Cyber Briefing ~ 02/07/2024

Britain, France Lead 35 Nation Agreement to Increase Oversight of Powerful Cyber Surveillance Tools

Britain and France led 35 nations and major technology companies in signing a joint declaration to address the growing threat posed by the uncontrolled proliferation of powerful cyber intrusion tools like spyware. As these surveillance capabilities have increasingly empowered a wider range of state and criminal actors to secretly monitor individuals' private online activities and device usage, the agreement calls for stronger international controls and oversight of both government and commercial spyware to help curb malicious hacking and better protect human rights. (REUTERS.COM)

Google: Governments Need to Do More to Combat Commercial Spyware

Google's Threat Analysis Group has called for more aggressive action from governments to combat the growing commercial spyware industry. The report highlights the proliferation of advanced spyware capabilities supplied to governments, which are used to target journalists, human rights defenders, dissidents, and political opponents. While the report acknowledges the efforts made by the U.S. government to crack down on spyware vendors, it suggests additional measures such as heightened transparency requirements, disclosing historical use of these tools, and imposing further sanctions on vendors. The industry's involvement in human rights abuses necessitates stronger regulation and oversight. (CYBERSCOOP.COM)

Ivanti Faces Mass Exploitation of Third Vulnerability

Hackers have begun mass exploiting a new vulnerability, CVE-2024-21893, in Ivanti's widely used VPN software. This comes as two previous vulnerabilities, CVE-2023-46805 and CVE-2024-21887, are already being actively targeted. The latest vulnerability allows threat actors to bypass authentication measures and gain direct access to administrative controls. The exploitation volume of CVE-2024-21893 has exceeded that of the previous vulnerabilities. The ongoing spree of attacks has damaged Ivanti's reputation and posed challenges for security professionals. The Cybersecurity and Infrastructure Security Agency has mandated federal agencies to rebuild their Ivanti VPN servers from scratch with the latest patch. (ARSTECHNICA.COM)

Threat-hunter Says Iran Is Stepping Up The Sophistication Of Its Cyberattacks

Gil Messing of Check Point reports seeing Iran expand its increasingly sophisticated hacking campaigns against Israeli and other regional targets. By perfecting social engineering, patiently gaining access, and spreading payloads like SysJoker and disruptive data wipes, Iran-linked actors reflect growing capabilities. Drawing from Ukraine and propagating hacktivist models, Iran's state-backed groups aggressively scale up operations. The recent debut of the menacing Cyber Toufan group underscores Iran's ambition to disrupt opponents through espionage and cyber-enabled threats. (THEWORLD.ORG)

U.S. Rolls Out Visa Restriction Policy on People Who Misuse Spyware to Target Journalists, Activists

The United States has introduced a new visa restriction policy allowing it to deny entry to any individuals involved in the malicious use of commercial spyware software to conduct surveillance on journalists, activists, dissidents, or members of marginalized communities. The measure targets persons directly misusing spyware for such ends, as well as those financially benefitting from or facilitating such abuse. While no individuals were immediately named due to confidentiality of visa records, the policy can apply to citizens of any country found misusing these tools. Experts praised the move as an important step toward accountability for an industry whose products have enabled serious human rights violations worldwide. Other nations are urged to adopt similar deterrents against the uncontrolled proliferation of intrusive surveillance capabilities. (PBS.ORG)

Remote Access Giant AnyDesk Resets Passwords and Revokes Certificates After Hack

Remote desktop software provider AnyDesk experienced a cyberattack that compromised its production systems, leading to a week-long lockdown. The company revoked security-related certificates, replaced or remediated systems, and invalidated all passwords to its customer web portal. While the incident is not related to ransomware, details of the specific cyberattack were not disclosed. AnyDesk assures users that the situation is under control and that it is safe to use the software. There is no evidence that end-user systems were affected, but hackers are reportedly selling access to AnyDesk accounts on cybercrime forums. (TECHCRUNCH.COM)

Google: Half of All Zero-Days Used Against Our Products Are Developed by Spyware Vendors

Google has identified at least 40 companies involved in the creation of spyware and hacking tools sold to governments for targeting "high risk" individuals. The report calls for stronger action against spyware vendors and highlights the need for increased transparency and limitations on their operations. Google states that half of all known zero-day exploits used against their products can be attributed to commercial surveillance vendors. The company has been battling spyware vendors since 2017 and has exposed the activities of several companies, including NSO Group and Candiru. (THERECORD.MEDIA)

State Department Will Not Issue Visas to Individuals Linked to Spyware Abuse

The U.S. State Department announced that it will deny visas on a case-by-case basis to individuals implicated in the misuse of commercial spyware. This move is part of the Biden administration's efforts to curb the proliferation of spyware, following an executive order banning federal agencies from using high-risk commercial spyware. The visa ban will target individuals involved in developing, directing, or controlling companies that provide technologies like commercial spyware to governments. The impact of the visa ban on the spread of spyware remains uncertain, but it sends a strong signal to those involved in the industry. (CYBERSCOOP.COM)

ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery Campaign

Unit 42 researchers discovered a large scareware and potentially unwanted program campaign called ApateWeb, using over 130,000 domains to deliver scareware, PUPs, and scam pages. The campaign has complex infrastructure with layered redirections between entry URLs sent in emails and the final malicious payloads. ApateWeb uses evasion tactics like cloaking and wildcard DNS to avoid detection. The impact could be large as hundreds of attacker domains remain highly ranked. Next-Gen Firewall and Cortex XDR help protect against this threat. (BLOG.GOOGLE)

HHS’ Office for Civil Rights Settles Malicious Insider Cybersecurity Investigation for $4.75 Million

The OCR settled with Montefiore Medical Center for potential HIPAA Security Rule violations, resulting from an employee stealing and selling patients' protected health information. The $4.75 million settlement emphasizes the importance of addressing and preventing cyber attacks within the healthcare sector. (HHS.GOV)

Pegasus Spyware Targets Jordanian Civil Society in Wide-Ranging Attacks

The controversial Pegasus spyware app has been used to target journalists, lawyers, and human rights activists in Jordan, with nearly three dozen individuals surveilled over the past four years. The state-sponsored attacks, believed to be carried out by the Jordanian government, utilized the Pegasus rootkit and surveillance tool. The targeting of individuals undermines free society and violates privacy and freedom of expression. The revelations come as Jordan's government passes a new cybercrime law that has been criticized for its potential abuse. Governments are increasingly using surveillance software like Pegasus to target critics and activists without due process. (DARKREADING.COM)

Proposed Contractor Cyber Reporting Rule Sets a 'Significantly Problematic' Bar, Industry Groups Say

Industry groups criticize a proposed rule that would require federal contractors to intensify reporting on cybersecurity incidents. The groups argue that the rule is inconsistent with other cyber regulations and demands too much from targeted contractors. Concerns include granting complete access to contractors' information systems and personnel, as well as the requirement for a Software Bill of Materials (SBOM). Commenters also find the eight-hour reporting window to be too stringent. (NEXTGOV.COM)

Cyber Attack Affecting Access to Pennsylvania State Courts

Portions of Pennsylvania's Unified Judicial System portal, which provides access to criminal and civil docket sheets and court schedules, are unavailable due to a denial of service cyber attack. The Administrative Office of Pennsylvania Courts is working with law enforcement to investigate the incident, but no court data is believed to have been compromised. The attack is affecting various online court services, but Pennsylvania courts remain open to the public during the investigation. (GOVTECH.COM)

The Difficulties Of Defining “Secure-By-Design”

This analysis discusses challenges in defining "secure-by-design" standards, including the lack of evidence for what controls are truly most impactful and measurable. It argues that more empirical research is needed to properly incentivize security-centric design through policy. (LAWFAREMEDIA.ORG)

Business, Technology Groups Support SolarWinds' Motion to Dismiss SEC Charges

Industry stakeholders, including the U.S. Chamber of Commerce and the Business Roundtable, have filed amicus briefs in support of SolarWinds' motion to dismiss the SEC's civil fraud lawsuit. Former cybersecurity officials and CISOs warned that the lawsuit could discourage information sharing and make companies reluctant to disclose security vulnerabilities. SolarWinds maintains that its disclosures were appropriate and that the SEC's assertions are flawed. The SEC has not commented on the briefs. (CYBERSECURITYDIVE.COM)

AI 'Godfather' Urges Canada to Act Swiftly on AI Law

Yoshua Bengio, a prominent AI researcher, has urged Canadian lawmakers not to delay in implementing AI regulations, stating that an imperfect law that can be adapted is better than no law at all. Bengio emphasized the need for timely enforcement to keep pace with rapidly advancing AI technology, highlighting risks such as the spread of disinformation and the potential for AI-driven cyberattacks. He proposed the creation of a registry for advanced AI systems, shifting the burden of safety and security onto developers rather than taxpayers. (POLITICOPRO.COM)

U.S. Government Sanctions Iranian Officials Over Pennsylvania Water Facility Hack

The U.S. Treasury Department has imposed sanctions on six Iranian government officials for their involvement in a cyberattack on a Pennsylvania water utility in November 2023. The Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC) targeted programmable logic controllers manufactured by Unitronics, an Israeli company. Although the incident did not pose a threat to public safety or the water supply, unauthorized access to critical infrastructure systems can have devastating consequences. The sanctions were imposed on individuals including the head of the IRGC-CEC and other senior officials. The cyber threat landscape in the water sector has been increasing, with actors from Russia, Iran, and China targeting its vulnerable infrastructure. (CYBERSCOOP.COM)

'This Was a Wake Up Call for Us': Tazewell County Nears a Full Recovery Months After Cyberattack

Tazewell County in Illinois is close to a full recovery after a cyberattack in late November left employees and officials without access to their online and communication systems. The county is improving its cyber security protocols and has installed software to detect unauthorized access and shut down systems to prevent further damage. The county is also implementing two-factor authentication and is working with insurance providers to assess the attack. County Board Chairman David Zimmerman stated that the incident served as a wake-up call for the importance of proper cyber protection. (WCBU.ORG)

Subscribe to our LinkedIn Cyber Briefing.

Subscribe to our Cyber Focus podcast.

Copyright ? 2024 Auburn University's McCrary Institute. All Rights Reserved.

Follow the McCrary Institute on: LinkedIn, Twitter, Threads, Instagram, Facebook, and YouTube.