Friday, February 21, 2020

The whole is greater than the cyber parts



Canberra businessman Rohan Arnold jailed for maximum 27 years over massive cocaine haul By Antonette Collins Thu 20 Feb 2020

Rohan Arnold will be eligible for parole in 2037. (Supplied) Canberra businessman Rohan Arnold has been sentenced to a maximum 27 years in prison over his role in attempting to import 1.28 tonnes of cocaine into Australia.Key points:Canberra businessman Rohan Arnold was arrested at a Belgrade Hotel in 2018He pleaded guilty to conspiring to import more than $500 million worth of cocaineHe received the maximum sentence of 27 years but will be eligible for parole in 2037 Arnold, 45, pleaded guilty to conspiring to import the drugs, which had a street value of more than $500 million.The Australian Federal Police (AFP) intercepted the cocaine in April 2017, which was hidden inside a shipping container carrying 2576 smaller pre-fabricated steel containers. After the drugs were seized, Arnold and his two co-accused attempted to recover the shipment in Serbia.However, he was arrested in January 2018 at a Belgrade Hotel after an undercover police operation.

Plutus money invested in Sydney apartment project

'There must be consequences': Australia, US and UK slam Russia over Georgian hacking

Foreign Minister Marise Payne says Russia must face consequences for its ongoing efforts to destabilise democracies.


Leaders from five international tax organisations have come together in Sydney, Australia this week to review the J5’s progress in their fight against transnational tax crime and set priorities for the year ahead.  J5 tax chiefs closing net on global tax evasion



Spy agency could soon be hunting Australian cyber criminals with new powers

 

Coming Cyber Commission Report Loaded with 75 Ways to Improve Security—Plus the Bill Proposals
Nextgov
February 14, 2020
Come March 11 the Congressionally chartered Cyberspace Solarium Commission will issue an estimated 75 recommendations—including to streamline Congressional oversight and for industry to provide incident reporting—most of which will be accompanied by legislative language, according to the commission’s top staffer. The 14-member commission includes the four lawmakers—from the House and Senate— private-sector leaders, executive-branch agency heads and cybersecurity thinkers working on a strategy to blunt the harm of cyberattacks. They are required by the latest National Defense Authorization Act to issue their recommendations by April. “A little less than 50 of the 75 recommendations have congressional action required,” said Mark Montgomery, executive director of the commission. “We’ve written legislative proposals, whether it’s a line in, line out amendment to a bill or a straight bill, so that the four congressional leaders can take them into their home [committees] and begin to work that legislation right into law.” Montgomery spoke along with Rep. Jim Langevin, D-R.I., a commission member and chairman of a House Armed Services Committee panel on emerging technology, at an event hosted by BSA | The Software Alliance today.

Federal News Network
February 13, 2020
Exactly a month out from when the Census Bureau will roll out its internet self-response platform for the 2020 population count, the Government Accountability Office has flagged significant IT challenges, “including those related to addressing cybersecurity weaknesses in a timely manner.” While the bureau successfully deployed five IT systems last month that support recruiting and hiring activities, Nick Marinos, GAO’s director of IT and cybersecurity, said the bureau faces challenges rolling out five of the remaining 11 systems, including four that support internet-self response. All told, the bureau will rely on 52 IT systems for decennial count operations. The bureau has worked closely with the Department of Homeland Security and its Cybersecurity and Infrastructure Security Agency to tackle challenges that include addressing cyber vulnerabilities, protecting the privacy of census responses and curbing disinformation about the count online. However, GAO has previously recommended that the bureau address concerns on its cyber to-to list “in a more prioritized and timely way,” Marinos said.

The Hill
February 11, 2020
Top federal and state officials pressed a Senate committee on Tuesday to provide more resources and authorities to fight cyberattacks, an issue of increasing concern in the wake of debilitating attacks on governments entities this past year. Senior cybersecurity and tech leaders from Michigan and Texas noted during their testimony before the Senate Homeland Security and Governmental Affairs Committee that efforts to combat cyberattacks have been hampered by a lack of federal resources, particularly from the Department of Homeland Security (DHS). “We see the intent everyday of DHS trying to get everywhere across the state, particularly in the run-up to the elections, and I think it’s just a matter of they need more boots on the ground, and they need a specific state representative to get more familiar with that state,” Christopher DeRusha, the chief security officer within Michigan’s Cybersecurity and Infrastructure Protection Office, told lawmakers.

Nextgov
February 11, 2020
A bipartisan bill that would compel internet service providers to share details of vulnerable entities with the Cybersecurity and Infrastructure Security Agency is not currently being considered for a markup due to concerns over privacy violations, according to Sen. Ron Johnson, R-Wisc. “We’re trying to create the desire for it,” Johnson, chairman of the Senate Homeland Security and Governmental Affairs Committee, told reporters after a hearing today where CISA Director Christopher Krebs stressed the importance of the Cybersecurity Vulnerability Identification and Notification Act. The bill is sponsored by Johnson and committee Democrat Maggie Hassan of New Hampshire. A related bill recently cleared the equivalent committee in the House. On the subpoena power, Johnson said, “There’s some opposition we have to bat down, so I can’t really talk [markup] timing right now.” He said the opposition was in the form of “general privacy concerns.”

Tech Crunch
February 10, 2020
I cannot think of a reason not to share this with the public,” Brianna Wu tweeted. “Two of my non-campaign Google accounts were compromised by someone in Russia,” she said. Wu isn’t just any other target. As a Democratic candidate for the U.S. House of Representatives in Massachusetts’ 8th District, she has a larger target on her back for hackers than the average constituent. And as a former software engineer, she knows all too well the cybersecurity risks that come along with running for political office. But the breach of two of her non-campaign Google accounts was still a wake-up call. Wu said she recently discovered that the two accounts had been breached. One of the accounts was connected to her Nest camera system at home, and the other was her Gmail account she used during the Gamergate controversy, during which Wu was a frequent target of vitriol and death threats. TechCrunch agreed to keep the details of the breach off the record as to not give any potential attackers an advantage. Attribution in cyberattacks, however, can be notoriously difficult because hackers can mask their tracks using proxies and other anonymity tools. “I don’t believe anyone in Russia is targeting me specifically. I think it’s more likely they target everyone running for office,” she tweeted.

The Hill
February 10, 2020
A bipartisan group of lawmakers on Monday introduced a bill that would establish a $400 million grant program at the Department of Homeland Security (DHS) to help state and local governments combat cyber threats and potential vulnerabilities. Under the legislation — led by Reps. Cedric Richmond (D-La.), John Katko (R-N.Y.), Derek Kilmer (D-Wash.), Michael McCaul (R-Texas), Dutch Ruppersberger (D-Md.), Bennie Thompson (D-Miss.) and Mike Rogers (R-Ala.) — DHS’s Cybersecurity and Infrastructure Security Agency (CISA) would be required to develop a plan to improve localities' cybersecurity and would create a State and Local Cybersecurity Resiliency Committee to help inform CISA on what jurisdictions need to help protect themselves from breaches. The group noted that state and local governments have become targets for hackers, having seen an uptick in attacks in recent years. “It provides more grant funding to state and locals for cybersecurity my own state of Texas impacted, particularly as tensions rise in Iran, for instance, we are seeing more cyberattacks coming out of Iran,” McCaul told The Hill.


ADMINISTRATION

Fifth Domain
February 14, 2020
The Department of Homeland Security wants to establish an internal organization dedicated to coordinating cybersecurity efforts across DHS and identifying joint priorities. In its fiscal 2021 budget request, DHS asked Congress to allocate it $2.6 million to create the Joint Cyber Coordination Group. The group would have six full-time employees and be housed under the Office of Policy, Strategy and Plans (PLCY). DHS’ congressional justification say that it needs the group because expanding technological and cyberthreats make it difficult for any one component to manage “all aspects of associated risk.” According to budget documents, the JCCG would provide a “central location" where permanent staff and representatives from across DHS components can “synchronize” cyber activities. Currently, the department “lacks sufficient mechanisms to develop, plan for, and execute strategic operational priorities across Components and coordinate long-term protective and deterrent efforts to counter cyber risks," officials wrote.

NPR
February 13, 2020
The elections office of Florida's third-most populous county was breached by a crippling cyberattack in the weeks leading up to the 2016 election, NPR confirmed on Thursday. There is no indication that the ransomware attack was connected to Russian interference efforts leading up to the last presidential race, but the revelation about it now shows how election officials are preparing for this year's election without knowing all the details of what happened before. The attack on Palm Beach County came to light during a Palm Beach Post editorial board interview with county elections supervisor Wendy Sartory Link. "Have we been hacked in Palm Beach County? Yeah, we have," Link told the paper. A spokesperson for the elections office also confirmed the attack to NPR. Many details remain unclear about the attack, including how much data the attackers were able to access and lock up, and whether money was paid to unlock it. Link, the elections supervisor, only learned of the attack after a change of leadership within the county election office's information technology department.

Gov Info Security
February 13, 2020
Cybercrime led to $3.5 billion in losses in the U.S. last year, with a sharp uptick in business email compromise scams - which accounted for nearly half those losses, according to a newly released FBI Internet Crime Report, which is based on complaints the FBI received. Donna Gregory, the head of the FBI's Internet Crime Complaint Center, or IC3 - which issued the report - notes that the FBI didn't see an uptick in new types of fraud but rather saw criminals deploying new tactics and techniques to carry out existing scams, which helped the fraudsters increase their ill-gotten payouts. "Criminals are getting so sophisticated," Gregory says. "It is getting harder and harder for victims to spot the red flags and tell real from fake." Overall, the IC3 received 467,361 reports of internet-related crimes last year, averaging about 1,300 complaints daily, according to the report. The FBI received nearly 24,000 complaints about BEC scams last year, with a total loss of $1.7 billion and an average loss of about $72,000, according to the report.

FCW
February 13, 2020
The Department of Energy's Cybersecurity, Energy Security and Emergency Response office has a new top executive. A Feb. 13 memo to DOE staff from Energy Secretary Dan Brouillette said the CESER office will be led by Alexander Gates, who comes from the National Security Agency where he worked in intelligence analysis, cyber operations, cyber security, research and tool development. He had also recently completed a tour of duty at DOE serving as deputy director for Cyber in DOE's Office of Intelligence and Counterintelligence, according to the memo. Gates replaces Karen Evans, the CESER office's first assistant secretary. Then-Energy Secretary Rick Perry formed the CESER office in 2018 to address the agency's expanding cybersecurity responsibilities and establish a more-direct line of intra-agency communications concerning cyber threats to energy infrastructure.

AP
February 12, 2020
The Chinese company Huawei can secretly tap into communications through the networking equipment it sells globally, a U.S. official charged as the White House stepped up efforts to persuade allies to ban the gear from next-generation cellular networks. The U.S. national security adviser, Robert O’Brien, made the statement at an Atlantic Council forum on Tuesday evening after The Wall Street Journal quoted him as saying Huawei can “access sensitive and personal information” in systems it sells and maintains globally. O’Brien did not provide any evidence to support the claim. U.S. officials have long argued that Huawei is duty-bound by Chinese law to spy on behalf of the country’s ruling Communist Party. Huawei denies that claim and issued a statement Wednesday saying the company “has never and will never covertly access telecom networks, nor do we have the capability to do so.” The Trump administration has been lobbying for more than a year to persuade allies to exclude Huawei equipment from their next-generation cellular networks, known as 5G.

Nextgov
February 12, 2020
Amid growing concern about the integrity of the nation’s election systems, President Trump gave the federal agency charged with coordinating efforts to ensure accurate and secure voting a slight funding increase as part of his fiscal 2021 budget request to Congress, but one expert says it would not be nearly enough. On Monday, the White House sent Congress a $4.8 trillion budget request for fiscal 2021 that would increase military spending by 0.3% and decrease non-defense spending by 5%. For the bipartisan and independent Election Assistance Commission, the plan proposed allocating a little over $13 million, of which $1.5 million would be transferred to the National Institute of Standards and Technology. This would represent a $300,000 increase over fiscal 2020 enacted levels, after subtracting a one-time allocation for relocation expenses from the 2020 total. While some election security experts applauded the slight funding boost in Trump’s proposal, others say more is needed for the agency that certifies voting systems and serves as an information clearinghouse for best practices in election administration.

Bloomberg
February 12, 2020
James Wroten called the clerk of court in Vernon Parish, Louisiana last November with an urgent message. The timing wasn’t convenient. The clerk, Jeffrey Skidmore, was relaxing on his back porch and hoping to soak in some final moments of quiet before state and local elections. Skidmore let the call go to voicemail. But Wroten, whose company manages IT services for small companies and local governments, persisted until Skidmore finally picked up. “He told me we’d been infected by ransomware and to ask all 14 of my employees not to go into the office or try to access any of their files,” said Skidmore. “I was stunned. We had an election in six days.” That call, Wroten later recalled, was the start of one of the worst weeks of his life. Hackers had infiltrated Wroten’s company, Need Computer Help. From there, the attackers used the connections Wroten’s employees need to do their job in order to breach the networks of Vernon Parish and six other local parishes, the Louisiana equivalent of counties.

Fifth Domain
February 12, 2020
The Department of Defense wants to spend $11.6 million in fiscal year 2021 to buy systems that would help cyber operators perform “hunt forward” missions, where teams deploy to other countries to stop malicious cyber activity. The Pentagon did not appear to set aside procurement money for the program in fiscal year 2020. The operations provide U.S. cyber teams insight into tactics used by adversaries that could be turned against U.S. networks or during elections in the future. The funds are part of the Air Force’s procurement budget for fiscal year 2021 through the “C3/Countermeasures” program. The Air Force serves as U.S. Cyber Command’s executive agent in procuring equipment. Defense officials view these hunt forward operations as a critical component to protecting the homeland and as part of a new strategy of “persistent engagement,” which is how Cyber Command executes a philosophy of “defend forward” by challenging adversary activities wherever they operate. "In a hunt forward operation, we are able to work with partner nations and receive an invitation to execute operations in their country,” Brig. Gen. William Hartman, commander of the Cyber National Mission Force and Cyber Command’s election security lead, said at an event in January. “These are generally countries that are in the near abroad of adversaries that we’re potentially concerned about.”

Nextgov
February 12, 2020
An executive order aimed at securing services such as the Global Positioning System continues the administration’s trend of relying on procurement as the main lever in its toolbox for making cybersecurity policy. GPS, typically associated with popular mapping tools, is an example of Position Navigation and Timing, or PNT, services used in a broad range of applications including precision banking and microsurgery. It is based on the extraordinary coordination of a constellation of clocks and satellites and is vulnerable to hackers perpetrating “jamming” and “spoofing” attacks that interfere with the receipt of relevant signals. In November 2018, then-Secretary of Homeland Security Kirstjen Nielsen identified PNT as the primary “systemic risk” to the cybersecurity of critical infrastructure. The executive order announced today would put the Homeland Security Secretary in charge of overseeing the development of language to include “requirements for federal contracts for products, systems, and services that integrate or utilize PNT services, with the goal of encouraging the private sector to use additional PNT services and develop new robust and secure PNT services.”

The Washington Post
February 11, 2020
The Justice Department has charged four members of the Chinese military with a 2017 hack at the credit reporting agency Equifax, a massive data breach that compromised the personal information of nearly half of all Americans. In a nine-count indictment filed in federal court in Atlanta, federal prosecutors alleged that four members of the People’s Liberation Army hacked into Equifax’s systems, stealing the personal data as well as company trade secrets. Attorney General William P. Barr called their efforts “a deliberate and sweeping intrusion into the private information of the American people.” The 2017 breach gave hackers access to the personal information, including Social Security numbers and birth dates, of about 145 million people. Equifax last year agreed to a $700 million settlement with the Federal Trade Commission to compensate victims. Those affected can ask for free credit monitoring or, if they already have such a service, a cash payout of up to $125, although the FTC has warned that a large volume of requests could reduce that amount. “This data has economic value, and these thefts can feed China’s development of artificial intelligence tools,” Barr said. The attorney general said the indictment would hold the Chinese military “accountable for their criminal actions.”

The Washington Post
February 11, 2020
For more than half a century, governments all over the world trusted a single company to keep the communications of their spies, soldiers and diplomats secret. The company, Crypto AG, got its first break with a contract to build code-making machines for U.S. troops during World War II. Flush with cash, it became a dominant maker of encryption devices for decades, navigating waves of technology from mechanical gears to electronic circuits and, finally, silicon chips and software. The Swiss firm made millions of dollars selling equipment to more than 120 countries well into the 21st century. Its clients included Iran, military juntas in Latin America, nuclear rivals India and Pakistan, and even the Vatican. But what none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence. These spy agencies rigged the company’s devices so they could easily break the codes that countries used to send encrypted messages.

FCW
February 10, 2020
The Trump administration's proposed budget for fiscal year 2021 would spend $18.8 billion on cybersecurity programs across the federal government, with approximately $9 billion dedicated to civilian agencies for network security, protecting critical infrastructure, boosting the cybersecurity workforce and other priorities. The overall cybersecurity funding at the Department of Homeland Security is listed at $2.6 billion. That includes $1.1 billion for DHS and its component, the Cybersecurity and Infrastructure Security Agency, to defend government networks and critical infrastructure from cyber threats, including for tools like EINSTEIN and Continuous Diagnostics and Mitigation. The administration has also put a heavy emphasis on bolstering the government's cybersecurity workforce, releasing an executive order and strategic plan last year. The budget includes funding for DHS' Cyber Talent Management System, a personnel system designed to bring hundreds of new cybersecurity professionals into the federal workforce under special hiring rules, as well as a CISA-managed cybersecurity workforce initiative and an interagency rotational program that temporarily details cyber personnel to other agencies to gain more holistic experience. The Department of Energy would get $665 million for cybersecurity, including $185 million for the Office of Cybersecurity, Energy Security and Emergency (CESR), part of which would go towards funding early research and development of methods to better protect the energy supply chain.

ZDNet
February 10, 2020
The FBI has sent a security alert to the US private sector about an ongoing hacking campaign that's targeting supply chain software providers, ZDNet has learned. The FBI says hackers are attempting to infect companies with the Kwampirs malware, a remote access trojan (RAT). "Software supply chain companies are believed to be targeted in order to gain access to the victim's strategic partners and/or customers, including entities supporting Industrial Control Systems (ICS) for global energy generation, transmission, and distribution," the FBI said in a private industry notification sent out last week. Besides attacks against supply chain software providers, the FBI said the same malware was also deployed in attacks against companies in the healthcare, energy, and financial sectors. The alert did not identify the targeted software providers, nor any other victims. Instead, the FBI shared IOCs (indicators of compromise) and YARA rules so organizations can scan internal networks for signs of the Kwampirs RAT used in the recent attacks.


INDUSTRY

Ars Technica
February 13, 2020
Penetration testing generally involves checking systems for vulnerabilities that can be exploited to gain access. Red teaming, on the other hand, tests the full spectrum of security by introducing human elements—social engineering with crafted phishing messages, exploiting information for further attacks, and the like. While they can benefit from automation, those are things that can't be fully passed off to a bunch of software robots in the cloud. Scythe, a software company that spun out of the security-testing company Grimm, has been working for the past few years on a platform that allows corporate information-security teams to build security-testing campaigns—creating "synthetic malware" and crafting phishing campaigns or other attacks that mimic the techniques, tactics, and practices of known threat groups. And unlike some of the automated penetration-testing or threat-simulation products out there, Scythe retains the human in the loop—making it a useful tool to both internal security testers and external "red team" consultants.

WIRED
February 13, 2020
West Virginia and Oregon have both recently deployed a mobile voting app called Voatz to facilitate absentee voting. But Voatz now turns out to have major security flaws, according to researchers from the Massachusetts Institute of Technology—including vulnerabilities that could let a hacker manipulate results. The newly unearthed bugs could allow an attacker to reveal someone's votes, block votes from being submitted, or even manipulate them. The findings, first reported in The New York Times, come as the United States is grappling with broad election security issues and debating whether mobile voting can safely expand accessibility. Security experts have long warned that it's virtually impossible to guarantee safe mobile voting, while Voatz and other companies argue that technologies like biometric authentication and blockchain will make the process secure. Apparently note quite yet, though. "Given the severity of failings discussed in this paper, the lack of transparency, the risks to voter privacy, and the trivial nature of the attacks, we suggest that any near-future plans to use this app for high-stakes elections be abandoned," wrote MIT researchers Michael Specter, James Koppel, and Daniel Weitzner.

Ars Technica
February 13, 2020
A widely circulating piece of Android malware primarily targeting US-based phones used a clever trick to reinfect one of its targets in a feat that stumped researchers as to precisely how it was pulled off. xHelper came to light last May when a researcher from security firm Malwarebytes published this brief profile. Three months later, Malwarebytes provided a deeper analysis after the company’s Android antivirus app detected xHelper on 33,000 devices mostly located in the US, making the malware one of the top Android threats. The encryption and heavy obfuscation made analysis hard, but Malwarebytes researchers ultimately concluded that the main purpose of the malware was to act as a backdoor that could remotely receive commands and install other apps. On Wednesday, Malwarebytes published a new post that recounted the lengths one Android user took to rid her device of the malicious app. In short, every time she removed two xHelper variants from the device, the malware would reappear on her device within the hour. She reported that even performing a factory reset wasn't enough to make the malware go away.

CyberScoop
February 13, 2020
A class action lawsuit was filed earlier this week in the U.S. District Court for the District of Puerto Rico against two hospitals for what plaintiffs are calling “reckless and negligent violation of patient privacy rights” in light of alleged ransomware attacks that hit the hospitals last year. The alleged ransomware attacks, which took place in February last year at the Pavía Hospital Santurce and Pavía Hospital Hato Rey hospitals, affected 305,737 people, according to Department of Health and Human Services records. The plaintiffs, both former patients of the hospitals, allege patients’ personal identifying information, including full names, addresses, dates of birth, gender, financial information, and social security numbers, were exposed as a result of the attacks. These records also constitute protected health information as designated by HIPAA. “These patients reasonably expect the highest level of protection for their private identifiable information, when giving highly sensitive information such as their Social Security numbers and medical information to medical providers and insurers,” the complaint says. “What these patients do not expect, and did not expect, was that their personal and sensitive information would be harvested by unauthorized individuals.”

Recode
February 12, 2020
Think your Apple product is safe from malware? That only people using Windows machines have to take precautions? According to cybersecurity software company Malwarebytes’ latest State of Malware report, it’s time to think again. The amount of malware on Macs is outpacing PCs for the first time ever, and your complacency could be your worst enemy. “People need to understand that they’re not safe just because they’re using a Mac,” Thomas Reed, Malwarebytes’ director of Mac and mobile and contributor to the report, told Recode. Windows machines still dominate the market share and tend to have more security vulnerabilities, which has for years made them the bigger and easier target for hackers. But as Apple’s computers have grown in popularity, hackers appear to be focusing more of their attention on the versions of macOS that power them. Malwarebytes said there was a 400 percent increase in threats on Mac devices from 2018 to 2019, and found an average of 11 threats per Mac devices, which about twice the 5.8 average on Windows.

ZDNet
February 12, 2020
Chief Information Security Officers (CISOs, or CSOs) across the industry are reporting high levels of stress. Many say the heightened stress levels has led to mental and physical health issues, relationship problems, medication and alcohol abuse, and in some cases, an eventual burnout, resulting in an average 26-month tenure before CISOs find new employment. The numbers, reported by Nominet, represent a growing issue that's been commonly acknowledged, but mostly ignored across the information security (infosec) community, but one that is slowly starting to rear its ugly head as once-ignored infosec roles are becoming more prominent inside today's companies.

Ars Technica
February 11, 2020
Attack simulation and "red teaming as a service" have become a hot area of development over the past few years as companies continue to seek ways to better train their network defenders and find problems before attackers do. Randori, a company pulling together red-teaming skills and security software experience, today is launching a new platform that attempts to capture the expertise of a high-budget security testing team as a cloud-based service—giving chief information security officers a way to continuously take the pulse of their companies' defenses. Randori takes the red-teaming mission several steps further. Instead of running simulations of attacks based on known threats, Randori Attack runs real, novel attacks based on emerging vulnerabilities—much like a human red team would. Founded by CEO Brian Hazzard (formerly of Carbon Black) and CTO David "Moose" Wolpoff (a reverse-engineering and red-teaming veteran of the specialist security firm Kyrus Tech), Randori's "flagship" service is the Attack Platform—a cloud-based system that, when combined with Randori's Internet-based reconnaissance system, will constantly discover and attempt to exploit a customer company's system, playing the role of what Hazzard describes as "trusted adversary."

Ars Technica
February 9, 2020
Many articles about cybersecurity risks in healthcare begin with descriptions of live simulations (so when in Rome). Imagine a doctor completely unaware of what they’re walking into triaging two patients: one in need of a hospital cardiac catheterization lab after an irregular electrocardiogram (EKG) reading, the other suffering from a stroke and needing a CT scan. All systems are down due to ransomware, so the physician working through the scenario can’t access electronic health records or use any of the assessment methods modern medicine is so reliant on. So, what to do? It’s not hard to imagine other modern nightmares like the EKG swap above. For example, malfunctioning pacemakers could lead to patients experiencing shocks they don’t need, or blood type databases could get switched and cause chaos due to an integrity attack. All four of these scenarios were in fact conducted during the two latest CyberMed Summits, a conference founded in the aftermath of 2017’s WannaCry attacks. “The world’s only clinically-oriented health-care cybersecurity conference” now annually brings together physicians, security researchers, medical device manufacturers, healthcare administrators, and policymakers in order to highlight and hopefully address vulnerabilities in medical technology. These days, CyberMed may be the quickest way to get a sense of what’s at stake in a wildly vulnerable healthcare ecosystem where hospitals frequently run out-of-date or unsupported software and where there’s currently no financial incentive to patch patients’ medical devices. After talking with individuals from both medical and security backgrounds at the most recent summit, it’s clear a myriad of issues have come together in a somewhat (im)perfect storm. And this community is hoping today’s sad state of healthcare cyber hygiene can be fixed before anyone gets hurt or killed.


INTERNATIONAL

Ars Technica
February 14, 2020
The US Pentagon, the FBI, and the Department of Homeland Security on Friday exposed a North Korean hacking operation and provided technical details for seven pieces of malware used in the campaign. The US Cyber National Mission Force, an arm of the Pentagon’s US Cyber Command, said on Twitter that the malware is “currently used for phishing & remote access by [North Korean government] cyber actors to conduct illegal activity, steal funds & evade sanctions.” The tweet linked to a post on VirusTotal, the Alphabet-owned malware repository, that provided cryptographic hashes, file names, and other technical details that can help defenders identify compromises inside the networks they protect. An accompanying advisory from the DHS’s Cybersecurity and Infrastructure Security Agency said the campaign was the work of Hidden Cobra, the government’s name for a hacking group sponsored by the North Korean Government.

BBC
February 14, 2020
More than 135,000 UK residents have been without online public services for nearly a week, as their council struggles with a cyber-attack. Redcar and Cleveland Borough Council's website and all computers at the authority were attacked on Saturday. One cyber-security expert told the BBC the incident had all the hallmarks of a ransomware attack, in which files are scrambled until a ransom is paid. But the council refused to confirm the nature of the hack. Online appointment bookings, planning documents, social care advice and council housing complaints systems are just some of the services knocked offline. The National Crime Agency said it was supporting the council. A team of experts from the UK's National Cyber Security Centre (NCSC) has been on site since the cyber-attack, which took place at 11am on Saturday. The NCSC said: "We are aware of a cyber-incident affecting Redcar and Cleveland Borough Council. "This is an isolated incident and we are supporting the organisation and working with partners to understand its impact."

CyberScoop
February 13, 2020
Hackers associated with Hamas, the Islamist militant group that rules the Gaza Strip, are combining new malware with a timeless trick in an espionage campaign against Palestinian officials, private-sector researchers said Thursday. Like many attackers before them, they’re sending emails on enticing topics, ranging from the U.S. killing of Iranian general Qassem Soleimani to the Trump administration’s Middle East peace proposal. The messages come with malicious PDF files that contain a new remote access trojan (RAT), code that gives them a foothold onto a computer, according to Boston-based security company Cybereason. The hackers have in recent weeks attempted to breach carefully selected targets associated with the Palestinian government in the West Bank, the researchers said. Many of the malware samples analyzed by Cybereason appear to have targeted Fatah, the ruling party in the West Bank and a longtime rival of Hamas. It is unclear how the group was using the information it gathered on Fatah, but it’s just the latest example of geopolitical rivalries taking on a cyber dimension.

Australian Broadcasting Corporation
February 13, 2020
Federal Parliament failed to develop effective methods for preventing cyber intrusions and did not regularly update some sensitive information systems, according to a draft internal audit dated three months after a major cyber attack was uncovered. 7.30 can reveal that a scathing internal audit report written by KPMG for the Department of Parliamentary Services concluded the agency had an "ad hoc" approach to all elements of information security management, the lowest rating possible under the scoring metric used. The findings of the draft report, titled the Protective Services Protective Framework (PSPF) Alignment Review, indicate that at one point the department's contracted review team considered Parliament may have been more vulnerable than was previously known. The department has overall responsibility for cyber security in Parliament, including the electoral and Commonwealth offices of MPs and Senators. The network it is responsible for includes over 5,000 users, 5,000 PCs and laptops, 1,000 servers and more than 2,000 mobile devices. The emergence of the draft report is likely to raise further concerns about the severity of a major cyber attack in February 2019 that breached Australia's parliamentary network and also separately targeted the major political parties.

PCMag
February 12, 2020
Czech authorities are investigating antivirus vendor Avast over its sale of users’ browser histories to third-party companies. “At the moment we are collecting information on the whole case. There is a suspicion of a serious and extensive breach of the protection of users’ personal data,” Ivana Janu, President of the Czech Office for Personal Data Protection, said in a Tuesday statement. The Czech regulator’s “preliminary” probe into the company appears to be in response to a PCMag-Motherboard investigation into the privacy risks of Avast’s free antivirus software, which is used across the globe. The same products were also collecting users’ browser histories for an Avast subsidiary called Jumpshot, which then sold the information to major brands and market research companies. Avast, which is based in the Czech Republic, claimed it was stripping away users’ personal details from the collected browser histories as a way to “de-identify” the data, and preserve their customers’ privacy. However, the joint investigation from PCMag and Motherboard found the contrary: The same data can actually be combined with other information to identify the web activities of individual Avast users, including their internet searches. As many as 100 million users had their data collected.

Tech Crunch
February 11, 2020
It often feels like half of the new security startups that receive funding are from Israel. As YL Ventures’ Yoav Leitersdorf and Ofer Schreiber wrote last month, investments in Israeli cybersecurity startups increased to $1.4 billion last year, with average seed rounds of $4.7 million, up 30.5 percent from 2018. There are a lot of reasons why Israel excels in cybersecurity, but one of them is undoubtedly its talent pool, which is fed by intelligence units like 8200 and 81. Indeed, it’s exceedingly unusual to come across security startup founders in the country who did not receive their initial training in the intelligence services. This experience also gives these founders a network of potential co-founders and employees right from the get-go.

AFP
February 8, 2020
Iran repelled a cyberattack on Saturday that disrupted the country's internet services for an hour, a telecommunications ministry official said. "At 11:44 (0814 GMT) a distributed denial-of-service attack disrupted the internet services of some mobile and fixed operators for an hour," tweeted Sajad Bonabi. A DDoS attack involves overwhelming a target's servers by making a massive number of junk requests. "Connections have returned to normal following the intervention of Dejfa shield," Bonabi added, referring to Iran's so-called digital fortress against cyberattacks. He did not elaborate on the source of the attack. Bonabi is a board member at the ministry's Telecommunications Infrastructure Company, the sole provider of the country's telecommunications infrastructure. Internet monitor NetBlocks confirmed Saturday's outage and said it was "consistent with a targeted disruption and no technical faults are evident at the present time". Iran said in December it had thwarted a "highly organised cyberattack" targeting its e-government infrastructure.


TECHNOLOGY

Fifth Domain
February 13, 2020
How cyber operations fit into geopolitics and act as a tool of statecraft is still largely not understood despite decades of cyber activity, experts said Feb. 12. A flood of large scale hacks, data dumps, espionage, sabotage and cyber-enabled information warfare have driven academics and policy makers to better understand the nuances of cyberspace and the application of cyber tools in political affairs. But much work remains, experts said during an event hosted by the Atlantic Council Feb. 12. “We’re trying to build a field in cybersecurity. I don’t think we’ve done that well enough,” said Brandon Valeriano, a senior fellow at the Cato Institute and Bren Chair of Military Innovation at the Marine Corps University. “I don’t think we have enough empirical background. A lot of people make too many guesses. Too many claims about evidence. There’s a lot of ‘I think, I believe,’ we want to get towards some sort of version of ‘I know,’ and doing that through empirical truth claims. A way to do that is through multi-method research.” Valeriano and Benjamin Jensen, nonresident senior fellow at the Scowcroft Center for Strategy and Security at the Atlantic Council and professor of strategic studies at the Marine Corps University, presented the findings of a study they published in November on cyber escalation. The study surveyed participants from the United States, Russia and Israel, proposed different scenarios to understand baseline escalation risks and examined differences of how others in the international community approach cyber operations.

Ars Technica
February 11, 2020
Over the past half decade, the Emotet malware has emerged as a top Internet threat that pillages people’s bank accounts and installs other types of malware. The sophistication of its code base and its regularly evolving methods for tricking targets into clicking on malicious links—in September, for instance, it began a spam run that addresses recipients by name and quotes past emails they sent or received—has allowed it to spread widely. Now, Emotet is adopting yet another way to spread: using already compromised devices to infect devices connected to nearby Wi-Fi networks.