Wednesday, March 04, 2020

Cyber Attack Attempts on Judiciary Top 24 Million


Nextgov
February 28, 2020
Sen. Mark Warner, D-VA., penned a letter to Defense Department Chief Information Officer Dana Deasy this week stressing the value of the agency’s vulnerability disclosure programs and highlighting legislation he’s introduced to help to ensure vendors of products related to the internet of things maintain similar, coordinated schemes. The note was prompted by security journalist Catalin Cimpanu’s recent report that a Pentagon-led vulnerability disclosure program enabled a researcher to flag that one of Defense’s servers was exploited and the department’s resources and information technology systems were subsequently used to mine cryptocurrency. “This incident demonstrates the inherent value of vulnerability disclosure programs for information technology products operated by federal agencies,” Warner said in the letter. “These programs are a crucial force multiplier for federal cybersecurity efforts.” According to Cimpanu’s report from Feb. 5, an Indian security researcher on the hunt for bug bounties unearthed in January “that a cryptocurrency-mining botnet had found a home and burrowed inside a web server operated by” the Defense Department. The researcher first identified a vulnerability on a Pentagon-managed cloud system exposed to the internet and then discovered cryptocurrency-mining malware was installed and operating on the server. The researcher then reported it to Defense’s official bug bounty program.

The Hill
February 27, 2020
The Senate unanimously approved legislation on Thursday that would ban the use of federal funds to purchase telecommunications equipment from companies deemed a national security threat, such as Chinese group Huawei. The bipartisan Secure and Trusted Telecommunications Networks Act, which the House passed in December, bans the Federal Communications Commission (FCC) from giving funds to U.S. telecom groups to purchase equipment from companies deemed threats. The bill would require the FCC to establish a $1 billion fund to help smaller telecom providers to rip out and replace equipment from such companies, and to compile a list of firms seen as posing a threat to telecom networks. The bill is primarily sponsored by House Energy and Commerce Committee Chairman Frank Pallone Jr. (D-N.J.), ranking member Greg Walden (R-Ore.), and Reps. Doris Matsui (D-Calif.) and Brett Guthrie (R-Ky.).

Nextgov
February 27, 2020
In a keynote address at the RSA cybersecurity conference Tuesday, Cybersecurity and Infrastructure Security Agency Director Christopher Krebs told participants CISA is recruiting for its “posse” to fight illegal hacking. “We’re hiring, come work for us!” he said. But it can take more than a year to make it through queues for security clearances, and that’s just one factor that can dampen enthusiasm for filling out an application to work for CISA, or elsewhere in the government. On Wednesday, key congressional staff speaking at the conference said lawmakers are thinking of ways legislation might help. The Senate Committee on Homeland Security and Government Affairs is focused on trying “to see what are the barriers to people entering the federal space, in terms of working for the government enhancing our overall cybersecurity,” said Michelle Woods, director of homeland security for the committee's majority. “So we’re going to be looking to enact some legislation in that space.” Woods spoke along with Jeffrey Rothblum, a senior professional staff member for the Senate Homeland Committee’s minority office and Hope Goins, staff director for the House Homeland Security Committee, on their cybersecurity priorities for the rest of the year. Norma Krayem, vice president and chair of the cybersecurity and data privacy practice at Van Scoyoc Associates, led the discussion.

Fifth Domain
February 26, 2020
With two weeks until the Cyber Solarium Commission’s report is due for release, members of the panel expect its work will be successful because the most important stakeholders had a seat at the table from the beginning. From the outset of the commission, which will release 75 cyber policy recommendations on a broad range of topics, the executive branch took an active role. Suzanne Spaulding, one of the commissioners, said at the RSA Conference Feb. 25, that representatives of the executive branch showed up for nearly all the commission meetings and helped guide much of the report, making it easier to actually start work on the recommendations the panel is producing. “Having the executive branch on there means that they are already informed; they know exactly how we got where we got,” Spaulding said. “It made the decision to not take a blue sky aspirational approach that was not realistic, but instead to focus on what is achievable.” With many commissions, “their report lands and the executive branch then fans it out and they have to familiarize themselves with it — that takes months,” Spaulding said. “Congress has to get up to speed on it and by the time things start moving, you’ve often come to the end of the administration, and then they start all over again with a new commission.”

FCW
February 26, 2020
Gen. Stephen Lyons, the head of U.S. Transportation Command, said its commercial suppliers were defenseless against persistent cyber threats despite an increase in overall compliance. "I don't think any of our commercial providers are in a position to protect themselves," Lyons told the Senate Armed Services Committee (SASC) during a 2021 budget review hearing focused on TRANSCOM and U.S. European Command. Lyons said the command has worked for several years to bring contractors up to a "basic level of cyber hygiene" and inform company executives of cybersecurity concerns. "We believe that their level of cyber hygiene has increased significantly," Lyons said of commercial carriers, as a result of including contract language for compliance, self-reporting mechanisms and sufficient resilience. But enforcement, as SASC Ranking Member Sen. Jack Reed (D-R.I.) raised, is a problem. "If you're not checking, you can have everything in the contract you want and have nothing," Reed said before asking whether TRANSCOM needed an authority to do no-notice checks on contractors.

Bloomberg Law
February 26, 2020
Cyber attack attempts targeting the federal judiciary have risen sharply in recent years to more than 24 million in 2019, and some incidents have been tied to other nations, judiciary officials said in congressional testimony. Cyber incursions are “an increasing problem,” but there’s no indication that any attempt to penetrate and disrupt court systems have been successful, District Judge John Lungstrum told a House appropriations subcommittee on Wednesday. “That’s the good news,” said Lungstrum of Kansas, who was on Capitol Hill with the Administrative Office of the U.S. Courts, which oversees the workings of the federal judiciary, to discuss its fiscal 2021 budget request. He and courts’ office director James Duff said the information on hacking comes from U.S. law enforcement, so they said they were limited in what information they could convey publicly to lawmakers. But they did say “nation states” were among those targeting court systems. They were not more specific but did note that estimated incursions jumped from about 9 million in 2016 to more than 24 million last fiscal year. They said it’s not clear what incursions are after specifically, but that court systems house case information, confidential records, and other personal data. They also speculated that cyber attacks could simply be aimed at disrupting websites or other electronic systems that serve the U.S. government.


ADMINISTRATION

AP
February 27, 2020
Americans have widespread concerns about the security and integrity of elections, with few saying they have high confidence that votes in the 2020 presidential election will be counted accurately. A poll from The Associated Press-NORC Center for Public Affairs Research finds skepticism about the democratic process in the United States. While a third of Americans say they have high confidence in an accurate count, roughly another third are only moderately confident and a remaining third say they have little confidence. “What’s to prevent old Vlad Putin from interfering in the election? I don’t know,” says Reid Gibson, an independent voter in Missouri, referring to the Russian president, who U.S intelligence agencies say interfered in the 2016 election with a sophisticated operation to sow division and help elect Donald Trump, a Republican. FBI Director Christopher Wray told Congress this month that Russia is still engaged in “information warfare” heading into the 2020 election but that law enforcement has not seen efforts to target infrastructure like voting machines. Still, U.S. officials say one of Russia’s goals is to sow doubt about the integrity of U.S. elections, and the poll suggests that even if Russia isn’t targeting voting infrastructure it may be achieving that goal because of the lack of voter confidence following from the 2016 election.

Federal News Network
February 27, 2020
For the past four-plus years, the Office of Personnel Management has been on a journey to address one of the most difficult positions in the government to hire and retain—the cybersecurity worker. Starting in 2016 with the first-ever cybersecurity workforce strategy and leading up to today’s most recent effort—a new memo detailing different approaches to assess the cybersecurity aptitude of current and potential employees—OPM has been trying to give agencies the tools and authorities to make up for the shortage of workers. Both the government and the private sector feel this shortage. The Center for Strategic and International Studies says in 2019, CyberSeek, an initiative funded by the National Initiative for Cybersecurity Education (NICE), estimated the United States faced a shortfall of almost 314,000 cybersecurity professionals. CSIS also says according to data derived from job postings, the number of unfilled cybersecurity jobs has grown by more than 50 percent since 2015. Over the last four years, OPM has taken several steps to help agencies address the lack of cyber workers by giving departments new hiring authorities, by expanding the definition of a cyber worker and by borrowing training concepts from the Defense Department. This latest memo from OPM Director Dale Cabaniss is part of the May 2019 cybersecurity workforce executive order signed by President Donald Trump. OPM, along with the Office of Management and Budget, the Department of Homeland Security, the FBI and other agencies reviewed research and conducted a data call to agencies to learn which cybersecurity aptitude assessments are currently being used for the purpose of reskilling.

WIRED
February 26, 2020
John Strand breaks into things for a living. As a penetration tester, he gets hired by organizations to attack their defenses, helping reveal weaknesses before actual bad guys find them. Normally, Strand embarks on these missions himself, or deploys one of his experienced colleagues at Black Hills Information Security. But in July 2014, prepping for a pen test of a South Dakota correctional facility, he took a decidedly different tack. He sent his mom. Rita Strand's mission would also be complicated by her lack of technical expertise. A professional pen tester would be able to assess an organization's digital security in real time and plant back doors tailored to what they found on the specific network. Rita had the health inspector guise down cold, but she was no hacker. To help get her in the door, Black Hills made Rita a fake badge, a business card, and a "manager's" card with John's contact info on it. Assuming she got inside, she would then take photos of the facility's access points and physical security features. Rather than have her try to hack any computers herself, John equipped Rita with so-called Rubber Duckies, malicious USB sticks that she would plug into every device she could. The thumb drives would beacon back to her Black Hills colleagues and give them access to the prison's systems. Then they could work on the digital side of the pen test remotely, while Rita continued her rampage.

Vice Motherboard
February 25, 2020
Newly released and previously secret documents explain in greater detail how, and why, a section of the U.S. military decides to publicly release a steady stream of adversarial countries' malware, including hacking tools from North Korea and Russia. Cyber Command, or CYBERCOM, publishes the malware samples onto VirusTotal, a semi-public repository that researchers and defenders can then pore over to make systems more secure. The document provides more insight into how the U.S. military is engaged in an unusually public-facing campaign, and in particular highlights one of the reasons CYBERCOM wants to release other nation's hacking tools: to make it harder for enemy hackers to remain undetected. In previously secret section of one of the CYBERCOM documents reads "Posting malware to VT [VirusTotal] and Tweeting to bring attention and awareness supports this strategy by putting pressure on malicious cyber actors, disrupting their efforts.” Motherboard obtained the redacted documents through a Freedom of Information Act (FOIA) request to CYBERCOM.

Nextgov
February 25, 2020
The Tennessee Valley Authority—a government-operated electric power utility—is at risk of falling prey to cyberattacks through phishing attempts, as the agency’s training program shows serious gaps, according to an inspector general report. While TVA has a sound phishing education regime, the agency IG found the program lacks real consequences for employees who repeatedly fail the training. During an assessment of the program, the IG also found evidence that TVA’s repeat offenders are failing their annual training at a higher rate than the industry average. Cyberattacks—and specifically phishing—are a serious problem for the energy sector. The Energy and Homeland Security departments have issued several warnings about phishing attempts and other cybersecurity threats, including alerts from the U.S. Computer Emergency Readiness Team, or US-CERT, part of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA.

Fifth Domain
February 25, 2020
Before Microsoft released its January 2020 software patches, the NSA’s new Cybersecurity Directorate let another government agency in on a secret: the tech giant was releasing solution to a critical vulnerability the NSA found in the Windows 10 operating system. That extra time allowed the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, which protects critical infrastructure and federal networks from cyberattacks, to get a head start on preparing its partners to patch the vulnerability. Chris Krebs, the director of CISA, said this meant he was able to push a series of notifications out to partners, including the election community, state and local governments and critical infrastructure. Krebs spoke Feb. 24 on a panel hosted by CyberScoop. That information sharing is one example of how two new agencies, CISA, the newest component inside DHS, and the NSA’s Cybersecurity Directorate (which was created Oct. 1 and works to protect the Defense Industrial Base and weapons systems), are partnering to combine their strengths.

Nextgov
February 25, 2020
Tech companies could provide keys to decrypt information to third-party entities, a senior Justice official said, describing one way the private sector might enable law enforcement’s warranted access to encrypted data for criminal investigations while preserving privacy under a legal framework. “I believe they can coexist,” John Demers, assistant attorney general for national security, told reporters Monday ahead of the RSA cybersecurity conference. Demers challenged a broadly-held belief among privacy advocates that it is impossible to retain end-to-end encryption for cybersecurity while allowing law enforcement special access to the coded data. As Justice officials stress they need access to investigate egregious crimes such as child sexual exploitation and trafficking, opponents say there is no “technical solution” to allow law enforcement in without undermining everyone’s privacy. One solution could be escrowed encryption, where a third party holds the decryption keys. A Cisco-certified expert blog on the issue argues human reasons, more than technical or legal ones are why escrowed encryption is largely unworkable. The scenario raises big unanswered questions: which encryption keys should be put in escrow, what entities should act as trusted third parties, can the security for the database of decryption keys be ensured or would the database be vulnerable to bribable employees? Demers acknowledged some people say law enforcement access and end-to-end encryption “can’t coexist,” but pointed to laws established in Australia and the United Kingdom as examples of how he said other countries are getting ahead of the U.S. on the issue.

CyberScoop
February 24, 2020
A special unit inside the FBI helped victims of cybercrime recover $300 million of the roughly $3.5 billion in reported losses in 2019, according to a top bureau official. Tonya Ugoretz, a deputy assistant director in the cyber division at the FBI, said Monday the Internet Crime Complaint Center (IC3) responded to more than 467,000 complaints in 2019, up from 351,937 complaints in 2018. Each one of the nearly 500,000 complaints submitted to the FBI was analyzed by an individual human who then determined whether to begin an investigation and, in some cases, try to recover stolen funds, Ugoretz said. The FBI first quantified the figures from last year in its annual IC3 report, published earlier this month. The same report included details about how reported losses from ransomware attacks doubled in the past year to $8.9 million, though the true figure likely is much higher, and that attacks increasingly are aimed at businesses and the managed service providers who work with dozens of companies, making them an especially valuable target.

WPTV
February 21, 2020
t least six suspected drug dealers walked away free after Stuart prosecutors were forced to drop cases for lack of evidence. The problem? The evidence is currently sitting in computers at the Stuart Police Dept., but hackers have locked investigators out of the files which could have put the suspected drug dealers behind bars for years. Hackers hit Stuart with ransomware in April 2019, but the police department took the brunt of the damage. The cyberattack forced the State Attorney's Office to drop 11 narcotics cases because evidence was lost. "In our case, we lost approximately on and half years of digital evidence," said Det. Sgt. Mike Gerwan with the Stuart Police Department. "Photos, videos; some of the cases had to be dropped," Gerwan told Contact 5 investigator Merris Badcock. Those cases included 28 charges against six different defendants for crimes including possession of meth, possession of cocaine, selling, manufacturing, or delivering various narcotics, and illegal use of a two-way communication device. But Contact 5 learned over the course of the investigation that losing data, or evidence in the case of the Stuart Police Dept., is highly common when an agency is hit by hackers. "I can't recall, in speaking to my federal partners, that there has been a case where data has not been lost," said Gerwan.


INDUSTRY

Ars Technica
February 27, 2020
Let's Encrypt, the Internet Security Research Group's free certificate signing authority, issued its first certificate a little over four years ago. Today, it issued its billionth. The ISRG's goal for Let's Encrypt is to bring the Web up to a 100% encryption rate. When Let's Encrypt launched in 2015, the idea was pretty outrĆ©—at that time, a bit more than a third of all Web traffic was encrypted, with the rest being plain text HTTP. There were significant barriers to HTTPS adoption—for one thing, it cost money. But more importantly, it cost a significant amount of time and human effort, both of which are in limited supply. Let's Encrypt solved the money barrier by offering its services free of charge. More importantly, by establishing a stable protocol to access them, it enabled the Electronic Frontier Foundation to build and provide Certbot, an open source, free-to-use tool that automates the process of obtaining certificates, installing them, configuring webservers to use them, and automatically renewing them.

Nextgov
February 27, 2020
The threat presented by Huawei is not—as U.S. officials have been warning allies—about espionage, a leading academic on the issue told participants at the hottest ticket of this year’s RSA cybersecurity conference. “There is a lot more to [Fifth Generation Network] security than supply chain,” said Harvard Kennedy School security technologist Bruce Schneier before an audience of hundreds of security professionals. “5G is insecure primarily because the protocols are insecure, because governments, like the United States, like to use the systems to spy.” While governments such as Germany’s have said they would require providers to implement end-to-end encryption in order to comprehensively protect against spying—by all entities—the U.S. has not. “If we like the fact that we can use the cellular networks to spy on our adversaries, then they get to spy on us,” Schneier said to rousing applause. “Pick one. You can't have both.” The Wednesday afternoon session at RSA featured Schneier and R Street Institute fellow Kathryn Waldron alongside the Defense Department’s Acquisitions CISO Katie Arrington, and a representative from the forbidden company itself: Huawei security chief Andy Purdy.

ZDNet
February 27, 2020
At the RSA 2020 security conference in San Francisco yesterday, Intel presented a summary of its security efforts from last year. In 2019, Intel said it patched 236 security flaws, of which only 5% (11 bugs) were CPU-related vulnerabilities. All the 11 bugs were side-channel attacks that exploited the hardware architecture and internal design of Intel CPUs. "These microarchitectural side-channel vulnerabilities are often closely related, generally difficult to exploit, and to Intel's knowledge, have not been successfully utilized outside of a controlled lab environment at the time of this report," the company said. Intel released microcode (CPU firmware) updates to address all reported bugs. Reported issues included the likes of Zombieload, RIDL, Fallout, SWAPGSAttack, Zombieload v2, and NetCAT.

Ars Technica
February 26, 2020
Billions of devices—many of them already patched—are affected by a Wi-Fi vulnerability that allows nearby attackers to decrypt sensitive data sent over the air, researchers said on Wednesday at the RSA security conference. The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter whose Wi-Fi business was acquired by Cypress in 2016. The affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, Raspberry Pi 3’s, and Wi-Fi routers from Asus and Huawei. Eset, the security company that discovered the vulnerability, said the flaw primarily affects Cyperess’ and Broadcom’s FullMAC WLAN chips, which are used in billions of devices. Eset has named the vulnerability Kr00k, and it is tracked as CVE-2019-15126. Manufacturers have made patches available for most or all of the affected devices, but it’s not clear how many devices have installed the patches. Of greatest concern are vulnerable wireless routers, which often go unpatched indefinitely.

The Daily Beast
February 26, 2020
A facial-recognition company that contracts with powerful law-enforcement agencies just reported that an intruder stole its entire client list, according to a notification the company sent to its customers. In the notification, which The Daily Beast reviewed, the startup Clearview AI disclosed to its customers that an intruder “gained unauthorized access” to its list of customers, to the number of user accounts those customers had set up, and to the number of searches its customers have conducted. The notification said the company’s servers were not breached and that there was “no compromise of Clearview’s systems or network.” The company also said it fixed the vulnerability and that the intruder did not obtain any law-enforcement agencies’ search histories. Tor Ekeland, an attorney for the company, said Clearview prioritizes security. “Security is Clearview’s top priority,” he said in a statement provided to The Daily Beast. “Unfortunately, data breaches are part of life in the 21st century. Our servers were never accessed. We patched the flaw, and continue to work to strengthen our security.”

Ars Technica
February 25, 2020
Firefox will start switching browser users to Cloudflare's encrypted-DNS service today and roll out the change across the United States in the coming weeks. "Today, Firefox began the rollout of encrypted DNS over HTTPS (DoH) by default for US-based users," Firefox maker Mozilla said in an announcement scheduled to go live at this link Tuesday morning. "The rollout will continue over the next few weeks to confirm no major issues are discovered as this new protocol is enabled for Firefox's US-based users." DNS over HTTPS helps keep eavesdroppers from seeing what DNS lookups your browser is making, potentially making it more difficult for Internet service providers or other third parties to monitor what websites you visit. As we've previously written, Mozilla's embrace of DNS over HTTPS is fueled in part by concerns about ISPs monitoring customers' Web usage. Mobile broadband providers were caught selling their customers' real-time location data to third parties, and Internet providers can use browsing history to deliver targeted ads. Wireless and wired Internet providers are suing the state of Maine to stop a Web-browsing privacy law that would require ISPs to get customers' opt-in consent before using or sharing browsing history and other sensitive data. The telecom companies already convinced Congress and President Trump to eliminate a similar federal law in 2017.

ZDNet
February 24, 2020
A new language framework designed to breach fragmentation gaps between cybersecurity tools has been released to the open source community. Launched by the Open Cybersecurity Alliance (OCA), a consortium of cybersecurity vendors including IBM, Crowdstrike, and McAfee, on Monday, the OCA said that OpenDXL Ontology is the "first open source language for connecting cybersecurity tools through a common messaging framework." OpenDXL Ontology, now available, aims to create a common language between cybersecurity tools and systems by removing the need for custom integrations between products that can be most effective when communicating with each other -- such as endpoint systems, firewalls, and behavior monitors -- but suffer from fragmentation and vendor-specific architecture. This is not the first open source project developed by the consortium. The Open Data Exchange Layer (OpenDXL) is an open messaging framework already used by roughly 4,000 organizations to improve tool integration. Ontology aims to improve sharing by way of a language that is usable by any vendor, providing one set of tooling that can be reused across various cybersecurity products. 


INTERNATIONAL

Ars Technica
February 28, 2020
Malware developers are always trying to outdo each other with creations that are stealthier and more advanced than their competitors’. At the RSA Security conference this week, a former hacker for the National Security Agency demonstrated an approach that’s often more effective: stealing and then repurposing a rival’s code. Patrick Wardle, who is now a security researcher at the macOS and iOS enterprise management firm Jamf, showed how reusing old Mac malware can be a smarter and less resource-intensive approach for deploying ransomware, remote access spy tools, and other types of malicious code. Where the approach really pays dividends, he said, is with the repurposing of advanced code written by government-sponsored hackers. “There are incredibly well-funded, well-resourced, very motivated hacker groups in three-letter agencies that are creating amazing malware that’s fully featured and also fully tested,” Wardle said during a talk titled "Repurposed Malware: A Dark Side of Recycling." “The idea is: why not let these groups in these agencies create malware and if you’re a hacker just repurpose it for your own mission?” he said.

Gov Info Security
February 28, 2020
In May, new medical device regulations, including cybersecurity requirements, will take effect in the European Union. How do they compare with requirements in the U.S.? Attorneys Kim Roberts and Adam Solander offer an analysis. To help medical device manufacturers comply with the new EU cybersecurity requirements, the European Commission's Medical Device Coordination Group recently published new guidance. "The new guidelines which the EC published in January were produced with the intention that they would provide manufacturers with guidance on how to fulfill all relevant requirements with regards to cybersecurity," Roberts says in a joint interview with Solander. "They cover a wide range of cybersecurity aspects in the premarket and post-market stages of production. At the core is the requirement on manufacturers to incorporate updated practices as they design, develop and upgrade products across their lifecycle." In the U.S., the Food and Drug Administration in 2014 issued cybersecurity guidance for the pre-market development of medical devices. And in October 2018, it issued a draft of updated guidance. But the FDA has not yet issued a final version of that updated draft guidance.

The Guardian
February 27, 2020
A council in the north-east of England has admitted that it has suffered a cyber-attack that has disabled its IT servers for the past three weeks, leaving it with a steep bill and concerns among residents that their local government infrastructure is “in danger of collapse”. One Redcar and Cleveland councillor told the Guardian they had been advised it would take several months and cost between £11m and £18m to repair the damage -far more than the £7.4m funding grant the council is set to receive in 2020/2021 from central government. The council’s total annual budget is £279m. For three weeks all council staff have been told they cannot use council computers, tablets or mobile devices and have been instead relying on “pen and paper”, the councillor said. Initially Redcar and Cleveland council told residents it simply had “an issue with our IT system, which means we are working with a reduced capacity”. But now the council leader, independent councillor Mary Lanigan, has acknowledged that the council was subject to a “ransomware cyber-attack” on 8 February.

Bloomberg
February 27, 2020
What began as a legal dispute over a hotel has unfolded in a London courtroom in recent weeks into an extraordinary tale of royal intrigue, one that includes allegations of global undercover spying operation, hacked emails and a covert public relations campaign. The investment authority of Ras Al Khaimah, one of the seven emirates that make up the United Arab Emirates, sued an Iranian-American aviation executive named Farhad Azima in 2016 for breach of contract in relation to the sale of a hotel in Tbilisi, Georgia. Azima counter-sued, alleging that authorities in Ras Al Khaimah hired contractors who hacked his emails. The trial wrapped up Feb. 14, and a judge in London’s High Court is currently mulling a decision, which is expected in March. If the judge finds in Azima’s favor, he would be the first person to successfully sue a foreign government for hacking, according to Kirby Behre, a former federal prosecutor and an attorney with Miller & Chevalier, which represents Azima. The next step would be a hearing on the damages suffered as a result of the hack, he said.

Brisbane Times
February 27, 2020
Labor wants the culprits behind major cyber attacks on Australia to be called out by the government, saying a change in policy is needed to deter hostile breaches of the nation's democratic institutions. The Opposition's assistant cyber security spokesman, Tim Watts, will on Thursday night argue Australia should explicitly treat cyber assaults on its democratic institutions as special and distinct. In a speech to the Lowy Institute, Mr Watts will also blast MPs who claim their social media accounts have been hacked after their accounts "like" an embarrassing tweet. Australian intelligence agencies found China was responsible for a cyber attack on Federal Parliament last year, but kept the finding secret to avoid souring trade relations with Beijing. Mr Watts will suggest the practice of not publicly naming culprits behind serious cyber attacks is reinforcing bad behaviour and doing nothing to uphold the norms of international law.

Gov Info Security
February 26, 2020
Australia's financial sector should brace for the potential of distributed denial-of-service attacks, the nation's top cyber agency has warned. The Australian Cyber Security Center says it is aware of "a number" of ransom threats made toward banking and finance organizations. "The threats in question are delivered via email and threaten the recipient with a sustained DDoS attack unless a sum of the Monero cryptocurrency is paid," the ACSC says. The ACSC notes, however, that it hasn't been able to verify the legitimacy of the threats, and that it appears that, none have resulted in actual DDoS attacks. The group behind the threats is calling itself the "Silence Hacking Crew," but the ACSC also advised it has been unable to verify that as well. DDoS attacks are intended to jam a service by sending overwhelming amounts of traffic. While such attacks can be devastating for smaller organizations, banks and financial institutions usually have adequate defenses in place to minimize disruption. Even the shortest amount of downtime as a result of such attacks, however, can anger customers and generate attention.

CyberScoop
February 26, 2020
Iran-linked hackers have been running spearphishing email campaigns against governmental organizations in Turkey, Jordan and Iraq in recent months in a likely effort to gather intelligence, according to research published Wednesday by Dell Secureworks. Most of the targeting, which Secureworks assesses to be focused on espionage, began before the U.S. military killed Qassem Soleimani, the leader of the Iran’s Quds Force, in Baghdad early January. But Alex Tilley, a senior researcher for Secureworks, told CyberScoop the spearphishing activity has increased since the killing. The research appears to align with information the FBI shared with industry in January, when it warned of an increase in Iranian “cyber reconnaissance activity.” The alert highlighted that Iranian hackers could be zeroing in on the defense industrial base, government agencies, academia and nongovernmental organizations.

Reuters
February 24, 2020
Mexico’s economy ministry detected a cyber attack on some of its servers on Sunday but did not consider sensitive information to have been compromised, and beefed up safety measures, it said in a statement. It was the second high-profile cyber attack on the Mexican government after hackers demanded $5 million in bitcoin from national oil company Pemex last November, forcing it to shut down computers nationwide. Providers have been asked to temporarily isolate networks and servers, the ministry said on Monday, adding that the processing of some forms would be temporarily suspended to protect their legal status. “Following an extensive revision, some of the ministry’s servers have been identified as affected, mostly email and archive servers,” it added. “The ministry’s sensitive information as well as that of its users is not considered compromised.”

Financial Times
February 23, 2020
Western powers must step up military deterrence and investment to combat Russia’s growing strategic control of the pivotal Black Sea region, Georgia’s foreign minister has warned. David Zalkaliani urged “more attention and more engagement” from the US and European countries in the face of Moscow’s growing deployment of missiles and radar in territory that it disputes with Tbilisi. His comments highlight the growing battle for an energy-rich trade route that counts two EU members on its shores and links Europe to Asia and the Mediterranean end of the Middle East. On Thursday, the UK and US accused Russia’s GRU intelligence agency of a cyber attack against Georgia in October last year that targeted government websites and media outlets. Speaking in an interview with the Financial Times before news of the cyber attack emerged, Mr Zalkaliani said Russia was deploying the “most sophisticated military equipment and ammunition” in the self-declared independent Abkhazia region, which has increasingly aligned itself with the Kremlin since Moscow captured 20 per cent of Georgia’s territory in 2008.


TECHNOLOGY

WIRED
February 28, 2020
In 2003 security researcher Katie Moussouris was working at the enterprise security firm @stake—which would later be acquired by Symantec—when she spotted a bad flaw in an encrypted flash drive from Lexar. After working with her friend LuĆ­s Miras to reverse-engineer the app and examine its structure, the two discovered that it was trivial to uncover the password that decrypted the drive's data. But when they tried to let Lexar know? "Things went wrong," says Chris Wysopal, who was also working at @stake at the time. The @stake team had the same two options that anyone does when they discover a vulnerability: either publish the findings openly or go to the developer directly, giving them time to fix the flaw before going public. In theory it seems like the latter would be a win-win, since it reduces the risk that hackers could exploit the bug maliciously. But the reality, in this case and so many others, can quickly get much more complicated and contentious.

The Wall Street Journal
February 23, 2020
In 2018, Frank Krasovec took on a $1 million personal line of credit from PlainsCapital Bank. A few months later, he went on a business trip. When he returned, $450,000 was missing. Mr. Krasovec, the chairman of Dash Brands Ltd., which owns Domino’s Pizza Inc. franchises in China, said he soon learned that someone had hijacked his email and asked his assistant to wire the money to a Hong Kong account.