Nation Scanning to 43 Trillion Events

This week we look at how the UK's NCSC is scanning every Internet facing system in the country - could be interesting. A report from an EU committee finds spyware being used within the EU. We sorta question the level of threat based on an attack that stopped trains in Denmark. And finally, we get two topics for one news item... Microsoft publishes a huge cybersecurity report, but we also explore a popular element within the report that China is hording vulnerabilities.

UK Scanners

The UK’s National Cyber Security Centre (NCSC) recently published an announcement that they are now performing ongoing vulnerability scans for all systems Internet accessible across the entire country. I find this quite interesting from multiple directions. There’s definitely an Orwellian vibe… knowing the government is constantly scanning your systems for flaws in hopes that information is used to your benefit as opposed to against you. Of course, there’s the obvious inverse that data collected will provide a nation-wide perspective on the overall degree of exposure and from that prioritize information and to help improve the country’s posture, thereby helping to improve your posture. The fact is simply this – you’re being scanned constantly by baddies anyway and they’re not going to let you know you have a hole – e.g., Shodan. Nevertheless, like some of the laws forming in the US and other countries concerning government demands for reporting incidents, it does start to challenge the concept of privacy at the organizational level. Frankly, privacy is a battle arguably being lost at the individual level too. No matter, as an organization you can embrace it by not filtering two specific IP addresses used by the NCSC or contact them to opt out.

NCSC Scanning information - https://www.ncsc.gov.uk/information/ncsc-scanning-information

Article - https://www.bleepingcomputer.com/news/security/british-govt-is-scanning-all-internet-devices-hosted-in-uk/

Absolute Power Corrupts Absolutely

I’ve shared a number of times the broad access to highly sophisticated military-grade tools, which has gained a lot of attention this year with NSO Group’s Pegasus spyware being used against journalists, government officials, and others for political or operational gains. This week a 159-page draft report from an EU committee of the European Parliament, originally tasked with investigating the reach of Pegasus, was published highlighting abuses of spyware within the EU community itself. European Union governments have used “spyware on their citizens for political purposes and to cover up corruption and criminal activity,” according to the report. This year we’ve seen major investigations related to spyware, with Pegasus at the center, in US Congress, UK Parliament and in EU Parliament to name a few. Expect this to result in new laws and regulations, but unsure if it will quell the industrialization and commoditization of cyberweapons in the open market.

EU Committee report - https://www.sophieintveld.eu/download/getFile/5047

EU Committee report author - https://www.sophieintveld.eu/nl/sophie-in-t-veld (it’s the PEGA DRAFT REPORT)

Article - https://therecord.media/eu-governments-accused-of-using-spyware-to-cover-up-corruption-and-criminal-activity/

Train Stationary

Last Saturday the Danish train system came to a halt for several hours reportedly due to a cyber-attack. However, this story has some interesting lessons. It appears the hackers accessed a testing environment of a third-party provider Supeo, a railway technology vendor, and in response to that incident Supeo shutdown key servers directly impeding train operators at DSB. Unsurprisingly, this has been reported as an example of sophisticated infrastructure hackers and likened to what we’re seeing in the Ukrainian war. In my opinion, that’s a touch overblown, at least from what has come to light about the attack. This may be as simple as Supeo getting ransomware and attempting to stop the spread across their environment and that of their clients. Let’s just say I’m not convinced at this point it was a nation state attacker targeting operational technology (OT) to cause disruption. But I could be wrong.

Initial report - https://www.reuters.com/technology/danish-train-standstill-saturday-caused-by-cyber-attack-2022-11-03/

Article - https://www.securityweek.com/cyberattack-causes-trains-stop-denmark

Microsoft’s 43 Trillion

According to Microsoft’s comprehensive 114-page Digital Defense Report 2022 published last Friday, they have more than 43 trillion signals per day that are processed giving them the widest perspectives on the state of cybersecurity. The report covers a lot of ground, but the element that seems to have most people talking is concerning the interpretations on nation state actors, highlighting concerns that China is hording zero-day exploits. It’s a very good report and it’s great to see MS taking advantage of their unique position to drive cybersecurity – this is a very good thing and kudos to MS! Interestingly, highlighting China for withholding vulnerabilities to develop exploits is a bit “funny” given well documented examples of the same activities in many other governments. Point being… everyone is withholding vulnerability information, and the worse the vulnerability the more likely it is you’re not going to know about it. This is not an inditement of MS’s report, but rather attention seems to be most focused on that element, despite the report having a lot of other great information.

MS report site - https://www.microsoft.com/en-us/security/business/microsoft-digital-defense-report-2022

MS article - https://blogs.microsoft.com/on-the-issues/2022/11/04/microsoft-digital-defense-report-2022-ukraine/

Article - https://therecord.media/microsoft-accuses-china-of-abusing-vulnerability-disclosure-requirements/