Weekly Security Sprint EP 150. Saying it out loud – talking about geopolitical events and more PSAs

Please enjoy our newest podcast, the weekly Security Sprint, on Spotify, Apple, as well as other locations accessible via the Spotify for Podcasters link or wherever you listen to your favorite podcasts.

In this week’s Security Sprint, Dave shares geopolitical events and more.

Opening:

• Business Continuity & Resilience: AI’s Double-Edged Impact — Gate 15 — 10 Mar 2026 — The article examines how artificial intelligence is reshaping business continuity and resilience planning across organizations. While AI technologies can improve predictive analytics, incident response, and operational decision making, they also introduce new attack surfaces and operational dependencies. Organizations adopting AI tools must therefore integrate risk management and governance controls into resilience strategies. Target: Business continuity planners, resilience professionals, and organizational leadership evaluating the integration of AI technologies into operational environments. Dig: The analysis emphasizes that resilience planning must evolve alongside emerging technologies so that AI adoption strengthens organizational preparedness rather than introducing unmanaged systemic risk.
• Joint Advisory: Middle East Conflict and Critical Infrastructure — Gate 15 — 11 Mar 2026. On 11 March 2026, ten Information Sharing and Analysis Centers (ISACs) joined together to release a joint advisory on the Middle East conflict and the ongoing security implications to critical infrastructure. Gate 15 supported some of the participating ISACs in their efforts. The alert has also been posted on the IT-ISAC and the Food & Ag ISAC websites. Security analysts issued a joint advisory warning that escalating Middle East conflict could drive retaliatory cyber and influence operations targeting Western critical infrastructure sectors. The advisory notes heightened activity from Iranian cyber actors and hacktivist collectives who historically focus on disruptive attacks and data destruction campaigns. Organizations in sectors such as water, oil and energy, information technology, healthcare, manufacturing, and other critical infrastructure are urged to review incident response plans and increase monitoring for Iranian tactics including wiper malware and credential harvesting. Target: U.S. and allied critical infrastructure organizations. Dig: Analysts emphasize that geopolitical escalation often coincides with opportunistic cyber activity and recommend proactive defensive posture adjustments to mitigate disruptive or destructive attacks. Related: Iran conflict prompts new advisory warning of cyber and physical threats to critical infrastructure
• U.S.: Why now: Cyber policy veterans weigh in on pivotal moment in evolution of security strategy — Inside Cybersecurity — 12 Mar 2026 Cyber policy veterans told Inside Cybersecurity that the United States has reached a pivotal moment in reshaping national cyber strategy as the Trump administration promotes a more aggressive model built around offensive and defensive capabilities, emerging technology, and reduced regulation. Sources quoted in the article said nation state attacks against critical infrastructure and the growing pace and scale of attacks amplified by AI are forcing a rethink of older policy approaches. The piece also stresses that implementation details, resources, and the condition of public private partnerships will determine whether the strategy succeeds. ‘Scott Algeier, executive director of the information technology sector’s information sharing and analysis center, said the Trump administration’s new cybersecurity strategy “calls for unprecedented coordination between industry and government, requiring critical infrastructure owners and operators to act as true partners.” “Unfortunately,” he said, “the public-private partnership that underpins this vision is strained and the future of the two foundations of this partnership is in doubt.”’ Target: U.S. cyber policy, critical infrastructure security, and government industry coordination. Dig: The article is operationally relevant because it frames current strategy debates around the practical problem of defending privately owned infrastructure against nation state level threats. (insidecybersecurity.com)
• DHS Partial Shutdown Continues

Main Topics:

Operation Epic Fury & Related: 

• Iran’s threat on U.S. soil: sleeper cells, lone wolves and cyberattacks — Los Angeles Times — 10 Mar 2026 U.S. security officials warn that Iran could attempt retaliation through sleeper cells, lone wolf actors, or cyber operations targeting American interests if regional conflict escalates. Analysts say Iranian aligned groups may pursue asymmetric responses that avoid direct military confrontation while still creating disruption or fear inside the United States. Target: U.S. civilian infrastructure, public venues, and government institutions that could be exploited for symbolic or disruptive attacks. Dig: Security experts emphasize that hybrid threats combining cyber activity, propaganda, and potential lone actor violence represent the most plausible forms of retaliation rather than conventional military strikes.
• DOGE government spending cuts complicate US response to Iran cyber threats — CNN — 10 Mar 2026 —— Reporting describes how federal government restructuring and spending cuts tied to the Department of Government Efficiency have disrupted cyber coordination during heightened tensions with Iran. Industry leaders say engagement between federal cybersecurity officials and private sector partners has sharply declined compared with previous years, particularly after staffing disruptions and leadership gaps across the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency. Executives at industry groups have noticed a sharp drop in the level of engagement from government cyber officials compared to before last year’s DOGE-driven cuts at DHS’s Cybersecurity and Infrastructure Security Agency and other disruptions at the department. Andy Jabbour, with Gate 15, and a participant in multiple industry cyber threat sharing groups, said the pace of intelligence sharing with the private sector has dangerously slowed while conflict in the Middle East exposes American interests and critical dependencies to heightened risk. Health Information Sharing and Analysis Center Chief Security Officer Errol Weiss warned that without the government bringing its unique actionable intelligence to the table US critical infrastructures are dangerously exposed. Target: U.S. critical infrastructure sectors and private sector partners that rely on federal cyber intelligence sharing. Dig: The report also notes that Trump administration cybersecurity officials held a short call last week with multiple industry groups and said there were no major cyber threats from Iran at the time, but one industry participant described the briefing as a waste of time due to the limited information provided.
• How ‘Handala’ Became the Face of Iran’s Hacker Counterattacks — WIRED — 12 Mar 2026 WIRED reports that Handala has become the most visible face of Iran’s retaliatory cyber campaign after the destructive breach of medical technology firm Stryker. The article says researchers increasingly view the group as a front for Iran’s Ministry of Intelligence and Security and describes the Stryker attack as an example of hacktivist branding being used as cover for state sponsored retaliation. The piece also notes that the Stryker breach disabled large portions of the company’s operations and was framed by the attackers as only the beginning of a new phase of cyber warfare. Target: U.S. private sector organizations seen as symbolically or strategically linked to the conflict. Dig: The article reinforces the idea that Iranian aligned cyber operations are combining destructive effects with public messaging to maximize psychological and political impact. (WIRED)
• Iranian Hacktivists Strike Medical Device Maker Stryker in Severe Attack That Wiped Systems — Zetter Zero Day — 11 Mar 2026 Iranian hacktivist group Handala claimed responsibility for a destructive cyberattack that wiped systems belonging to medical device manufacturer Stryker. The attack reportedly destroyed servers and disrupted operations across multiple internal environments while the group framed the incident as retaliation linked to Middle East conflict dynamics. Security experts noted that destructive attacks against healthcare technology companies carry broader risk because supply chain dependencies affect hospitals and medical providers. Target: Stryker enterprise systems and infrastructure supporting medical device services. Dig: Analysts say the campaign reflects a growing willingness by politically motivated actors to deploy wiper malware against private-sector healthcare technology firms.
• What Does the Iran War Mean for the Threat of Attacks in the U.S.? Here’s What Experts Say — TIME — 14 Mar 2026. TIME reports that the expanding Iran conflict has raised concern about possible attacks inside the United States as Iranian drones strike U.S. diplomatic sites abroad and related incidents surface in multiple countries. The article frames the domestic threat set broadly, including terrorism, proxy activity, drone-enabled operations, and cyberattacks, with experts warning that retaliation could emerge through asymmetric channels rather than conventional military means. Target: U.S. government, law enforcement, critical infrastructure defenders, and communities that could be seen as symbolic or soft targets. Dig: this is a strategic warning piece that reinforces the need to watch blended threat vectors at once rather than treating terrorism and cyber risk as separate lanes. (TIME)

Michigan Synagogue Attack: 

• Michigan synagogue attack: FBI investigating as ‘targeted act of violence’ Bridge Michigan | 12 Mar 2026. Target: Temple Israel in West Bloomfield and the broader Jewish community in the Detroit area. Dig: Authorities said an attacker drove a vehicle into the synagogue, where security officers confronted him, and the FBI said it is investigating the incident as a targeted act of violence against the Jewish community. The site included a major congregation and an early childhood learning center, which heightened the risk profile and likely broadened the potential casualty set. Reporting also indicated nearby Jewish institutions and schools moved quickly to adopt precautionary measures after the attack. (Bridge Michigan)
• Detroit Special Agent in Charge Jennifer Runyan Delivers Additional Remarks Regarding West Bloomfield Attack — FBI Detroit Field Office — 14 Mar 2026. The FBI Detroit field office released additional remarks following the attack at Temple Israel in West Bloomfield as investigators continue examining the incident. Officials said federal agents are coordinating with state and local law enforcement while maintaining close communication with community leaders and synagogue officials. FBI leadership emphasized that investigators are working to determine the circumstances surrounding the attack while assessing broader community safety concerns. Target: Jewish congregations and religious facilities in the Detroit area that remain alert following the attack. Dig: federal officials stressed the current threat posture in a statement that said “At this time, there are no new known threats to the community, and the FBI has no indications this attack was connected to the shooting at Old Dominion University in Norfolk, Virginia.”
  • Brother of Michigan synagogue attacker linked to Hezbollah, investigators say
  • Everyone knew what to do: Temple Israel’s rabbis credit training, security after attack
  • After Michigan Attack, Federations Urge Congress to Fund Security Programs
• Man who attacked Michigan synagogue had trained with weapons and had military-style gear, officials say
• Man who rammed his vehicle into Michigan synagogue was naturalized citizen from Lebanon, DHS says
• Gunman who attacked Michigan synagogue drove a vehicle into the building and fired weapons, authorities say
• Michigan synagogue had active shooter training just weeks ago
• A gunman rammed a Michigan synagogue. Its security preparations may have saved lives.
• Jewish Federations Statement on Terrorist Attack in West Bloomfield, MI
• Report: Attack at Michigan synagogue carried out by Lebanese man seeking revenge
• ADL Update: Michigan Attack
• Church Security Alert: We Just Went to RED — Here’s What You Need to Know
• CAIR-MI Condemns Attack on Metro Detroit Synagogue
• Michigan shul is at least the 7th Diaspora synagogue targeted so far this month
• A grim list: Some notable attacks on houses of worship around the world in recent years

ODU Attack: 

• FBI releases more details in deadly Virginia shooting — Post and Courier — 14 Mar 2026. Federal investigators released additional information about a deadly shooting in Virginia that left multiple people dead and triggered a large law enforcement response. Authorities say the suspect opened fire in what officials describe as a targeted attack before law enforcement intervened and the investigation continues into possible motives and connections. Officials are examining whether ideological factors or personal grievances played a role in the violence. Target: civilians in public spaces and communities where targeted violence can unfold with little warning. Dig: the incident underscores the persistent threat of individual actors conducting mass casualty attacks without clear organizational affiliation.
• Remarks by Dominique Evans, Special Agent in Charge of FBI Norfolk, on Old Dominion University Shooting FBI Norfolk | 12 Mar 2026. Target: Old Dominion University and the broader Norfolk community affected by the shooting. Dig: FBI Norfolk said there was one deceased victim and two people hospitalized after the attack, and credited students with containing the shooter and preventing additional loss of life. The bureau said it is now the lead investigative agency and is investigating the shooting as an act of terrorism. Officials identified the shooter as Mohamed Bailor Jalloh and said he had previously pleaded guilty in 2016 to attempting to provide material support to ISIL, now known as ISIS, and was released from prison in 2024. The update is operationally significant because it formally shifts the case into a terrorism framework and confirms a prior ISIS related conviction in the suspect’s background. (Federal Bureau of Investigation)
• Suspect in fatal ODU shooting served prison time for trying to help ISIS
• ODU shooter faced similar charges as suspect in Durham federal ISIS case
• Police respond to report of an active shooter at a Detroit-area synagogue
• Old Dominion University issues active threat at Constant Hall
• CAIR Condemns Deadly Shooting at Virginia’s Old Dominion University
  • Suspect in Virginia mass shooting identified as Mohamed Bailor Jalloh
  • Virginia Man Charged with Illegally Selling Firearm Used in Campus Shooting at Old Dominion University — Department of Justice 

Cyber Threats:

• INTERPOL report warns of increasingly sophisticated global financial fraud threat — INTERPOL — 16 Mar 2026. INTERPOL released a report warning that global financial fraud schemes are becoming more complex and technologically enabled. The assessment highlights the growing use of cyber tools, social engineering, and digital payment systems to scale fraud campaigns across borders. Target: Financial institutions, businesses, and individuals increasingly exposed to cross-border fraud operations. Dig: Law enforcement agencies warn that organized criminal groups are rapidly adapting their tactics and leveraging digital infrastructure to expand the scale and speed of financial fraud operations. Key findings include:
• AI-enhanced fraud is 4.5 times more profitable than traditional methods. “Agentic AI” systems can autonomously plan and execute complete fraud campaigns – from reconnaissance to ransom demands.
• Sextortion is now being systematically integrated into scams such as romance and investment fraud often using scripts and AI-generated content.
• Criminal networks are increasingly collaborating with specialized money laundering groupsand sharing expertise and technology to scale up their operations globally.
• In parts of Africa, terrorist groups have been found to use fraud schemes, especially crypto-based scams, as a source of funding.
• Once a regional phenomenon, scam centres have now been identified worldwide, involving hundreds of thousands of individuals, many of whom are trafficked and forced to carry out online fraud.
• Public Service Announcement: Criminals Use Stolen Personal Information to Target Victims Through Government Impersonation Schemes — FBI Internet Crime Complaint Center — 09 Mar 2026 The FBI Internet Crime Complaint Center warns that criminals are using stolen personal information to impersonate government officials and agencies in order to pressure victims into providing money or sensitive data. Attackers often leverage spoofed phone numbers, fraudulent emails, and fabricated legal threats to convince victims they are interacting with legitimate government authorities. Target: individuals and organizations whose personal information can be exploited for fraud, identity theft, or financial scams. Dig: The FBI advises the public to independently verify government communications and avoid responding directly to unsolicited messages demanding payment or sensitive personal data. Related article: FBI warns of phishing attacks impersonating US city, county officials — BleepingComputer — 10 Mar 2026
• Global cyber attacks remain near record highs in February 2026 despite ransomware decline — Check Point Research — 10 Mar 2026 Check Point researchers report that global cyberattack activity remained near record levels in February 2026 even as ransomware incidents showed a temporary decline. Attackers continued to rely on phishing campaigns, vulnerability exploitation, and credential theft to compromise enterprise networks across multiple sectors. Target: enterprise networks and organizations operating internet exposed infrastructure across government, technology, and service sectors. Dig: Analysts note that while ransomware activity fluctuates, the underlying cybercrime ecosystem remains active and capable of shifting tactics toward other forms of intrusion. 
  • Despite a fragmented ransomware ecosystem, a small number of groups continued to dominate activity in February. Qilin led global ransomware activity, responsible for 15% of published attacks, continuing its expansion following increased affiliate recruitment. Clop accounted for 13%, concluding a months‑long campaign exploiting Oracle E‑Business Suite zero‑day vulnerabilities. The Gentlemen, responsible for 11% of attacks, doubled its victim count compared to the previous month, reflecting rapid operational scaling. Notably, 49 different ransomware groups publicly impacted organizations worldwide during February, underscoring the breadth and resilience of the ransomware landscape. 
  • February AI highlights include: 
    • 1 in every 31 GenAI prompts posed a high risk of sensitive data leakage 
    • 88% of organizations using GenAI tools regularly were impacted by this risk 
    • Additional 16% of prompts contained potentially sensitive information 
    • Organizations used an average of 11 different GenAI tools, indicating fragmented adoption 
    • The average enterprise user generated 62 GenAI prompts per month 

Ransomware:

• Industrial Ransomware Analysis: Q4 2025 — Dragos — 11 Mar 2026 — Dragos reported that ransomware groups continue to target industrial organizations and operational technology environments, with manufacturing and industrial sectors representing a significant portion of victims. The analysis highlights how attackers frequently compromise IT environments first and then pivot toward operational technology networks that support production systems. Researchers noted that ransomware actors are increasingly motivated by financial gain rather than ideological disruption but still create major operational risks when industrial processes are affected. Target: Industrial operators and manufacturing organizations with interconnected IT and operational technology environments. Dig: The report reinforces the need for segmentation between enterprise networks and operational technology systems to prevent ransomware incidents from disrupting industrial operations.
• France’s ANSSI warns ransomware gangs shifting tactics amid surge in attacks — Infosecurity Magazine — 11 Mar 2026 France’s national cybersecurity agency ANSSI warned that ransomware groups are adapting their tactics as attacks continue to increase across multiple sectors. Officials said criminal groups are placing greater emphasis on data theft and extortion operations rather than relying solely on encryption of victim systems. The agency also highlighted the growing professionalization of ransomware groups and their use of sophisticated infrastructure to conduct operations. Target: Public sector institutions and private companies operating in France. Dig: The warning reflects broader international concern that ransomware groups are evolving their methods to maximize financial leverage while maintaining pressure on victim organizations.
• A Slopoly start to AI-enhanced ransomware attacks IBM | 12 Mar 2026. Target: Enterprise defenders tracking the use of generative AI in ransomware tradecraft. Dig: IBM X-Force said it identified likely AI generated malware dubbed Slopoly used by Hive0163 during an Interlock ransomware attack, where the goal was extortion through data theft and ransomware deployment. IBM assessed the malware itself was not especially advanced, but said the case signals a meaningful shift because AI can shorten development time for new malicious tooling. The report said this activity represents an early phase in a broader adversarial AI arms race that will affect how defenders detect and analyze custom malware. This is a strong vendor signal that AI enabled malware development is moving from theory into observed criminal operations. (IBM and related: AI-generated Slopoly malware used in Interlock ransomware attack

Read more about Gate 15’s full podcast menu at our Podcast page. You can subscribe and enjoy all the Gate 15 Podcasts on Spotify for Podcasters, Apple, Spotify, as well as other locations accessible from the Spotify for Podcasters link. Week-to-week, you can hear and learn more about our all-hazards threats, risks, mitigation and other issues impacting homeland security risk management from our team as well as our regular and special guests. The full podcast menu includes:

• The Security Sprint is our weekly rundown of the week’s notable all-hazards security news, risks and threats and some of the key focus areas for organizations to consider behind the headlines. Gate 15 team members discuss physical security, cybersecurity, natural hazards, health threats and other issues across our environment.
• Nerd Out! Security Panel Discussion, moderated by Dave Pounder, focuses on physical security topics including terrorism, extremism, hostile events, and other pertinent topics.
• The Gate 15 Interview, is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues.
• The Cybersecurity Evangelist, with Jennifer Lyn Walker, is a cybersecurity-focused discussion with Jen and invited guests. This is presently a Gate 15 special podcast and occasionally is updated on our Gate 15 podcast channel.
• Venue Security, The IAVM Podcast Series was a 2024 limited series podcast as Gate 15’s founder and Managing Director, Andy Jabbour hosted a series of short interviews with venue safety and security experts from the International Association of Venue Managers’ (IAVM) Venue Safety and Security Committee (VSSC) and other special guests from the IAVM community.
• The Risk Roundtable, was a monthly discussion among our team and occasional guests exploring the all-hazards threats and risks impacting the United States and internationally. This was suspended in September 2023.

We hope you’ll subscribe, listen and share your ideas and other feedback! Reach out to us on Bluesky, LinkedIn, via email at Gate15@gate15.global.