Articles

Cybersecurity under fire: CISA’s former deputy director decries post-election…

Matt Travis talks about CISA’s role in the recent US elections and how President Trump and his surrogates have politicized the security function.

Matt Travis, the former deputy director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), kicked off this year’s Aspen Cyber Summit yesterday with a keynote interview by journalist Kara Swisher. Travis provided an insider’s view of the events leading up to the firing of CISA director Christopher Krebs and discussed the fallout from President Donald Trump’s attempts to undermine the agency.

The just-concluded president election represented “the most secure election in American history,” according to Krebs. Despite this achievement, or perhaps because of it, Krebs was summarily fired by Donald Trump via a tweet on November 17. Before Krebs was dismissed, the White House asked for the resignation of Brian Ware, the highly regarded assistant director for cybersecurity for CISA. After Krebs’ forced departure, Matt Travis, CISA deputy director and Krebs’ right-hand man at CISA, resigned from the agency.

On Sunday, Krebs, a lifelong Republican, told 60 Minutes’ Scott Pelley that he has complete confidence in the election outcome. He dismissed as conspiracy theories some of Trump’s increasingly convoluted stories of how President-Elect Joe Biden “stole” the election. Krebs said that Trump’s attorney Rudy Giuliani’s promotion of unproven election fraud was an “attempt to undermine confidence in the election, to confuse people, to scare people.”

Following the 60 Minutes interview, another Trump attorney, Joseph DiGenova, said that Krebs should be “taken out and shot” for contradicting Trump’s unsubstantiated claims of voter fraud. Yesterday, Krebs told CBS’s Savannah Guthrie that he is looking into potential legal action following DiGenova’s bald threat. Alex Stamos, former Facebook CISO and founder of the Stanford Internet Observatory, filed a complaint against DiGenova with the DC Bar’s Office of Disciplinary Counsel and encouraged his fellow infosec peers to do the same.

This article appeared in CSO Online. To read the rest of the article please visit here.

 

Articles

New US IoT law aims to improve edge device…

lead centered=”no”
The Internet of Things Cybersecurity Improvement Act will require device manufacturers to meet new security standards for government contracts. Carryover effect expected for the private sector.
/lead

As the world moves toward interconnection of all electronic devices, the proverbial internet of things (IoT), device manufacturers prioritize speed to market and price over security. According to Nokia’s most recent threat intelligence report, IoT devices are responsible for almost a third of all mobile and Wi-Fi network infections.

This ratio will likely grow dramatically as the number of IoT devices continues its exponential growth. A recent report from Fortinet warns that the rapid introduction of edge devices will create opportunities for more advanced threats, allowing sophisticated attackers and advanced malware to “discover even more valuable data and trends using new EATs edge access Trojans and perform invasive activities such as intercept requests off the local network to compromise additional systems or inject additional attack commands.”

The Internet of Things (IoT) Cybersecurity Improvement Act, passed by the House in September and unanimously approved by the Senate last week, is a step toward warding off these threats and providing greater security in IoT devices. The act is headed to the desk of President Trump, who is expected to sign it into law.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Michał Jakubowski on Unsplash

Articles

China’s exclusion from US 5G market likely to continue…

lead centered=”no”
Telecom insiders discuss supply chain security and call for better communication, collaboration, and transparency from the federal government about threats within their industry.
/lead

As China’s Huawei faces ongoing banishment and retrenchment in Europe, the question arises whether Huawei and its peers, including telecom gear maker ZTE, will get a reprieve under the incoming Biden administration. Huawei clearly thinks it has a shot of improving its relationship with its European customers in the post-Trump era: Huawei Vice President Victor Zhang has been lobbying UK Prime Minister Boris Johnson to revisit the ban against using his company’s technology in Britain’s 5G network build-out.

Huawei landed in its current predicament due to the Trump regime’s fears that the company works with the Beijing government to implant malware in its equipment. It might not fare better under a Biden administration.

China’s likely continued exclusion from US markets even under a Biden administration was a top topic at a webinar on supply chain security hosted by US Telecom and Inside Cybersecurity. “The cybersecurity policies overall between the Obama Administration and to Trump and now to president-elect Biden should be relatively consistent,” Norma Krayem, vice president and chair of the Cybersecurity, Privacy and Digital Innovation Practice at Van Scoyoc Associates, said. “I think that’s important for the private sector to see that there is that theme.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Kamil Kot on Unsplash

Articles

Defining data protection standards could be a hot topic…

lead centered=”no”
Some states could follow the New York Shield Act’s lead and set clearer regulatory expectations for reasonable cybersecurity. Election security legislation likely not on the agenda.
/lead

Following nationwide elections, a new line-up of state lawmakers will be joining their veteran peers to dig into a host of cybersecurity issues during 2021. Since March, many, if not most, cybersecurity issues at the state level have been derailed so that legislators could grapple with the coronavirus’s overwhelming challenges. Most experts see cybersecurity matters continuing to take a back seat through at least the early months of 2021.

Aside from the pandemic, another factor driving a possible delay in state legislative momentum is the political division throughout the country. “States are going to ask, ‘What’s the likelihood we’re going to pass legislation and it’s going to get overturned at the national level,’” says Aaron Tantleff, a partner focused on cybersecurity and data privacy at Foley and Lardner. “There’s going to be a little more of ‘Let’s wait and see what’s going to happen at the national level.’”

Once the immediacy of the pandemic dissipates and the political heat cools, cybersecurity issues will likely surface again in new or revived legislation in many states, even if weaved throughout other related matters. It’s difficult to separate cybersecurity per se from adjoining issues such as data privacy, which has generally been the biggest topic to involve cybersecurity issues at the state level over the past four years. “You really don’t have this plethora of state cybersecurity laws that would be independent of their privacy law brethren,” Tantleff said.

According to the National Conference of State Legislatures, at least 38 states, along with Washington, DC, and Puerto Rico introduced or considered more than 280 bills or resolutions that deal significantly with cybersecurity as of September 2020. Setting aside privacy and some grid security funding issues, there are two categories of cybersecurity legislative issues at the state level to watch during 2021. The first and most important is spelling out more clearly what organizations need to meet security and privacy regulations. The second is whether states will pick up election security legislation left over from the 2020 sessions.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Lars Kienle on Unsplash

 

Articles

Passage of California privacy act could spur similar new…

lead centered=”no”
Voters approved the California Privacy Rights and Enforcement Act (CPRA), which in part limits how organizations can use personal data. Legal experts expect other states to follow suit.
/lead

On November 3, California citizens approved the California Privacy Rights and Enforcement Act (the CPRA), a comprehensive privacy law that amends another privacy law that went into effect in the state on January 1, the California Consumer Privacy Act (CCPA). The CPRA is intended to strengthen privacy regulations in California by creating new requirements for companies that collect and share sensitive personal information. It also creates a new agency, the California Privacy Protection Agency, that will be responsible for enforcing CPRA violations.

Most privacy attorneys agree that the CPRA was created with the European Union’s General Data Protection Regulation (GDPR) in mind, adding teeth to the stipulations that existed in the CCPA. Consumers will be able to correct inaccurate personal information that business hold, and fines are steep for violating the children’s data protection requirements under the CPRA. Most of the law’s provisions will go into effect on January 1, 2023, with some provisions requiring a look-back to 2022.

The CPRA defines “sensitive personal information” to include an expansive range of data elements, including government-issued identifiers such as drivers licenses, passports, and Social Security numbers as well as financial account information, geolocation, race, ethnicity, religion, union membership, personal communications, genetic and biometric data, health information, and information about sex life or sexual orientation.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Nathan Guisande on Unsplash

 

Advanced Persistent Threat

US DOJ indictments might force Russian hacker group Sandworm…

lead centered=”no”
Experts hope that indictments against six Russian military intelligence agents will make Russia rethink plans to disrupt the US election.
/lead

The US Department of Justice (DOJ) unsealed charges against six hackers who allegedly are part of Sandworm, a Russian military intelligence group responsible for a string of damaging and unprecedented acts of malicious digital activity. The breadth of crimes that DOJ accuses the hackers of committing is extensive, from shutting down Ukraine’s power grid — twice — to the launch of faux ransomware NotPetya, which caused billions of dollars in damages globally, to devastating cyberattacks on the 2018 Olympics in South Korea.

The indictment spells out multiple computer fraud and conspiracy charges against each defendant and is the first time Russia has been identified as the culprit behind the Olympic attacks. In those incidents, attackers deployed destructive malware called Olympic Destroyer to disrupt the 2018 games. The Russian hackers had attempted to blame North Korea, China and other adversaries as the culprit of those assaults through a series of false flags implanted in the malware that were designed to throw investigators off track.

The DOJ further alleges that the hackers and their co-conspirators helped Russia retaliate against former Russian spy Sergei Skripal by poisoning him, along with his daughter, with a weapons-grade nerve agent, Novichok. Other crimes outlined in the indictment are a series of spear phishing attacks against the country of Georgia and Georgian non-government organizations in January 2018 and a cyberattack in Georgia around October 2019 that defaced approximately 15,000 websites and disrupted service to them.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Steve Harvey on Unsplash

 

Articles

Common pitfalls in attributing cyberattacks

lead centered=”no”
Attack attribution is always difficult as criminal groups often share code and techniques, and nation-state actors excel at deception. Here, security researchers share their techniques and common pitfalls.
/lead

Attributing cyberattacks to a particular threat actor is challenging, particularly an intricate attack that stems from a nation-state actor, because attackers are good at hiding or erasing their tracks or deflecting the blame to others.

The best method for arriving at a solid attribution is to examine the infrastructure and techniques used in the attack, but even then, researchers can often get it wrong, as Paul Rascagneres and Vitor Ventura of Cisco Talos illustrated in a talk at the VB2020 conference on September 30.

Researchers typically rely on three sources of intelligence, Rascagneres said: open-source intelligence (OSINT), which is publicly available information on the internet, technical intelligence (TECHINT) that relies on malware analysis, and proprietary data available only to the organizations involved in the incident.

Nation-state intelligence agencies serve as another source of intelligence because they have more information and additional resources than the private sector, but intel agencies are often secretive about their methods. “In public sectors, they don’t give everything,” Rascagneres said. “They don’t explain how they get all the detail. How does it make the link?”

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Kaitlyn Baker on Unsplash

 

Articles

Late-game election security: What to watch and watch out…

lead centered=”no”
Despite disruption of the Trickbot botnet network, last-minute leaks of stolen documents and post-election undermining of trust in the election system remain big concerns.
/lead

As we head into the final inning of what has been a dramatic US presidential election season, it’s clear the country has so far been spared the kind of high-stakes hacking and disinformation campaigns that marred the 2016 election. Still, US intel and cyber defense organizations are on the lookout for last-minute ransomware attacks and have been joined by their private sector counterparts while social media companies appear to be clamping down on disinformation efforts.

The most striking evidence that the US  may be better prepared than it was in 2016  is the extraordinary actions taken by US CyberCommand (CyberCom) to meddle with the Russian-language Trickbot botnet network, used to deliver malware, including ransomware, and frequently exploited by Russian military intelligence for plausible deniability. Following a scoop by journalist Brian Krebs that an unknown actor was meddling with Trickbot, news leaked over the weekend that CyberCom was the meddler.

CyberCom’s goal was to thwart any possible ransomware attacks on selected or strategically important jurisdictions. The military cyber arm might have also been pushed into action by a Trickbot-enabled ransomware attack on top healthcare provider Universal Health Services (UHS), which was forced to shutter digital operations when 400 of its computer systems were locked up by Ryuk ransomware.

This article appeared in CSO Online. To read the rest of the article please visit here.

 

Articles

How SilentFade group steals millions from Facebook ad spend…

lead centered=”no”
SilentFade steals credentials and ad spend account information and sells the information to other bad actors. The group returned with improved malware after Facebook’s initial mitigation efforts.
/lead

Facebook is a magnet for scammers, thieves and other bad actors looking to swindle and manipulate the social media giant’s vast pool of users. One group discovered by Facebook’s in-house researchers took such a sophisticated approach to bilking Facebook users that it walked away with $4 million in an elaborate ad fraud scheme that went undetected by its victims.

Sachit Karve, speaking both for himself and fellow Facebook security researcher Jennifer Urgilez, offered more details about this scheme at the VB 2020 conference last week. Facebook insiders call the group behind it SilentFade and discovered that it came from a Chinese malware ecosystem that used different types of malware in its cybercrime sprees.

Facebook discovered the malware family near the end of 2018 but traced its origins back to 2016. SilentFade has a keen focus on social media targets. “SilentFade is interesting to us as it explicitly targets users of social networks and more recently services with social components like Amazon,” Karve said.

The name SilentFade comes from “Silently running Facebook ads with exploits.” “The malware is capable of running ads on Facebook, without the user’s knowledge, by exploiting a bug on the platform,” Karve said at the conference.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Brett Jordan on Unsplash

 

Articles

New FBI strategy seeks to disrupt threat actors, help…

lead centered=”no”
The FBI sharpens its focus on collaboration among US and foreign government agencies and the private sector. It will acting as a central hub to deal with cybersecurity threats.
/lead

Last week, the US Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint announcement about the potential threat that foreign-backed online journals pose in spreading misinformation ahead of the crucial 2020 US presidential election. This alert, intended to raise public awareness based on government intelligence, reflects a new strategic direction by the FBI to work with partners across the federal landscape to better protect the American public and its allies from cyber threats.

“It’s a complex threat environment where our greatest concerns involve foreign actors using global infrastructure to compromise US networks,” Tonya Ugoretz, deputy assistant director of the FBI’s Cyber Division said during a conference at Auburn University’s McCrary Institute organized to debut the Bureau’s new strategy.

Ugoretz said that among the many factors the FBI must now juggle in dealing with cyber threats are:

  • The increased attack surfaces stemming from widespread work-at-home arrangements due to the COVID-19 crisis
    Attackers’ growing willingness to exploit the increased vulnerabilities the wider attack surface make possible
    The increase in availability of tools that threat actors use to launch attacks
    Growth in the number of both criminal and nation-state threat actors.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Jack Young on Unsplash