Cyber Briefing ~ 06/28/2024
McCrary Institute for Cyber & Critical Infrastructure Security
Working to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
~Weekly Director's Note~
Dear Readers,
This week on Cyber Focus, I had the privilege of sitting down with Estonian Ambassador-at-Large for Cyber Diplomacy Tanel Sepp . He discussed how Estonia, a digital pioneer that faced Russian cyberattacks in 2007, has since spearheaded the "Tallinn Mechanism" – a coordinated international effort involving ten countries to provide critical cyber support and donor coordination for Ukraine amid the ongoing conflict.?
A recent SentinelOne Labs and Recorded Future report exposed the trend of suspected Chinese APT groups strategically deploying ransomware strains like CatB as part of their cyber espionage operations. After stealthily gaining access and reconnoitering target networks at government and critical infrastructure entities, these threat actors exfiltrate sensitive data while simultaneously encrypting systems with ransomware. This blurring of traditional APT tactics with ransomware elements allows adversaries to distract defenders while still accomplishing their primary espionage objectives under the guise of a criminal ransomware incident.
As Sara Friedman of Inside Cybersecurity reported, the Office of the National Cyber Director is leading the effort to improve cybersecurity within the federal government, targeting two critical areas. First, the Office of the National Cyber Director, The White House is actively transitioning agencies to use Resource Public Key Infrastructure for Border Gateway Protocol, hoping to incentivize broader adoption across the internet. Second, ONCD is working to mandate the use of memory-safe programming languages like Rust and Swift for government systems, hardening them against emerging threats like AI-enabled attacks.
Emma Woollacott with Cybernews takes us above the clouds for a moment in her article on the cyber threats facing space operations, as outlined by researchers from California Polytechnic State University. The Cal Poly report warns of space operations' cyber risks, from hacked spacecraft to hacked life support systems. The researchers highlight other potential scenarios, such as rogue actors hijacking rockets or asteroids, deploying deepfake alien messages to cause panic, and even the emergence of "space pirates" disrupting off-planet settlements and supply chains for their own gain – highlighting my belief that space infrastructure be designated as critical infrastructure.
The U.S. Department of the Treasury issued sanctions against Russian cybersecurity firm Kaspersky Lab which prohibits Kaspersky from providing services in the U.S. This action follows a Commerce Department determination that Kaspersky's products pose unacceptable national security risks due to the company's cooperation with Russian military and intelligence agencies. Additionally, the sanctions target a dozen senior Kaspersky executives and board members for operating in Russia's technology sector, blocking any U.S. assets and transactions involving these individuals.?
Fellow U.S. Cyberspace Solarium Commission Commissioners Sen. Angus King and Samantha Ravich call for the U.S. to bolster its cyber deterrence capabilities against adversarial nations in their op-ed. The authors argue that defensive cybersecurity measures alone are insufficient to protect America's critical infrastructure from crippling attacks. King and Ravich advocate for a strategic shift - moving beyond the shadows to openly demonstrate offensive cyber warfare abilities that instill "existential dread" in potential attackers. Only by visibly projecting credible retaliatory capabilities, they contend, can the U.S. deter hostile actors like Russia, China, and Iran from further undermining national security interests through destructive cyber operations.
Lastly, expert witnesses Matt McCabe of Marsh McLennan , Kimberly Denbo of the American Gas Association , and Jack Kudale of Cowbell and I testified before the Committee on Homeland Security's Subcommittee on Cybersecurity and Infrastructure Protection yesterday. Our testimonies explored the current reality that conventional cybersecurity measures and risk transfer mechanisms may prove inadequate against sophisticated nation-state adversaries or incidents of unprecedented scale. It was a pleasure to hear the many insights from the other witnesses while also sharing some of my perspectives.
Hope you all have a great week.
War Eagle,
To deter adversaries from attacking American infrastructure, the United States needs to demonstrate its ability to strike back. Stronger cybersecurity measures are necessary, but a visible and muscular deterrence is also crucial. This requires showcasing offensive cyber capabilities and making adversaries fear the consequences of their actions. It may involve strategic declassification and public acknowledgment of offensive operations. Deterrence is about instilling fear in adversaries and showing that the US is ready to respond in kind.
The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency report that over half of critical open-source projects use memory-unsafe programming languages like C and C++, which are vulnerable to exploitation. The largest projects disproportionately rely on these languages - with 4 of the top 10 having over 94% unsafe code. Agencies are pushing to eliminate unsafe languages amid broader efforts for secure-by-design development.
The software company CDK Global has restored critical services to a small initial group of car dealers following a cyberattack that shut down systems across its over 15,000 customer base. CDK says it will phase in other dealers, but warns some third-party integrations may be delayed. The outage has extended into a second week, forcing many dealers to use analog alternatives during recovery efforts.
The U.S. Supreme Court rejected an attempt by Republican states to restrict the federal government's ability to communicate with social media platforms about false information online. A 6-3 ruling found the plaintiffs lacked standing and evidence to prove the communications resulted in censorship. The decision allows the government to resume efforts to coordinate with tech companies on misinformation.
The U.S. government is offering a $10 million reward for information leading to the location of Amin Timovich Stigal, a Russian hacker accused of supporting the invasion of Ukraine. Stigal allegedly hacked Ukrainian government computers and posed as a cybercriminal while working with Russian military intelligence. He ran a malware scheme called "WhisperGate," disguised as ransomware, which aimed to delete data and render computers inoperable. Stigal and his co-conspirators also targeted countries supporting Ukraine, including the U.S. The indictment filed in Maryland lists Stigal as one of the FBI's Most Wanted cybercriminals.
Gen. Tim Haugh , head of U.S. Cyber Command and the National Security Agency , warns that the defense industrial base, including companies serving the U.S. military, is being actively targeted by adversaries, particularly China. The NSA and Cyber Command are prioritizing AI-enabled cyber attacks and exploring how to employ AI for cybersecurity within the United States Department of Defense . The Pentagon is also implementing a zero-trust architecture roadmap to automate cybersecurity defenses and improve AI-enabled cyber defense capabilities.
Gery Shalon, the mastermind behind the J.P. 摩根 hack who cooperated with the US government, is now accused of continuing to scam victims while acting as a cooperator. European police and prosecutors are investigating whether Shalon was running the FBI or if the FBI was controlling him.
The Internal Revenue Service issues a public apology to billionaire Ken Griffin and others affected by a data breach orchestrated by contractor Charles Littlejohn. Littlejohn gained unauthorized access to sensitive tax returns and leaked them to the media. The IRS acknowledges its failure and plans to enhance data security measures to prevent future breaches. Littlejohn, who was sentenced to five years in prison, exploited weaknesses in IRS systems to obtain and disseminate confidential tax data. The incident raises concerns about the security of personal information held by government agencies.
The U.S. Department of Homeland Security is working to streamline the process of determining which cybersecurity jobs require clearances, aiming to mitigate the challenges of the federal government's hiring process for cyber talent. DHS is exploring the use of interim clearances and reducing requirements for clearances to expedite hiring. The Office of the National Cyber Director is also focusing on clearance reform and collaborating with other agencies to refine the pool hiring process. Efforts to recruit and train underrepresented populations in the cyber workforce were also discussed during a House Homeland Security Committee hearing.
领英推荐
ChamelGang, a suspected Chinese advanced persistent threat (APT) group, has been using ransomware as a tactic to distract defenders, complicate attribution, or as a secondary goal for financial gain. The group has targeted high-profile organizations worldwide, using CatB ransomware in attacks. Another activity cluster uses BestCrypt and Microsoft BitLocker for similar purposes. The involvement of ransomware in cyberespionage attacks blurs the lines between APT and cybercriminal activity, making attribution challenging and concealing the true nature of the operation.
A 22-year-old Russian national, Amin Timovich Stigal, has been indicted in the U.S. for his alleged involvement in destructive cyber attacks against Ukraine and its allies prior to Russia's invasion in 2022. Stigal, believed to be affiliated with the GRU, faces up to five years in prison if convicted. The U.S. Department of State's Rewards for Justice program is offering a reward of up to $10 million for information on his whereabouts or the cyber attacks. The attacks involved the use of a wiper malware called WhisperGate and targeted government and IT entities in Ukraine.
The United States Senate Committee on Armed Services plans to limit funding for the U.S. Cyber Command's Joint Cyber Warfighting Architecture. This comes as the command builds a program executive office for the architecture's development. The committee wants a more detailed plan on the architecture's future before providing full funding.
Defense Innovation Unit (DIU) seeks to rapidly acquire and deploy commercially available deepfake detection and attribution capabilities. This comes as U.S. adversaries increasingly use deepfakes for fraud, disinformation, and other malicious activities. Proposals accepted until June 27 must comply with DIU's guidelines and utilize an open systems architecture approach.
Indonesia refuses to pay an $8 million ransom following a ransomware attack on a national data center that disrupted public services, including airport immigration. Restoration efforts are underway, and investigations into the attack are ongoing. Cybersecurity experts emphasize the importance of continuous monitoring and recovery efforts to mitigate the impact of such sophisticated attacks. Victims of ransomware attacks are advised to prioritize recovery and enhance cybersecurity measures.
The U.S. government has announced plans to ban Kaspersky Lab and its affiliates from providing cybersecurity and antivirus software in the United States due to concerns about Russian government influence. Kaspersky's software poses risks to national security, as it has administrator access to devices and can inject malware or withhold critical updates. The ban will take effect on September 29, but users who continue to rely on Kaspersky products assume the associated cybersecurity risks. Kaspersky denies the allegations and plans to sue the government.
Acting Principal Deputy National Cyber Director Jake Braun discussed efforts led by the Office of the National Cyber Director (ONCD) to enhance the security of Border Gateway Protocol (BGP) and promote the adoption of memory safe programming languages within the federal government. The ONCD is actively working on the adoption of Resource Public Key Infrastructure systems for BGP security, with the goal of incentivizing industry to follow suit. Additionally, the ONCD is collaborating with agencies to incorporate memory safe programming languages and formatting methods into government procurement.
The National Institute of Standards and Technology (NIST) has released a draft "National Standards Strategy for Critical and Emerging Technology" for public comment. The strategy aims to promote continued U.S. leadership in developing international standards for emerging technologies. The proposed immediate steps include increased research and reducing barriers to stakeholder participation in standards development. The long-term strategy includes enhancing coordination across the federal government, incentivizing agency engagement in standardization, and removing barriers to participation. The draft report emphasizes the societal impacts of technology standards, including those related to artificial intelligence.
The House Committee on Energy and Commerce leaders have introduced a bipartisan data privacy bill to establish a national standard for handling sensitive information in the US. The bill aims to enhance transparency, provide individuals with control over their data, and enforce data minimization standards. However, the removal of civil rights and algorithms provisions has raised concerns among advocacy groups, urging a delay in the markup. Some argue that the bill is a step backward without strong civil rights protections.
After a ransomware attack locked Ascension hospitals out of electronic systems, nurses and doctors reported dangerous lapses in care, including medication errors. But most US hospitals lack training and preparation for long-term tech outages. Experts say the attack shows the urgent need for enforceable cybersecurity standards to protect patients. Ascension says it's confident care remains safe, but clinicians fear incidents could threaten licenses. They urge reducing electives until issues are fixed.
Cyberattacks are becoming more devastating and taking longer to resolve, as demonstrated by the ongoing cyber incident at CDK Global, which has crippled car dealerships for days. Hackers are becoming more sophisticated, patient, and target organizations in the supply chain, leveraging larger sums of money. Industries with outdated systems, like healthcare, are particularly vulnerable. It is crucial for organizations to improve cybersecurity measures, rely on third-party expertise, and implement minimum cybersecurity requirements.
In the 2010's Gery Shalon, mastermind of the JPMorgan hack, began cooperating with the FBI after his arrest. But new evidence suggests that while working with the FBI, Shalon built a massive new fraud empire in Europe, running investment scams that stole millions from victims in Sweden, the UK, Germany and Austria. European investigators point to his continued criminal activity and America's commodification of guilt as failures that let Shalon operate freely under US supervision. Now the FBI faces questions from outraged European authorities over how it handled the case.
Subscribe to our LinkedIn Cyber Briefing.
Subscribe to the daily Cyber Briefing email.
Subscribe to our Cyber Focus podcast.
Copyright ? 2024 Auburn University's McCrary Institute. All Rights Reserved.
Marsh US & Canada Cyber Coverage Leader
4 个月It was a privilege and honor to speak with Frank Cilluffo on Auburn University's McCrary Institute Cyber Briefing podcast. Give a listen, subscribe and rate highly!