Thursday, March 10, 2022 // (IG): BB //Weekly Sponsor: ISG
CISA, Cyber Incident Reporting Mandates Get Billions in Congressional Budget
FROM THE MEDIA: The spending boost and new requirement come as U.S. critical infrastructure sectors prepare for more cyberattacks. Critical infrastructure companies including water, wastewater and energy utilities, nuclear reactors and nuclear waste facilities, hospitals and other health care organizations, IT companies such as cloud service providers, the Defense Industrial Base (DIB) and others will be required to report cyber incidents within 72 hours to the Cybersecurity and Infrastructure Security Agency (CISA), according to the fiscal year 2022 government funding bill Congress dropped Wednesday. The $1.5 trillion spending package allocates $2.59 billion for CISA to address cyberthreats facing U.S. critical infrastructure sectors, granting the agency $300 million more than the Biden administration’s budget proposal. The new cyber incident reporting requirement comes as the U.S. braces for potential malicious cyber activity due to Russia’s invasion of Ukraine and after nearly a year of calls from federal cyber leaders to mandate cyber incident reporting and information-sharing in order to better address and prepare for cyberattacks against the nation’s critical infrastructure sectors. The requirement also comes just weeks after the Defense Department Inspector General found that some academic and research contractors within the DIB “did not consistently implement cybersecurity controls in accordance with federal and DOD requirements for safeguarding controlled unclassified information (CUI).”
READ THE STORY: GOVCIO
A QUICK LOOK:
National cyber director focused on staffing, promoting safe software and boosting workforce
FROM THE MEDIA: National Cyber Director Chris Inglis said his nascent office will be focused on “doctrine and people issues” within the federal government, raising the collective floor of U.S. cybersecurity knowledge and laying the groundwork for longer-term investments in secure software and hardware. While providing an update to the Information Security Privacy Advisory Board, Inglis said on Wednesday that his office — created through the 2021 National Defense Authorization Act — is still less than halfway through its initial hiring phase. The Office of the National Cyber Director currently has around 30 employees on staff, but that number is expected rise to around 85 when initial hiring efforts are complete. It's taken some time to get the office up and running, Inglis said, noting he was "confirmed in June (2021), showed up in July, but the funding didn't show up until November." "Often times there's this issue of [being] authorized, not appropriated, and we experienced that,” he told the board. As it continues its hiring spree, the office will turn its focus to a number of short-term and medium-term goals to help bolster the nation’s collective cybersecurity. That starts with providing more “coherence” to the distinct roles and responsibilities among agencies within the federal government when it comes to carrying out different cybersecurity missions and engaging with the private sector.
READ THE STORY: SCmag
A QUICK LOOK:
US strengthens Ukraine’s cyber defenses
FROM THE MEDIA: So far in the Ukraine conflict, experts who have watched Russian cyber assaults have been confused at their lack of success, as well as the lower tempo, intensity and sophistication of what Russian-government hackers are known to be capable of. Part of the reason is that Russia has held back its elite corps in the cyber arena, much as it has on the battlefield. In addition though, as our correspondents report, the US had been helping Ukraine for months before the invasion to identify and prepare for possible cyber attacks. Teams had searched for hidden malware, the kind which Russia could have planted, then left dormant in preparation to launch a devastating cyber attack alongside a more conventional ground invasion. In the Ukrainian Railways’ systems, a team of American soldiers and civilians found and cleaned up one particularly pernicious type of malware, which cyber security experts dub “wiperware” — that could have disabled its entire computer network. A similar malware went undetected within the border police, and as refugees fled to the frontiers, computers at the crossing to Romania were disabled, adding to the chaos. The support has continued. At the end of February, the US commerce department fast-tracked funding for Californian cyber security group Fortinet to deal with a distributed denial of service (DDoS) attack disabling the Ukrainian national police’s systems.
READ THE STORY: FT
A QUICK LOOK:
Why the U.S. can engage Russia on cyber over Ukraine
FROM THE MEDIA: Following a report that the U.S. Cyber Command has been working to counter Russian cyberattacks against Ukraine, the former general counsel of the command said that the U.S. makes every effort to ensure that all of its military activities — including on the cyber front — steer clear of making the country a “co-belligerent” under the terms of international law. “The United States is not a party to the current armed conflict between Russia and Ukraine and by all indications is calibrating its support to Ukraine to keep it that way,” said Gary Corn, who served as staff judge advocate (general counsel) for U.S. Cyber Command from 2014 to 2019, in an email to VentureBeat. “That means [the U.S.] is not engaging in any activities that would amount to a prohibited use of force under the UN Charter, or would otherwise make it a co-belligerent of Ukraine,” said Corn, who is now a professor with American University’s Tech Law and Security Program. Corn, a retired U.S. Army colonel and military attorney who served in the Army for 27 years, noted that “co-belligerent” is the correct term under international law (as opposed to the term “co-combatant” that is sometimes used). The New York Times reported on Sunday that teams with the U.S. Cyber Command — which is a part of the Department of Defense — have been working out of military bases in Eastern Europe to help neutralize Russian cyber offensives against Ukraine. These so-called “cybermission teams” from the unified combatant command have been working to “interfere with Russia’s digital attacks and communications,” according to the Times. VentureBeat has reached out to the U.S. Cyber Command and the Department of Defense (DoD) for comment.
READ THE STORY: Venturebeat
A QUICK LOOK:
Manufacturing is the ‘Most Targeted’ Industry for Cyber Attacks
FROM THE MEDIA: A new report shows that no industry is more targeted by cyber attackers than manufacturing. The 2022 “X-Force Threat Intelligence Index” by IBM Security reveals how ransomware and vulnerability exploitations were able to “imprison” businesses last year, especially manufacturers, and burden global supply chains, according to IBM last month. Overall, phishing was the most common cause of cyber attacks. The report is intended to deliver insights about the global threat landscape and inform cybersecurity professionals about the threats most relevant to their organizations. The X-Force Threat Intelligence Index maps new trends and attack patterns IBM Security observed and analyzed from its data: drawing from billions of data points — ranging from network and endpoint detection devices, incident response engagements, phishing kit tracking, and more, including data provided by Intezer. Ransomware actors attempted to “fracture” the backbone of global supply chains with the most attacks on manufacturing (23%), which unseats financial services and insurance for the top spot. Cyber attackers “wagered on the ripple effect” of disrupting manufacturers, expecting their supply chains to “pressure them into paying the ransom.” The report indicates that 47% of cyber attacks on manufacturers were caused due to software vulnerabilities that weren’t patched, highlighting the need for organizations to “prioritize vulnerability management.” Across industries, there was a 33% increase in cyber attacks caused by the exploitation of unpatched software. Ransomware actors relied on this point of entry the most, representing the cause of 44% of ransomware attacks.
READ THE STORY: Datamation
A QUICK LOOK:
Tesla email shines light on how SpaceX delivered Starlink internet to Ukraine only days after Musk said it would
FROM THE MEDIA: An email Tesla Motors sent staff in its Europe, Middle East and Africa (EMEA) offices on Monday revealed some of the ways the electric vehicle (EV) maker has supported the Ukraine government in the wake of Russia's invasion, by accelerating delivery of Starlink terminals and offering staff paid time off if called on to fight. The email, sent by Tesla's director of Northern Europe and reported by CNBC, says the EV company will offer at least three months pay for any Ukrainian employees who are conscripted to defend their country from Russian invasion. Tesla does not operate in Ukraine—and thus has no staff on the ground—but Ukranian nationals may have been called to the country after Ukranian President Volodymyr Zelenskyy activated reservists in February in advance of Russia's invasion. Tesla's email also praised employees for their help in delivering Starlink units to Ukraine, perhaps explaining how CEO Elon Musk was able to get the internet terminals to the war-torn country just one day after promising to send the satellite dishes.
READ THE STORY: Fortune
A QUICK LOOK:
Tesla will pay Ukrainian employees for up to 3 months if they are conscripted to fight
FROM THE MEDIA: Ukrainian Tesla employees who are asked to return to defend their country will receive pay for at least three months, according to an email the company sent on Monday to employees in the Europe, Middle East and Africa region. It wasn’t clear from the email whether this benefit would be extended to employees in North America and elsewhere. After three months, Tesla plans to reassess the Russia-Ukraine war and their employees’ situations to decide what more will be needed. Ukrainian President Volodymyr Zelenskyy called up reservists to fight back in February, ahead of the anticipated invasion. In the Monday email — sent on the 12th day after Russia invaded Ukraine — Tesla employees were also praised for helping SpaceX, the aerospace venture also led by Tesla CEO Elon Musk, to bring its Starlink satellite internet service to Ukraine. Among other things, Tesla’s Energy team assembled and provided lithium ion battery energy storage systems known as Tesla Powerwalls to run Starlink equipment in Ukraine. Tesla employees used inverters and charging cables that were donated by Tesla’s certified installers in the area to assemble the Starlink-and-Powerwall systems. They also fashioned AC cables from scrap at Tesla’s new factory being built outside of Berlin to help power Starlink equipment.
READ THE STORY: CNBC
A QUICK LOOK:
Attackers exploit fundamental flaw in the web’s security to steal $2 million in cryptocurrency
FROM THE MEDIA: On Thursday, Feb. 3, 2022, attackers stole approximately $2 million worth of cryptocurrency from users of the Korean crypto exchange KLAYswap. This theft, which was detailed in a Korean-language blog post by the security firm S2W, exploited systemic vulnerabilities in the Internet’s routing ecosystem and in the Public Key Infrastructure (PKI), leaving the Internet’s most sensitive financial, medical and other websites vulnerable to attack. Remarkably, years earlier, researchers at Princeton University predicted such attacks in the wild and successfully developed initial countermeasures against it, which we will describe here. But unless these flaws are addressed holistically, a vast number of applications can be compromised by the exact same type of attack. Unlike many attacks that are caused by zero-day vulnerabilities (which are often patched rapidly) or a blatant disregard for security precautions, the KLAYswap attack was not related to any software or security configuration used by KLAYswap. Rather, it was a well-crafted example of a cross-layer attack exploiting weaknesses across the routing system, public key infrastructure, and web development practices. We’ll discuss defenses more in a subsequent blog post, but protecting against this attack demands security improvements across all layers of the web ecosystem. The vulnerabilities exploited in this attack have not been mitigated. They are just as viable today as they were when this attack was launched. That is because the hack exploited structural vulnerabilities in the trust the PKI places in the Internet’s routing infrastructure.
READ THE STORY: Freedom to Tinker
A QUICK LOOK:
Toyota Considers New Production Strategy As World Burns
FROM THE MEDIA: Like most other automakers, Toyota has endured COVID restrictions, supply chains bottlenecks, component shortages, at least one cyberattack, and some new obstacles stemming from Russia’s invasion of Ukraine. These issues have already encouraged General Motors to pursue lower output as it focuses on selling on higher-margin vehicles. Though it’s hardly the only automaker signaling diminished production for 2022. Even the National Automobile Dealers Association is assuming 2022 will be another year of extra-tight inventories and wild markups. It’s something the industry was already doing, with Toyota becoming the next company opting to rejigger its targets to account for hard times. “We need to examine the conditions before us,” Chief Executive Officer Akio Toyoda explained on Wednesday. “If we do not continue to make sound production plans [as well as our suppliers] this will lead to exhaustion.” Considering Toyota has already cut its output goal for the fiscal year from 9 million vehicles to 8.5 million, issuing another cut within a few weeks looks pretty bad. But that’s allegedly not what’s happening. According to Chief Human Resources Officer Masanori Kuwata, the company is only seeking to temper its targets for the spring quarter (April-to-June) and would have another update for what that means in the coming days. I’m skeptical. After forcing staff to work on reduced schedules for the last two years, a lot of automakers have started talking about running leaner. Some have attributed this to their electrification strategy requiring fewer persons on the assembly line. But the general consensus seems to be that layoffs are coming, regardless of whether it being attributed to a crippled economy or some fantastical-sounding business model. My guess is that Toyota’s upcoming meetings will be covering similar territory with Akio coming forward to announce job cuts.
READ THE STORY: The Truth About Cars
A QUICK LOOK:
Hacktivism can help Ukraine, within limits
FROM THE MEDIA: One of the dogs of war that has so far not barked during the war in Ukraine has been a full-scale Russian cyber offensive. For the past eight years, Ukraine has been on the receiving end of one of the most sustained and vicious hacking campaigns in history. According to Microsoft’s 2021 Digital Defense Report, 58 per cent of all nation state cyber attacks in the world that researchers were able to identify came from Russia. Some security experts expected that the outbreak of war would be accompanied by a huge Russian cyber assault. But, if anything, Ukraine has been taking the fight to the Russians in the cyber domain. Ukraine is now hacking back. To help protect Ukraine’s cyber infrastructure, the country has been admitted as a contributing participant to NATO’s cyber defense center, where it can share knowledge and expertise. Some big tech companies are also lending a hand. For example, Microsoft has helped to alert Kyiv to cyber attacks and protect against malware. Yet perhaps the most striking feature of this cyber conflict has been how Kyiv has mobilized support of thousands of hackers, or “hacktivists”, from around the world. Ukraine’s government has launched an “IT army”, coordinated on the Telegram messaging app, to strengthen cyber systems and conduct cyber espionage against Russia. Most defensive “white hat” hacking activity is to be applauded, although there are clearly co-ordination problems. Strengthening civilian infrastructure, such as hospitals and electricity grids, against cyber attacks can help prevent further misery being heaped upon the Ukrainian people. Hacktivists can often identify and patch bugs in software and networks. They can also expose and counter Russian disinformation. The open source intelligence community is informing the world about what is really happening on the ground in Ukraine. However, concerns arise when this hacking activity is directed at disrupting Russia’s own civilian infrastructure. The Telegram channel of Ukraine’s IT army initially flagged 31 Russian cyber targets, including the energy companies Gazprom and Lukoil, and several government ministries. Hackers already claim to have coordinated distributed denial of service (DDoS) attacks against some of these targets, although from the outside it is hard to assess their impact. Anonymous, the hacktivist collective that has previously hacked several governments as well as Isis and the Ku Klux Klan, has also said it is targeting Russia.
READ THE STORY: FT
A QUICK LOOK:
Sodinokibi/REvil Ransomware Defendant Extradited to United States and Arraigned in Texas
FROM THE MEDIA: A man charged with conducting ransomware attacks against multiple victims, including the July 2021 attack against Kaseya, made his initial appearance and was arraigned today in the Northern District of Texas. According to an August 2021 indictment, Yaroslav Vasinskyi, 22, accessed the internal computer networks of several victim companies and deployed Sodinokibi/REvil ransomware to encrypt the data on the computers of victim companies. “When last year I announced charges against members of the Sodinokibi/REvil ransomware group, I made clear that the Justice Department will spare no resource in identifying and bringing to justice transnational cybercriminals who target the American people,” said Attorney General Merrick B. Garland. “That is exactly what we have done. The United States, alongside our international partners, will continue to swiftly identify, locate, and apprehend alleged cybercriminals, capture their illicit profits, and bring them to justice.” “Just eight months after committing his alleged ransomware attack on Kaseya from overseas, this defendant has arrived in a Dallas courtroom to face justice,” said Deputy Attorney General Lisa O. Monaco. “When we are attacked, we will work with our partners here and abroad to go after cybercriminals, wherever they may be.”
READ THE STORY: NASDAQ
A QUICK LOOK:
Items of interest
BNP Paribas bars Russia-based staff from computer systems as cyber attack fears grow(Article)
FROM THE MEDIA: France's largest bank BNP Paribas has cut off its Russia-based workforce from its internal computer systems as it seeks to bolster its defences against any potential cyber attack, a source with direct knowledge of the matter told Reuters. The French lender, believed to be the first major bank to have jettisoned staff in Moscow from its IT networks, has also placed employees in other locations on high alert for cyber threats emanating from Russia, following its invasion of Ukraine, an internal memo seen by Reuters showed. The move, aimed at protecting the bank from cyber criminals who could use the local network as an access point, also further distances its shrinking Russian operations from the rest of the group.
READ THE STORY: Nasdaq
Updated: Conti Ransomware(Video)
FROM THE MEDIA: CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the United States Secret Service (USSS) have re-released an advisory on Conti ransomware. Conti cyber threat actors remain active and reported Conti ransomware attacks against U.S. and international organizations have risen to more than 1,000. CISA, the FBI, NSA, and the USSS encourage organizations to review AA21-265A: Conti Ransomware, which includes new indicators of compromise, for more information. See Shields Up and StopRansomware.gov for ways to respond against disruptive cyber activity.
Fortinet : Department of Justice Collaboration Works to Disrupt Ransomware Ecosystems(Video)
FROM THE MEDIA: In discussions of ransomware, there's not always lots of good news. However, recently the Department of Justice (DOJ) has had a few victories against ransomware operators. What's important to note is that these successes are collaborative efforts and pushing back against the ransomware ecosystem, not just individual operators. It's important to remember that cybercrime is big business with a vast network of players. The Ransomware-as-a-Service (RaaS) model is part of it. This model features "developers," "operators," and "affiliates." Developers are responsible for creating and updating the ransomware. Operators are responsible for running the business, including creating the affiliate program, making the ransomware available to affiliates, and managing rates and settlement payouts. Affiliates identify and attack high-value victims with ransomware, and after a victim pays, the operator pays the ransom money out to affiliates. In some cases, this process is automated with control panels to make payouts.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com