Dear public service grads, welcome to a job where truth and integrity matter
Information and insight on today's advanced threats from the leader in advanced threat prevention
Nextgov
February
28, 2020
Sen. Mark
Warner, D-VA., penned a letter to Defense Department Chief Information Officer
Dana Deasy this week stressing the value of the agency’s vulnerability
disclosure programs and highlighting legislation he’s introduced to help to
ensure vendors of products related to the internet of things maintain similar,
coordinated schemes. The note was prompted by security journalist Catalin
Cimpanu’s recent report that a Pentagon-led vulnerability disclosure program
enabled a researcher to flag that one of Defense’s servers was exploited and
the department’s resources and information technology systems were subsequently
used to mine cryptocurrency. “This incident demonstrates the inherent value of
vulnerability disclosure programs for information technology products operated
by federal agencies,” Warner said in the letter. “These programs are a crucial
force multiplier for federal cybersecurity efforts.” According to Cimpanu’s
report from Feb. 5, an Indian security researcher on the hunt for bug bounties
unearthed in January “that a cryptocurrency-mining botnet had found a home and
burrowed inside a web server operated by” the Defense Department. The
researcher first identified a vulnerability on a Pentagon-managed cloud system
exposed to the internet and then discovered cryptocurrency-mining malware was
installed and operating on the server. The researcher then reported it to
Defense’s official bug bounty program.
The Hill
February
27, 2020
The Senate
unanimously approved legislation on Thursday that would ban the use of federal
funds to purchase telecommunications equipment from companies deemed a national
security threat, such as Chinese group Huawei. The bipartisan Secure and
Trusted Telecommunications Networks Act, which the House passed in December,
bans the Federal Communications Commission (FCC) from giving funds to U.S.
telecom groups to purchase equipment from companies deemed threats. The bill
would require the FCC to establish a $1 billion fund to help smaller telecom
providers to rip out and replace equipment from such companies, and to compile
a list of firms seen as posing a threat to telecom networks. The bill is
primarily sponsored by House Energy and Commerce Committee Chairman Frank
Pallone Jr. (D-N.J.), ranking member Greg Walden (R-Ore.), and Reps. Doris
Matsui (D-Calif.) and Brett Guthrie (R-Ky.).
Nextgov
February
27, 2020
In a
keynote address at the RSA cybersecurity conference Tuesday, Cybersecurity and
Infrastructure Security Agency Director Christopher Krebs told participants
CISA is recruiting for its “posse” to fight illegal hacking. “We’re hiring,
come work for us!” he said. But it can take more than a year to make it through
queues for security clearances, and that’s just one factor that can dampen
enthusiasm for filling out an application to work for CISA, or elsewhere in the
government. On Wednesday, key congressional staff speaking at the conference
said lawmakers are thinking of ways legislation might help. The Senate
Committee on Homeland Security and Government Affairs is focused on trying “to
see what are the barriers to people entering the federal space, in terms of
working for the government enhancing our overall cybersecurity,” said Michelle
Woods, director of homeland security for the committee's majority. “So we’re
going to be looking to enact some legislation in that space.” Woods spoke along
with Jeffrey Rothblum, a senior professional staff member for the Senate
Homeland Committee’s minority office and Hope Goins, staff director for the
House Homeland Security Committee, on their cybersecurity priorities for the
rest of the year. Norma Krayem, vice president and chair of the cybersecurity
and data privacy practice at Van Scoyoc Associates, led the discussion.
Fifth
Domain
February
26, 2020
With two
weeks until the Cyber Solarium Commission’s report is due for release, members
of the panel expect its work will be successful because the most important
stakeholders had a seat at the table from the beginning. From the outset of the
commission, which will release 75 cyber policy recommendations on a broad range
of topics, the executive branch took an active role. Suzanne Spaulding, one of
the commissioners, said at the RSA Conference Feb. 25, that representatives of
the executive branch showed up for nearly all the commission meetings and
helped guide much of the report, making it easier to actually start work on the
recommendations the panel is producing. “Having the executive branch on there
means that they are already informed; they know exactly how we got where we
got,” Spaulding said. “It made the decision to not take a blue sky aspirational
approach that was not realistic, but instead to focus on what is achievable.”
With many commissions, “their report lands and the executive branch then fans
it out and they have to familiarize themselves with it — that takes months,”
Spaulding said. “Congress has to get up to speed on it and by the time things
start moving, you’ve often come to the end of the administration, and then they
start all over again with a new commission.”
FCW
February
26, 2020
Gen.
Stephen Lyons, the head of U.S. Transportation Command, said its commercial
suppliers were defenseless against persistent cyber threats despite an increase
in overall compliance. "I don't think any of our commercial providers are
in a position to protect themselves," Lyons told the Senate Armed Services
Committee (SASC) during a 2021 budget review hearing focused on TRANSCOM and
U.S. European Command. Lyons said the command has worked for several years to bring
contractors up to a "basic level of cyber hygiene" and inform company
executives of cybersecurity concerns. "We believe that their level of
cyber hygiene has increased significantly," Lyons said of commercial
carriers, as a result of including contract language for compliance,
self-reporting mechanisms and sufficient resilience. But enforcement, as SASC
Ranking Member Sen. Jack Reed (D-R.I.) raised, is a problem. "If you're
not checking, you can have everything in the contract you want and have nothing,"
Reed said before asking whether TRANSCOM needed an authority to do no-notice
checks on contractors.
Bloomberg
Law
February
26, 2020
Cyber
attack attempts targeting the federal judiciary have risen sharply in recent
years to more than 24 million in 2019, and some incidents have been tied to other
nations, judiciary officials said in congressional testimony. Cyber incursions
are “an increasing problem,” but there’s no indication that any attempt to
penetrate and disrupt court systems have been successful, District Judge John
Lungstrum told a House appropriations subcommittee on Wednesday. “That’s the
good news,” said Lungstrum of Kansas, who was on Capitol Hill with the
Administrative Office of the U.S. Courts, which oversees the workings of the
federal judiciary, to discuss its fiscal 2021 budget request. He and courts’
office director James Duff said the information on hacking comes from U.S. law
enforcement, so they said they were limited in what information they could
convey publicly to lawmakers. But they did say “nation states” were among those
targeting court systems. They were not more specific but did note that
estimated incursions jumped from about 9 million in 2016 to more than 24
million last fiscal year. They said it’s not clear what incursions are after
specifically, but that court systems house case information, confidential
records, and other personal data. They also speculated that cyber attacks could
simply be aimed at disrupting websites or other electronic systems that serve
the U.S. government.
ADMINISTRATION
AP
February
27, 2020
Americans
have widespread concerns about the security and integrity of elections, with
few saying they have high confidence that votes in the 2020 presidential
election will be counted accurately. A poll from The Associated Press-NORC
Center for Public Affairs Research finds skepticism about the democratic
process in the United States. While a third of Americans say they have high
confidence in an accurate count, roughly another third are only moderately
confident and a remaining third say they have little confidence. “What’s to
prevent old Vlad Putin from interfering in the election? I don’t know,” says
Reid Gibson, an independent voter in Missouri, referring to the Russian
president, who U.S intelligence agencies say interfered in the 2016 election
with a sophisticated operation to sow division and help elect Donald Trump, a
Republican. FBI Director Christopher Wray told Congress this month that Russia
is still engaged in “information warfare” heading into the 2020 election but
that law enforcement has not seen efforts to target infrastructure like voting
machines. Still, U.S. officials say one of Russia’s goals is to sow doubt about
the integrity of U.S. elections, and the poll suggests that even if Russia
isn’t targeting voting infrastructure it may be achieving that goal because of
the lack of voter confidence following from the 2016 election.
Federal
News Network
February
27, 2020
For the
past four-plus years, the Office of Personnel Management has been on a journey
to address one of the most difficult positions in the government to hire and
retain—the cybersecurity worker. Starting in 2016 with the first-ever
cybersecurity workforce strategy and leading up to today’s most recent effort—a
new memo detailing different approaches to assess the cybersecurity aptitude of
current and potential employees—OPM has been trying to give agencies the tools
and authorities to make up for the shortage of workers. Both the government and
the private sector feel this shortage. The Center for Strategic and
International Studies says in 2019, CyberSeek, an initiative funded by the
National Initiative for Cybersecurity Education (NICE), estimated the United
States faced a shortfall of almost 314,000 cybersecurity professionals. CSIS
also says according to data derived from job postings, the number of unfilled
cybersecurity jobs has grown by more than 50 percent since 2015. Over the last
four years, OPM has taken several steps to help agencies address the lack of
cyber workers by giving departments new hiring authorities, by expanding the
definition of a cyber worker and by borrowing training concepts from the
Defense Department. This latest memo from OPM Director Dale Cabaniss is part of
the May 2019 cybersecurity workforce executive order signed by President Donald
Trump. OPM, along with the Office of Management and Budget, the Department of
Homeland Security, the FBI and other agencies reviewed research and conducted a
data call to agencies to learn which cybersecurity aptitude assessments are
currently being used for the purpose of reskilling.
WIRED
February
26, 2020
John Strand
breaks into things for a living. As a penetration tester, he gets hired by
organizations to attack their defenses, helping reveal weaknesses before actual
bad guys find them. Normally, Strand embarks on these missions himself, or
deploys one of his experienced colleagues at Black Hills Information Security.
But in July 2014, prepping for a pen test of a South Dakota correctional
facility, he took a decidedly different tack. He sent his mom. Rita Strand's
mission would also be complicated by her lack of technical expertise. A
professional pen tester would be able to assess an organization's digital
security in real time and plant back doors tailored to what they found on the
specific network. Rita had the health inspector guise down cold, but she was no
hacker. To help get her in the door, Black Hills made Rita a fake badge, a
business card, and a "manager's" card with John's contact info on it.
Assuming she got inside, she would then take photos of the facility's access
points and physical security features. Rather than have her try to hack any
computers herself, John equipped Rita with so-called Rubber Duckies, malicious
USB sticks that she would plug into every device she could. The thumb drives
would beacon back to her Black Hills colleagues and give them access to the
prison's systems. Then they could work on the digital side of the pen test
remotely, while Rita continued her rampage.
Vice
Motherboard
February 25,
2020
Newly
released and previously secret documents explain in greater detail how, and
why, a section of the U.S. military decides to publicly release a steady stream
of adversarial countries' malware, including hacking tools from North Korea and
Russia. Cyber Command, or CYBERCOM, publishes the malware samples onto
VirusTotal, a semi-public repository that researchers and defenders can then
pore over to make systems more secure. The document provides more insight into
how the U.S. military is engaged in an unusually public-facing campaign, and in
particular highlights one of the reasons CYBERCOM wants to release other
nation's hacking tools: to make it harder for enemy hackers to remain
undetected. In previously secret section of one of the CYBERCOM documents reads
"Posting malware to VT [VirusTotal] and Tweeting to bring attention and
awareness supports this strategy by putting pressure on malicious cyber actors,
disrupting their efforts.” Motherboard obtained the redacted documents through
a Freedom of Information Act (FOIA) request to CYBERCOM.
Nextgov
February 25,
2020
The
Tennessee Valley Authority—a government-operated electric power utility—is at
risk of falling prey to cyberattacks through phishing attempts, as the agency’s
training program shows serious gaps, according to an inspector general report.
While TVA has a sound phishing education regime, the agency IG found the
program lacks real consequences for employees who repeatedly fail the training.
During an assessment of the program, the IG also found evidence that TVA’s
repeat offenders are failing their annual training at a higher rate than the
industry average. Cyberattacks—and specifically phishing—are a serious problem
for the energy sector. The Energy and Homeland Security departments have issued
several warnings about phishing attempts and other cybersecurity threats,
including alerts from the U.S. Computer Emergency Readiness Team, or US-CERT,
part of Homeland Security’s Cybersecurity and Infrastructure Security Agency,
or CISA.
Fifth
Domain
February
25, 2020
Before
Microsoft released its January 2020 software patches, the NSA’s new
Cybersecurity Directorate let another government agency in on a secret: the
tech giant was releasing solution to a critical vulnerability the NSA found in
the Windows 10 operating system. That extra time allowed the Department of
Homeland Security’s Cybersecurity and Infrastructure Security Agency, which
protects critical infrastructure and federal networks from cyberattacks, to get
a head start on preparing its partners to patch the vulnerability. Chris Krebs,
the director of CISA, said this meant he was able to push a series of
notifications out to partners, including the election community, state and
local governments and critical infrastructure. Krebs spoke Feb. 24 on a panel
hosted by CyberScoop. That information sharing is one example of how two new
agencies, CISA, the newest component inside DHS, and the NSA’s Cybersecurity
Directorate (which was created Oct. 1 and works to protect the Defense
Industrial Base and weapons systems), are partnering to combine their
strengths.
Nextgov
February
25, 2020
Tech
companies could provide keys to decrypt information to third-party entities, a
senior Justice official said, describing one way the private sector might
enable law enforcement’s warranted access to encrypted data for criminal
investigations while preserving privacy under a legal framework. “I believe
they can coexist,” John Demers, assistant attorney general for national
security, told reporters Monday ahead of the RSA cybersecurity conference.
Demers challenged a broadly-held belief among privacy advocates that it is
impossible to retain end-to-end encryption for cybersecurity while allowing law
enforcement special access to the coded data. As Justice officials stress they
need access to investigate egregious crimes such as child sexual exploitation
and trafficking, opponents say there is no “technical solution” to allow law
enforcement in without undermining everyone’s privacy. One solution could be
escrowed encryption, where a third party holds the decryption keys. A
Cisco-certified expert blog on the issue argues human reasons, more than
technical or legal ones are why escrowed encryption is largely unworkable. The
scenario raises big unanswered questions: which encryption keys should be put
in escrow, what entities should act as trusted third parties, can the security
for the database of decryption keys be ensured or would the database be
vulnerable to bribable employees? Demers acknowledged some people say law
enforcement access and end-to-end encryption “can’t coexist,” but pointed to
laws established in Australia and the United Kingdom as examples of how he said
other countries are getting ahead of the U.S. on the issue.
CyberScoop
February
24, 2020
A special
unit inside the FBI helped victims of cybercrime recover $300 million of the
roughly $3.5 billion in reported losses in 2019, according to a top bureau
official. Tonya Ugoretz, a deputy assistant director in the cyber division at
the FBI, said Monday the Internet Crime Complaint Center (IC3) responded to
more than 467,000 complaints in 2019, up from 351,937 complaints in 2018. Each
one of the nearly 500,000 complaints submitted to the FBI was analyzed by an
individual human who then determined whether to begin an investigation and, in
some cases, try to recover stolen funds, Ugoretz said. The FBI first quantified
the figures from last year in its annual IC3 report, published earlier this
month. The same report included details about how reported losses from
ransomware attacks doubled in the past year to $8.9 million, though the true
figure likely is much higher, and that attacks increasingly are aimed at
businesses and the managed service providers who work with dozens of companies,
making them an especially valuable target.
WPTV
February
21, 2020
t least six
suspected drug dealers walked away free after Stuart prosecutors were forced to
drop cases for lack of evidence. The problem? The evidence is currently sitting
in computers at the Stuart Police Dept., but hackers have locked investigators
out of the files which could have put the suspected drug dealers behind bars
for years. Hackers hit Stuart with ransomware in April 2019, but the police
department took the brunt of the damage. The cyberattack forced the State
Attorney's Office to drop 11 narcotics cases because evidence was lost.
"In our case, we lost approximately on and half years of digital
evidence," said Det. Sgt. Mike Gerwan with the Stuart Police Department.
"Photos, videos; some of the cases had to be dropped," Gerwan told
Contact 5 investigator Merris Badcock. Those cases included 28 charges against
six different defendants for crimes including possession of meth, possession of
cocaine, selling, manufacturing, or delivering various narcotics, and illegal
use of a two-way communication device. But Contact 5 learned over the course of
the investigation that losing data, or evidence in the case of the Stuart
Police Dept., is highly common when an agency is hit by hackers. "I can't
recall, in speaking to my federal partners, that there has been a case where
data has not been lost," said Gerwan.
INDUSTRY
Ars
Technica
February
27, 2020
Let's
Encrypt, the Internet Security Research Group's free certificate signing
authority, issued its first certificate a little over four years ago. Today, it
issued its billionth. The ISRG's goal for Let's Encrypt is to bring the Web up
to a 100% encryption rate. When Let's Encrypt launched in 2015, the idea was
pretty outrĆ©—at that time, a bit more than a third of all Web traffic was
encrypted, with the rest being plain text HTTP. There were significant barriers
to HTTPS adoption—for one thing, it cost money. But more importantly, it cost a
significant amount of time and human effort, both of which are in limited
supply. Let's Encrypt solved the money barrier by offering its services free of
charge. More importantly, by establishing a stable protocol to access them, it
enabled the Electronic Frontier Foundation to build and provide Certbot, an
open source, free-to-use tool that automates the process of obtaining
certificates, installing them, configuring webservers to use them, and
automatically renewing them.
Nextgov
February
27, 2020
The threat
presented by Huawei is not—as U.S. officials have been warning allies—about
espionage, a leading academic on the issue told participants at the hottest
ticket of this year’s RSA cybersecurity conference. “There is a lot more to
[Fifth Generation Network] security than supply chain,” said Harvard Kennedy
School security technologist Bruce Schneier before an audience of hundreds of
security professionals. “5G is insecure primarily because the protocols are
insecure, because governments, like the United States, like to use the systems
to spy.” While governments such as Germany’s have said they would require
providers to implement end-to-end encryption in order to comprehensively
protect against spying—by all entities—the U.S. has not. “If we like the fact
that we can use the cellular networks to spy on our adversaries, then they get
to spy on us,” Schneier said to rousing applause. “Pick one. You can't have
both.” The Wednesday afternoon session at RSA featured Schneier and R Street
Institute fellow Kathryn Waldron alongside the Defense Department’s
Acquisitions CISO Katie Arrington, and a representative from the forbidden
company itself: Huawei security chief Andy Purdy.
ZDNet
February
27, 2020
At the RSA
2020 security conference in San Francisco yesterday, Intel presented a summary
of its security efforts from last year. In 2019, Intel said it patched 236
security flaws, of which only 5% (11 bugs) were CPU-related vulnerabilities.
All the 11 bugs were side-channel attacks that exploited the hardware
architecture and internal design of Intel CPUs. "These microarchitectural
side-channel vulnerabilities are often closely related, generally difficult to
exploit, and to Intel's knowledge, have not been successfully utilized outside
of a controlled lab environment at the time of this report," the company
said. Intel released microcode (CPU firmware) updates to address all reported
bugs. Reported issues included the likes of Zombieload, RIDL, Fallout,
SWAPGSAttack, Zombieload v2, and NetCAT.
Ars Technica
February
26, 2020
Billions of
devices—many of them already patched—are affected by a Wi-Fi vulnerability that
allows nearby attackers to decrypt sensitive data sent over the air,
researchers said on Wednesday at the RSA security conference. The vulnerability
exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter
whose Wi-Fi business was acquired by Cypress in 2016. The affected devices
include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices,
Raspberry Pi 3’s, and Wi-Fi routers from Asus and Huawei. Eset, the security
company that discovered the vulnerability, said the flaw primarily affects
Cyperess’ and Broadcom’s FullMAC WLAN chips, which are used in billions of
devices. Eset has named the vulnerability Kr00k, and it is tracked as
CVE-2019-15126. Manufacturers have made patches available for most or all of
the affected devices, but it’s not clear how many devices have installed the
patches. Of greatest concern are vulnerable wireless routers, which often go
unpatched indefinitely.
The
Daily Beast
February
26, 2020
A
facial-recognition company that contracts with powerful law-enforcement
agencies just reported that an intruder stole its entire client list, according
to a notification the company sent to its customers. In the notification, which
The Daily Beast reviewed, the startup Clearview AI disclosed to its customers
that an intruder “gained unauthorized access” to its list of customers, to the
number of user accounts those customers had set up, and to the number of
searches its customers have conducted. The notification said the company’s servers
were not breached and that there was “no compromise of Clearview’s systems or
network.” The company also said it fixed the vulnerability and that the
intruder did not obtain any law-enforcement agencies’ search histories. Tor
Ekeland, an attorney for the company, said Clearview prioritizes security.
“Security is Clearview’s top priority,” he said in a statement provided to The
Daily Beast. “Unfortunately, data breaches are part of life in the 21st
century. Our servers were never accessed. We patched the flaw, and continue to
work to strengthen our security.”
Ars
Technica
February
25, 2020
Firefox
will start switching browser users to Cloudflare's encrypted-DNS service today
and roll out the change across the United States in the coming weeks.
"Today, Firefox began the rollout of encrypted DNS over HTTPS (DoH) by
default for US-based users," Firefox maker Mozilla said in an announcement
scheduled to go live at this link Tuesday morning. "The rollout will
continue over the next few weeks to confirm no major issues are discovered as
this new protocol is enabled for Firefox's US-based users." DNS over HTTPS
helps keep eavesdroppers from seeing what DNS lookups your browser is making,
potentially making it more difficult for Internet service providers or other
third parties to monitor what websites you visit. As we've previously written,
Mozilla's embrace of DNS over HTTPS is fueled in part by concerns about ISPs
monitoring customers' Web usage. Mobile broadband providers were caught selling
their customers' real-time location data to third parties, and Internet
providers can use browsing history to deliver targeted ads. Wireless and wired
Internet providers are suing the state of Maine to stop a Web-browsing privacy
law that would require ISPs to get customers' opt-in consent before using or
sharing browsing history and other sensitive data. The telecom companies
already convinced Congress and President Trump to eliminate a similar federal
law in 2017.
ZDNet
February
24, 2020
A new
language framework designed to breach fragmentation gaps between cybersecurity
tools has been released to the open source community. Launched by the Open
Cybersecurity Alliance (OCA), a consortium of cybersecurity vendors including
IBM, Crowdstrike, and McAfee, on Monday, the OCA said that OpenDXL Ontology is
the "first open source language for connecting cybersecurity tools through
a common messaging framework." OpenDXL Ontology, now available, aims to
create a common language between cybersecurity tools and systems by removing
the need for custom integrations between products that can be most effective
when communicating with each other -- such as endpoint systems, firewalls, and
behavior monitors -- but suffer from fragmentation and vendor-specific architecture.
This is not the first open source project developed by the consortium. The Open
Data Exchange Layer (OpenDXL) is an open messaging framework already used by
roughly 4,000 organizations to improve tool integration. Ontology aims to
improve sharing by way of a language that is usable by any vendor, providing
one set of tooling that can be reused across various cybersecurity
products.
INTERNATIONAL
Ars
Technica
February 28,
2020
Malware
developers are always trying to outdo each other with creations that are
stealthier and more advanced than their competitors’. At the RSA Security
conference this week, a former hacker for the National Security Agency
demonstrated an approach that’s often more effective: stealing and then
repurposing a rival’s code. Patrick Wardle, who is now a security researcher at
the macOS and iOS enterprise management firm Jamf, showed how reusing old Mac
malware can be a smarter and less resource-intensive approach for deploying
ransomware, remote access spy tools, and other types of malicious code. Where
the approach really pays dividends, he said, is with the repurposing of
advanced code written by government-sponsored hackers. “There are incredibly
well-funded, well-resourced, very motivated hacker groups in three-letter
agencies that are creating amazing malware that’s fully featured and also fully
tested,” Wardle said during a talk titled "Repurposed Malware: A Dark Side
of Recycling." “The idea is: why not let these groups in these agencies
create malware and if you’re a hacker just repurpose it for your own mission?”
he said.
Gov Info
Security
February 28,
2020
In May, new
medical device regulations, including cybersecurity requirements, will take
effect in the European Union. How do they compare with requirements in the
U.S.? Attorneys Kim Roberts and Adam Solander offer an analysis. To help
medical device manufacturers comply with the new EU cybersecurity requirements,
the European Commission's Medical Device Coordination Group recently published
new guidance. "The new guidelines which the EC published in January were
produced with the intention that they would provide manufacturers with guidance
on how to fulfill all relevant requirements with regards to
cybersecurity," Roberts says in a joint interview with Solander.
"They cover a wide range of cybersecurity aspects in the premarket and
post-market stages of production. At the core is the requirement on
manufacturers to incorporate updated practices as they design, develop and
upgrade products across their lifecycle." In the U.S., the Food and Drug
Administration in 2014 issued cybersecurity guidance for the pre-market
development of medical devices. And in October 2018, it issued a draft of
updated guidance. But the FDA has not yet issued a final version of that
updated draft guidance.
The
Guardian
February 27,
2020
A council
in the north-east of England has admitted that it has suffered a cyber-attack
that has disabled its IT servers for the past three weeks, leaving it with a
steep bill and concerns among residents that their local government
infrastructure is “in danger of collapse”. One Redcar and Cleveland councillor
told the Guardian they had been advised it would take several months and cost
between £11m and £18m to repair the damage -far more than the £7.4m funding
grant the council is set to receive in 2020/2021 from central government. The
council’s total annual budget is £279m. For three weeks all council staff have
been told they cannot use council computers, tablets or mobile devices and have
been instead relying on “pen and paper”, the councillor said. Initially Redcar
and Cleveland council told residents it simply had “an issue with our IT
system, which means we are working with a reduced capacity”. But now the
council leader, independent councillor Mary Lanigan, has acknowledged that the
council was subject to a “ransomware cyber-attack” on 8 February.
Bloomberg
February 27,
2020
What began
as a legal dispute over a hotel has unfolded in a London courtroom in recent
weeks into an extraordinary tale of royal intrigue, one that includes
allegations of global undercover spying operation, hacked emails and a covert
public relations campaign. The investment authority of Ras Al Khaimah, one of
the seven emirates that make up the United Arab Emirates, sued an
Iranian-American aviation executive named Farhad Azima in 2016 for breach of
contract in relation to the sale of a hotel in Tbilisi, Georgia. Azima
counter-sued, alleging that authorities in Ras Al Khaimah hired contractors who
hacked his emails. The trial wrapped up Feb. 14, and a judge in London’s High
Court is currently mulling a decision, which is expected in March. If the judge
finds in Azima’s favor, he would be the first person to successfully sue a
foreign government for hacking, according to Kirby Behre, a former federal
prosecutor and an attorney with Miller & Chevalier, which represents Azima.
The next step would be a hearing on the damages suffered as a result of the
hack, he said.
Brisbane
Times
February 27,
2020
Labor wants
the culprits behind major cyber attacks on Australia to be called out by the
government, saying a change in policy is needed to deter hostile breaches of
the nation's democratic institutions. The Opposition's assistant cyber security
spokesman, Tim Watts, will on Thursday night argue Australia should explicitly
treat cyber assaults on its democratic institutions as special and distinct. In
a speech to the Lowy Institute, Mr Watts will also blast MPs who claim their
social media accounts have been hacked after their accounts "like" an
embarrassing tweet. Australian intelligence agencies found China was
responsible for a cyber attack on Federal Parliament last year, but kept the
finding secret to avoid souring trade relations with Beijing. Mr Watts will
suggest the practice of not publicly naming culprits behind serious cyber
attacks is reinforcing bad behaviour and doing nothing to uphold the norms of
international law.
Gov Info
Security
February 26,
2020
Australia's
financial sector should brace for the potential of distributed
denial-of-service attacks, the nation's top cyber agency has warned. The
Australian Cyber Security Center says it is aware of "a number" of
ransom threats made toward banking and finance organizations. "The threats
in question are delivered via email and threaten the recipient with a sustained
DDoS attack unless a sum of the Monero cryptocurrency is paid," the ACSC
says. The ACSC notes, however, that it hasn't been able to verify the
legitimacy of the threats, and that it appears that, none have resulted in
actual DDoS attacks. The group behind the threats is calling itself the
"Silence Hacking Crew," but the ACSC also advised it has been unable
to verify that as well. DDoS attacks are intended to jam a service by sending
overwhelming amounts of traffic. While such attacks can be devastating for
smaller organizations, banks and financial institutions usually have adequate
defenses in place to minimize disruption. Even the shortest amount of downtime
as a result of such attacks, however, can anger customers and generate
attention.
CyberScoop
February 26,
2020
Iran-linked
hackers have been running spearphishing email campaigns against governmental
organizations in Turkey, Jordan and Iraq in recent months in a likely effort to
gather intelligence, according to research published Wednesday by Dell
Secureworks. Most of the targeting, which Secureworks assesses to be focused on
espionage, began before the U.S. military killed Qassem Soleimani, the leader
of the Iran’s Quds Force, in Baghdad early January. But Alex Tilley, a senior
researcher for Secureworks, told CyberScoop the spearphishing activity has
increased since the killing. The research appears to align with information the
FBI shared with industry in January, when it warned of an increase in Iranian
“cyber reconnaissance activity.” The alert highlighted that Iranian hackers
could be zeroing in on the defense industrial base, government agencies, academia
and nongovernmental organizations.
Reuters
February 24,
2020
Mexico’s
economy ministry detected a cyber attack on some of its servers on Sunday but
did not consider sensitive information to have been compromised, and beefed up
safety measures, it said in a statement. It was the second high-profile cyber
attack on the Mexican government after hackers demanded $5 million in bitcoin
from national oil company Pemex last November, forcing it to shut down
computers nationwide. Providers have been asked to temporarily isolate networks
and servers, the ministry said on Monday, adding that the processing of some
forms would be temporarily suspended to protect their legal status. “Following
an extensive revision, some of the ministry’s servers have been identified as
affected, mostly email and archive servers,” it added. “The ministry’s
sensitive information as well as that of its users is not considered
compromised.”
Financial
Times
February 23,
2020
Western
powers must step up military deterrence and investment to combat Russia’s
growing strategic control of the pivotal Black Sea region, Georgia’s foreign
minister has warned. David Zalkaliani urged “more attention and more engagement”
from the US and European countries in the face of Moscow’s growing deployment
of missiles and radar in territory that it disputes with Tbilisi. His comments
highlight the growing battle for an energy-rich trade route that counts two EU
members on its shores and links Europe to Asia and the Mediterranean end of the
Middle East. On Thursday, the UK and US accused Russia’s GRU intelligence
agency of a cyber attack against Georgia in October last year that targeted
government websites and media outlets. Speaking in an interview with the
Financial Times before news of the cyber attack emerged, Mr Zalkaliani said
Russia was deploying the “most sophisticated military equipment and ammunition”
in the self-declared independent Abkhazia region, which has increasingly
aligned itself with the Kremlin since Moscow captured 20 per cent of Georgia’s
territory in 2008.
TECHNOLOGY
WIRED
February
28, 2020
In 2003
security researcher Katie Moussouris was working at the enterprise security
firm @stake—which would later be acquired by Symantec—when she spotted a bad
flaw in an encrypted flash drive from Lexar. After working with her friend LuĆs
Miras to reverse-engineer the app and examine its structure, the two discovered
that it was trivial to uncover the password that decrypted the drive's data.
But when they tried to let Lexar know? "Things went wrong," says
Chris Wysopal, who was also working at @stake at the time. The @stake team had
the same two options that anyone does when they discover a vulnerability:
either publish the findings openly or go to the developer directly, giving them
time to fix the flaw before going public. In theory it seems like the latter
would be a win-win, since it reduces the risk that hackers could exploit the
bug maliciously. But the reality, in this case and so many others, can quickly
get much more complicated and contentious.
The Wall
Street Journal
February
23, 2020
In 2018,
Frank Krasovec took on a $1 million personal line of credit from PlainsCapital
Bank. A few months later, he went on a business trip. When he returned,
$450,000 was missing. Mr. Krasovec, the chairman of Dash Brands Ltd., which
owns Domino’s Pizza Inc. franchises in China, said he soon learned that someone
had hijacked his email and asked his assistant to wire the money to a Hong Kong
account.