‘It was a
bright cold night in April, and the clocks were striking thirteen’
– George
Orwell
Nextgov
March 6,
2020
Following a
shift in federal policy last year that pushed agencies to focus on closing
major data centers over servers in closets and under desks, the Government
Accountability Office released a report Thursday criticizing the new policy for
decreasing visibility into the number of data centers operating across the
government and making agencies more vulnerable to cyberattacks. The original
Data Center Closure Initiative kicked off in 2010 during the Obama
administration. The goal at the time was to identify and cap the explosion of
data centers across the government, which had grown from 432 in 1998 to more
than 2,000 in 2010. However, officials soon realized this number did not fully
encompass all of the servers running throughout the government, including
smaller “data centers” tucked in small rooms or otherwise maintained outside of
traditional facilities. In 2016, the initiative was revamped with a focus on
anything that could conceivably qualify as a data center, resulting in a larger
count of more than 5,600 data centers in August that year. The inventory peaked
at 5,916 in August 2018.
Fifth
Domain
March 5,
2020
Members of
Congress are concerned about the size of the Department of Defense’s cyber
force. U.S. Cyber Command’s cyber mission force consists of 133 offensive,
support and defensive cyber teams. But during a March 4 hearing of the House
Armed Services Committee, Rep. Jim Langevin, D-Rhode Island, used his opening
statement to ask about Cyber Command’s staffing. “We need to candidly assess
whether a force conceived more than seven years ago is sufficient for a
dramatically different environment today,” he said. “I will also be curious to
hear candid assessments on how organic capabilities resident in the Services
are rationalized with CYBERCOM’s mission and strategy.” Nakasone said during
testimony the command plans to gather information for Pentagon leaders to make
appropriate staffing decisions. “A central challenge today is that our
adversaries compete below the threshold of armed conflict, without triggering
the hostilities for which DoD has traditionally prepared,” he said in written
testimony. “That short-of-war competition features cyber and information
operations employed by nations in ways that bypass America’s conventional
military strengths.”
Ars
Technica
March 5,
2020
Two
Republicans and two Democrats in the US Senate have proposed a law that aims to
combat sexual exploitation of children online, but critics of the bill call it
a "Trojan horse" that could harm Americans' security by reducing
access to encryption. The EARN IT (Eliminating Abusive and Rampant Neglect of
Interactive Technologies) Act "would create incentives for companies to
'earn' liability protection for violations of laws related to online child
sexual abuse material," an announcement by the bill's supporters said
today. Under current law, Section 230 of the Communications Decency Act
provides website operators broad legal immunity for hosting third-party
content. A 2018 law known as FOSTA-SESTA chipped away at that immunity for
content related to prostitution and sex trafficking, and the EARN IT Act would
further weaken immunity for website operators who fail to take certain
to-be-determined measures to find and remove child sexual-abuse material. In a
related development today, US Attorney General William Barr gave a speech
calling for an analysis of how Section 230 affects "incentives for
platforms to address [child sexual exploitation] crimes and the availability of
civil remedies to the victims."
Nextgov
March 5,
2020
A major
thrust of a congressionally mandated commission will be to make federal funding
available for entities reacting to a cyberattack. At least two recommendations
in the Cyberspace Solarium Commission’s long-awaited report will center on
“giving the executive branch the authority to declare a cyber state of distress
which would then unlock access to a cyber response and recovery fund,”
according to Rep. Mike Gallagher, R-Wisc., a co-chair of the commission.
Gallagher spoke with other members of the commission—CEO of Southern Company
Tom Fanning, and Samantha Ravich, chairman of the Foundation for the Defense of
Democracy’s Center on Cyber and Technology Innovation—at an FDD event today
previewing the commission’s 75 recommendations, set for release March 11. Made
up of Republican, Democrat, and Independent members of the House and Senate, as
well as the executive branch and private individuals, the commission is seen as
having the ability to insert legislative language into the must-pass National
Defense Authorization Act that represents a broad consensus. Mark Montgomery,
the executive director of the commission, told Nextgov the cyber response and
recovery fund would be similar to the one currently controlled by the Federal
Emergency Management Agency for response to natural disasters. He said exact
funding levels would be determined through the appropriations process.
Fifth Domain
March 5,
2020
The
Cyberspace Solarium Commission will recommend that the Department of State
establish a bureau focused on international cybersecurity efforts and emerging
technologies as part of its forthcoming report, commissioners said March 3 at the
Carnegie Endowment for International Peace. The suggestion from the commission,
made up of government and non-government cybersecurity experts developing cyber
policy recommendations, comes as part of a broader belief in the group that the
State Department needs to be more involved on cybersecurity issues. Among the
report’s 75 recommendations, set for release March 11, will be the proposal for
a new State Department office called the “Bureau for Cyberspace Security and
Emerging Technologies,” in addition to a new assistant secretary of state
position to coordinate international outreach for cyber issues and emerging
tech. The new position would report to the deputy secretary of state or
undersecretary of political affairs, according to Rep. Jim Langevin, D-R.I., a
member of the commission. The goal of the new office is to take cybersecurity
issues at the department and “raising its level of importance and stature ...
to reinforce that this is an international approach that we need to and want to
take," Langevin said.
FCW
March 4,
2020
Lawmakers
pressed Treasury Secretary Steven Mnuchin at a Mar. 4 House Appropriations
Committee hearing about how effective the department's financial sanctions
against other nations for conducting cyberattacks were in deterring future
behavior and how it was defining their success. "If a sanction is enforced
upon another foreign entity, how does that restore or make whole the U.S.
entity?" asked Rep. Tom Graves (R-Ga.) at the hearing. He also asked
Mnuchin if he's noticed "any sizable positive impact on the reduction of
breach attempts on U.S. companies" as a result. Mnuchin said sanctions are
"just one of the many tools" the U.S. government uses to help protect
federal and private IT infrastructure. Rep. Mike Quigley (D-Ill.) brought up
sanctions implemented by both the Obama and Trump administrations against
Russian entities and individuals for interfering in the 2016 U.S. presidential
election, noting that Russia's covert campaign to influence the U.S. electorate
"seem to be continuing" and that former Director of National
Intelligence Dan Coats warned that "the lights are blinking red"
before stepping down last year.
The Hill
March 3,
2020
A
bipartisan group of senators led by Senate Minority Leader Charles Schumer
(D-N.Y.) on Tuesday “strongly urged” the British Parliament to reject Chinese
telecom group Huawei and exclude it entirely from their 5G networks. The
British House of Commons is set Wednesday morning to debate the decision by the
United Kingdom’s National Security Council in January to allow Huawei equipment
in “periphery networks” while banning the company’s equipment from more secure
networks. In a letter sent to members of Parliament on Tuesday night, Schumer,
Sen. Ben Sasse (R-Neb.) and a bipartisan group of almost two dozen other
senators underlined national security risks created through use of the
company’s equipment, asking them to “revisit” their country’s decision on
Huawei. “Given the significant security, privacy, and economic threats posed by
Huawei, we strongly urge the United Kingdom to revisit its recent decision,
take steps to mitigate the risks of Huawei, and work in close partnership with
the U.S. on such efforts going forward,” the senators wrote.
The Hill
March 3,
2020
A new
report by a bipartisan commission will include at least 75 recommendations for
Congress and the executive branch on how to defend the nation against cyberattacks,
including bipartisan recommendations for defending elections. Members of the
Cyberspace Solarium Commission, which includes lawmakers, federal officials and
industry leaders, highlighted the group’s focus on election security during an
event at the Center for Strategic and International Studies on Tuesday,
previewing some of the recommendations that will be among those released March
11. Commission member former Rep. Patrick Murphy (D-Penn.) said the report —
which marks a major effort to create a blueprint for federal action on
cybersecurity going forward — was “biased towards action,” and was meant to
spur change. “It’s not some report that is going to be in the Library of
Congress that no one is going to look at again,” Murphy said. “There is going
to be some legislative action, there are going to be some executive actions.”
The report’s recommendations around election security will mark a rare
bipartisan effort to address the issue following years of contention on Capitol
Hill after Russian interference in the 2016 presidential election.
ADMINISTRATION
AP
March 5,
2020
To thwart
increasingly dangerous cybercriminals, law enforcement agents are working to
“burn down their infrastructure” and take out the tools that allow them carry
out their devastating attacks, FBI Director Christopher Wray said March 4. Unsophisticated
cybercriminals now have the power to paralyze entire hospitals, businesses and
police departments, Wray said during a conference on cybersecurity at Boston
College. The ever-changing threat has forced law enforcement to get creative
and target the dark web sites and other tools at hackers’ disposal, he said.
“The reality is we are long past the days where we can fight this threat just
one by one, one bad guy at a time ... one victim company at a time. We’ve got
to figure out ways to tackle the cyberthreat as a whole,” Wray told the crowd
of FBI agents, university officials and others on the Chestnut Hill campus
Wednesday. The U.S. saw a nearly 40 percent increase in ransomware attacks
between 2018 and 2019, said Joseph Bonavolonta, the head of the FBI’s office in
Boston. There was an even more dramatic uptick in such attacks in just the four
states — Massachusetts, Maine, Rhode Island and New Hampshire — that the Boston
office covers, he said.
CNN
March 5,
2020
Top tech
officials working for Joe Biden's campaign aren't taking any second chances
following the 2016 hacking of the Democratic National Committee. The campaign
is constantly trying to fend off email phishing attacks that could give hackers
inside access to the campaign's data, according to Dan Woods, the Biden
campaign's chief technology officer. "The most famous thing to come out of
2016 was phishing," Woods said at an election security conference in
Philadelphia on Thursday. "Besides misinformation and disinformation,
phishing remains, without question, the biggest threat we face." That
acknowledgment reflects Democrats' difficult lesson from the last presidential
cycle, when Russian hackers targeted dozens of DNC addresses with
legitimate-looking emails designed to entice unwitting staffers into
compromising their own security. They also targeted Hillary Clinton's campaign
chairman, John Podesta, obtaining tens of thousands of emails that were later
published by WikiLeaks.
CyberScoop
March 5,
2020
Over the
last year, Democratic presidential campaigns have had difficulty sharing threat
data between one another, according to the former security boss for Pete
Buttigieg’s campaign, raising concerns about the party’s ability to fend off
possible interference ahead of the November elections. Mick Baccio, who spent
roughly five months working for the now-defunct Buttigieg campaign, told
CyberScoop that his team tried sharing information with other campaigns that
could have helped officials protect themselves from hackers. The effort was
hampered, he said, by a shortage of qualified security staffers on other
campaigns, and the lack of a formal information sharing process. Baccio
resigned from the campaign in January over philosophical differences. “It’s not
that there’s not a want to share. It’s ‘I don’t know who to talk to,’” he said
during an interview Wednesday at the Splunk GovSummit in Washington, D.C.. “I
don’t know of a formal mechanism; whether it’s through the DNC, DCCC, or an
election [information sharing and analysis center] or something like that.
There’s no widespread known mechanism to share that threat data at a sanitized
level.” He did not specify the kinds of threat intelligence the Buttigieg
campaign tried sharing, or with whom.
Fifth
Domain
March 4, 2020
Following
the release of the first version of new cybersecurity standards for contractors
bidding on programs, the Department of Defense is focusing on international
adoption of the framework. The Cybersecurity Maturity Model Certification
(CMMC) 1.0, released in January, is a tiered cybersecurity framework that
grades companies on a scale of one to five based on the level of classification
and security that necessary for the work they are performing. It was designed
not only to set a level playing field for contractors, but also to increase the
cybersecurity of companies that possess sensitive secrets tied to the Pentagon
programs they work on. “The CMMC team is currently working with multiple
countries including Canada, the U.K., Denmark, Italy, Australia, Singapore,
Sweden and Poland as well as the EU cybersecurity body,” Ellen Lord, under
secretary of defense for acquisition and sustainment, said March 3 during a
presentation at WEST 2020 in San Diego. She added that these counties and
groups are asking whether or not they can adopt the CMMC for their own use.
Nextgov
March 3, 2020
As results rolled
in on Super Tuesday, senior officials from the Cybersecurity and Infrastructure
Security Agency said primary elections happening across the country were free
from any sign of foreign interference. Super Tuesday was a significant test of
the agency’s efforts to secure election systems following reports from the
intelligence community of Russian interference during the 2016 election. During
a call with reporters after polls closed, senior CISA officials said some
states—Minnesota, California and Texas—experienced a few technical issues but
that those were not associated with any malicious activity and that all systems
were back up and running. Officials said there were three different backend
systems involved, some provided by managed service providers, or cloud service
providers, others in-house. “We talked directly, in the case of one state, the
managed service provider, the cloud security provider that was providing the
hosting infrastructure, the voter [registration] database and the voter lookup
tool and confirmed directly with them that there's no appearance of any
malicious activity,” one official said. “We're talking about very high speed,
capable security teams at these organizations.”
CyberScoop
March 3,
2020
The Trump
administration’s handling of U.S. military assistance to Ukraine sparked an
impeachment inquiry, but U.S. cybersecurity aid to the Eastern European country
continues to flow, unimpeded and under the radar. The State Department on
Tuesday announced an additional $8 million in cybersecurity funding for
Ukraine, whose electric utilities sector has at least twice been struck by Russia-linked
hackers in recent years. One of those cyberattacks, in 2015, plunged a quarter
of a million Ukrainians into darkness. Ever since then, Washington has tried to
ramp up Ukraine’s cyberdefenses with funding and strategic advice, including
through a project to help Ukraine develop a national cybersecurity strategy.
Some of the new funding will be used for building out Kyiv’s legal and
regulatory framework for improving cyberdefenses, the State Department said.
The new money is on top of the $10 million in cybersecurity aid the U.S.
previously pledged to Ukraine.
FCW
March 3,
2020
Private
security researchers and threat intelligence firms that visit black market
online forums for research should create internal rules, document their work
and have established relationships with law enforcement, according to new
guidance from the Department of Justice. The document offers non-binding legal
guidance for how to navigate cyber intelligence gathering on the internet,
particularly for sites that "openly advertise illegal services and the
sale of stolen credit card numbers, compromised passwords, and other sensitive
information." The Computer Fraud and Abuse Act and DOJ's interpretation of
the law looms large over many of the outstanding questions. For instance,
passively lurking on online forums to gather intelligence -- even information
that touches on criminal conduct -- is usually legally safe as long as the
researcher is using legitimate credentials. However, DOJ said using exploits or
"other techniques" to access or gather information from the server or
system on which the forum operates could be viewed as gaining unauthorized
access. More active actions, like posing questions or directly soliciting
advice can also present a "marginal legal risk" to researchers
depending on whether their interaction furthers a crime.
The
Atlanta Journal Constitution
March 3,
2020
Just two
days before the 2018 election for governor, Republican Brian Kemp opened an
explosive investigation, accusing the Democratic Party of Georgia of trying to
hack voter registration systems. Kemp was Georgia’s secretary of state at the
time, overseeing his own heated election for governor against Democrat Stacey
Abrams. Sixteen months later, the attorney general’s office released a report
Tuesday finding no evidence of a hack and closing the investigation Kemp had
launched. No election information was damaged, stolen or lost, according to the
report, and there was no evidence of computer crimes. Democratic Party of
Georgia Chairwoman Nikema Williams said Kemp created “outright lies” to attack
his political opponents and help his election.
ProPublica
March 2,
2020
The
Richmond, Virginia, website that tells people where to vote and publishes
election results runs on a 17-year-old operating system. Software used by
election-related sites in Johnston County, North Carolina, and the town of
Barnstable, Massachusetts, had reached its expiration date, making security
updates no longer available. These aging systems reflect a larger problem: A
ProPublica investigation found that at least 50 election-related websites in
counties and towns voting on Super Tuesday — accounting for nearly 2 million
voters — were particularly vulnerable to cyberattack. The sites, where people
can find out how to register to vote, where to cast ballots and who won the
election, had security issues such as outdated software, poor encryption and systems
encumbered with unneeded computer programs. None of the localities contacted by
ProPublica said that their sites had been disrupted by cyberattacks.
FCW
March 2,
2020
To address
a critical need for cybersecurity personnel in the federal workforce, the
Office of Personnel Management is overhauling its aptitude tests and other
assessments used in recruiting needed IT talent. In a memo issued to agency
heads on Feb. 27, OPM Director Dale Cabaniss highlighted five assessments that
agencies should use when determining an applicant's technical abilities:
cognitive ability, structured interviews, biodata tests, situational judgment
tests, personality tests, and training and experience point methods.
"Federal subject matter experts recommend the Federal government pursue a
whole person approach for cybersecurity aptitude assessment for reskilling and
the selection of new talent," Cabaniss wrote. "The whole person
approach should incorporate a mix of assessments that evaluate both cognitive
and interpersonal competencies, as well as technical cybersecurity related
knowledge, skills, and abilities."
INDUSTRY
BBC
March 6,
2020
More than a
billion Android devices are at risk of being hacked because they are no longer
protected by security updates, watchdog Which? has suggested. The vulnerability
could leave users around the world exposed to the danger of data theft, ransom
demands and other malware attacks. Anyone using an Android phone released in
2012 or earlier should be especially concerned, it said. Which? says it was not
reassured by Google's response. And the tech giant has not responded to BBC
requests for a comment. Google's own data suggests that 42.1% of Android users
worldwide are on version 6.0 of its operating system or below. According to the
Android security bulletin, there were no security patches issued for the
Android system in 2019 for versions below 7.0.
Ars
Technica
March 5,
2020
Earlier
this week, Let's Encrypt announced that it would revoke roughly three
million—2.6 percent—of its currently active certificates. Last night, however,
the organization announced that it would delay the revocation of many of those
certificates in the interest of Internet health. The impact of the revocation
on system administrators was and is significant due to the very short window of
maintenance allowed before the revocation went into effect. Roughly thirty-six
hours were available from the initial announcement to the beginning of
scheduled certificate revocation. Half an hour prior to the scheduled
revocations, more than one million affected certificates had still not been renewed,
and Let's Encrypt announced an additional delay to give administrators more
time. The revocations are necessary because of a bug in Let's Encrypt's CA
(Certificate Authority) code, which allowed some domains to go unchecked for
CAA (Certificate Authority Authorization) DNS record compliance. Although the
vast majority of the certificates revoked posed no security risk, they were not
issued in full compliance with security standards. Let's Encrypt's decision to
rapidly revoke them all is in compliance with both the letter and spirit of
security regulations.
WIRED
March 5,
2020
Over the
past few years, owners of cars with keyless start systems have learned to worry
about so-called relay attacks, in which hackers exploit radio-enabled keys to
steal vehicles without leaving a trace. Now it turns out that many millions of
other cars that use chip-enabled mechanical keys are also vulnerable to
high-tech theft. A few cryptographic flaws combined with a little old-fashioned
hot-wiring—or even a well-placed screwdriver—lets hackers clone those keys and
drive away in seconds. Researchers from KU Leuven in Belgium and the University
of Birmingham in the UK earlier this week revealed new vulnerabilities they
found in the encryption systems used by immobilizers, the radio-enabled devices
inside of cars that communicate at close range with a key fob to unlock the
car's ignition and allow it to start. Specifically, they found problems in how
Toyota, Hyundai, and Kia implement a Texas Instruments encryption system called
DST80. A hacker who swipes a relatively inexpensive Proxmark RFID
reader/transmitter device near the key fob of any car with DST80 inside can
gain enough information to derive its secret cryptographic value. That, in
turn, would allow the attacker to use the same Proxmark device to impersonate
the key inside the car, disabling the immobilizer and letting them start the
engine.
CyberScoop
March 5,
2020
The U.S.
Department of Justice on Monday unsealed a 2014 indictment alleging that a
current cybersecurity executive was involved a conspiracy to sell usernames and
passwords belonging to American customers of the social media company
Formspring in 2012. The man identified in the indictment, Nikita Kislitsin,
allegedly received data stolen from Formspring, then tried to sell that
information to others. Kislitsin currently works as head of network security at
Group-IB, a cybersecurity vendor with offices in Moscow and Singapore. He
joined the company in January 2013, roughly six months after prosecutors say a
hacker provided Kislitsin with credentials from Formspring to sell. U.S.
prosecutors have not alleged any wrongdoing by Group-IB. In a statement to CyberScoop,
the company said Kistlitsin still is an employee, and that Group-IB considers
the accusations as “only allegations,” arguing that “no findings have been made
that Nikita Kislitsin has engaged in any wrongdoing.”
TechCrunch
March 5,
2020
A major
electronics manufacturer for defense and communications markets was knocked
offline after a ransomware attack, TechCrunch has learned. A source with
knowledge of the incident told TechCrunch that the defense contractor paid a
ransom of about $500,000 shortly after the incident in mid-January, but that
the company was not yet fully operational. California-based Communications
& Power Industries (CPI) makes components for military devices and
equipment, like radar, missile seekers and electronic warfare technology. The
company counts the U.S. Department of Defense and its advanced research unit
DARPA as customers. The company confirmed the ransomware attack. “We are
working with a third-party forensic investigation firm to investigate the
incident. The investigation is ongoing,” said CPI spokesperson Amanda Mogin.
“We have worked with counsel to notify law enforcement and governmental
authorities, as well as customers, in a timely manner.”
CBC
March 5,
2020
A
cyberattack late Wednesday night has shut down Evraz North America's
information technology systems across the United States and Canada, a company
spokesperson confirmed on Thursday. The company also confirmed that temporary
layoff notices have been issued as a result. "At this point, there has
been no indication of any breach of confidential or personal customer or
employee information," said Patrick Waldron, spokesperson for the company.
Waldron said there is currently no timeline for resolution of the situation but
it has affected internal infrastructure such as the company's email system.
"Our information technology teams are working to restore those systems as
soon as possible."
Ars
Technica
March 5,
2020
Virtually
all Intel chips released in the past five years contain an unfixable flaw that
may allow sophisticated attackers to defeat a host of security measures built
into the silicon. While Intel has issued patches to lessen the damage of
exploits and make them harder, security firm Positive Technologies said the
mitigations may not be enough to fully protect systems. The flaw resides in the
Converged Security and Management Engine, a subsystem inside Intel CPUs and
chipsets that’s roughly analogous to AMD’s Platform Security Processor. Often
abbreviated as CSME, this feature implements the firmware-based Trusted
Platform Module used for silicon-based encryption, authentication of UEFI BIOS
firmware, Microsoft System Guard and BitLocker, and other security features.
The bug stems from the failure of the input-output memory management unit—which
provides protection preventing the malicious modification of static
random-access memory—to implement early enough in the firmware boot process.
That failure creates a window of opportunity for other chip components, such as
the Integrated Sensor Hub, to execute malicious code that runs very early in
the boot process with the highest of system privileges.
The Wall
Street Journal
March 4,
2020
Criminals
are using concerns about the coronavirus epidemic to spread infections of their
own. They are forging emails mentioning the outbreak that appear to be from
business partners or public institutions in an effort to get users to open the
messages, unleashing malware. The number of malicious emails mentioning the
coronavirus has increased significantly since the end of January, according to
cybersecurity firm Proofpoint Inc., which is monitoring the activity. The
company recently assigned an analyst to track coronavirus threats, something it
hasn’t done for prior hacking campaigns related to disasters or major public
events, said Sherrod DeGrippo, Proofpoint’s senior director of threat research
and detection. Proofpoint analysts now see multiple email campaigns mentioning
the coronavirus every workday. “We don’t typically see events like that.
Natural disasters are very localized; events like the Olympics come and go and
I think something like the Olympics doesn’t get the clicks that a health scare
would,” she said. The dearth of information about the epidemic, along with
plenty of conflicting claims, provides an opening for criminals, said Ryan
McConnell, founder of R. McConnell Group PLLC, a law firm in Houston.
TechCrunch
March 4,
2020
Clothing
giant J.Crew said an unknown number of customers had their online accounts
accessed “by an unauthorized party” almost a year ago, but is only now
disclosing the incident. The company said in a filing on Tuesday with the
California attorney general that the hacker gained access to the customer
accounts in or around April 2019. According to the letter, the hacker obtained
information found in customers’ online accounts — including card types, the
last four digits of card payment numbers, expiration dates and associated
billing addresses. Online accounts also store customer order numbers, shipping
confirmation numbers and shipment statuses. A spokesperson for the company
confirmed the hacker used a technique known as credential stuffing, where
existing sets of exposed or breached usernames and passwords are matched
against different websites to access accounts. The spokesperson later said that
fewer than 10,000 customers were affected across the U.S. But a bigger,
unanswered question is why it took J.Crew took almost a year to detect and
disclose the incident to regulators and customers.
Infosecurity Magazine
March 4,
2020
Two cruise
lines operated by Carnival Corp have fallen victim to a cyber-attack. Carnival
announced on Monday that Princess Cruises and the Holland America Line had both
been hit by cyber-criminals in late May last year. Investigations into the
incident carried out by Princess and Holland America revealed that an
unauthorized third party had gained access to a substantial amount of personal
information belonging to both passengers and crew. Data accessed in the attack
included email accounts, names, Social Security numbers, government
identification numbers, passport numbers, health-related information, and
credit card information of guests and employees. Not all guests were impacted
by the incident. In a statement released on March 2 by Princess Cruises, the
company said it had "identified a series of deceptive emails sent to
employees resulting in unauthorized third-party access to some employee email
accounts." The company said it notified law enforcement of the incident
and are notifying affected individuals where possible.
FCW
March 3,
2020
Intelligence
gathering and espionage remained the primary motivation for state-sponsored
cyber intrusions in 2019, according to a new report. In the latest version of
its annual global threat report, cybersecurity threat intelligence firm
CrowdStrike found that Advanced Persistent Threat groups heavily targeting
governments, military sectors as well as their defense industrial base of
contractors, while criminal groups are increasingly leveraging ransomware as a
primary attack vector against the private sector and local governments.
Chinese-aligned groups focused on the telecommunications sector in particular,
which CrowdStrike said it believes could support both signals intelligence and
upstream surveillance activities. The emphasis came during the same year the
U.S. government made a major push to discourage allies from using equipment
from Chinese companies like Huawei while building out their 5G networks,
warning them that doing so could make it easier for Beijing to spy on their
communications. Hacking groups tied to China tended to use open source tools
and tactics in an effort to mask and cover their tracks.
AP
March 2,
2020
Although
businesses are increasingly at risk for cyberattacks on their mobile devices,
many aren’t taking steps to protect smartphones and tablets. That’s one of the
conclusions of a report on mobile security released last week by Verizon, which
found that nearly 40% of companies had their mobile security compromised, up
from 33% in 2019. But many companies don’t prioritize mobile security — 43%
said they had sacrificed security while owners and managers focused on other
concerns. Forty-three percent of the companies surveyed said mobile security
was sacrificed to meet deadlines or productivity targets. These companies were
twice as likely to be compromised as those that didn’t take precautions. A big
threat to cybersecurity comes from free public WiFi services. A fifth of the
organizations that reported their mobile devices had been attacked said an
unapproved or insecure WiFi service was used.
Defense
One
March 2,
2020
A supplier
to a number of major defense companies — including Lockheed Martin, Boeing,
General Dynamics, and SpaceX — is the target of a ransomware attack. Documents
purportedly stolen from Denver-based Visser Precision Manufacturing are already
showing up online, according to Emsisoft, the cybersecurity company that made
the attack public. It’s a textbook example of a type of cyber attack the
Pentagon is trying to prevent: going after a defense supplier that holds
sensitive data yet is small enough to lack sophisticated cyber defenses.
DoppelPaymer, the ransomware used in the alleged attack, typically steals data
before encrypting it on the victim’s computer, said Brett Callow, a threat
analyst for Emsisoft. In February, the group running the DoppelPaymer malware
set up a website for exposing files belonging to its victims, Callow said. “The
actor has been active since the middle of last year, but has only started
publishing data [stolen in the attack] in the last few days,” Callow said in an
email to Defense One.
INTERNATIONAL
Fox News
March 5, 2020
The U.S.,
U.K. and Estonia condemned last year’s cyber attacks against Georgia, part of
the former Soviet Union, by Russian military intelligence today during a
closed-door meeting of the UN Security Council. The meeting marked the first
time cyber attacks were brought up in the council as its own specific item. The
meeting came about following a letter written to the Security Council last
month by the Georgian U.N. Ambassador about the cyber attack. U.N. ambassadors
from the U.S. and U.K. and Estonia made a joint statement about the meeting.
Speaking on behalf of his colleagues, Estonia’s Ambassador Sven Jurgenson said
it was clear who carried out the cyber attack. “We are clear that Russia's
military intelligence service, the G.R.U, conducted the cyber attacks in
attempt to sow discord and disrupt the lives of ordinary Georgian people. These
cyber attacks are part of Russia's long-running campaign of hostile and
destabilizing activity against Georgia and are part of a wider pattern of
malign activity.”
Gov Info
Security
March 5, 2020
The U.K.
Information Commissioner's Office has fined Cathay Pacific Airways £500,000
($646,000) over a data breach that exposed the personal information of 9.4
million customers, including 111,000 British citizens, during a four-year
period. The fine is the largest the U.K. privacy watchdog could impose under
the country's older data protection laws since the breach, which started in
2014 and was discovered and fixed in 2018. That happened before the EU's
General Data Protection Regulation went into effect in May 2018, according to
the report. During its investigation, the ICO found that the Hong Kong-based
airline lacked appropriate security controls to ensure passenger data was
secured within its internal IT systems, according to the report. The result is that
millions of records, including names, passport and identity details, dates of
birth, postal and email addresses, phone numbers and historical travel
information, were exposed, the report notes.
Infosecurity
Magazine
March 5, 2020
UK
businesses need to further strengthen their defenses against cyber-attacks,
according to new research which has revealed that cybersecurity performance in
the UK has declined in the last year compared to other EU countries. The
research from BitSight found that the UK has slipped backwards in the last year
in terms of its overall cybersecurity rating and is now behind Germany, Austria
and Finland among the G7, whilst insurance, defense and legal sectors are the
highest performing overall when it comes to cybersecurity. Speaking at an event
held at the House of Lords on March 5, CTO and co-founder of BitSight Stephen
Boyer said that “the number of vulnerabilities in the attack surface continues
to explode” and this was because of digital transformation, which had its
benefits to the organization but also could “leave the doors unlocked” when it
comes to defense issues.
Australian
Broadcasting Corporation
March 3, 2020
A highly
sensitive military database containing the personal details of tens of
thousands of Australian Defence Force (ADF) members was shut down for 10 days
due to fears it had been hacked. The ABC can reveal Defence Force Recruiting's
outsourced electronic records system was taken offline and quarantined from
other military networks in February, while IT specialists worked to contain an
apparent security breach. Since 2003, the Powerforce database has stored
sensitive information about ADF recruits, under a contract awarded to the
ManpowerGroup company. Details stored on the online system include medical
exams, psychological records and summaries of initial interviews with potential
recruits. The Defence Department acknowledged a "potential security
concern" but suggested an investigation found there was no evidence of
data being stolen.
Reuters
March 3, 2020
Chinese
anti-virus firm Qihoo 360 said CIA hackers have spent more than a decade
breaking into the Chinese airline industry and other targets, a blunt
allegation of American espionage from a Beijing-based firm. In a brief blog
post here published on Monday in English and Chinese, Qihoo said it discovered
the spying campaign by comparing samples of malicious software it had
discovered against a trove of CIA digital spy tools released by WikiLeaks in
2017. Qihoo - a major cybersecurity vendor whose research is generally followed
for the insight it offers into China’s digital security world - said the
Central Intelligence Agency had targeted China’s aviation and energy sectors,
scientific research organizations, internet companies, and government agencies.
It added that the hacking of aviation targets might have been aimed at tracking
“important figures’ travel itinerary.” Qihoo published a catalog of intercepted
malicious software samples as well as an analysis of their creation times that
suggested that whoever devised the tools did so during working hours on the
U.S. East Coast.
TECHNOLOGY
CyberScoop
March 5,
2020
Pacemakers
and glucose-monitoring systems are among the critical medical equipment that
could be affected by new security vulnerabilities in wireless technology, the
Food and Drug Administration and Department of Homeland Security warned this
week. The set of flaws in a popular wireless protocol known as Bluetooth Low
Energy (BLE), which impact microchipped devices in a range of industries, could
allow a hacker within radio range of a device to disrupt its communications,
forcing it to restart. There have not been any reports of malicious
exploitation or patient harm related to the vulnerabilities. The FDA advised
medical device manufacturers to work with health care providers, patients, and
facilities to figure out which devices are affected and “to ensure that risks
are reduced to acceptable levels.” How many medical device manufacturers, which
use the vulnerable microchips, are implicated remains to be seen. It is up to
the manufacturers themselves to verify the extent to which they are affected.
The
Guardian
February
29, 2020
Like most
18-year-olds, “Carlos” is never far from his phone, using it to catch up on his
social media feeds and scroll through friends’ pictures. Unlike most teenagers
though, he posted photographs depicting a level of affluence unlikely for
someone who left school after GCSEs and is now a junior employee at a central
London restaurant. The pictures showed a life of excess – Carlos and his
friends holding wads of cash, clad in designer clothes, Rolex watches on their
wrists, and driving around London in a Mercedes. But the truth behind the
photographs was that this prosperous-looking lifestyle was funded by a very
modern crime. The teenagers were all involved in cyberfraud, acting as fixers
for online hackers who would deploy them either as “money mules” – using their
bank details to shift money in elaborate frauds – or for convincing others to
hand over their details for use in the scams. The frauds are everyday and
commonplace, and cost banks and consumers hundreds of millions of pounds.
People are persuaded, via a threatening text message, that, for example, they
owe money to the taxman. Or they might be told they risk being convicted of a
crime they know nothing about if they don’t pay a fine. Behind these frauds are
individuals and gangs based in Britain and abroad; they often use equipment and
techniques bought from the dark web – part of the internet that can only be
accessed with clandestine software.
via Nick
Leiserson