Rohan Arnold will be eligible for parole in 2037. (Supplied) Canberra businessman Rohan Arnold has been sentenced to a maximum 27 years in prison over his role in attempting to import 1.28 tonnes of cocaine into Australia.Key points:Canberra businessman Rohan Arnold was arrested at a Belgrade Hotel in 2018He pleaded guilty to conspiring to import more than $500 million worth of cocaineHe received the maximum sentence of 27 years but will be eligible for parole in 2037 Arnold, 45, pleaded guilty to conspiring to import the drugs, which had a street value of more than $500 million.The Australian Federal Police (AFP) intercepted the cocaine in April 2017, which was hidden inside a shipping container carrying 2576 smaller pre-fabricated steel containers. After the drugs were seized, Arnold and his two co-accused attempted to recover the shipment in Serbia.However, he was arrested in January 2018 at a Belgrade Hotel after an undercover police operation.
Plutus money invested in Sydney apartment project
'There must be consequences': Australia, US and UK slam Russia over Georgian hacking
Foreign Minister Marise Payne says Russia must face consequences for its ongoing efforts to destabilise democracies.
Spy agency could soon be hunting Australian cyber criminals with new powers
Coming Cyber Commission Report Loaded with 75 Ways to Improve Security—Plus the Bill Proposals
Nextgov
February
14, 2020
Come March
11 the Congressionally chartered Cyberspace Solarium Commission will issue an
estimated 75 recommendations—including to streamline Congressional oversight
and for industry to provide incident reporting—most of which will be
accompanied by legislative language, according to the commission’s top staffer.
The 14-member commission includes the four lawmakers—from the House and Senate—
private-sector leaders, executive-branch agency heads and cybersecurity
thinkers working on a strategy to blunt the harm of cyberattacks. They are
required by the latest National Defense Authorization Act to issue their
recommendations by April. “A little less than 50 of the 75 recommendations have
congressional action required,” said Mark Montgomery, executive director of the
commission. “We’ve written legislative proposals, whether it’s a line in, line
out amendment to a bill or a straight bill, so that the four congressional
leaders can take them into their home [committees] and begin to work that
legislation right into law.” Montgomery spoke along with Rep. Jim Langevin,
D-R.I., a commission member and chairman of a House Armed Services Committee
panel on emerging technology, at an event hosted by BSA | The Software Alliance
today.
Federal
News Network
February
13, 2020
Exactly a
month out from when the Census Bureau will roll out its internet self-response
platform for the 2020 population count, the Government Accountability Office
has flagged significant IT challenges, “including those related to addressing
cybersecurity weaknesses in a timely manner.” While the bureau successfully
deployed five IT systems last month that support recruiting and hiring
activities, Nick Marinos, GAO’s director of IT and cybersecurity, said the
bureau faces challenges rolling out five of the remaining 11 systems, including
four that support internet-self response. All told, the bureau will rely on 52
IT systems for decennial count operations. The bureau has worked closely with
the Department of Homeland Security and its Cybersecurity and Infrastructure
Security Agency to tackle challenges that include addressing cyber
vulnerabilities, protecting the privacy of census responses and curbing
disinformation about the count online. However, GAO has previously recommended
that the bureau address concerns on its cyber to-to list “in a more prioritized
and timely way,” Marinos said.
The Hill
February
11, 2020
Top federal
and state officials pressed a Senate committee on Tuesday to provide more
resources and authorities to fight cyberattacks, an issue of increasing concern
in the wake of debilitating attacks on governments entities this past year. Senior
cybersecurity and tech leaders from Michigan and Texas noted during their
testimony before the Senate Homeland Security and Governmental Affairs
Committee that efforts to combat cyberattacks have been hampered by a lack of
federal resources, particularly from the Department of Homeland Security (DHS).
“We see the intent everyday of DHS trying to get everywhere across the state,
particularly in the run-up to the elections, and I think it’s just a matter of
they need more boots on the ground, and they need a specific state
representative to get more familiar with that state,” Christopher DeRusha, the
chief security officer within Michigan’s Cybersecurity and Infrastructure
Protection Office, told lawmakers.
Nextgov
February
11, 2020
A
bipartisan bill that would compel internet service providers to share details
of vulnerable entities with the Cybersecurity and Infrastructure Security
Agency is not currently being considered for a markup due to concerns over
privacy violations, according to Sen. Ron Johnson, R-Wisc. “We’re trying to
create the desire for it,” Johnson, chairman of the Senate Homeland Security
and Governmental Affairs Committee, told reporters after a hearing today where
CISA Director Christopher Krebs stressed the importance of the Cybersecurity
Vulnerability Identification and Notification Act. The bill is sponsored by
Johnson and committee Democrat Maggie Hassan of New Hampshire. A related bill
recently cleared the equivalent committee in the House. On the subpoena power,
Johnson said, “There’s some opposition we have to bat down, so I can’t really
talk [markup] timing right now.” He said the opposition was in the form of
“general privacy concerns.”
Tech
Crunch
February
10, 2020
I cannot
think of a reason not to share this with the public,” Brianna Wu tweeted. “Two
of my non-campaign Google accounts were compromised by someone in Russia,” she
said. Wu isn’t just any other target. As a Democratic candidate for the U.S.
House of Representatives in Massachusetts’ 8th District, she has a larger
target on her back for hackers than the average constituent. And as a former
software engineer, she knows all too well the cybersecurity risks that come
along with running for political office. But the breach of two of her
non-campaign Google accounts was still a wake-up call. Wu said she recently
discovered that the two accounts had been breached. One of the accounts was
connected to her Nest camera system at home, and the other was her Gmail
account she used during the Gamergate controversy, during which Wu was a
frequent target of vitriol and death threats. TechCrunch agreed to keep the
details of the breach off the record as to not give any potential attackers an
advantage. Attribution in cyberattacks, however, can be notoriously difficult
because hackers can mask their tracks using proxies and other anonymity tools.
“I don’t believe anyone in Russia is targeting me specifically. I think it’s
more likely they target everyone running for office,” she tweeted.
The Hill
February
10, 2020
A
bipartisan group of lawmakers on Monday introduced a bill that would establish
a $400 million grant program at the Department of Homeland Security (DHS) to
help state and local governments combat cyber threats and potential
vulnerabilities. Under the legislation — led by Reps. Cedric Richmond (D-La.),
John Katko (R-N.Y.), Derek Kilmer (D-Wash.), Michael McCaul (R-Texas), Dutch
Ruppersberger (D-Md.), Bennie Thompson (D-Miss.) and Mike Rogers (R-Ala.) —
DHS’s Cybersecurity and Infrastructure Security Agency (CISA) would be required
to develop a plan to improve localities' cybersecurity and would create a State
and Local Cybersecurity Resiliency Committee to help inform CISA on what
jurisdictions need to help protect themselves from breaches. The group noted
that state and local governments have become targets for hackers, having seen
an uptick in attacks in recent years. “It provides more grant funding to state
and locals for cybersecurity my own state of Texas impacted, particularly as
tensions rise in Iran, for instance, we are seeing more cyberattacks coming out
of Iran,” McCaul told The Hill.
ADMINISTRATION
Fifth
Domain
February
14, 2020
The
Department of Homeland Security wants to establish an internal organization dedicated
to coordinating cybersecurity efforts across DHS and identifying joint
priorities. In its fiscal 2021 budget request, DHS asked Congress to allocate
it $2.6 million to create the Joint Cyber Coordination Group. The group would
have six full-time employees and be housed under the Office of Policy, Strategy
and Plans (PLCY). DHS’ congressional justification say that it needs the group
because expanding technological and cyberthreats make it difficult for any one
component to manage “all aspects of associated risk.” According to budget
documents, the JCCG would provide a “central location" where permanent
staff and representatives from across DHS components can “synchronize” cyber
activities. Currently, the department “lacks sufficient mechanisms to develop,
plan for, and execute strategic operational priorities across Components and
coordinate long-term protective and deterrent efforts to counter cyber
risks," officials wrote.
NPR
February
13, 2020
The
elections office of Florida's third-most populous county was breached by a
crippling cyberattack in the weeks leading up to the 2016 election, NPR
confirmed on Thursday. There is no indication that the ransomware attack was
connected to Russian interference efforts leading up to the last presidential
race, but the revelation about it now shows how election officials are
preparing for this year's election without knowing all the details of what
happened before. The attack on Palm Beach County came to light during a Palm
Beach Post editorial board interview with county elections supervisor Wendy
Sartory Link. "Have we been hacked in Palm Beach County? Yeah, we
have," Link told the paper. A spokesperson for the elections office also
confirmed the attack to NPR. Many details remain unclear about the attack,
including how much data the attackers were able to access and lock up, and
whether money was paid to unlock it. Link, the elections supervisor, only
learned of the attack after a change of leadership within the county election
office's information technology department.
Gov Info
Security
February
13, 2020
Cybercrime
led to $3.5 billion in losses in the U.S. last year, with a sharp uptick in
business email compromise scams - which accounted for nearly half those losses,
according to a newly released FBI Internet Crime Report, which is based on
complaints the FBI received. Donna Gregory, the head of the FBI's Internet
Crime Complaint Center, or IC3 - which issued the report - notes that the FBI
didn't see an uptick in new types of fraud but rather saw criminals deploying
new tactics and techniques to carry out existing scams, which helped the
fraudsters increase their ill-gotten payouts. "Criminals are getting so
sophisticated," Gregory says. "It is getting harder and harder for
victims to spot the red flags and tell real from fake." Overall, the IC3
received 467,361 reports of internet-related crimes last year, averaging about
1,300 complaints daily, according to the report. The FBI received nearly 24,000
complaints about BEC scams last year, with a total loss of $1.7 billion and an
average loss of about $72,000, according to the report.
FCW
February 13,
2020
The
Department of Energy's Cybersecurity, Energy Security and Emergency Response
office has a new top executive. A Feb. 13 memo to DOE staff from Energy
Secretary Dan Brouillette said the CESER office will be led by Alexander Gates,
who comes from the National Security Agency where he worked in intelligence
analysis, cyber operations, cyber security, research and tool development. He
had also recently completed a tour of duty at DOE serving as deputy director
for Cyber in DOE's Office of Intelligence and Counterintelligence, according to
the memo. Gates replaces Karen Evans, the CESER office's first assistant
secretary. Then-Energy Secretary Rick Perry formed the CESER office in 2018 to
address the agency's expanding cybersecurity responsibilities and establish a
more-direct line of intra-agency communications concerning cyber threats to
energy infrastructure.
AP
February 12,
2020
The Chinese
company Huawei can secretly tap into communications through the networking
equipment it sells globally, a U.S. official charged as the White House stepped
up efforts to persuade allies to ban the gear from next-generation cellular
networks. The U.S. national security adviser, Robert O’Brien, made the
statement at an Atlantic Council forum on Tuesday evening after The Wall Street
Journal quoted him as saying Huawei can “access sensitive and personal
information” in systems it sells and maintains globally. O’Brien did not
provide any evidence to support the claim. U.S. officials have long argued that
Huawei is duty-bound by Chinese law to spy on behalf of the country’s ruling
Communist Party. Huawei denies that claim and issued a statement Wednesday
saying the company “has never and will never covertly access telecom networks,
nor do we have the capability to do so.” The Trump administration has been
lobbying for more than a year to persuade allies to exclude Huawei equipment
from their next-generation cellular networks, known as 5G.
Nextgov
February
12, 2020
Amid
growing concern about the integrity of the nation’s election systems, President
Trump gave the federal agency charged with coordinating efforts to ensure
accurate and secure voting a slight funding increase as part of his fiscal 2021
budget request to Congress, but one expert says it would not be nearly enough.
On Monday, the White House sent Congress a $4.8 trillion budget request for
fiscal 2021 that would increase military spending by 0.3% and decrease
non-defense spending by 5%. For the bipartisan and independent Election
Assistance Commission, the plan proposed allocating a little over $13 million,
of which $1.5 million would be transferred to the National Institute of Standards
and Technology. This would represent a $300,000 increase over fiscal 2020
enacted levels, after subtracting a one-time allocation for relocation expenses
from the 2020 total. While some election security experts applauded the slight
funding boost in Trump’s proposal, others say more is needed for the agency
that certifies voting systems and serves as an information clearinghouse for
best practices in election administration.
Bloomberg
February
12, 2020
James
Wroten called the clerk of court in Vernon Parish, Louisiana last November with
an urgent message. The timing wasn’t convenient. The clerk, Jeffrey Skidmore,
was relaxing on his back porch and hoping to soak in some final moments of
quiet before state and local elections. Skidmore let the call go to voicemail.
But Wroten, whose company manages IT services for small companies and local
governments, persisted until Skidmore finally picked up. “He told me we’d been
infected by ransomware and to ask all 14 of my employees not to go into the
office or try to access any of their files,” said Skidmore. “I was stunned. We
had an election in six days.” That call, Wroten later recalled, was the start
of one of the worst weeks of his life. Hackers had infiltrated Wroten’s
company, Need Computer Help. From there, the attackers used the connections
Wroten’s employees need to do their job in order to breach the networks of
Vernon Parish and six other local parishes, the Louisiana equivalent of
counties.
Fifth
Domain
February
12, 2020
The
Department of Defense wants to spend $11.6 million in fiscal year 2021 to buy
systems that would help cyber operators perform “hunt forward” missions, where
teams deploy to other countries to stop malicious cyber activity. The Pentagon
did not appear to set aside procurement money for the program in fiscal year
2020. The operations provide U.S. cyber teams insight into tactics used by
adversaries that could be turned against U.S. networks or during elections in
the future. The funds are part of the Air Force’s procurement budget for fiscal
year 2021 through the “C3/Countermeasures” program. The Air Force serves as
U.S. Cyber Command’s executive agent in procuring equipment. Defense officials
view these hunt forward operations as a critical component to protecting the
homeland and as part of a new strategy of “persistent engagement,” which is how
Cyber Command executes a philosophy of “defend forward” by challenging
adversary activities wherever they operate. "In a hunt forward operation,
we are able to work with partner nations and receive an invitation to execute
operations in their country,” Brig. Gen. William Hartman, commander of the
Cyber National Mission Force and Cyber Command’s election security lead, said
at an event in January. “These are generally countries that are in the near
abroad of adversaries that we’re potentially concerned about.”
Nextgov
February
12, 2020
An executive
order aimed at securing services such as the Global Positioning System
continues the administration’s trend of relying on procurement as the main
lever in its toolbox for making cybersecurity policy. GPS, typically associated
with popular mapping tools, is an example of Position Navigation and Timing, or
PNT, services used in a broad range of applications including precision banking
and microsurgery. It is based on the extraordinary coordination of a
constellation of clocks and satellites and is vulnerable to hackers
perpetrating “jamming” and “spoofing” attacks that interfere with the receipt
of relevant signals. In November 2018, then-Secretary of Homeland Security
Kirstjen Nielsen identified PNT as the primary “systemic risk” to the
cybersecurity of critical infrastructure. The executive order announced today
would put the Homeland Security Secretary in charge of overseeing the
development of language to include “requirements for federal contracts for
products, systems, and services that integrate or utilize PNT services, with
the goal of encouraging the private sector to use additional PNT services and
develop new robust and secure PNT services.”
The
Washington Post
February
11, 2020
The Justice
Department has charged four members of the Chinese military with a 2017 hack at
the credit reporting agency Equifax, a massive data breach that compromised the
personal information of nearly half of all Americans. In a nine-count
indictment filed in federal court in Atlanta, federal prosecutors alleged that
four members of the People’s Liberation Army hacked into Equifax’s systems,
stealing the personal data as well as company trade secrets. Attorney General
William P. Barr called their efforts “a deliberate and sweeping intrusion into
the private information of the American people.” The 2017 breach gave hackers
access to the personal information, including Social Security numbers and birth
dates, of about 145 million people. Equifax last year agreed to a $700 million
settlement with the Federal Trade Commission to compensate victims. Those
affected can ask for free credit monitoring or, if they already have such a
service, a cash payout of up to $125, although the FTC has warned that a large
volume of requests could reduce that amount. “This data has economic value, and
these thefts can feed China’s development of artificial intelligence tools,”
Barr said. The attorney general said the indictment would hold the Chinese
military “accountable for their criminal actions.”
The
Washington Post
February 11,
2020
For more
than half a century, governments all over the world trusted a single company to
keep the communications of their spies, soldiers and diplomats secret. The
company, Crypto AG, got its first break with a contract to build code-making
machines for U.S. troops during World War II. Flush with cash, it became a
dominant maker of encryption devices for decades, navigating waves of
technology from mechanical gears to electronic circuits and, finally, silicon
chips and software. The Swiss firm made millions of dollars selling equipment
to more than 120 countries well into the 21st century. Its clients included
Iran, military juntas in Latin America, nuclear rivals India and Pakistan, and
even the Vatican. But what none of its customers ever knew was that Crypto AG
was secretly owned by the CIA in a highly classified partnership with West
German intelligence. These spy agencies rigged the company’s devices so they
could easily break the codes that countries used to send encrypted messages.
FCW
February
10, 2020
The Trump
administration's proposed budget for fiscal year 2021 would spend $18.8 billion
on cybersecurity programs across the federal government, with approximately $9
billion dedicated to civilian agencies for network security, protecting
critical infrastructure, boosting the cybersecurity workforce and other
priorities. The overall cybersecurity funding at the Department of Homeland
Security is listed at $2.6 billion. That includes $1.1 billion for DHS and its
component, the Cybersecurity and Infrastructure Security Agency, to defend
government networks and critical infrastructure from cyber threats, including
for tools like EINSTEIN and Continuous Diagnostics and Mitigation. The
administration has also put a heavy emphasis on bolstering the government's cybersecurity
workforce, releasing an executive order and strategic plan last year. The
budget includes funding for DHS' Cyber Talent Management System, a personnel
system designed to bring hundreds of new cybersecurity professionals into the
federal workforce under special hiring rules, as well as a CISA-managed
cybersecurity workforce initiative and an interagency rotational program that
temporarily details cyber personnel to other agencies to gain more holistic
experience. The Department of Energy would get $665 million for cybersecurity,
including $185 million for the Office of Cybersecurity, Energy Security and
Emergency (CESR), part of which would go towards funding early research and
development of methods to better protect the energy supply chain.
ZDNet
February 10,
2020
The FBI has
sent a security alert to the US private sector about an ongoing hacking
campaign that's targeting supply chain software providers, ZDNet has learned.
The FBI says hackers are attempting to infect companies with the Kwampirs
malware, a remote access trojan (RAT). "Software supply chain companies
are believed to be targeted in order to gain access to the victim's strategic
partners and/or customers, including entities supporting Industrial Control
Systems (ICS) for global energy generation, transmission, and
distribution," the FBI said in a private industry notification sent out
last week. Besides attacks against supply chain software providers, the FBI
said the same malware was also deployed in attacks against companies in the
healthcare, energy, and financial sectors. The alert did not identify the
targeted software providers, nor any other victims. Instead, the FBI shared
IOCs (indicators of compromise) and YARA rules so organizations can scan
internal networks for signs of the Kwampirs RAT used in the recent attacks.
INDUSTRY
Ars
Technica
February
13, 2020
Penetration
testing generally involves checking systems for vulnerabilities that can be
exploited to gain access. Red teaming, on the other hand, tests the full
spectrum of security by introducing human elements—social engineering with
crafted phishing messages, exploiting information for further attacks, and the
like. While they can benefit from automation, those are things that can't be
fully passed off to a bunch of software robots in the cloud. Scythe, a software
company that spun out of the security-testing company Grimm, has been working
for the past few years on a platform that allows corporate information-security
teams to build security-testing campaigns—creating "synthetic
malware" and crafting phishing campaigns or other attacks that mimic the
techniques, tactics, and practices of known threat groups. And unlike some of
the automated penetration-testing or threat-simulation products out there,
Scythe retains the human in the loop—making it a useful tool to both internal
security testers and external "red team" consultants.
WIRED
February
13, 2020
West
Virginia and Oregon have both recently deployed a mobile voting app called
Voatz to facilitate absentee voting. But Voatz now turns out to have major
security flaws, according to researchers from the Massachusetts Institute of
Technology—including vulnerabilities that could let a hacker manipulate
results. The newly unearthed bugs could allow an attacker to reveal someone's
votes, block votes from being submitted, or even manipulate them. The findings,
first reported in The New York Times, come as the United States is grappling
with broad election security issues and debating whether mobile voting can
safely expand accessibility. Security experts have long warned that it's
virtually impossible to guarantee safe mobile voting, while Voatz and other
companies argue that technologies like biometric authentication and blockchain
will make the process secure. Apparently note quite yet, though. "Given
the severity of failings discussed in this paper, the lack of transparency, the
risks to voter privacy, and the trivial nature of the attacks, we suggest that
any near-future plans to use this app for high-stakes elections be
abandoned," wrote MIT researchers Michael Specter, James Koppel, and
Daniel Weitzner.
Ars
Technica
February
13, 2020
A widely
circulating piece of Android malware primarily targeting US-based phones used a
clever trick to reinfect one of its targets in a feat that stumped researchers
as to precisely how it was pulled off. xHelper came to light last May when a
researcher from security firm Malwarebytes published this brief profile. Three
months later, Malwarebytes provided a deeper analysis after the company’s Android
antivirus app detected xHelper on 33,000 devices mostly located in the US,
making the malware one of the top Android threats. The encryption and heavy
obfuscation made analysis hard, but Malwarebytes researchers ultimately
concluded that the main purpose of the malware was to act as a backdoor that
could remotely receive commands and install other apps. On Wednesday,
Malwarebytes published a new post that recounted the lengths one Android user
took to rid her device of the malicious app. In short, every time she removed
two xHelper variants from the device, the malware would reappear on her device
within the hour. She reported that even performing a factory reset wasn't
enough to make the malware go away.
CyberScoop
February
13, 2020
A class
action lawsuit was filed earlier this week in the U.S. District Court for the
District of Puerto Rico against two hospitals for what plaintiffs are calling
“reckless and negligent violation of patient privacy rights” in light of
alleged ransomware attacks that hit the hospitals last year. The alleged
ransomware attacks, which took place in February last year at the Pavía
Hospital Santurce and Pavía Hospital Hato Rey hospitals, affected 305,737
people, according to Department of Health and Human Services records. The
plaintiffs, both former patients of the hospitals, allege patients’ personal
identifying information, including full names, addresses, dates of birth,
gender, financial information, and social security numbers, were exposed as a
result of the attacks. These records also constitute protected health
information as designated by HIPAA. “These patients reasonably expect the
highest level of protection for their private identifiable information, when
giving highly sensitive information such as their Social Security numbers and
medical information to medical providers and insurers,” the complaint says.
“What these patients do not expect, and did not expect, was that their personal
and sensitive information would be harvested by unauthorized individuals.”
Recode
February
12, 2020
Think your
Apple product is safe from malware? That only people using Windows machines
have to take precautions? According to cybersecurity software company
Malwarebytes’ latest State of Malware report, it’s time to think again. The
amount of malware on Macs is outpacing PCs for the first time ever, and your
complacency could be your worst enemy. “People need to understand that they’re
not safe just because they’re using a Mac,” Thomas Reed, Malwarebytes’ director
of Mac and mobile and contributor to the report, told Recode. Windows machines
still dominate the market share and tend to have more security vulnerabilities,
which has for years made them the bigger and easier target for hackers. But as
Apple’s computers have grown in popularity, hackers appear to be focusing more
of their attention on the versions of macOS that power them. Malwarebytes said
there was a 400 percent increase in threats on Mac devices from 2018 to 2019,
and found an average of 11 threats per Mac devices, which about twice the 5.8 average
on Windows.
ZDNet
February
12, 2020
Chief
Information Security Officers (CISOs, or CSOs) across the industry are
reporting high levels of stress. Many say the heightened stress levels has led
to mental and physical health issues, relationship problems, medication and
alcohol abuse, and in some cases, an eventual burnout, resulting in an average
26-month tenure before CISOs find new employment. The numbers, reported by
Nominet, represent a growing issue that's been commonly acknowledged, but
mostly ignored across the information security (infosec) community, but one
that is slowly starting to rear its ugly head as once-ignored infosec roles are
becoming more prominent inside today's companies.
Ars
Technica
February
11, 2020
Attack
simulation and "red teaming as a service" have become a hot area of
development over the past few years as companies continue to seek ways to
better train their network defenders and find problems before attackers do.
Randori, a company pulling together red-teaming skills and security software
experience, today is launching a new platform that attempts to capture the
expertise of a high-budget security testing team as a cloud-based
service—giving chief information security officers a way to continuously take
the pulse of their companies' defenses. Randori takes the red-teaming mission
several steps further. Instead of running simulations of attacks based on known
threats, Randori Attack runs real, novel attacks based on emerging vulnerabilities—much
like a human red team would. Founded by CEO Brian Hazzard (formerly of Carbon
Black) and CTO David "Moose" Wolpoff (a reverse-engineering and
red-teaming veteran of the specialist security firm Kyrus Tech), Randori's
"flagship" service is the Attack Platform—a cloud-based system that,
when combined with Randori's Internet-based reconnaissance system, will
constantly discover and attempt to exploit a customer company's system, playing
the role of what Hazzard describes as "trusted adversary."
Ars Technica
February 9,
2020
Many
articles about cybersecurity risks in healthcare begin with descriptions of
live simulations (so when in Rome). Imagine a doctor completely unaware of what
they’re walking into triaging two patients: one in need of a hospital cardiac
catheterization lab after an irregular electrocardiogram (EKG) reading, the
other suffering from a stroke and needing a CT scan. All systems are down due
to ransomware, so the physician working through the scenario can’t access
electronic health records or use any of the assessment methods modern medicine is
so reliant on. So, what to do? It’s not hard to imagine other modern nightmares
like the EKG swap above. For example, malfunctioning pacemakers could lead to
patients experiencing shocks they don’t need, or blood type databases could get
switched and cause chaos due to an integrity attack. All four of these
scenarios were in fact conducted during the two latest CyberMed Summits, a
conference founded in the aftermath of 2017’s WannaCry attacks. “The world’s
only clinically-oriented health-care cybersecurity conference” now annually
brings together physicians, security researchers, medical device manufacturers,
healthcare administrators, and policymakers in order to highlight and hopefully
address vulnerabilities in medical technology. These days, CyberMed may be the
quickest way to get a sense of what’s at stake in a wildly vulnerable
healthcare ecosystem where hospitals frequently run out-of-date or unsupported
software and where there’s currently no financial incentive to patch patients’
medical devices. After talking with individuals from both medical and security
backgrounds at the most recent summit, it’s clear a myriad of issues have come
together in a somewhat (im)perfect storm. And this community is hoping today’s
sad state of healthcare cyber hygiene can be fixed before anyone gets hurt or
killed.
INTERNATIONAL
Ars
Technica
February 14,
2020
The US
Pentagon, the FBI, and the Department of Homeland Security on Friday exposed a
North Korean hacking operation and provided technical details for seven pieces
of malware used in the campaign. The US Cyber National Mission Force, an arm of
the Pentagon’s US Cyber Command, said on Twitter that the malware is “currently
used for phishing & remote access by [North Korean government] cyber actors
to conduct illegal activity, steal funds & evade sanctions.” The tweet
linked to a post on VirusTotal, the Alphabet-owned malware repository, that
provided cryptographic hashes, file names, and other technical details that can
help defenders identify compromises inside the networks they protect. An
accompanying advisory from the DHS’s Cybersecurity and Infrastructure Security
Agency said the campaign was the work of Hidden Cobra, the government’s name
for a hacking group sponsored by the North Korean Government.
BBC
February 14,
2020
More than
135,000 UK residents have been without online public services for nearly a
week, as their council struggles with a cyber-attack. Redcar and Cleveland
Borough Council's website and all computers at the authority were attacked on
Saturday. One cyber-security expert told the BBC the incident had all the
hallmarks of a ransomware attack, in which files are scrambled until a ransom
is paid. But the council refused to confirm the nature of the hack. Online
appointment bookings, planning documents, social care advice and council
housing complaints systems are just some of the services knocked offline. The
National Crime Agency said it was supporting the council. A team of experts
from the UK's National Cyber Security Centre (NCSC) has been on site since the
cyber-attack, which took place at 11am on Saturday. The NCSC said: "We are
aware of a cyber-incident affecting Redcar and Cleveland Borough Council.
"This is an isolated incident and we are supporting the organisation and
working with partners to understand its impact."
CyberScoop
February 13,
2020
Hackers
associated with Hamas, the Islamist militant group that rules the Gaza Strip,
are combining new malware with a timeless trick in an espionage campaign
against Palestinian officials, private-sector researchers said Thursday. Like
many attackers before them, they’re sending emails on enticing topics, ranging
from the U.S. killing of Iranian general Qassem Soleimani to the Trump
administration’s Middle East peace proposal. The messages come with malicious PDF
files that contain a new remote access trojan (RAT), code that gives them a
foothold onto a computer, according to Boston-based security company
Cybereason. The hackers have in recent weeks attempted to breach carefully
selected targets associated with the Palestinian government in the West Bank,
the researchers said. Many of the malware samples analyzed by Cybereason appear
to have targeted Fatah, the ruling party in the West Bank and a longtime rival
of Hamas. It is unclear how the group was using the information it gathered on
Fatah, but it’s just the latest example of geopolitical rivalries taking on a
cyber dimension.
Australian
Broadcasting Corporation
February 13,
2020
Federal
Parliament failed to develop effective methods for preventing cyber intrusions
and did not regularly update some sensitive information systems, according to a
draft internal audit dated three months after a major cyber attack was
uncovered. 7.30 can reveal that a scathing internal audit report written by
KPMG for the Department of Parliamentary Services concluded the agency had an
"ad hoc" approach to all elements of information security management,
the lowest rating possible under the scoring metric used. The findings of the
draft report, titled the Protective Services Protective Framework (PSPF)
Alignment Review, indicate that at one point the department's contracted review
team considered Parliament may have been more vulnerable than was previously
known. The department has overall responsibility for cyber security in
Parliament, including the electoral and Commonwealth offices of MPs and
Senators. The network it is responsible for includes over 5,000 users, 5,000
PCs and laptops, 1,000 servers and more than 2,000 mobile devices. The
emergence of the draft report is likely to raise further concerns about the
severity of a major cyber attack in February 2019 that breached Australia's
parliamentary network and also separately targeted the major political parties.
PCMag
February 12,
2020
Czech
authorities are investigating antivirus vendor Avast over its sale of users’
browser histories to third-party companies. “At the moment we are collecting
information on the whole case. There is a suspicion of a serious and extensive
breach of the protection of users’ personal data,” Ivana Janu, President of the
Czech Office for Personal Data Protection, said in a Tuesday statement. The
Czech regulator’s “preliminary” probe into the company appears to be in
response to a PCMag-Motherboard investigation into the privacy risks of Avast’s
free antivirus software, which is used across the globe. The same products were
also collecting users’ browser histories for an Avast subsidiary called
Jumpshot, which then sold the information to major brands and market research
companies. Avast, which is based in the Czech Republic, claimed it was
stripping away users’ personal details from the collected browser histories as
a way to “de-identify” the data, and preserve their customers’ privacy.
However, the joint investigation from PCMag and Motherboard found the contrary:
The same data can actually be combined with other information to identify the
web activities of individual Avast users, including their internet searches. As
many as 100 million users had their data collected.
Tech
Crunch
February 11,
2020
It often
feels like half of the new security startups that receive funding are from
Israel. As YL Ventures’ Yoav Leitersdorf and Ofer Schreiber wrote last month,
investments in Israeli cybersecurity startups increased to $1.4 billion last
year, with average seed rounds of $4.7 million, up 30.5 percent from 2018.
There are a lot of reasons why Israel excels in cybersecurity, but one of them
is undoubtedly its talent pool, which is fed by intelligence units like 8200
and 81. Indeed, it’s exceedingly unusual to come across security startup
founders in the country who did not receive their initial training in the
intelligence services. This experience also gives these founders a network of
potential co-founders and employees right from the get-go.
AFP
February 8,
2020
Iran
repelled a cyberattack on Saturday that disrupted the country's internet
services for an hour, a telecommunications ministry official said. "At
11:44 (0814 GMT) a distributed denial-of-service attack disrupted the internet
services of some mobile and fixed operators for an hour," tweeted Sajad
Bonabi. A DDoS attack involves overwhelming a target's servers by making a
massive number of junk requests. "Connections have returned to normal
following the intervention of Dejfa shield," Bonabi added, referring to
Iran's so-called digital fortress against cyberattacks. He did not elaborate on
the source of the attack. Bonabi is a board member at the ministry's
Telecommunications Infrastructure Company, the sole provider of the country's
telecommunications infrastructure. Internet monitor NetBlocks confirmed
Saturday's outage and said it was "consistent with a targeted disruption
and no technical faults are evident at the present time". Iran said in
December it had thwarted a "highly organised cyberattack" targeting
its e-government infrastructure.
TECHNOLOGY
Fifth
Domain
February
13, 2020
How cyber
operations fit into geopolitics and act as a tool of statecraft is still
largely not understood despite decades of cyber activity, experts said Feb. 12.
A flood of large scale hacks, data dumps, espionage, sabotage and cyber-enabled
information warfare have driven academics and policy makers to better
understand the nuances of cyberspace and the application of cyber tools in
political affairs. But much work remains, experts said during an event hosted
by the Atlantic Council Feb. 12. “We’re trying to build a field in
cybersecurity. I don’t think we’ve done that well enough,” said Brandon
Valeriano, a senior fellow at the Cato Institute and Bren Chair of Military
Innovation at the Marine Corps University. “I don’t think we have enough
empirical background. A lot of people make too many guesses. Too many claims
about evidence. There’s a lot of ‘I think, I believe,’ we want to get towards
some sort of version of ‘I know,’ and doing that through empirical truth
claims. A way to do that is through multi-method research.” Valeriano and
Benjamin Jensen, nonresident senior fellow at the Scowcroft Center for Strategy
and Security at the Atlantic Council and professor of strategic studies at the
Marine Corps University, presented the findings of a study they published in
November on cyber escalation. The study surveyed participants from the United
States, Russia and Israel, proposed different scenarios to understand baseline
escalation risks and examined differences of how others in the international
community approach cyber operations.
Ars
Technica
February
11, 2020
Over the
past half decade, the Emotet malware has emerged as a top Internet threat that
pillages people’s bank accounts and installs other types of malware. The
sophistication of its code base and its regularly evolving methods for tricking
targets into clicking on malicious links—in September, for instance, it began a
spam run that addresses recipients by name and quotes past emails they sent or
received—has allowed it to spread widely. Now, Emotet is adopting yet another
way to spread: using already compromised devices to infect devices connected to
nearby Wi-Fi networks.
