation is strictly aligned with human rights norms.

Supporters counter that a global treaty is long overdue. The U.N. Office on Drugs and Crime (which led the negotiations) insists the convention explicitly includes provisions to protect human rights and legitimate security research. U.N. Secretary-General Guterres has called the pact a “powerful, legally binding instrument” to strengthen collective cyber defenses. Under the accord, signatory countries will gain a 24/7 cooperation network for urgent cybercrime inquiries, including investigations, prosecutions, extraditions and asset seizures. Notably, the U.S. and U.K. eventually shifted from opposition to support, saying that by engaging with the treaty they can now push for strong privacy protections and accountability within its framework.

So far only about 30–36 countries are expected to sign in Hanoi, though more will follow once they complete internal approvals. Once 40 nations ratify the text, the convention will enter into force 90 days later. Backers say the pact will speed up joint responses to crimes ranging from fraud and trafficking to ransomware and large-scale hacking, potentially making both the digital and physical worlds safer. Even so, experts caution that ratifying the treaty could “actively validate cyber-authoritarianism” unless states enforce robust human-rights and privacy safeguards alongside it.

AI-Powered Voice Cloning Raises Vishing Attacks

Security researchers have demonstrated a powerful new class of vishing attack using real-time AI voice cloning, enabling attackers to impersonate trusted individuals with alarming realism during live phone calls.

Unlike previous deepfake-style attacks that relied on pre-recorded or text-to-speech outputs, this proof-of-concept allows attackers to speak live through a cloned voice. The cloned voice was generated from just a few minutes of public audio and low-latency speech-to-speech models. The results are highly convincing, interactive impersonations capable of bypassing voice-based trust and social defenses.

During red team exercises, the cloned voices successfully manipulated targets, extracted sensitive information, and bypassed organizational safeguards—demonstrating how human trust in voice identity is now a viable point of failure. Attackers used simple audio samples and basic recon to power these conversations, suggesting a low barrier to entry for real-world exploitation.

Most concerning is that systems relying on voice authentication, help desk processes, or verbal exception handling are now exposed to attack without the need for technical exploits.

We recommend a layered defense strategy that includes:

· Avoiding voice-only verification for sensitive actions

· Implementing strict MFA for workflows involving human operators

· Training staff to question abnormal requests, even from familiar voices

· Limiting exposure of executive voice recordings

· Monitoring for anomalous voice-based interactions

This research marks a critical inflection point in social engineering risk, where voice is no longer a reliable indicator of identity. As generative AI continues to blur the line between authentic and synthetic communication, enterprises must urgently adapt their trust assumptions and defensive strategies.

3. Canada Drops a $176M Bomb on Cybercrime Payment Hub

Canadian financial regulators have dropped a hammer on Cryptomus, a digital payments platform long criticized for enabling cybercrime activity — with a record-setting $176 million fine. The penalty, announced last week, stems from a sweeping investigation by Canada’s financial intelligence unit, FINTRAC, which concluded that the company repeatedly ignored anti–money laundering (AML) obligations tied to some of the darkest corners of the internet.

Regulators say Cryptomus failed to file suspicious transaction reports despite clear red flags involving illicit finance, including payments linked to ransomware campaigns, fraud schemes, sanctions evasion, and the trafficking of child sexual abuse material. FINTRAC’s director, Sarah Paquet, called the violations “unprecedented in scope,” underscoring how deeply embedded the platform had become in a global shadow economy.

Cryptomus wasn’t an obscure player. Over the past year, independent blockchain investigations have shown the platform serving as a backbone for dozens of cybercrime marketplaces. These ranged from bulletproof hosting companies and fake account sellers to proxy services and anonymous SMS vendors. According to researcher Richard Sanders, at least 56 cryptocurrency exchanges tied to Russian-speaking markets ran transactions through Cryptomus, many of them offering direct cash-outs into accounts at sanctioned Russian banks.

The financial penalty dwarfs FINTRAC’s previous enforcement actions more than six times the total fines levied in the prior year combined. But critics argue it may still fall short of deterrence. “For groups like this, fines can be chalked up as the cost of doing business,” Sanders said. Meanwhile, journalists have documented how Cryptomus and similar money service businesses exploited lax registration processes, clustering dozens of shell operations at fake or shared addresses across Canada. The fine signals a tougher stance from regulators, but it also shines a spotlight on a wider, murkier ecosystem that has quietly flourished in plain sight.

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about