“When someone is mean to me, I just make them a victim in my next book.”
―
Robocall Scams Exist Because They Work—One Woman’s Story Shows How (Wall Street Journal)
– “The FBI agent sounded official on the phone. He gave Nina Belis his
badge number and a story about how her identity had been compromised.
She gave him her life’s savings. For most Americans, robocalls are an
annoyance. For Ms. Belis, an oncology nurse in her 60s, a
law-enforcement
Why Data Is Not the New Oil - Truth on the Market
– “…People who analogize data to oil or gold may merely be trying to
convey that data is as valuable in the 21st century as those commodities
were in the 20th century (though, as argued, a dubious proposition). If
the comparison stopped there, it would be relatively harmless. But
there is a real risk that policymakers might take the analogy literally
and regulate data in the same way they regulate commodities…A
better—though imperfect—analogy, as author Bernard Marr suggests, would
be renewable energy. The sources of renewable energy are all around
us—solar, wind, hydroelectric—and there is more available than we could
ever use. We just need the right incentives and technology to capture
it. The same is true for data. We leave our digital fingerprints
everywhere—we just need to dust for them…”
Nextgov
November
21, 2019
Foreign
adversaries are increasingly turning to cyberattacks to disrupt the U.S.
economy, steal trade secrets and undermine the political process, and Congress
is teaming with government and industry experts to fight back. Lawmakers in May
stood up the Cyberspace Solarium Commission, a 16-person panel charged with
reviewing U.S. cyber strategy and recommending policy changes to improve the
country’s response to digital threats. The group, whose members include
lawmakers, high-ranking national security officials and a smattering of
industry experts, is expected to release its findings around the end of the
year.
FCW
November
20, 2019
Expert
witnesses warned Congress that the U.S. government has largely failed to
address known security shortfalls leading up to 2020 and future elections. Much
of the election security debate in Washington since 2016 has focused on
improving baseline protections for voting machines, but witnesses at a Nov. 19
House Homeland Security Committee hearing noted that similar deficiencies also
exist when it comes to protecting political campaigns from compromise by
foreign intelligence services and preventing foreign and domestic
disinformation. In his opening statement, Georgetown University professor
Matthew Blaze noted that the current generation of voting machines used in U.S.
elections were never designed to combat attacks or threats from adversarial
foreign governments with the resources to penetrate the global supply chain or
obtain software source code before it's even shipped to election officials.
"The intelligence services of even small nations can marshal far greater financial,
technical and operational resources than would be available to even highly
sophisticated criminal conspiracies," Blaze said.
Gov Info
Security
November
20, 2019
A
bipartisan group of eight U.S. senators is urging National Security Adviser
Robert O'Brien to appoint a special coordinator to oversee the rollout of 5G
cellular networks. The coordinator would address security issues and coordinate
the efforts of federal agencies. The Monday letter from senators who serve on
the intelligence, foreign relations, armed services and government affairs
committees states that because of the different approaches by the federal
agencies involved, there's no coherent national 5G strategy. "Without a
national strategy, facilitated by a common understanding of the geopolitical
and technical impact of 5G and future telecommunications advancements, we expect
each agency will continue to operate within its own mandate, rather than
identifying national authority and policy deficiencies that do not neatly fall
into a single department or agency," the letter states.
Nextgov
November
20, 2019
The Senate
Energy and Natural Resources Committee on Tuesday advanced legislation that
would devote hundreds of millions of dollars to securing the nation’s power
grid. The Protecting Resources on the Electric Grid with Cybersecurity
Technology, or PROTECT, Act, would create a federal grant program to help small
utilities companies strengthen the cyber protections on their infrastructure
and more actively participate in information sharing efforts. Spearheaded by
the Energy Department, the program would also offer participants technical
assistance in detecting, responding to and recovering from cyberattacks. The
bill would provide $250 million to fund the program from 2020 to 2024. It would
also stand up a commission to study and recommend strategies to incentivize
public utilities to invest in cybersecurity and enter information sharing
agreements. The legislation, sponsored by Sens. Lisa Murkowski, R-Alaska, Joe
Manchin, D-W.V., James Risch, R-Idaho, Maria Cantwell, D-Wash., and Angus King,
I-Maine, passed the committee by voice vote. “Our electric grid is increasingly
exposed to potentially devastating cyber and physical attacks,” Manchin said
during the markup. “The PROTECT Act would create key incentives to expand
utilization of advanced cybersecurity tools amongst our power generators to
increase our security posture.”
The Hill
November
19, 2019
A group of
three Senate Democrats is urging the Department of Homeland Security’s (DHS)
cyber agency to help fund cybersecurity threat information-sharing centers
involved in election security efforts. In a letter sent on Monday to
Christopher Krebs, the director of DHS’s Cybersecurity and Infrastructure
Security Agency, Senate Minority Leader Charles Schumer (D-N.Y.), and Sens.
Maggie Hassan (D-N.H.) and Gary Peters (D-Mich.) expressed concerns around the
funding level for two information-sharing groups. Specifically, the senators
noted that DHS’s proposed fiscal 2020 budget covers only around 70 percent of
the estimated $15 million it would take for the Center for Internet Security to
run both the Multi-State Information Sharing and Analysis Center (MS-ISAC) and
the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC).
“Recently, across the nation our cities and states have suffered from
debilitating ransomware attacks that are carried out to extort public funds,”
the senators wrote. “Local governments – including small towns, counties, and
school districts - simply do not have the budgets, the personnel, or the
expertise necessary to deploy sophisticated tools in order to defend themselves
against this evolving threat environment.”
The New
York Times
November
18, 2019
Rudolph W.
Giuliani, the former New York mayor at the center of the impeachment
investigation into the conduct of Ukraine policy, makes a living selling
cybersecurity advice through his companies. President Trump even named him the
administration’s first informal “cybersecurity adviser.” But inside the
National Security Council, officials expressed wonderment that Mr. Giuliani was
running his “irregular channel” of Ukraine diplomacy over open cell lines and
communications apps in Ukraine that the Russians have deeply penetrated. In his
testimony to the House impeachment inquiry, Tim Morrison, who is leaving as the
National Security Council’s head of Europe and Russia, recalled expressing
astonishment to William B. Taylor Jr., who was sitting in as the chief American
diplomat in Ukraine, that the leaders of the “irregular channel” seemed to have
little concern about revealing their conversations to Moscow. “He and I
discussed a lack of, shall we say, OPSEC, that much of Rudy’s discussions were
happening over an unclassified cellphone or, perhaps as bad, WhatsApp messages,
and therefore you can only imagine who else knew about them,” Mr. Morrison
testified. OPSEC is the government’s shorthand for operational security.
The Hill
November
18, 2019
2020
presidential candidate Sen. Amy Klobuchar (D-Minn.) on Monday published a
strategy for how she would secure elections against cyber and disinformation threats
if elected president, the same day she joined a group of Senate Democrats in
pushing for election security funding. In her plan, Klobuchar, who is a
longtime advocate in the Senate for election security efforts, zeroed in on
improving the transparency of political ads on social media, combating
disinformation, and promoting cybersecurity. Key parts of the strategy include
Klobuchar’s intention to issue an executive order that would bolster
government-wide cybersecurity efforts, and launch a “cabinet-level taskforce”
that would coordinate across federal agencies and with state and local
governments to better address cyber threats to elections. Klobuchar would also
require states to use paper ballots as a way to prevent cyber tampering with
the vote, and set “strong cybersecurity standards” for voting infrastructure.
ADMINISTRATION
FCW
November
22, 2019
The
Department of Homeland Security has announced a partnership with election
nonprofit VotingWorks to pilot new open-source post-election auditing software
in several states ahead of the 2020 U.S. elections. The software, Arlo, was
developed by VotingWorks as a free, open-source tool to help states conduct
post-election audits to verify voting results. DHS said that election officials
from Pennsylvania, Michigan, Missouri, Virginia, Ohio and Georgia have already
signed on to the pilot and that earlier iterations of Arlo have already been
deployed by several states in off-year elections held this month. "At a
time when we know foreign actors are attempting to interfere and cast doubt on
our democratic processes, it's incredibly important elections are secure,
resilient, and transparent," Cybersecurity and Infrastructure Security
Agency Director Christopher Krebs said in a statement. "For years, we have
promoted the value of auditability in election security, it was a natural
extension to support this open source auditing tool for use by election
officials and vendors, alike."
CyberScoop
November
21, 2019
State-sponsored
cyberattacks against just one victim nation at a time could soon provoke a
global response, if a growing number of officials around the world have their
way. As the Pentagon has experimented with new authorities allowing U.S. Cyber
Command to be more offensive in cyberspace, key officials have suggested there
is a groundswell of support for multi-nation countermeasures in the digital
age. Thomas Wingfield, the incoming deputy assistant secretary of Defense for
cyber policy, told CyberScoop that alliances could be a more successful way to
deter hackers and strike back when they infiltrate sensitive networks. “I think
that’s a more effective way to solve the problem, and I think that is the
general [direction] of international law,” said Wingfield, who is still
employed at National Defense University. “But I would also say we’re not there
yet and states are in the process of moving international law in that
direction.”
FCW
November 21,
2019
Jeanette
Manfra, the longstanding and well-respected leader who helped stand up the
Cybersecurity and Infrastructure Security Agency at the Department of Homeland
Security, is leaving at the end of the year. "After 12 years at DHS, I'll
be leaving CISA at the end of this year. This is not an easy decision, as it's
been one of my greatest honors to work alongside such a remarkable team on this
incredibly important mission," Manfra wrote on Twitter. "Together,
not only did we establish CISA, the nation's first civilian cybersecurity
agency, but we have also made great strides towards protecting our country from
cyber threats." Manfra is one of the most senior and tenured leaders at
CISA and its predecessor agency, the National Protection and Programs
Directorate. Prior to her post as assistant secretary/director at CISA and NPPD,
she also served stints as senior counselor to the secretary of Homeland
Security on cybersecurity matters and director of critical infrastructure
cybersecurity on the National Security Council.
Ars
Technica
November
21, 2019
In October,
the Federal Bureau of Investigation issued a warning of increased targeting by
ransomware operators of "big game"—targets with deep pockets and
critical data that were more likely to pay ransoms to restore their systems.
The past week has shown that warning was for good reason. On November 18, a
ransomware attack caused Louisiana's Office of Technology Services to shut down
parts of its network, including the systems of several major state agencies.
These included the governor's office, the Department of Health (including
Medicare systems), the Department of Children and Family Services, the
Department of Motor Vehicles, and the Department of Transportation. Louisiana
Governor John Bel Edwards activated the state's cybersecurity response team.
While some services have been brought back online—in some cases, within
hours—others are still in the process of being restored. Most of the
interrupted services were caused by "our aggressive actions to combat the
attack," according to Louisiana Commissioner of Administration Jay
Dardenne. "We are confident we did not have any lost data, and we
appreciate the public's patience as we continue to bring services online over
the next few days."
Reuters
November
21, 2019
Cleveland
Federal Reserve President Loretta Mester said on Thursday that financial firms
and regulators should be more agile and share information to better combat
cybersecurity threats. Financial firms should be stress-tested to evaluate
their ability to handle a cyber attack, Mester recommended during a conference
on financial stability hosted by the Cleveland Fed. "Such a test could
help evaluate the financial system's plans for data and core systems recovery
and its reliance on third parties to implement that plan," she said. As
part of the testing, firms should have a plan for how they will ensure data is
protected and make sure it has not been altered. Regulators could consider
using simulations to test how firms would recover from an attack, based on
tactics used during real attacks, Mester said. The examinations could also look
at firms' ability to resume business after an attack that corrupts data and
affects multiple institutions, modeling an approach used by the Bank of
England.
FCW
November
20, 2019
The Office
of Management and Budget has released updated guidance to federal civilian
agencies on complying with the Federal Information Security Management Act,
outlining timelines and deliverables for reporting security incidents,
information sharing and vulnerability scans of federal systems and websites.
The memo specifies that annual reports from each agency to Congress are due no
later than March 2, 2020, and outlines a host of new deadlines. Chief Financial
Officer Act agency CIOs are expected to update the metrics they use for
evaluating the security of their systems and identifying high-value assets on a
quarterly basis, while non-CFO Act agencies must do the same twice a year.
Under FISMA, civilian agencies are required to report security incidents to the
Cybersecurity and Infrastructure Security Agency at the Department of Homeland
Security, including the attack vector used, impact category and other
attributes.
Nextgov
November
19, 2019
An
overabundance of cybersecurity leaders across federal agencies is hindering the
government’s ability to adapt to the changing digital landscape, according to a
top Homeland Security Department official. Agencies must be able to act swiftly
to keep their tech ecosystems secure against a constantly evolving array of
digital threats, but excessive bureaucracy within the federal cyber community
is impeding that quick action, according to Mark Bristow, director of the hunt
and incident response team within Homeland Security’s National Cybersecurity
and Communications Integration Center. Though it’s critical to have different
groups weigh in on cybersecurity policies, he said, today there are too many
cooks in the kitchen to execute a coherent, unified strategy. “We have too many
[chief information security officers] in the government,” Bristow said Tuesday
at the Cyber Summit hosted by Nextgov and Defense One. “I understand why they’re
there ... but it really gets in the way of setting strategic vision. You have
all these people who have slightly conflicting guidance and opinions ... and
what happens is you start to get organizational stagnation because you can’t
make any decisions, and therefore you can’t make any progress.” And according
to Bristow, adversaries are already exploiting that stagnation. “They know that
this is how this works, they count on it with their tactics and techniques,” he
said. “We need to flip our operational paradigm in a way that frustrates the
adversary."
INDUSTRY
CyberScoop
November
22, 2019
Twitter says
it will allow users to remove their phone numbers from the secure login
process, a move that has triggered widespread praise from the security
community. Users can now use a one-time code, an app or a physical security key
to as a second factor of authentication into their account. Before Thursday,
Twitter customers trying to login in a secure way only could enter their
username and password, then ask the site to send them an SMS message to verify
their identity. The company also forced users who did use a third-party
authentication app to use their phone number to sign up. Facebook announced in
May 2018 it would stop requiring phone numbers for multi-factor authentication.
Now, amid a growing body of evidence hackers can subvert text-based
authentication, Twitter is expanding its options.
Ars
Technica
November
21, 2019
Google will
pay up to $1.5 million for the most severe hacks of its Pixel line of Android
phones, a more than seven-fold increase over the previous top Android reward,
the company said. Effective immediately, Google will pay $1 million for a “full
chain remote code execution exploit with persistence which compromises the
Titan M secure element on Pixel devices,” the company said in a post published
on Thursday. The company will also pay $500,000 for exploits that exfiltrate
data out of a Pixel or bypass its lock screen. Google will offer a 50 percent
bonus to any of its rewards if the exploit works on specific developer preview
versions of Android. That means a critical Titan M hack on a developer preview
could fetch $1.5 million, and a data exfiltration or lockcscreen bypass on a
developer preview could earn $750,000, and so on. Previously, rewards for the
most severe Android exploits topped out at $200,000 if they involved the
trusted execution environment—an independent OS within Android for handling
payments, multi-factor authentication, and other sensitive functions—and
$150,000 if they involved compromise only on the Android kernel.
Gov Info
Security
November
21, 2019
Target has
filed a lawsuit against its long-time insurer, ACE American Insurance Co., in
an attempt to recoup money it spent to replace payment cards as part of
settlements over the retailer's massive 2013 data breach. The lawsuit, filed
Nov. 15 in U.S. District Court in Minnesota, claims the insurer owes Target
approximately $74 million for coverage of its costs for replacing payment
cards. The Target breach resulted in the compromise of payment card details for
41 million customers and the exposure of contact information for more than 60
million. The security incident sparked several lawsuits as well as federal and
state investigations. In May 2016, Target settled a class action lawsuit
brought by several banks that issued new payment cards to the retailer's
customers, according to the retailer's lawsuit. Target says it paid $138
million to settle these claims and cover attorneys' fees.
CyberScoop
November
20, 2019
As a court
weighs the proposed class action settlement stemming from Equifax’s 2017 data
breach, an independent legal watchdog is saying the agreement fails to treat
victims equally. The nonprofit Center for Class Action Fairness, which
advocates on behalf of consumers involved in class action suits, said in a
court filing Tuesday the Equifax settlement — which proponents value at $700
million — “flunks” federal requirements for fairness and adequacy. This is the
same agreement that Equifax said would include up to $425 million for customers
who were affected by the data breach, which compromised information about 147 million
Americans. After suggesting individual customers could be paid up to $125 under
certain conditions or accept free credit monitoring, Equifax introduced new
requirements forcing Americans to prove they had credit monitoring in place at
the time of the breach, otherwise they would be paid nothing. The terms of the
deal could result in Americans receiving just cents, rather than the $125 they
would expect, legal observers have warned.
Ars Technica
November
19, 2019
In a post
yesterday to the Microsoft Tech Community blog, Microsoft Windows Core
Networking team members Tommy Jensen, Ivan Pashov, and Gabriel Montenegro
announced that Microsoft is planning to adopt support for encrypted Domain Name
System queries in order to "close one of the last remaining plain-text
domain name transmissions in common web traffic." That support will first
take the form of integration with DNS over HTTPS (DoH), a standard proposed by
the Internet Engineering Task Force and supported by Mozilla, Google, and
Cloudflare, among others. "As a platform, Windows Core Networking seeks to
enable users to use whatever protocols they need, so we’re open to having other
options such as DNS over TLS (DoT) in the future," wrote Jensen, Pashov,
and Montenegro. "For now, we're prioritizing DoH support as the most
likely to provide immediate value to everyone. For example, DoH allows us to
reuse our existing HTTPS infrastructure." But Microsoft is being careful
about how it deploys this compatibility given the current political fight over
DoH being waged by Internet service providers concerned that they'll lose a
lucrative source of customer behavior data.
BBC
November
19, 2019
Thousands
of Disney customers say they have been hacked after signing up to its online
streaming service. Since Disney+ went live, attackers have stolen thousands of
customers' accounts and put them up for sale on the dark web, according to a
report. People waited on telephone and online chat lines for hours, and many
still say that Disney has yet to sort their problems. But the firm says it does
not believe its systems have been compromised. "Disney takes the privacy
and security of our users' data very seriously and there is no indication of a
security breach on Disney+," a spokesman said. The statement indicates
that members' details have been stolen by other means. That could involve
spyware on users' devices or the re-use of login details stolen from elsewhere.
Disney's answer to Netflix, Disney+ is an online platform where fans can view
its movies, short films and TV shows, including the Marvel and Star Wars
franchises.
Financial
Times
November
19, 2019
Data
breaches can be expensive — just ask Marriott. The hotel group said last
November that hackers had been accessing its database since 2014, compromising
up to 339m guest records. Since then it has incurred $100m costs relating to
the hack and that is before a potential £99m fine levied under EU rules.
However, the effect has been cushioned by insurance policies, which have paid
out $102m to the company. Cyber cover is one of the fastest growing parts of
the insurance industry. High profile data breaches and ransomware attacks —
such as the WannaCry and NotPetya attacks in 2017 — have convinced companies
they need protection. “NotPetya was a huge trigger for buying outside the US as
[companies] saw what business interruption really looks like,” says Sarah
Stephens, the cyber, media and technology practice leader at insurance broker
Marsh JLT Specialty.
Gov Info
Security
November
19, 2019
Department
store giant Macy's says hackers successfully infiltrated its e-commerce site
and stole customer data, including financial information. A data breach
notification from Macy's, dated Nov. 14, says that the company received an
alert about "a suspicious connection between macys.com and another
website" on Oct. 15, which led it to immediately launch an investigation.
"We quickly contacted federal law enforcement and brought in a
leading-class forensics firm to assist in our investigation," says
Cincinnati-based Macy's, which reported 2018 sales of $25 billion. The company
operates about 680 department stores under the Macy's and Bloomingdale's
brands, while also running a further 190 specialty stores under such names as
Bloomingdale's The Outlet and Macy's Backstage, across 43 states, as well as
Puerto Rico, Guam and Washington.
CNBC
November
16, 2019
More than
6,500 government officials and big players in the energy sector came together
this week to conduct a simulated cyberattack on the electrical grid. The event
is called GridEx, and takes place every two years. It imagines the U.S. under
attack from a foreign country, through the power grid. It’s a scenario that
planners say is unlikely, a black swan event, but one that could have
devastating impacts if it came to fruition. Those ripple effects could go far
beyond leaving homes without heat or citizens without smartphones, bringing
down big portions of the telecommunications, media and finance sectors. This is
why, organizers said, they aimed to gather as many stakeholders as they could
to run through how they would respond. Gridex organizers based the potential
attack scenario on real events and intelligence, said Karen Evans, a
cybersecurity specialist at the Department of Energy, on Thursday. Countries
like Russia, China and Iran have either attacked foreign grids or conducted
reconnaissance on the U.S. grid, according to U.S. intelligence agencies.
INTERNATIONAL
Wired
November 21,
2019
The Russian
state-sponsored hackers known as Sandworm have launched some of the most
aggressive and disruptive cyberattacks in history: intrusions that planted
malware inside US electric utilities in 2014, operations that triggered
blackouts in Ukraine—not once, but twice—and ultimately NotPetya, the most
costly cyberattack ever. But according to Google, several of Sandworm's quieter
operations have gone unnoticed in recent years. At the CyberwarCon conference
in Arlington, Virginia today, Google security researchers Neel Mehta and Billy
Leonard described a series of new details about Sandworm's activities since
2017 that ranged from its role in targeting the French election to its attempt
to disrupt the last Winter Olympics to—perhaps the most unlikely new example of
Sandworm's tactics—attempting to infect large numbers of Android phones with
rogue apps. They even tried to compromise Android developers, in an attempt to
taint their legitimate apps with malware.
Fifth
Domain
November 20,
2019
NATO has
declared cyberspace a domain of warfare it must operate in and called on the
integration of cyber alongside operations. However, as a defensive alliance, it
has declared it won’t seek offensive cyber capabilities itself, instead relying
on the capabilities of voluntary member states. This approach, while not
insurmountable, poses significant challenges to operations, experts claim. “The
idea of sovereign cyber effects provided voluntarily by allies is good. But …
that will not fall under the command and control of the actual NATO commander,”
David Bailey, senior national security law advisor for Army Cyber Command, said
Nov. 19 at the 2019 International Conference on Cyber Conflict U.S. (CyCon
U.S.) in Arlington. “It will still fall under the command and control of the
country that contributes. In my mind, it’s going to be difficult to achieve
that level of coordination that we’re used to in military operations, even in a
NATO context.” Sovereign cyber effects provided voluntarily by allies is the
concept NATO is looking to implement. Cyber and NATO experts have explained
that if a cyber effect is needed for a particular operation, those with the
capability, capacity, authority and access will volunteer to provide it on
behalf of the alliance. Several experts have said members states that are both
willing and capable of offensive operations number about a half dozen.
Wired
November 20,
2019
Iranian
hackers have carried out some of the most disruptive acts of digital sabotage
of the last decade, wiping entire computer networks in waves of cyberattacks
across the Middle East and occasionally even the US. But now one of Iran's most
active hacker groups appears to have shifted focus. Rather than just standard
IT networks, they're targeting the physical control systems used in electric
utilities, manufacturing, and oil refineries. At the CyberwarCon conference in
Arlington, Virginia, on Thursday, Microsoft security researcher Ned Moran plans
to present new findings from the company's threat intelligence group that show
a shift in the activity of the Iranian hacker group APT33, also known by the
names Holmium, Refined Kitten, or Elfin. Microsoft has watched the group carry
out so-called password-spraying attacks over the past year that try just a few
common passwords across user accounts at tens of thousands of organizations.
That's generally considered a crude and indiscriminate form of hacking. But
over the last two months, Microsoft says APT33 has significantly narrowed its
password spraying to around 2,000 organizations per month, while increasing the
number of accounts targeted at each of those organizations almost tenfold on
average.
Reuters
November
19, 2019
Britain’s
opposition Labour Party was using a $20-a-month “basic security” service to
protect its website when hackers attempted to force it offline last week and
temporarily slowed down online campaigning, according to internal emails seen
by Reuters. Such entry-level protection is not recommended for large
organizations at high risk of cyberattacks, but the messages show Labour has
since decided against upgrading to an increased security package on grounds of
cost. Labour and Britain’s governing Conservative Party were hit by
back-to-back cyberattacks last week, just days into an election campaign
security officials have warned could be disrupted by foreign hackers. Labour
uses the services of cybersecurity firm Cloudflare to help protect its website
from attacks, party emails show, but only the level the company recommends for
“professional websites, blogs, and portfolios requiring basic security.”
AP
November 19,
2019
Deployed
inside the sprawling communist-era army command headquarters in Montenegro’s
capital, an elite team of U.S. military cyber experts are plotting strategy in
a fight against potential Russian and other cyberattacks ahead of the 2020
American and Montenegrin elections. With its pristine rocky mountains, lush
green forests and deep blue seas, the tiny Balkan state seems an unlikely
location for waging global cyber warfare. But after the newest NATO nation was
targeted by Russia-linked hackers and following a Moscow-backed coup attempt in
Montenegro in 2016, the U.S. military dispatched their cyber experts to the
Adriatic Sea nation. Montenegro is in the Balkans, a strategic area where
Russia has been seeking to restore its historic influence. The country of just
over 600,000 people joined NATO in 2017, defying strong opposition from Moscow.
It has proven to be a key Western ally in the volatile region that went through
a devastating war in the 1990s’. Montenegrin Defense Minister Predrag Boskovic
— careful not to mention Russia — said preventing cyberattacks and
disinformation campaigns is key to protecting the Balkans from returning to the
chaos of the war years in the 1990s, when tens of thousands of people died
during the breakup of the former Yugoslavia.
CyberScoop
November 18,
2019
A
cybercrime-focused resolution backed by Russia passed Monday in the United
Nations, despite calls from the U.S. that the measure would further hamper
efforts to root out crime on the internet. The resolution, which passed 88-58
with 34 abstentions, aims to establish a group to examine cybercrime and set up
a convention to prevent it. However, human rights groups have argued that the
resolution is actually an effort by the Kremlin to expand its model of
state-backed internet control. In particular, the resolution calls for a check
on the “use of information and communications technologies for criminal
purposes.” Which activities it aims to curb exactly is unclear. Thirty-six
rights groups argue in a letter that the resolution is so vague that it could
lead to the criminalization of ordinary online activities that journalists,
human rights groups, and other members of civil society rely on, such as using
encrypted chat applications. The resolution could also “give wide-ranging power
to governments to block websites deemed critical of the authorities, or even
entire networks, applications and services that facilitate online exchange of
and access to information,” the coalition of organizations, which includes the
Electronic Frontier Foundation, writes in its appeal.
Gov Info
Security
November 18,
2019
The
Australian Parliament's computer network was compromised in January after
politicians browsed a legitimate website that was compromised. Sen. Scott Ryan,
president of the Senate, revealed the style of attack, which hadn't been
discussed before, on Thursday during a hearing of the Finance and Public
Administration Legislation Committee. A transcript of the hearing is posted on
Parliament's website. "While I do not propose to discuss operational
security matters in detail, I can state that a small number of users visited a
legitimate external website that had been compromised," Ryan says.
"This caused malware to be injected into the Parliamentary Computing
Network." In February, Prime Minister Scott Morrison said a
"sophisticated state actor." widely speculated to be China, was
likely behind a breach of Parliament's network. In September, Reuters reported
that Australia's intelligence agencies concluded that China was behind the
attack against Parliament, along with attacks against three political parties ahead
of May's general election. The Australian Signals Intelligence Organization
concluded that China's Ministry of State Security was involved. The conclusion
was recommended to be kept secret to avoid disrupting trade relations with
China, Reuters reported. China disputed the finding.
TECHNOLOGY
ZDNet
November
20, 2019
A
cybercrime group is enslaving Linux servers running vulnerable Webmin apps into
a new botnet that security researchers are currently tracking under the name of
Roboto. The botnet's appearance dates back to this summer and is linked to the
disclosure of a major security flaw in a web app installed on more than 215,000
servers -- which is the perfect cannon fodder to build a botnet on top. Back in
August, the team behind Webmin, a web-based remote management app for Linux
systems, disclosed and patched a vulnerability that allowed attackers to run
malicious code with root privileges and take over older Webmin versions.
Because of the security flaw's easy exploitation and the vast number of
vulnerable systems, attacks against Webmin installs began days after the
vulnerability was disclosed.
Ars Technica
November
19, 2019
The
official site for the Monero digital coin was hacked to deliver
currency-stealing malware to users who were downloading wallet software,
officials with GetMonero.org said on Tuesday. The supply-chain attack came to
light on Monday when a site user reported that the cryptographic hash for a
command-line interface wallet downloaded from the site didn't match the hash
listed on the page. Over the next several hours, users discovered that the
miss-matching hash wasn't the result of an error. Instead, it was an attack
designed to infect GetMonero users with malware. Site officials later confirmed
that finding. "It's strongly recommended to anyone who downloaded the CLI
wallet from this website between Monday 18th 2:30 AM UTC and 4:30 PM UTC, to
check the hashes of their binaries," GetMonero officials wrote. "If
they don't match the official ones, delete the files and download them again.
Do not run the compromised binaries for any reason."
