251031-0300z

by
on October 31, 2025

S2 INFRASTRUCTURE CYBER BULLETIN

OCTOBER 2025
Coverage Window: October 2025 (United States)
Date/Time Group: 251031-0300Z

Summary

October brought paired hyperscaler outages (AWS, Azure), regional carrier and 911 disruptions, fresh waves of CISA ICS advisories, and new/ongoing emergency directives (F5, Cisco). Hospitals in multiple states reported cyber incidents; EPA escalated water-sector cyber guidance; FAA advanced NOTAM modernization while GPS jamming/spoofing remained a global aviation risk. Strong (G3) geomagnetic activity bookended the month, relevant to grid, GNSS and HF ops. (ThousandEyes)

Discovered Outages / Incidents Log (highlights within window)

  • 2025-10-01–02: G3 storm conditions/warnings (SWPC). (NOAA SWPC)
  • 2025-10-02: CT regional Comcast/fiber outages. (CT Insider)
  • 2025-10-04–07 / 20–24 / 27–29 / 30–Nov 7: FAA GPS test advisories (NC/AZ/NM). (FAASafety)
  • 2025-10-12–21: Heywood/Athol cyber incident and service disruptions. (Boston.com)
  • 2025-10-17: Verizon multi-city outage reports. (Independent)
  • 2025-10-19: Xfinity/Comcast multistate issues. (Cord Cutters News)
  • 2025-10-20–21: AWS service impact/restoration. (Bloomberg) (ThousandEyes)
  • 2025-10-29: Marshfield Clinic ransomware affecting pharmacy manager. (WSAW)
  • 2025-10-29: Microsoft Azure/365 outage. (ThousandEyes)
  • 2025-10-30: Santa Barbara AT&T 911 advisory; KSP Post 1 admin outage; SWPC Kp=6 warning. (City of Santa Barbara) (TECHi) (NOAA SWPC Alerts/Warnings)

Cloud & Internet Backbone

  • AWS (Oct 20–21): DNS-adjacent issues impacted services including STS/EC2/Redshift; recovery completed Oct 21 (UTC) per network telemetry analysis. (Bloomberg)
  • Microsoft Azure/365 (Oct 29): Azure Front Door config change disrupted Azure portal, M365, Xbox/Minecraft and downstream enterprises during US business hours; service restored after emergency fixes. (ThousandEyes)
  • Regional ISP pain: Xfinity/Comcast multistate issues (Oct 19); separate CT outages tied to localized fiber damage (Oct 2). (Cord Cutters News)
  • Context: Cloudflare’s Q3 Internet disruption review shows 2025’s mix—cable cuts, power failures, cyberattacks, natural hazards—mirroring October’s patterns. (Cloudflare Blog)
  • Background risk: Record-scale hyper-volumetric DDoS persisted into early Q4 (peaks ~11.5 Tbps), underscoring edge/CDN dependency risk. (Tom’s Hardware)

Telecommunications & 911

  • Verizon multi-city disruption (Oct 17): Downdetector-reported concentration across NY/NJ/NE corridor; illustrates carrier concentration and potential PSAP knock-on risk. (Independent)
  • Santa Barbara, CA 911 advisory (Oct 30): AT&T issue degraded 911 from AT&T devices; city issued Text-to-911/alt-number guidance. (City of Santa Barbara) (TECHi)
  • Kentucky State Police Post 1 (Oct 30): Admin lines down; 911 unaffected—good example of separating emergency vs. admin continuity. (NorthJersey.com)
  • Trend context: Late-Sep MS/LA fiber cuts caused 911 outages (non-cyber), highlighting physical-layer fragility. (AP) (TECHi)

Healthcare (Hospitals & Clinics)

  • MA – Heywood/Athol (Oct 12–21): “Network outage” confirmed a cyber incident; phones/email, clinical systems disrupted; ambulance diversions reported. (Boston.com)
  • WI – Marshfield Clinic (Oct 29): Ransomware impacted pharmacy manager system; org said no patient data leaked per local reporting. (WSAW)
  • CO – Family Health West (week of Oct 20/28): Systems isolated amid suspected ransomware; service continuity via contingency procedures (local reporting/social posts). (Facebook)
  • FL – George E. Weems Memorial (Oct 20 notice): Unauthorized access to two email accounts; notification letters in progress. (HIPAA Journal)

Transportation

Aviation

  • NOTAM Modernization: FAA began testing the NOTAM Management Service (NMS) in October; transition to complete into early–mid 2026. (AOPA)
  • GNSS interference (policy & ops): ICAO Assembly formally condemned RFI/jamming/spoofing; risk persists along some trans-Atlantic/European routes. (Reuters)
  • Domestic GPS test advisories: FAA Flight Advisories affected NC (Oct 4–7), AZ (Oct 20–24; Oct 27–29), White Sands NM (Oct 30–Nov 7). Integrate into dispatch/flight planning. (FAASafety)

Rail

  • EOT/HoT remote-linking protocol (CVE-2025-1727): CISA’s advisory (updates through Sep) highlights weak authentication; remediation spans multiple years—material to braking/operations risk. (CISA)

Energy, Water & Utilities

  • EPA water-sector push (late Oct): EPA released new cyber resources (CIRP template, procurement checklist; updated ERP guide) and is working with utilities to identify exposed devices and third-party risks. (EPA.gov)
  • Background trend: Prior research with EPA/industry found ~400 Internet-exposed water HMIs; remediation campaigns ongoing. (Censys)

Space Weather & GNSS (Situational)

  • G3 (Strong) geomagnetic activity: SWPC observed G3 conditions Oct 1 and issued a G3 warning Oct 2; later-month Kp=6 warnings on Oct 30—consider grid/HF/GNSS impacts. (NOAA SWPC) (NOAA SWPC Alerts/Warnings)

CISA ICS Advisory Cadence (October Tuesdays)

  • Oct 14: Rockwell, Siemens, FESTO updates among others. (CISA)
  • Oct 21 (medical): NIHON KOHDEN CNS-6201; additional ICSMA releases. (CISA)
  • Oct 28: Schneider EcoStruxure and two additional advisories. (CISA)

Emergency Directives & Supply-Chain Risk

  • ED 26-01 (F5, Oct 15): Inventory/patch/replace/report deadlines for BIG-IP/F5OS estates; federal agencies ordered to act within Oct. (CISA) (CISA News)
  • ED 25-03 (Cisco ASA/FTD VPN zero-days, Sep 25; active in Oct): Identify/mitigate/report potential compromise paths across ASA/FTD. (CISA)

Analyst Notes (What Mattered)

  1. Cloud concentration risk (High) – Two incidents in 9 days (AWS, then Azure Front Door) exposed cascading dependencies across identity, DNS/edge, and app control planes. Prioritize design patterns that de-couple auth, edge, and data paths and avoid single cloud/region choke points. Why now: adjacent brownouts will recur during post-incident tuning and peak traffic windows. Watch: auth spikes, API rate-limit loops, and client retry storms. ([1], [25])
  2. 911/telecom fragility (High) – Carrier-specific disruptions (Verizon) and AT&T 911 degradation in Santa Barbara show real-world impact on emergency reachability. Fiber cuts in late September reinforce physical-layer single points of failure. Watch: PSAPs that rely on one carrier, and jurisdictions without pre-published Text-to-911/alt numbers. ([5], [28], [29])
  3. Healthcare third-party exposure (High) – Ransomware activity continued (MA, WI, CO) and email compromises (FL) underline that non-EMR dependencies (PBM, lab, pharmacy managers, messaging) can disrupt care even when EHR stays up. Watch: vendor MFA gaps, stale OAuth grants, and flat “vendor” network zones. ([8], [9], [10], [11], [24])
  4. Edge devices under directive (High) – Back-to-back CISA EDs for F5 BIG-IP/F5OS and Cisco ASA/FTD keep VPN/ADC gateways in adversaries’ crosshairs. Watch: unpatched appliances, config drift after emergency changes, and unmonitored management interfaces. ([22], [23], [32])
  5. OT/ICS patching tempo (Medium-High) – CISA’s Oct 14/21/28 advisory drops require weekly intake, mapping to SBOM/CMDB, and compensating controls when maintenance windows lag. Watch: exposed ICS/medical devices with internet reachability or shared credentials. ([19], [20], [21])
  6. Aviation navigation resilience (Medium-High) – FAA NMS testing advanced while ICAO condemned GNSS jamming; concurrent GPS test advisories and late-month Kp=6 alerts warrant GNSS-denied procedure readiness for ops/dispatch. Watch: routes transiting interference-prone FIRs and ops windows overlapping FAASafety advisories. ([12], [13], [14], [26], [30], [18])

Sources

[1]: https://www.thousandeyes.com/blog/microsoft-azure-front-door-outage-analysis-october-29-2025 “Microsoft Azure Front Door Outage Analysis: October 29, 2025”
[2]: https://www.bloomberg.com/news/articles/2025-10-29/microsoft-is-investigating-outages-of-office-game-applications “Microsoft Suffers Cloud Outage Days After Amazon Incident”
[3]: https://cordcuttersnews.com/comcast-xfinity-is-having-a-massive-internet-outage/ “Comcast Xfinity is Having A Massive Internet and TV Outage”
[4]: https://blog.cloudflare.com/q3-2025-internet-disruption-summary/ “Online outages: Q3 2025 Internet disruption summary”
[5]: https://www.independent.com/2025/10/30/att-customers-are-without-9-1-1-service-in-santa-barbara/ “AT&T Customers Are Without 9-1-1 Service in Santa Barbara”
[6]: https://www.techi.com/comcast-outage-monopoly-issues-nfl-primetime/ “Comcast’s Silence on Outage Exposes the Cost of …”
[7]: https://www.northjersey.com/story/news/2025/10/17/is-verizon-home-internet-fios-down-sos-mode-see-verizon-outage-map-verizon-outage-near-me-iphone-sos/86744327007/ “Verizon outages hit U.S., NJ, NYC. Is Verizon down near …”
[8]: https://www.boston.com/news/health/2025/10/23/mass-hospitals-hit-by-cyberattack-that-caused-network-outage/ “Mass. hospitals hit by cyberattack that caused network …”
[9]: https://www.wsaw.com/video/2025/10/30/715-live-pm-oct-29/ “715 Live WSAW”
[10]: https://www.facebook.com/thedailysentinelgj/posts/on-tuesday-morning-family-health-west-hospital-in-fruita-discovered-that-it-was-/1400910815372178/ “On Tuesday morning, Family Health West Hospital in Fruita …”
[11]: https://www.hipaajournal.com/george-e-weems-virba-hospital-data-breach/ “George E. Weems & Vibra Hospitals Announce Data …”
[12]: https://aopa.org/news-and-media/all-news/2025/october/09/faa-begins-testing-new-notam-system “FAA begins testing new notam system”
[13]: https://www.reuters.com/business/aerospace-defense/un-aviation-assembly-closes-with-rebuke-russia-over-satellite-navigation-jamming-2025-10-03/ “UN aviation assembly closes with rebuke of Russia over satellite navigation jamming”
[14]: https://www.faasafety.gov/files/notices/2025/Oct/FTBRNC_25-73_GPS_Flight_Advisory_%28Revision_1%29.pdf “FTBRNC 25-73 GPS Flight Advisory (Revision 1)”
[15]: https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-10 “End-of-Train and Head-of-Train Remote Linking Protocol …”
[16]: https://www.epa.gov/newsreleases/epa-releases-new-resources-help-protect-water-systems-strengthen-cyber-resilience “EPA Releases New Resources to Help Protect Water …”
[17]: https://censys.com/blog/turning-off-the-information-flow-working-with-the-epa-to-secure-hundreds-of-exposed-water-hmis “Working With the EPA to Secure Hundreds of Exposed Water …”
[18]: https://www.swpc.noaa.gov/news/g3-strong-geomagnetic-storm-conditions-observed-0 “G3 (Strong) Geomagnetic Storm Conditions Observed”
[19]: https://www.cisa.gov/news-events/alerts/2025/10/14/cisa-releases-one-industrial-control-systems-advisory “CISA Releases One Industrial Control Systems Advisory”
[20]: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-296-01 “NIHON KOHDEN Central Monitor CNS-6201”
[21]: https://www.cisa.gov/news-events/alerts/2025/10/28/cisa-releases-three-industrial-control-systems-advisories “CISA Releases Three Industrial Control Systems Advisories”
[22]: https://www.cisa.gov/news-events/directives/ed-26-01-mitigate-vulnerabilities-f5-devices “ED 26-01: Mitigate Vulnerabilities in F5 Devices”
[23]: https://www.cisa.gov/news-events/directives/ed-25-03-identify-and-mitigate-potential-compromise-cisco-devices “Identify and Mitigate Potential Compromise of Cisco Devices”
[24]: https://www.bankinfosecurity.com/cyberattack-disrupts-services-at-2-massachusetts-hospitals-a-29765 “Cyberattack Disrupts Services at 2 Massachusetts Hospitals”
[25]: https://www.thousandeyes.com/blog/aws-outage-analysis-october-20-2025 “AWS Outage Analysis: October 20, 2025”
[26]: https://www.faasafety.gov/files/notices/2025/Oct/YPG_AZ_25-17_GPS_Flight_Advisory_%28Revision_2%29.pdf “YPG_AZ 25-17 GPS Flight Advisory (Revision 2)”
[27]: https://www.ctinsider.com/news/article/xfinity-internet-outage-ct-21081179.php “Internet restored after Xfinity outage caused by damaged fiber affected southwestern Connecticut”
[28]: https://santabarbaraca.gov/news/att-outage-impacting-ability-call-911-att-devices “City of Santa Barbara — AT&T Outage Impacting the Ability to Call 911 (Oct 30, 2025)”
[29]: https://apnews.com/article/0fb8ae557f29ddf5a18399cb01135867 “AP — Mass 911 outages in MS/LA/AL caused by third-party fiber cuts (Sep 26, 2025)”
[30]: https://www.swpc.noaa.gov/products/alerts-watches-and-warnings “NOAA SWPC — Alerts, Watches & Warnings (includes 2025 Oct 30 Kp=6 warning)”
[31]: https://www.tomshardware.com/tech-industry/cyber-security/cloudflare-blocks-record-setting-11-5tbps-ddos-attack-two-months-after-the-previous-record-setting-ddos-attack “Tom’s Hardware — Cloudflare blocks 11.5 Tbps DDoS (Sep 2025)”
[32]: https://www.cisa.gov/news-events/news/cisa-issues-emergency-directive-address-critical-vulnerabilities-f5-devices “CISA News — ED 26-01 context and rationale (Oct 15, 2025)”

EPANOTAMSSWPCVPN
InfrastructureNationalNational Intel Bulletin

Comments are closed

Recent Comments

No comments to show.