The Psychology of Fear – why do we love being scared? - Merlin Events London
Dirty Money, Fraud and Tax Evasion Rock Corruption-Free Denmark
Finding Extremists in Online Social Networks
Dirty Money, Fraud and Tax Evasion Rock Corruption-Free Denmark
Finding Extremists in Online Social Networks
New research has found a way to identify extremists, such as cyberbullies to terrorist groups by monitoring their social media accounts, and can identify them even before they post threatening content.
The Hill
October 12,
2018
The
Chairman of the Senate Judiciary Committee is pressing Google to explain its
data privacy practices in the wake of revelations that user data was hacked
from its now defunct social media platform, Google Plus. Sen. Charles Grassley
(R-Iowa) sent a letter to Google CEO Sundar Pichai on Friday asking him to
explain how the breach may have affected users and why it took Google so long
to discover and then disclose the breach. Grassley also tore into Google for
being hypocritical about its security practices during Facebook’s Cambridge
Analytica scandal. “Despite your contention that Google did not have the same
data protection failures as Facebook, it appears from recent reports that
Google+ had an almost identical feature to Facebook, which allowed third-party
developers to access information from users as well as private information of
those users’ connections,” Grassley wrote to Pichai.
How data can reinvigorate democracy
DEBATE: Agencies are constantly seeking public participation but they need to continue conversations with the insights they gather. Technology may be the key.
How data can reinvigorate democracy
DEBATE: Agencies are constantly seeking public participation but they need to continue conversations with the insights they gather. Technology may be the key.
CyberScoop
October 11,
2018
Republican
senators have written to Google CEO Sundar Pichai demanding to know why the
company was reportedly slow to disclose a software flaw in its Google+ social
network partly out of fear of drawing attention from regulators. “Google must
be more forthcoming with the public and lawmakers if the company is to maintain
or regain the trust of the users of its services,” states the Oct. 11 letter
from Sens. John Thune, S.D., Jerry Moran, Kan., and Roger Wicker, Miss.
Thune chairs the Commerce, Science, and Transportation Committee. The software
flaw, which Google announced Monday, exposed profile data such as email
addresses and age, through an API. The incident affected up to 500,000
accounts, according to Google, which shut down consumer use of Google+ in
response. Although the tech giant said it discovered and patched the bug in
March, according to an internal company memo cited by the Wall Street Journal,
Google officials worried that disclosing the incident would bring “immediate
regulatory interest.”
CyberScoop
October 11,
2018
Senators
introduced a pair of bills Thursday that would crack down on foreign ownership
of election systems in the U.S., as the government continues to try to mitigate
supply chain risk. Sen. Chris Van Hollen, D-Md., announced the Protect Our
Elections Act and the Election Systems Integrity Act, both of which would set
restrictions and reporting requirements around foreign ownership and operation
of election systems. The former has bipartisan backing, with co-sponsorships
from Susan Collins, R-Maine, and Ben Cardin D-Md. The latter is also backed by
Cardin and Sen. Amy Klobuchar, D-Minn. The two bills overlap significantly in
scope. Asked why they’re separate, a spokesperson for Van Hollen said that one
deals with disclosure while the other would issue a ban. The Protect Our
Elections Act would outlaw foreign ownership of election systems, specifically
ones that deal with voting, tabulation, voter registration and communication
systems for election agency. The bill would also require other election service
providers — vendors or contractors that maintain election systems — to disclose
if any foreigners own or control the company. Failing to disclose carries a
$10,000 fine. The Election Systems Integrity Act is a slimmed down version,
only including the disclosure requirement, not the ban.
The New
York Times
October 10,
2018
Authorized
hackers were quickly able to seize control of weapons systems being acquired by
the American military in a test of the Pentagon’s digital vulnerabilities,
according to a new and blistering government review. The report by the
Government Accountability Office concluded that many of the weapons, or the
systems that control them, could be neutralized within hours. In many cases,
the military teams developing or testing the systems were oblivious to the hacking.
A public version of the study, published on Tuesday, deleted all names and
descriptions of which systems were attacked so the report could be published
without tipping off American adversaries about the vulnerabilities. Congress is
receiving the classified version of the report, which specifies which among the
$1.6 trillion in weapons systems that the Pentagon is acquiring from defense
contractors were affected. But even the declassified review painted a
terrifying picture of weaknesses in a range of emerging weapons, from new
generations of missiles and aircraft to prototypes of new delivery systems for
nuclear weapons.
The Hill
October 10,
2018
Lawmakers
are demanding answers to concerns about reports of Chinese cyber espionage
regarding the IT company Super Micro. Sens. Richard Blumenthal (D-Conn.) and
Marco Rubio (R-Fla.) on Wednesday put pressure on the company, asking in a
letter that it cooperate with law enforcement and explain more about the
potential breach. The lawmakers’ concerns stem from a Bloomberg Businessweek
report that detailed how the Chinese government was able to take advantage of
vulnerabilities in Super Micro’s supply chain to install their own chips onto
the company’s motherboards, which it then sold to many American firms including
Apple and Amazon. Super Micro, Apple and Amazon have all refuted the Bloomberg
report, saying that their own investigations have not found evidence of a hack
or of being compromised in the way described in the report. Rubio and
Blumenthal acknowledged the denials, but say that given the severity of the
report, they still want further explanation.
ADMINISTRATION
Rolling
Stone
October 12,
2018
As part of
its efforts to combat forms of foreign election interference like that seen in
2016, the FBI in August launched a project called Protected Voices to help
political candidates and consultants defend against the next wave of
cyberattacks on U.S. soil. Now, just three weeks before the 2018 midterm
elections, the program has taken a strange turn. This past Tuesday, two FBI
special agents who work on Protected Voices had planned an online briefing with
political operatives based in Washington and northern Virginia to share “cyber
hygiene” tips on how to not get hacked by foreign nations, e-criminals and
other malicious actors. Director of National Intelligence Dan Coats said in
July that the warning lights for future cyberattacks and election interference
were “blinking red.” Those threats have only increased, cybersecurity experts
say, as the midterm elections get closer. But just one day before the campaign
briefing, the FBI announced that the hearing was off and postponed until 2019
“due to factors beyond our control.” In an interview with Rolling Stone, Andrew
Ames, an FBI spokesman, said that sign-ups for the briefing were “so low” that
the bureau had to delay it until after the midterms.
CyberScoop
October 12,
2018
The Food
and Drug Administration has issued a cybersecurity advisory for two models of
programming equipment that doctors use to check cardiac devices like
pacemakers, citing a vulnerability that could allow unauthorized access to the
programmers. The FDA said it confirmed that when the two models of programmers,
which are made by Minneapolis-based Medtronic, have an internet connection,
unauthorized users could exploit the vendor’s software-updating network to
change the programmers’ functionality. Doctors use the programmers to do things
like adjust the settings of a pacemaker and check its batteries, according to
the FDA. “While we are not aware of patients who may have been harmed by this
particular cyber vulnerability, the risk to patient harm of leaving such a
vulnerability unaddressed is too great,” Suzanne Schwartz, a top cybersecurity
official at the FDA, said Thursday in a statement.
Nextgov
A new
program to ensure the cybersecurity of the government’s supply chain will be
based on unclassified, public information whenever possible, according to a
question-and-answer sheet the Homeland Security Department posted Thursday. The
document, which was posted to a government contracting site, contains Homeland
Security responses to industry questions following a formal request for
information and meeting with industry about the supply chain initiative in
September. Homeland Security intends to share the companies it’s reviewing with
the intelligence community, the document states. In most cases, however,
intelligence agencies will just suggest particular areas Homeland Security
should focus on or identify companies that require especially close attention.
Intelligence agencies won’t share the classified basis for those suggestions,
the document states.
Nextgov
October 12,
2018
The Los
Angeles Cyber Lab, a public-private partnership that aims to promote
cybersecurity and protect the city against hacker attacks, will expand its
reach using a $3 million grant from the Department of Homeland Security. The
expansion will grow the lab’s capacity by developing a “universal, standardized
platform for threat intelligence, analysis and sharing” that can be accessed
for free by participating private-sector companies and government agencies.
“Each participant will automatically and seamlessly feed threats to the Cyber
Lab, which will subsequently be analyzed, correlated and distributed to all
participating members,” the city said in a news release. The expansion will
also include conferences, training sessions and the creation of an “innovation
incubator” that will make the lab and its data available for students,
researchers and product developers. By 2020, city officials hope to also launch
a cyber simulator with both physical and online space where entrepreneurs and
product developers can enhance security tools by performing tests and forensic
investigations, among other things.
Federal
News Radio
October 11,
2018
What
infrastructure qualifies as critical? What functionalities do citizens most
depend on? Does a cyberattack by a foreign power that doesn’t damage critical
infrastructure or kill anyone count as an attack? These are some of the heavy
questions the National Risk Management Center, the Homeland Security
Department’s new one-stop shop aimed at protecting and sharing cyber threat
information with major industries, is weighing as it begins to examine how
adversaries could disrupt day-to-day life in the U.S. “That’s really the first
effort of this National Risk Management Center, is to identify what those
critical functions are in coordination with industry. And then what we need to
do is assess the risk to those functions, and who those stakeholders are that
are involved in those functions,” Jeanette Manfra, National Protection and
Programs Directorate assistant secretary for the Office of Cybersecurity and
Communications at DHS, said during a panel at an Oct. 10 RealClearPolitics
event, Securing Cyberspace: Forging a Collective Defense.
AP
October 11,
2018
An
elections integrity activist is demanding a rigorous security review of voting
systems in Tennessee's largest county before the November election, and the
replacement in the next year of its electronic voting machines with paper
ballots. Attorney Carol Chumney says in a letter she also wants Secretary of
State Tre Hargett and Shelby County Election Commission officials to ask the
U.S. Department of Homeland Security to perform risk and vulnerability
assessments on voting systems ahead of the Nov. 6 elections. Election security
experts say the type of electronic voting system used by Shelby County is
easily hacked and unreliable because it does not produce a voter-verifiable
paper trail. Chumney wants the county to let outside experts examine its
election management software before and after the election and report any
evidence of hacking, possible editing of votes cast or unauthorized software to
the Tennessee Bureau of Investigation. And the county must replace its entire
elections system ahead of October 2019 Memphis municipal elections with an
optical scan system that uses hand-marked paper ballots, Chumney wrote.
Nextgov
October 11,
2018
Holding
government leaders accountable for cybersecurity lapses was a major pillar of a
cybersecurity executive order President Donald Trump issued in 2017 and of a
national Cybersecurity Strategy released last month. The government is unlikely
to advertise when it brings that accountability to bear, however, federal Chief
Information Security Officer Grant Schneider told reporters Thursday. When
asked for particular instances of accountability for agency security incidents
and low compliance scores on cybersecurity metrics, Schneider replied that the
government was likely to be discreet about disciplinary action. “The government
is never going to publicize anyone getting fired for anything,” he said,
adding: “I think there are a variety of ways to hold people accountable besides
they got fired from the federal government.” People who fail to meet
cybersecurity requirements may be ushered out of their positions in ways that
aren’t officially recorded as an involuntary separation from the federal
government, Schneider added.
CyberScoop
October 10,
2018
A news
report claiming a compromise of U.S. companies’ supply chains by Chinese spies
has triggered a thorough search in government and industry for evidence of the
breach that has so far turned up nothing, according to a senior National
Security Agency official, who expressed concern that the search was a
distraction and potentially a waste of resources. “I have grave concerns about
where this has taken us,” Rob Joyce said Wednesday at the U.S. Chamber of
Commerce. “I worry that we’re chasing shadows right now.” The story in question
is an explosive, anonymously-sourced report published last week by Bloomberg
Businessweek. The report alleges Chinese intelligence agents placed malicious
microchips on server motherboards supplied by Super Micro Computing Inc.,
setting up a backdoor to some 30 companies, including Apple and Amazon Web
Services. While supply-chain threats emanating from China are certainly a
concern, Joyce said, “what I can’t find are any ties to the claims that are in
the article.”
The
Atlantic
October 10,
2018
In August,
28-year-old Grant Michalski was implicated as part of a ring of men sharing
images and videos of a young girl, the daughter of one of the ring’s members,
being sexually abused. The FBI arrived at Michalski’s home with the authority
to require him to unlock his iPhone X using the phone’s Face ID feature. It was
the first search warrant of its kind. When Michalski’s phone was seized, agents
were limited in what they could access. Even after it was unlocked, the FBI
agent would need the phone’s passcode in order to plug it into a computer for
forensic analysis to find“hidden, erased, compressed, password-protected, or
encrypted files.” Interestingly, the law treats passcodes and PINs differently
from fingerprints and face scans, even if they perform the same function:
unlocking devices. According to John Verdi, Vice President of Policy at the
Future of Privacy Forum, compelling passcodes from suspects can be
extraordinarily difficult because of the Fifth Amendment, which enshrines our
right not to be forced to incriminate ourselves. High courts have ruled
consistently that passcodes are “testimonial”—that is, that they “explicitly or
implicitly, relate a factual assertion or disclose information”—and therefore
that forcing citizens to surrender them is self-incriminating and
unconstitutional. But biometrics are different.
Gov Info
Security
October 10,
2018
The
Department of Health and Human Services' Office of Inspector General has
launched a new web page to draw attention to the growing importance of the
watchdog agency's cybersecurity-related activities - ranging from security
audits to fraud investigations. "OIG recognizes protecting HHS data,
systems and beneficiaries from cybersecurity threats as a top management and
performance challenge facing HHS," the agency said in a statement on
Tuesday announcing the launch of the new web page. "In partnering with
various HHS agencies to address this challenge, OIG has formed a
multidisciplinary cybersecurity team comprised of auditors, evaluators,
investigators and attorneys focused on combatting cybersecurity threats within
HHS and the healthcare industry." OIG is raising the profile of its
cybersecurity efforts for many of the same reasons other organizations are
intensifying their cyber focus, says Mac McMillan, CEO of the security consultancy
CynergisTek. "The threat has become more dangerous and more pervasive. It
puts service at risk. Privacy isn't the only thing at risk anymore. And these
incidents are costing the U.S. and businesses significant losses of
money."
AP
October 10,
2018
With the
midterm elections less than a month away, a strong majority of Americans are
concerned the nation’s voting systems might be vulnerable to hackers, according
to a poll released Wednesday. That is roughly unchanged from concerns about
election security held by Americans just before the 2016 presidential election,
but with a twist. Two years ago, it was Republicans who were more concerned
about the integrity of the election. This year, it’s Democrats. The survey from
The University of Chicago Harris School of Public Policy and The Associated
Press-NORC Center for Public Affairs Research found that Democrats have grown
increasingly concerned about election security while Republicans have grown
more confident. By 58 percent to 39 percent, Democrats are more likely than
Republicans to say they are very concerned about hackers affecting U.S.
election systems. That represents a flip from the results of a similar survey
taken in 2016.
McClatchy
October 10,
2018
Four
advocacy groups for elections and cybersecurity called Wednesday for the halt
of a pilot project in West Virginia that allows military personnel posted
overseas and other U.S. citizens living abroad to cast ballots for the 2018
midterms using a smartphone app. “Military voters … deserve any help the
government can give them to participate in democracy equally with all other
citizens. However, in this threat environment, online voting endangers the very
democracy the U.S. military is charged with protecting,” the groups said.
Proponents argued that with voter turnout so low, technology like the app is
worth the risk. The report was issued by the National Election Defense
Coalition, the nonpartisan watchdog group Common Cause, the center-right think
tank R Street Institute, and the Technology Policy Committee of the Association
for Computing Machinery, a group that says it provides neutral input on issues
involving computing technology.
Nextgov
October 9,
2018
Roughly
half of all government email domains are on track to meet an Oct. 16 deadline
to protect against phishing and impersonation scams, according to data from the
email security firm ValiMail. That’s up from just 4 percent of domains that had
implemented the tool, known as DMARC, when the Homeland Security Department
first ordered agencies to do so in October 2017. Another 25 percent of email
federal domains have set up DMARC but haven’t set it to the highest protection
level, according to the ValiMail report. DMARC stands for Domain-based Message
Authentication, Reporting and Conformance, an email protocol that verifies a
sender’s email domain. If the domain says the sender is illegitimate, DMARC can
send the email to the recipient’s spam folder or decline to deliver it
entirely.
FCW
October 9,
2018
The Army
announced that it was looking for its first colonel to join the service as part
of its direct commissioning program for civilians who specialize in
cybersecurity. The announcement comes as the Army, and Defense Department as a
whole, grapples with the problem of attracting and retaining cyber workers. The
service is hunting for the first colonel to come through its direct
commissioning program for cyber operators, Army Cyber Director Brig. Gen.
Jennifer Buckner said during a panel discussion about cyber teams at the AUSA
conference and trade show on Oct. 8. "We don't know what one looks like,
but we're ready," Buckner said.
McClatchy
October 8,
2018
Barely a
month before midterm elections, voting integrity advocates and electronic
voting experts want the federal government to issue an official warning to
states that use voting machines with integrated cellular modems that the
machines are vulnerable to hacks, potentially interfering with the ballot
counting. Once seen as a useful tool to provide quick election results, voting
machines with cellular modems are now subject to fierce debate over how easy it
would be to break into them and change the results. Such machines are certified
for use in Florida, Illinois, Michigan and Wisconsin. A spokeswoman for the
Florida Department of State, Sarah Revell, defended the certification of such
machines. “Voting machines are not connected to the internet,” Revell said in
an email to McClatchy, adding that “it is important to note that when
transmitting election data everything is encrypted and authenticated.” But a
number of voting machine researchers take issue with such assertions, saying
that cellular networks increasingly overlap with the internet and open avenues
for hackers to interfere with unofficial early results even when there are
paper ballots that can be tallied for a slower official count. They say
interfering with unofficial early results, even when corrected later, could
increase mistrust among voters and add uncertainty immediately after elections
conclude.
The
Washington Post
October 8,
2018
Federal and
state employees responsible for running government websites will soon have to
use two-factor authentication to access their administrator accounts, adding a
layer of security to prevent intruders from taking over dot-gov domains.
Officials at federal agencies such as the departments of Justice, State and
Defense can begin adding two-step verification to their accounts on Monday,
according to the General Services Administration, the agency that manages
dot-gov domains for the U.S. government. In the coming months, state and local
officials will be prompted to add the security feature. Two-factor verification
works by requiring a user to input both a password and a special code generated
by a device in the possession of an authorized user. This means even if a
password is compromised, a hacker would still need to steal a government
worker’s physical device.
INDUSTRY
The
Washington Post
October 12,
2018
An online
attack that forced Facebook to log out 90 million users last month directly
affected 29 million people on the social network, the company said Friday as it
released new details about the scope of an incident that has regulators and law
enforcement on high alert. Through a series of interrelated bugs in Facebook’s
programming, unnamed attackers stole the names and contact information of 15
million users, Facebook said. The contact information included a mix of phone
numbers and email addresses. An additional 14 million users were affected more
deeply, having additional details taken related to their profiles, such as
their recent search history, gender, educational background, geolocation data,
birth dates, and lists of people and pages they follow. Facebook said last
month that it detected the attack when it noticed an uptick in user activity.
An investigation soon found that the activity was linked to the theft of
security codes that, under normal circumstances, allow Facebook users to
navigate away from the site while remaining logged in.
Gov Info
Security
October 12,
2018
Millions of
internet-of-things devices made by a Chinese company and sold in stores such as
Home Depot and Wal-Mart still have glaring security problems, a Danish security
consultancy warns. SEC Consult writes in a blog post that it examined software
that runs on IP camera and digital video recorders made by Hangzhou Xiongmai
Technology Co. Ltd. Xiongmai was a little-known manufacturer until two years
ago when its products and those of many other IoT manufacturers were
compromised by the Mirai malware. Xiongmai has a surprisingly large reach,
however. By SEC Consult's count, its technology is incorporated into the
products of more than 100 companies, a practice known as white labeling. The
problem is that identifying products that have Xiongmai embedded inside
requires a bit of detective work, making it broadly more difficult for users of
the products to even realize their networks are at risk.
The Hill
October 11,
2018
FICO and
the U.S. Chamber of Commerce released a new tool Thursday to score how strong
businesses' protections are when it comes to cybersecurity. The tool, called
the Assessment of Business Cybersecurity (ABC), uses an algorithm known as the
FICO Cyber Risk Score to determine how secure a business or business sector is.
The algorithm considers factors like the health of a company’s network
infrastructure and the scope of their internet-exposed systems to reach a
score, similar to a credit score. “Businesses are on the front line of
cybersecurity threats. Their risk impacts our economy’s health and our national
security,” Christopher D. Roberti, senior vice president for cyber intelligence
and security policy for U.S. Chamber of Commerce, said in a statement.
CyberScoop
October 11,
2018
A newly
uncovered Android trojan can install advanced spyware on unsuspecting users’
phones under the guise that it’s just part of the operating system, according
to research from Cisco Talos out Thursday. Talos says that the malware’s
sophistication is “of an uncommonly high level, making it a dangerous threat.”
Vitor Ventura, who authored the Talos report, told CyberScoop by email that it
“appears to be a new family of malware.” After being installed and going
through some onboarding procedures, the “GPlayed” trojan has a broad range of
spying capabilities. It can exfiltrate information like texts and contacts,
track geolocation, change the lockscreen password and collect payment
credentials. Beyond that, the trojan has the built-in ability to adapt after
being installed, Talos says. It load new plugins remotely, inject new scripts
and compile new code.
Bloomberg
October 10,
2018
Ant
Financial’s Alipay and Tencent Holdings Ltd. warned that cyber-attackers
employed stolen Apple IDs to break into customers’ accounts and made off with
an unknown amount of cash, in a rare security breach for China’s top digital
payments providers. Alipay, whose parent also operates the world’s largest
money market fund, said on its Weibo blog that it contacted Apple and is
working to get to the bottom of the breach. It warned users that’ve linked
their Apple identities to any payment services, including Tencent’s WePay, to
lower transaction limits to prevent further losses. Tencent said in a separate
statement it too had noticed the cyber-heist and reached out to the iPhone
maker. China’s two largest companies both recommended that users of their
digital wallets take steps to safeguard their Apple accounts, including by
changing passwords. It’s unclear how the attackers may have gotten their hands
on the Apple IDs, which are required for iPhone users that buy content such as
music from iTunes or the app store. Apple representatives haven’t responded to
requests and phone calls seeking comment.
CyberScoop
October 10,
2018
A newly
revealed hacking group has been going after diplomatic and military targets in
a malware-less campaign that researchers say makes it difficult to detect. Over
the last 10 months, the so-called Gallmaker group has conducted what appear to
be cyber-espionage operations against several embassies belonging to an Eastern
European country, according to research from cybersecurity company Symantec
published Wednesday. The group, which researchers say is likely
state-sponsored, has also targeted military and defense organizations in the
Middle East. “The type of targets seen in the attacks really fit that of what
an espionage group would be interested in,” Jon DiMaggio, senior threat
intelligence analyst at Symantec, told CyberScoop. “If simply for financial
gain, it would be odd to restrict targets to diplomatic, military and defense
personnel.” Gallmaker’s end goal appears to collecting intelligence on its
targets in the form of documents and communications, according to DiMaggio.
The Wall
Street Journal
October 8,
2018
Google
exposed the private data of hundreds of thousands of users of the Google+
social network and then opted not to disclose the issue this past spring, in
part because of fears that doing so would draw regulatory scrutiny and cause
reputational damage, according to people briefed on the incident and documents
reviewed by The Wall Street Journal. As part of its response to the incident,
the Alphabet Inc. unit on Monday announced a sweeping set of data privacy
measures that include permanently shutting down all consumer functionality of
Google+. The move effectively puts the final nail in the coffin of a product
that was launched in 2011 to challenge Facebook Inc. and is widely seen as one
of Google’s biggest failures. A software glitch in the social site gave outside
developers potential access to private Google+ profile data between 2015 and
March 2018, when internal investigators discovered and fixed the issue,
according to the documents and people briefed on the incident. A memo reviewed
by the Journal prepared by Google’s legal and policy staff and shared with
senior executives warned that disclosing the incident would likely trigger
“immediate regulatory interest” and invite comparisons to Facebook’s leak of
user information to data firm Cambridge Analytica.
INTERNATIONAL
TechCrunch
October 12,
2018
Apple has
strongly criticized Australia’s anti-encryption bill, calling it “dangerously
ambiguous” and “alarming to every Australian.” The Australian government’s
draft law — known as the Access and Assistance Bill — would compel tech
companies operating in the country, like Apple, to provide “assistance” to law
enforcement and intelligence agencies in accessing electronic data. The
government claims that encrypted communications are “increasingly being used by
terrorist groups and organized criminals to avoid detection and disruption,”
without citing evidence. But critics say that the bill’s “broad authorities
that would undermine cybersecurity and human rights, including the right to
privacy” by forcing companies to build backdoors and hand over user data — even
when it’s encrypted.
IT World Canada
October 12,
2018
To help network defenders around the world Canada and the other members
of the Five Eyes intelligence partnership have issued a report detailing five
publicly-available tools used by threat actors, including advice on how to
limit their effectiveness and to detect their use. “Experience from all our
countries makes it clear that, while cyber actors continue to develop their
capabilities, they still make use of established tools and techniques,” says
the report, available on the home pages of each country’s cyber centre (see
below). “Even the most sophisticated groups use common, publicly-available
tools to achieve their objectives.” The tools detailed fall into five categories:
Remote Access Trojans (RATs) with the JBiFrost tool highlighted; Web Shells,
with the China Chopper tool highlighted; Credential stealers, with
Mimikatz highlighted; Lateral movement frameworks, focusing on PowerShell
Empire; and Command and Control (C2) obfuscators, with HUC Packet Transmitter
highlighted.
ZDNet
October 12,
2018
The
WannaCry ransomware cyber attack cost the National Health Service almost £100m
and led to the cancellation of 19,000 appointments, the Department of Health
has revealed. The NHS wasn't specifically targeted by the global ransomware
attack, but a significant number of hospitals and GP surgeries fell victim to
the outbreak which took advantage of a leaked NSA hacking tool to self spread
itself across vulnerable Windows systems. A patch to protect against the
EternalBlue vulnerability was released prior to the WannaCry outbreak, but
despite warnings, a number of NHS Trusts hadn't applied the update. Because of
this, one third of NHS hospital trusts and around eight percent of GP practices
found their IT systems disrupted by WannaCry ransomware, which left PCs
encrypted and unusable, causing significant disruption to patients and care.
Now, almost 18 months on from the incident, the Department of Health has
attempted to calculate the financial cost of WannaCry and puts the total figure
at £92m.
Wired
October 11,
2018
This is the
story of how the US finally achieved some leverage over China to bring a stop
to more than a decade of rampant cybertheft, how a Canadian couple became
bargaining chips in China’s desperate countermove, and how the game ended
happily—only to start up again in recent months with more rancor and new
players.
CyberScoop
October 11,
2018
New
research provides evidence linking some of the most impactful cybersecurity
incidents on record – the 2015 and 2016 attacks on the Ukrainian power grid and
the 2017 NotPetya malware outbreak – to the same set of hackers that Western
governments have linked to the Russian government. Researchers from
cybersecurity company ESET say they have laid out the first concrete, public
evidence of those ties, citing a pattern of “backdoors” — or tools for
remote access — used by the hackers. In April, ESET researchers found
that the group, which they dub TeleBots, was trying to set up a new backdoor.
ESET says this backdoor, known as Win32/Exaramel, is an “improved version” of
the “Industroyer” backdoor used in the 2016 attack on the Ukrainian power
sector, which knocked out at electrical substation outside of Kiev. The 2015
attack on the Ukrainian grid, using the group’s custom BlackEnergy malware, cut
power for some 225,000 people. The group is also referred to as “Sandworm” by
other cybersecurity firms.
BBC
October 10,
2018
A Cumbrian
council has said it will "never know" whether it was the target of a
cyber attack because it is host to the Sellafield nuclear waste plant. Copeland
Borough Council has revealed that an attack on its systems in August 2017 has
cost it about £2m. The hack locked staff out of a number of council services,
including payroll, planning and environmental health. The authority said it had
brought in experts to better protect the authority from any future attack.
Copeland, Islington and Salisbury councils were all targeted in the Bank
Holiday cyber attack, in which hackers demanded a bitcoin ransom to regain
access to encrypted files. No sensitive data was taken. Some processes were not
restored until February this year.
ZDNet
October 10,
2018
A
25-year-old Italian man pleaded guilty this week for defacing NASA websites and
60 other Italian government sites back in 2013. The suspect, identified only by
his initials of Z.R., was a member of the "Master Italian Hackers
Team" that claimed responsibility for the hacks at the time on social
media. Italian police say they tracked down the suspect after he boasted on
social media about being part of the group and participating in the hacks.
"The young man turned out to be one of the leaders," said Italian
State Police in a statement released on Monday. "The investigations led to
a search that ended with the seizure of computer devices whose content allowed
the police to acquire important clues to charge the man," State Police
said. Investigators tracked down the suspect to the city of Salò in Italy's
Brescia province.
Reuters
October 10,
2018
Vietnam is
preparing to strictly enforce a new cybersecurity law requiring global
technology companies to set up local offices and store data locally despite
pleas from Facebook, Google and other firms, a government document showed.
Vietnamese lawmakers approved the new law in June overriding strong objections
from the business community, rights groups and Western governments including
the United States, who said the measure would undermine economic development,
digital innovation and further stifle political dissent. Alphabet Inc’s Google,
Facebook and other big technology companies had hoped a draft decree on how the
law would be implemented would soften provisions they find most objectionable.
But the document seen by Reuters indicates those hopes are unlikely to
materialize, potentially setting up a showdown over whether the companies will
ultimately comply with the law or pull out of the country.
Reuters
October 8,
2018
Russia has
carried out cyber attacks on Latvia's foreign and defense apparatus and other
state institutions, a Latvian intelligence agency said on Monday. Russia's
military intelligence agency (GRU) has tried to access information by e-mail
phishing attacks against government computers in "recent years",
Latvia's Constitution Protection Bureau said. "The cyber attacks in Latvia
were carried out by the GRU for espionage purposes, and the most frequent
attacks were directed against state institutions, including the foreign and
defense sectors," it said in a statement. No attacks directed at
influencing last weekend's parliamentary elections were detected, it said.
Several Western countries issued coordinated denunciations of Russia last week
for running what they described as a global hacking campaign, targeting institutions
from sports anti-doping bodies to a nuclear power company and the chemical
weapons watchdog.
The Times
October 7,
2018
Defence
chiefs have war-gamed a massive cyber-strike to black out Moscow if Vladimir
Putin launches a military attack on the West, after concluding that the only
other way of hitting back would be to use nuclear weapons. Senior security
sources have told The Sunday Times they are concerned that Britain has a
capability gap that has left commanders with too few weapons to meet Kremlin
aggression short of firing a Trident nuclear missile. Planning exercises on the
threat posed by Russia have left officials “ashen-faced” at the speed with
which confrontation with Moscow could escalate.
TECHNOLOGY
Gov Info Security
October 12,
2018
Since the
end of last year, cryptojacking - the hidden mining of virtual currencies - has
been a focus for many online attackers, usurping the dominance of ransomware
attacks. Blame the explosion in cryptocurrencies' value at the end of 2017,
after which many cybercriminals came calling. As they shifted their focus, the
growth in banking Trojan and ransomware attacks slowed, although both continue.
Cryptojacking attacks are continuing to to rise, says Europol, the EU's law
enforcement intelligence agency. Such illicit cryptomining involves attackers
exploiting computer users' bandwidth and processing power to "mine"
for cryptocurrency, solving mathematical problems that build the
cryptocurrency's blockchain. In return, participants can receive cryptocurrency
as a reward.
Nextgov
October 10,
2018
As
cyberattacks and data breaches make Social Security numbers increasingly
insecure, the government needs to explore new ways to verify people’s
identities, according to a recent report. “This nine-digit number has become
the core credential for government and commercial purposes—things for which it
was never designed,” cybersecurity researchers at McAfee and the Center for
Strategic and International Studies wrote in a report published Wednesday. “The
[Social Security number] faces significant problems as an identifier, and after
80 years, it is time to modernize it.” In 2015, experts estimated between 60
and 80 percent of Social Security numbers had at some point been stolen by
hackers, and that was before the massive breach at Equifax exposed information on
143 million Americans last year. As a result, for most people, the number “is
no longer a secret,” researchers said. Still, the government needs some
mechanism to authenticate identity and connect records to a specific
individual, they said. Instead of exploring brand new authentication system,
researchers argued for modernizing the Social Security number to make it harder
to steal and easier to secure if it does get compromised. They concluded
creating a “smart” Social Security card would be the best strategy.
by Nick
Leiserson
Official Corruption Prosecutions Drop Under Trump
-
'Bad decision': NSW Labor MP sorry for linking Twitter followers to KKK leader's website
NSW Labor MLC Shaoquett Moselmane says his decision to link Twitter followers to a story on the website of a former Ku Klux Klan leader was "a bad mistake".
