Wednesday, March 11, 2020

House members worry if the cyber force is the right size




‘It was a bright cold night in April, and the clocks were striking thirteen’

 – George Orwell

Nextgov
March 6, 2020
Following a shift in federal policy last year that pushed agencies to focus on closing major data centers over servers in closets and under desks, the Government Accountability Office released a report Thursday criticizing the new policy for decreasing visibility into the number of data centers operating across the government and making agencies more vulnerable to cyberattacks. The original Data Center Closure Initiative kicked off in 2010 during the Obama administration. The goal at the time was to identify and cap the explosion of data centers across the government, which had grown from 432 in 1998 to more than 2,000 in 2010. However, officials soon realized this number did not fully encompass all of the servers running throughout the government, including smaller “data centers” tucked in small rooms or otherwise maintained outside of traditional facilities. In 2016, the initiative was revamped with a focus on anything that could conceivably qualify as a data center, resulting in a larger count of more than 5,600 data centers in August that year. The inventory peaked at 5,916 in August 2018.

Fifth Domain
March 5, 2020
Members of Congress are concerned about the size of the Department of Defense’s cyber force. U.S. Cyber Command’s cyber mission force consists of 133 offensive, support and defensive cyber teams. But during a March 4 hearing of the House Armed Services Committee, Rep. Jim Langevin, D-Rhode Island, used his opening statement to ask about Cyber Command’s staffing. “We need to candidly assess whether a force conceived more than seven years ago is sufficient for a dramatically different environment today,” he said. “I will also be curious to hear candid assessments on how organic capabilities resident in the Services are rationalized with CYBERCOM’s mission and strategy.” Nakasone said during testimony the command plans to gather information for Pentagon leaders to make appropriate staffing decisions. “A central challenge today is that our adversaries compete below the threshold of armed conflict, without triggering the hostilities for which DoD has traditionally prepared,” he said in written testimony. “That short-of-war competition features cyber and information operations employed by nations in ways that bypass America’s conventional military strengths.”

Ars Technica
March 5, 2020
Two Republicans and two Democrats in the US Senate have proposed a law that aims to combat sexual exploitation of children online, but critics of the bill call it a "Trojan horse" that could harm Americans' security by reducing access to encryption. The EARN IT (Eliminating Abusive and Rampant Neglect of Interactive Technologies) Act "would create incentives for companies to 'earn' liability protection for violations of laws related to online child sexual abuse material," an announcement by the bill's supporters said today. Under current law, Section 230 of the Communications Decency Act provides website operators broad legal immunity for hosting third-party content. A 2018 law known as FOSTA-SESTA chipped away at that immunity for content related to prostitution and sex trafficking, and the EARN IT Act would further weaken immunity for website operators who fail to take certain to-be-determined measures to find and remove child sexual-abuse material. In a related development today, US Attorney General William Barr gave a speech calling for an analysis of how Section 230 affects "incentives for platforms to address [child sexual exploitation] crimes and the availability of civil remedies to the victims."

Nextgov
March 5, 2020
A major thrust of a congressionally mandated commission will be to make federal funding available for entities reacting to a cyberattack. At least two recommendations in the Cyberspace Solarium Commission’s long-awaited report will center on “giving the executive branch the authority to declare a cyber state of distress which would then unlock access to a cyber response and recovery fund,” according to Rep. Mike Gallagher, R-Wisc., a co-chair of the commission. Gallagher spoke with other members of the commission—CEO of Southern Company Tom Fanning, and Samantha Ravich, chairman of the Foundation for the Defense of Democracy’s Center on Cyber and Technology Innovation—at an FDD event today previewing the commission’s 75 recommendations, set for release March 11. Made up of Republican, Democrat, and Independent members of the House and Senate, as well as the executive branch and private individuals, the commission is seen as having the ability to insert legislative language into the must-pass National Defense Authorization Act that represents a broad consensus. Mark Montgomery, the executive director of the commission, told Nextgov the cyber response and recovery fund would be similar to the one currently controlled by the Federal Emergency Management Agency for response to natural disasters. He said exact funding levels would be determined through the appropriations process.

Fifth Domain
March 5, 2020
The Cyberspace Solarium Commission will recommend that the Department of State establish a bureau focused on international cybersecurity efforts and emerging technologies as part of its forthcoming report, commissioners said March 3 at the Carnegie Endowment for International Peace. The suggestion from the commission, made up of government and non-government cybersecurity experts developing cyber policy recommendations, comes as part of a broader belief in the group that the State Department needs to be more involved on cybersecurity issues. Among the report’s 75 recommendations, set for release March 11, will be the proposal for a new State Department office called the “Bureau for Cyberspace Security and Emerging Technologies,” in addition to a new assistant secretary of state position to coordinate international outreach for cyber issues and emerging tech. The new position would report to the deputy secretary of state or undersecretary of political affairs, according to Rep. Jim Langevin, D-R.I., a member of the commission. The goal of the new office is to take cybersecurity issues at the department and “raising its level of importance and stature ... to reinforce that this is an international approach that we need to and want to take," Langevin said.

FCW
March 4, 2020
Lawmakers pressed Treasury Secretary Steven Mnuchin at a Mar. 4 House Appropriations Committee hearing about how effective the department's financial sanctions against other nations for conducting cyberattacks were in deterring future behavior and how it was defining their success. "If a sanction is enforced upon another foreign entity, how does that restore or make whole the U.S. entity?" asked Rep. Tom Graves (R-Ga.) at the hearing. He also asked Mnuchin if he's noticed "any sizable positive impact on the reduction of breach attempts on U.S. companies" as a result. Mnuchin said sanctions are "just one of the many tools" the U.S. government uses to help protect federal and private IT infrastructure. Rep. Mike Quigley (D-Ill.) brought up sanctions implemented by both the Obama and Trump administrations against Russian entities and individuals for interfering in the 2016 U.S. presidential election, noting that Russia's covert campaign to influence the U.S. electorate "seem to be continuing" and that former Director of National Intelligence Dan Coats warned that "the lights are blinking red" before stepping down last year.

The Hill
March 3, 2020
A bipartisan group of senators led by Senate Minority Leader Charles Schumer (D-N.Y.) on Tuesday “strongly urged” the British Parliament to reject Chinese telecom group Huawei and exclude it entirely from their 5G networks. The British House of Commons is set Wednesday morning to debate the decision by the United Kingdom’s National Security Council in January to allow Huawei equipment in “periphery networks” while banning the company’s equipment from more secure networks. In a letter sent to members of Parliament on Tuesday night, Schumer, Sen. Ben Sasse (R-Neb.) and a bipartisan group of almost two dozen other senators underlined national security risks created through use of the company’s equipment, asking them to “revisit” their country’s decision on Huawei. “Given the significant security, privacy, and economic threats posed by Huawei, we strongly urge the United Kingdom to revisit its recent decision, take steps to mitigate the risks of Huawei, and work in close partnership with the U.S. on such efforts going forward,” the senators wrote.

The Hill
March 3, 2020
A new report by a bipartisan commission will include at least 75 recommendations for Congress and the executive branch on how to defend the nation against cyberattacks, including bipartisan recommendations for defending elections. Members of the Cyberspace Solarium Commission, which includes lawmakers, federal officials and industry leaders, highlighted the group’s focus on election security during an event at the Center for Strategic and International Studies on Tuesday, previewing some of the recommendations that will be among those released March 11. Commission member former Rep. Patrick Murphy (D-Penn.) said the report — which marks a major effort to create a blueprint for federal action on cybersecurity going forward — was “biased towards action,” and was meant to spur change. “It’s not some report that is going to be in the Library of Congress that no one is going to look at again,” Murphy said. “There is going to be some legislative action, there are going to be some executive actions.” The report’s recommendations around election security will mark a rare bipartisan effort to address the issue following years of contention on Capitol Hill after Russian interference in the 2016 presidential election.


ADMINISTRATION

AP
March 5, 2020
To thwart increasingly dangerous cybercriminals, law enforcement agents are working to “burn down their infrastructure” and take out the tools that allow them carry out their devastating attacks, FBI Director Christopher Wray said March 4. Unsophisticated cybercriminals now have the power to paralyze entire hospitals, businesses and police departments, Wray said during a conference on cybersecurity at Boston College. The ever-changing threat has forced law enforcement to get creative and target the dark web sites and other tools at hackers’ disposal, he said. “The reality is we are long past the days where we can fight this threat just one by one, one bad guy at a time ... one victim company at a time. We’ve got to figure out ways to tackle the cyberthreat as a whole,” Wray told the crowd of FBI agents, university officials and others on the Chestnut Hill campus Wednesday. The U.S. saw a nearly 40 percent increase in ransomware attacks between 2018 and 2019, said Joseph Bonavolonta, the head of the FBI’s office in Boston. There was an even more dramatic uptick in such attacks in just the four states — Massachusetts, Maine, Rhode Island and New Hampshire — that the Boston office covers, he said.

CNN
March 5, 2020
Top tech officials working for Joe Biden's campaign aren't taking any second chances following the 2016 hacking of the Democratic National Committee. The campaign is constantly trying to fend off email phishing attacks that could give hackers inside access to the campaign's data, according to Dan Woods, the Biden campaign's chief technology officer. "The most famous thing to come out of 2016 was phishing," Woods said at an election security conference in Philadelphia on Thursday. "Besides misinformation and disinformation, phishing remains, without question, the biggest threat we face." That acknowledgment reflects Democrats' difficult lesson from the last presidential cycle, when Russian hackers targeted dozens of DNC addresses with legitimate-looking emails designed to entice unwitting staffers into compromising their own security. They also targeted Hillary Clinton's campaign chairman, John Podesta, obtaining tens of thousands of emails that were later published by WikiLeaks.

CyberScoop
March 5, 2020
Over the last year, Democratic presidential campaigns have had difficulty sharing threat data between one another, according to the former security boss for Pete Buttigieg’s campaign, raising concerns about the party’s ability to fend off possible interference ahead of the November elections. Mick Baccio, who spent roughly five months working for the now-defunct Buttigieg campaign, told CyberScoop that his team tried sharing information with other campaigns that could have helped officials protect themselves from hackers. The effort was hampered, he said, by a shortage of qualified security staffers on other campaigns, and the lack of a formal information sharing process. Baccio resigned from the campaign in January over philosophical differences. “It’s not that there’s not a want to share. It’s ‘I don’t know who to talk to,’” he said during an interview Wednesday at the Splunk GovSummit in Washington, D.C.. “I don’t know of a formal mechanism; whether it’s through the DNC, DCCC, or an election [information sharing and analysis center] or something like that. There’s no widespread known mechanism to share that threat data at a sanitized level.” He did not specify the kinds of threat intelligence the Buttigieg campaign tried sharing, or with whom.

Fifth Domain
March 4, 2020
Following the release of the first version of new cybersecurity standards for contractors bidding on programs, the Department of Defense is focusing on international adoption of the framework. The Cybersecurity Maturity Model Certification (CMMC) 1.0, released in January, is a tiered cybersecurity framework that grades companies on a scale of one to five based on the level of classification and security that necessary for the work they are performing. It was designed not only to set a level playing field for contractors, but also to increase the cybersecurity of companies that possess sensitive secrets tied to the Pentagon programs they work on. “The CMMC team is currently working with multiple countries including Canada, the U.K., Denmark, Italy, Australia, Singapore, Sweden and Poland as well as the EU cybersecurity body,” Ellen Lord, under secretary of defense for acquisition and sustainment, said March 3 during a presentation at WEST 2020 in San Diego. She added that these counties and groups are asking whether or not they can adopt the CMMC for their own use.

Nextgov
March 3, 2020
As results rolled in on Super Tuesday, senior officials from the Cybersecurity and Infrastructure Security Agency said primary elections happening across the country were free from any sign of foreign interference. Super Tuesday was a significant test of the agency’s efforts to secure election systems following reports from the intelligence community of Russian interference during the 2016 election. During a call with reporters after polls closed, senior CISA officials said some states—Minnesota, California and Texas—experienced a few technical issues but that those were not associated with any malicious activity and that all systems were back up and running. Officials said there were three different backend systems involved, some provided by managed service providers, or cloud service providers, others in-house. “We talked directly, in the case of one state, the managed service provider, the cloud security provider that was providing the hosting infrastructure, the voter [registration] database and the voter lookup tool and confirmed directly with them that there's no appearance of any malicious activity,” one official said. “We're talking about very high speed, capable security teams at these organizations.”

CyberScoop
March 3, 2020
The Trump administration’s handling of U.S. military assistance to Ukraine sparked an impeachment inquiry, but U.S. cybersecurity aid to the Eastern European country continues to flow, unimpeded and under the radar. The State Department on Tuesday announced an additional $8 million in cybersecurity funding for Ukraine, whose electric utilities sector has at least twice been struck by Russia-linked hackers in recent years. One of those cyberattacks, in 2015, plunged a quarter of a million Ukrainians into darkness. Ever since then, Washington has tried to ramp up Ukraine’s cyberdefenses with funding and strategic advice, including through a project to help Ukraine develop a national cybersecurity strategy. Some of the new funding will be used for building out Kyiv’s legal and regulatory framework for improving cyberdefenses, the State Department said. The new money is on top of the $10 million in cybersecurity aid the U.S. previously pledged to Ukraine.

FCW
March 3, 2020
Private security researchers and threat intelligence firms that visit black market online forums for research should create internal rules, document their work and have established relationships with law enforcement, according to new guidance from the Department of Justice. The document offers non-binding legal guidance for how to navigate cyber intelligence gathering on the internet, particularly for sites that "openly advertise illegal services and the sale of stolen credit card numbers, compromised passwords, and other sensitive information." The Computer Fraud and Abuse Act and DOJ's interpretation of the law looms large over many of the outstanding questions. For instance, passively lurking on online forums to gather intelligence -- even information that touches on criminal conduct -- is usually legally safe as long as the researcher is using legitimate credentials. However, DOJ said using exploits or "other techniques" to access or gather information from the server or system on which the forum operates could be viewed as gaining unauthorized access. More active actions, like posing questions or directly soliciting advice can also present a "marginal legal risk" to researchers depending on whether their interaction furthers a crime.

The Atlanta Journal Constitution
March 3, 2020
Just two days before the 2018 election for governor, Republican Brian Kemp opened an explosive investigation, accusing the Democratic Party of Georgia of trying to hack voter registration systems. Kemp was Georgia’s secretary of state at the time, overseeing his own heated election for governor against Democrat Stacey Abrams. Sixteen months later, the attorney general’s office released a report Tuesday finding no evidence of a hack and closing the investigation Kemp had launched. No election information was damaged, stolen or lost, according to the report, and there was no evidence of computer crimes. Democratic Party of Georgia Chairwoman Nikema Williams said Kemp created “outright lies” to attack his political opponents and help his election.

ProPublica
March 2, 2020
The Richmond, Virginia, website that tells people where to vote and publishes election results runs on a 17-year-old operating system. Software used by election-related sites in Johnston County, North Carolina, and the town of Barnstable, Massachusetts, had reached its expiration date, making security updates no longer available. These aging systems reflect a larger problem: A ProPublica investigation found that at least 50 election-related websites in counties and towns voting on Super Tuesday — accounting for nearly 2 million voters — were particularly vulnerable to cyberattack. The sites, where people can find out how to register to vote, where to cast ballots and who won the election, had security issues such as outdated software, poor encryption and systems encumbered with unneeded computer programs. None of the localities contacted by ProPublica said that their sites had been disrupted by cyberattacks.

FCW
March 2, 2020
To address a critical need for cybersecurity personnel in the federal workforce, the Office of Personnel Management is overhauling its aptitude tests and other assessments used in recruiting needed IT talent. In a memo issued to agency heads on Feb. 27, OPM Director Dale Cabaniss highlighted five assessments that agencies should use when determining an applicant's technical abilities: cognitive ability, structured interviews, biodata tests, situational judgment tests, personality tests, and training and experience point methods. "Federal subject matter experts recommend the Federal government pursue a whole person approach for cybersecurity aptitude assessment for reskilling and the selection of new talent," Cabaniss wrote. "The whole person approach should incorporate a mix of assessments that evaluate both cognitive and interpersonal competencies, as well as technical cybersecurity related knowledge, skills, and abilities."


INDUSTRY

BBC
March 6, 2020
More than a billion Android devices are at risk of being hacked because they are no longer protected by security updates, watchdog Which? has suggested. The vulnerability could leave users around the world exposed to the danger of data theft, ransom demands and other malware attacks. Anyone using an Android phone released in 2012 or earlier should be especially concerned, it said. Which? says it was not reassured by Google's response. And the tech giant has not responded to BBC requests for a comment. Google's own data suggests that 42.1% of Android users worldwide are on version 6.0 of its operating system or below. According to the Android security bulletin, there were no security patches issued for the Android system in 2019 for versions below 7.0.

Ars Technica
March 5, 2020
Earlier this week, Let's Encrypt announced that it would revoke roughly three million—2.6 percent—of its currently active certificates. Last night, however, the organization announced that it would delay the revocation of many of those certificates in the interest of Internet health. The impact of the revocation on system administrators was and is significant due to the very short window of maintenance allowed before the revocation went into effect. Roughly thirty-six hours were available from the initial announcement to the beginning of scheduled certificate revocation. Half an hour prior to the scheduled revocations, more than one million affected certificates had still not been renewed, and Let's Encrypt announced an additional delay to give administrators more time. The revocations are necessary because of a bug in Let's Encrypt's CA (Certificate Authority) code, which allowed some domains to go unchecked for CAA (Certificate Authority Authorization) DNS record compliance. Although the vast majority of the certificates revoked posed no security risk, they were not issued in full compliance with security standards. Let's Encrypt's decision to rapidly revoke them all is in compliance with both the letter and spirit of security regulations.

WIRED
March 5, 2020
Over the past few years, owners of cars with keyless start systems have learned to worry about so-called relay attacks, in which hackers exploit radio-enabled keys to steal vehicles without leaving a trace. Now it turns out that many millions of other cars that use chip-enabled mechanical keys are also vulnerable to high-tech theft. A few cryptographic flaws combined with a little old-fashioned hot-wiring—or even a well-placed screwdriver—lets hackers clone those keys and drive away in seconds. Researchers from KU Leuven in Belgium and the University of Birmingham in the UK earlier this week revealed new vulnerabilities they found in the encryption systems used by immobilizers, the radio-enabled devices inside of cars that communicate at close range with a key fob to unlock the car's ignition and allow it to start. Specifically, they found problems in how Toyota, Hyundai, and Kia implement a Texas Instruments encryption system called DST80. A hacker who swipes a relatively inexpensive Proxmark RFID reader/transmitter device near the key fob of any car with DST80 inside can gain enough information to derive its secret cryptographic value. That, in turn, would allow the attacker to use the same Proxmark device to impersonate the key inside the car, disabling the immobilizer and letting them start the engine.

CyberScoop
March 5, 2020
The U.S. Department of Justice on Monday unsealed a 2014 indictment alleging that a current cybersecurity executive was involved a conspiracy to sell usernames and passwords belonging to American customers of the social media company Formspring in 2012. The man identified in the indictment, Nikita Kislitsin, allegedly received data stolen from Formspring, then tried to sell that information to others. Kislitsin currently works as head of network security at Group-IB, a cybersecurity vendor with offices in Moscow and Singapore. He joined the company in January 2013, roughly six months after prosecutors say a hacker provided Kislitsin with credentials from Formspring to sell. U.S. prosecutors have not alleged any wrongdoing by Group-IB. In a statement to CyberScoop, the company said Kistlitsin still is an employee, and that Group-IB considers the accusations as “only allegations,” arguing that “no findings have been made that Nikita Kislitsin has engaged in any wrongdoing.”

TechCrunch
March 5, 2020
A major electronics manufacturer for defense and communications markets was knocked offline after a ransomware attack, TechCrunch has learned. A source with knowledge of the incident told TechCrunch that the defense contractor paid a ransom of about $500,000 shortly after the incident in mid-January, but that the company was not yet fully operational. California-based Communications & Power Industries (CPI) makes components for military devices and equipment, like radar, missile seekers and electronic warfare technology. The company counts the U.S. Department of Defense and its advanced research unit DARPA as customers. The company confirmed the ransomware attack. “We are working with a third-party forensic investigation firm to investigate the incident. The investigation is ongoing,” said CPI spokesperson Amanda Mogin. “We have worked with counsel to notify law enforcement and governmental authorities, as well as customers, in a timely manner.”

CBC
March 5, 2020
A cyberattack late Wednesday night has shut down Evraz North America's information technology systems across the United States and Canada, a company spokesperson confirmed on Thursday. The company also confirmed that temporary layoff notices have been issued as a result. "At this point, there has been no indication of any breach of confidential or personal customer or employee information," said Patrick Waldron, spokesperson for the company. Waldron said there is currently no timeline for resolution of the situation but it has affected internal infrastructure such as the company's email system. "Our information technology teams are working to restore those systems as soon as possible."

Ars Technica
March 5, 2020
Virtually all Intel chips released in the past five years contain an unfixable flaw that may allow sophisticated attackers to defeat a host of security measures built into the silicon. While Intel has issued patches to lessen the damage of exploits and make them harder, security firm Positive Technologies said the mitigations may not be enough to fully protect systems. The flaw resides in the Converged Security and Management Engine, a subsystem inside Intel CPUs and chipsets that’s roughly analogous to AMD’s Platform Security Processor. Often abbreviated as CSME, this feature implements the firmware-based Trusted Platform Module used for silicon-based encryption, authentication of UEFI BIOS firmware, Microsoft System Guard and BitLocker, and other security features. The bug stems from the failure of the input-output memory management unit—which provides protection preventing the malicious modification of static random-access memory—to implement early enough in the firmware boot process. That failure creates a window of opportunity for other chip components, such as the Integrated Sensor Hub, to execute malicious code that runs very early in the boot process with the highest of system privileges.

The Wall Street Journal
March 4, 2020
Criminals are using concerns about the coronavirus epidemic to spread infections of their own. They are forging emails mentioning the outbreak that appear to be from business partners or public institutions in an effort to get users to open the messages, unleashing malware. The number of malicious emails mentioning the coronavirus has increased significantly since the end of January, according to cybersecurity firm Proofpoint Inc., which is monitoring the activity. The company recently assigned an analyst to track coronavirus threats, something it hasn’t done for prior hacking campaigns related to disasters or major public events, said Sherrod DeGrippo, Proofpoint’s senior director of threat research and detection. Proofpoint analysts now see multiple email campaigns mentioning the coronavirus every workday. “We don’t typically see events like that. Natural disasters are very localized; events like the Olympics come and go and I think something like the Olympics doesn’t get the clicks that a health scare would,” she said. The dearth of information about the epidemic, along with plenty of conflicting claims, provides an opening for criminals, said Ryan McConnell, founder of R. McConnell Group PLLC, a law firm in Houston.

TechCrunch
March 4, 2020
Clothing giant J.Crew said an unknown number of customers had their online accounts accessed “by an unauthorized party” almost a year ago, but is only now disclosing the incident. The company said in a filing on Tuesday with the California attorney general that the hacker gained access to the customer accounts in or around April 2019. According to the letter, the hacker obtained information found in customers’ online accounts — including card types, the last four digits of card payment numbers, expiration dates and associated billing addresses. Online accounts also store customer order numbers, shipping confirmation numbers and shipment statuses. A spokesperson for the company confirmed the hacker used a technique known as credential stuffing, where existing sets of exposed or breached usernames and passwords are matched against different websites to access accounts. The spokesperson later said that fewer than 10,000 customers were affected across the U.S. But a bigger, unanswered question is why it took J.Crew took almost a year to detect and disclose the incident to regulators and customers.

Infosecurity Magazine
March 4, 2020
Two cruise lines operated by Carnival Corp have fallen victim to a cyber-attack. Carnival announced on Monday that Princess Cruises and the Holland America Line had both been hit by cyber-criminals in late May last year. Investigations into the incident carried out by Princess and Holland America revealed that an unauthorized third party had gained access to a substantial amount of personal information belonging to both passengers and crew. Data accessed in the attack included email accounts, names, Social Security numbers, government identification numbers, passport numbers, health-related information, and credit card information of guests and employees. Not all guests were impacted by the incident. In a statement released on March 2 by Princess Cruises, the company said it had "identified a series of deceptive emails sent to employees resulting in unauthorized third-party access to some employee email accounts." The company said it notified law enforcement of the incident and are notifying affected individuals where possible.

FCW
March 3, 2020
Intelligence gathering and espionage remained the primary motivation for state-sponsored cyber intrusions in 2019, according to a new report. In the latest version of its annual global threat report, cybersecurity threat intelligence firm CrowdStrike found that Advanced Persistent Threat groups heavily targeting governments, military sectors as well as their defense industrial base of contractors, while criminal groups are increasingly leveraging ransomware as a primary attack vector against the private sector and local governments. Chinese-aligned groups focused on the telecommunications sector in particular, which CrowdStrike said it believes could support both signals intelligence and upstream surveillance activities. The emphasis came during the same year the U.S. government made a major push to discourage allies from using equipment from Chinese companies like Huawei while building out their 5G networks, warning them that doing so could make it easier for Beijing to spy on their communications. Hacking groups tied to China tended to use open source tools and tactics in an effort to mask and cover their tracks.

AP
March 2, 2020
Although businesses are increasingly at risk for cyberattacks on their mobile devices, many aren’t taking steps to protect smartphones and tablets. That’s one of the conclusions of a report on mobile security released last week by Verizon, which found that nearly 40% of companies had their mobile security compromised, up from 33% in 2019. But many companies don’t prioritize mobile security — 43% said they had sacrificed security while owners and managers focused on other concerns. Forty-three percent of the companies surveyed said mobile security was sacrificed to meet deadlines or productivity targets. These companies were twice as likely to be compromised as those that didn’t take precautions. A big threat to cybersecurity comes from free public WiFi services. A fifth of the organizations that reported their mobile devices had been attacked said an unapproved or insecure WiFi service was used.

Defense One
March 2, 2020
A supplier to a number of major defense companies — including Lockheed Martin, Boeing, General Dynamics, and SpaceX — is the target of a ransomware attack. Documents purportedly stolen from Denver-based Visser Precision Manufacturing are already showing up online, according to Emsisoft, the cybersecurity company that made the attack public. It’s a textbook example of a type of cyber attack the Pentagon is trying to prevent: going after a defense supplier that holds sensitive data yet is small enough to lack sophisticated cyber defenses. DoppelPaymer, the ransomware used in the alleged attack, typically steals data before encrypting it on the victim’s computer, said Brett Callow, a threat analyst for Emsisoft. In February, the group running the DoppelPaymer malware set up a website for exposing files belonging to its victims, Callow said. “The actor has been active since the middle of last year, but has only started publishing data [stolen in the attack] in the last few days,” Callow said in an email to Defense One.


INTERNATIONAL

Fox News
March 5, 2020
The U.S., U.K. and Estonia condemned last year’s cyber attacks against Georgia, part of the former Soviet Union, by Russian military intelligence today during a closed-door meeting of the UN Security Council. The meeting marked the first time cyber attacks were brought up in the council as its own specific item. The meeting came about following a letter written to the Security Council last month by the Georgian U.N. Ambassador about the cyber attack. U.N. ambassadors from the U.S. and U.K. and Estonia made a joint statement about the meeting. Speaking on behalf of his colleagues, Estonia’s Ambassador Sven Jurgenson said it was clear who carried out the cyber attack. “We are clear that Russia's military intelligence service, the G.R.U, conducted the cyber attacks in attempt to sow discord and disrupt the lives of ordinary Georgian people. These cyber attacks are part of Russia's long-running campaign of hostile and destabilizing activity against Georgia and are part of a wider pattern of malign activity.”

Gov Info Security
March 5, 2020
The U.K. Information Commissioner's Office has fined Cathay Pacific Airways £500,000 ($646,000) over a data breach that exposed the personal information of 9.4 million customers, including 111,000 British citizens, during a four-year period. The fine is the largest the U.K. privacy watchdog could impose under the country's older data protection laws since the breach, which started in 2014 and was discovered and fixed in 2018. That happened before the EU's General Data Protection Regulation went into effect in May 2018, according to the report. During its investigation, the ICO found that the Hong Kong-based airline lacked appropriate security controls to ensure passenger data was secured within its internal IT systems, according to the report. The result is that millions of records, including names, passport and identity details, dates of birth, postal and email addresses, phone numbers and historical travel information, were exposed, the report notes.

Infosecurity Magazine
March 5, 2020
UK businesses need to further strengthen their defenses against cyber-attacks, according to new research which has revealed that cybersecurity performance in the UK has declined in the last year compared to other EU countries. The research from BitSight found that the UK has slipped backwards in the last year in terms of its overall cybersecurity rating and is now behind Germany, Austria and Finland among the G7, whilst insurance, defense and legal sectors are the highest performing overall when it comes to cybersecurity. Speaking at an event held at the House of Lords on March 5, CTO and co-founder of BitSight Stephen Boyer said that “the number of vulnerabilities in the attack surface continues to explode” and this was because of digital transformation, which had its benefits to the organization but also could “leave the doors unlocked” when it comes to defense issues.

Australian Broadcasting Corporation
March 3, 2020
A highly sensitive military database containing the personal details of tens of thousands of Australian Defence Force (ADF) members was shut down for 10 days due to fears it had been hacked. The ABC can reveal Defence Force Recruiting's outsourced electronic records system was taken offline and quarantined from other military networks in February, while IT specialists worked to contain an apparent security breach. Since 2003, the Powerforce database has stored sensitive information about ADF recruits, under a contract awarded to the ManpowerGroup company. Details stored on the online system include medical exams, psychological records and summaries of initial interviews with potential recruits. The Defence Department acknowledged a "potential security concern" but suggested an investigation found there was no evidence of data being stolen.

Reuters
March 3, 2020
Chinese anti-virus firm Qihoo 360 said CIA hackers have spent more than a decade breaking into the Chinese airline industry and other targets, a blunt allegation of American espionage from a Beijing-based firm. In a brief blog post here published on Monday in English and Chinese, Qihoo said it discovered the spying campaign by comparing samples of malicious software it had discovered against a trove of CIA digital spy tools released by WikiLeaks in 2017. Qihoo - a major cybersecurity vendor whose research is generally followed for the insight it offers into China’s digital security world - said the Central Intelligence Agency had targeted China’s aviation and energy sectors, scientific research organizations, internet companies, and government agencies. It added that the hacking of aviation targets might have been aimed at tracking “important figures’ travel itinerary.” Qihoo published a catalog of intercepted malicious software samples as well as an analysis of their creation times that suggested that whoever devised the tools did so during working hours on the U.S. East Coast.


TECHNOLOGY

CyberScoop
March 5, 2020
Pacemakers and glucose-monitoring systems are among the critical medical equipment that could be affected by new security vulnerabilities in wireless technology, the Food and Drug Administration and Department of Homeland Security warned this week. The set of flaws in a popular wireless protocol known as Bluetooth Low Energy (BLE), which impact microchipped devices in a range of industries, could allow a hacker within radio range of a device to disrupt its communications, forcing it to restart. There have not been any reports of malicious exploitation or patient harm related to the vulnerabilities. The FDA advised medical device manufacturers to work with health care providers, patients, and facilities to figure out which devices are affected and “to ensure that risks are reduced to acceptable levels.” How many medical device manufacturers, which use the vulnerable microchips, are implicated remains to be seen. It is up to the manufacturers themselves to verify the extent to which they are affected.

The Guardian
February 29, 2020
Like most 18-year-olds, “Carlos” is never far from his phone, using it to catch up on his social media feeds and scroll through friends’ pictures. Unlike most teenagers though, he posted photographs depicting a level of affluence unlikely for someone who left school after GCSEs and is now a junior employee at a central London restaurant. The pictures showed a life of excess – Carlos and his friends holding wads of cash, clad in designer clothes, Rolex watches on their wrists, and driving around London in a Mercedes. But the truth behind the photographs was that this prosperous-looking lifestyle was funded by a very modern crime. The teenagers were all involved in cyberfraud, acting as fixers for online hackers who would deploy them either as “money mules” – using their bank details to shift money in elaborate frauds – or for convincing others to hand over their details for use in the scams. The frauds are everyday and commonplace, and cost banks and consumers hundreds of millions of pounds. People are persuaded, via a threatening text message, that, for example, they owe money to the taxman. Or they might be told they risk being convicted of a crime they know nothing about if they don’t pay a fine. Behind these frauds are individuals and gangs based in Britain and abroad; they often use equipment and techniques bought from the dark web – part of the internet that can only be accessed with clandestine software.