|
Federal council to Trump: Cyber threats pose 'existential threat' to the nation
The National Infrastructure Advisory Council (NIAC) published a draft report addressed to President Trump this week that found cyber threats to critical infrastructure pose an “existential threat” to national security and recommended “bold action” in response. [...] “Mr. President, escalating cyber risks to America’s critical infrastructures present an existential threat to continuity of government, economic stability, social order, and national security,” the NIAC wrote. “U.S. companies find themselves on the front lines of a cyber war they are ill-equipped to win against nation-states intent on disrupting or destroying our critical infrastructure.”
https://thehill.com/policy/cybersecurity/473682-federal-council-to-trump-cyber-threats-pose-existential-threat-to-the
Cyberattack hits city of Pensacola
The city said the issue has impacted city emails and phones, 311 customer service and online payments, including Pensacola Energy and Pensacola Sanitation Services. However, 911 and emergency services are not impacted. Officials for the city are unsure whether the incident is related to the Friday shooting at Pensacola Naval Air Station. "It's really too early to say one way or another. We are still assessing this," said Kaycee Lagarde, a spokeswoman for the mayor.
https://www.cnn.com/2019/12/09/us/pensacola-cyber-attack/index.html
‘It was like a tornado’: Cyber thieves demand $500K ransom in attack targeting contractor serving Greater Morristown nonprofits
These organizations were not targeted individually. The attacker struck the information technology company that provides their networking services, Morristown-based Oxford Network Solutions, and other IT companies, said Deborah Farrar Starker, executive director of the Museum of Early Trades in Crafts. “No one is safe. These ransomware folks are one step ahead of all the IT people,” Starker said.
https://morristowngreen.com/2019/12/09/it-was-like-a-tornado-cyber-thieves-demand-500k-ransom-in-attack-targeting-contractor-serving-greater-morristown-nonprofits/
Ransomware at Colorado IT Provider Affects 100+ Dental Offices
Multiple sources affected say their IT provider, Englewood, Colo. based Complete Technology Solutions (CTS), was hacked, allowing a potent strain of ransomware known as “Sodinokibi” or “rEvil” to be installed on computers at more than 100 dentistry businesses that rely on the company for a range of services — including network security, data backup and voice-over-IP phone service.
https://krebsonsecurity.com/2019/12/ransomware-at-colorado-it-provider-affects-100-dental-offices/
Healthcare cybersecurity employee training best practices for CIOs and CISOs
“Aim to have your training videos be between 3 and 5 minutes long,” Lancaster suggested. “They should establish the subject and educate on it without trying to be flashy. They should be followed by a quick quiz that is easy to answer provided the respondent was paying attention to the training. You are not trying to stump people here, but at the same time asking ‘Is phishing bad? Yes or No?’ does not demonstrate ingestion of information.” At the end of the day, the intent of any training, but especially security awareness training, should be that the recipient demonstrates they have adequately received and internalized the information[.]
https://www.healthcareitnews.com/news/healthcare-cybersecurity-employee-training-best-practices-cios-and-cisos
Public Enemy Number One
This means the CFO must understand the changing cyber-risk environment as well as the evolving regulatory scene, he adds; the biggest challenge will be building knowledge and working out what’s acceptable financially. For the senior finance executive, knowledge is the first line of defense, says Carolyn Zhang, division CFO at Tekni-Plex, a globally integrated packaging manufacturer. “As guardians of the company’s assets,” she says, “we need [to gain] a good understanding of the risks, then implement a strategic cyber-risk protection and mitigation agenda, make the CEO believe the program is necessary and then carry it out.”
https://www.gfmag.com/magazine/december-2019/public-enemy-number-one
An Identity Crisis: Organizations Grapple With Growing Consumer Expectation for Personalization and Security Challenges
"In a digital economy, identity is a point of trust, perimeter of security and an index of customer satisfaction" [...] This means that technology, cybersecurity, legal and business leaders are all stakeholders in effective identity management, each with their own challenges and ambitions related to user experience, system availability, resilience, risk management and consumer engagement.
https://finance.yahoo.com/news/identity-crisis-organizations-grapple-growing-140000539.html
Encryption back on the congressional agenda
The Senate Judiciary Committee this week explores the pros and cons of encryption, the first time Congress has dipped into the subject in a long time. While the panel hasn’t announced Tuesday’s witness list yet, the hearing comes two months after Attorney General William Barr joined British and Australian officials to initiate a big push against warrant-proof encryption centered on fighting child exploitation.
https://www.politico.com/newsletters/morning-cybersecurity/2019/12/09/encryption-back-on-the-congressional-agenda-783456
Social media platforms leave 95% of reported fake accounts up, study finds
Through the four-month period between May and August of this year, the research team conducted an experiment to see just how easy it is to buy your way into a network of fake accounts and how hard it is to get social media platforms to do anything about it.
https://arstechnica.com/tech-policy/2019/12/social-media-platforms-leave-95-of-reported-fake-accounts-up-study-finds/
Veterans: Best Solution to the Cybersecurity Shortage?
“The biggest challenge for transitioning veterans will be getting up to speed on newer technologies. The technology that most soldiers use is three to five years behind their civilian counterparts” [...] “However, veterans come from the military with superior management and time-management skills, they’ve learned to deal with difficult people and how to create a team and build a cohesive leadership atmosphere where people want to follow. It’s technical skills versus leadership skills,” Hawkins said.
https://insights.dice.com/2019/12/05/veterans-solution-cybersecurity-shortage/
Iran Has Launched ‘Malicious’ New Malware That Wipes Windows Computers, Warns IBM
The sectoral targets and use of wiper malware points towards Iran’s APT33, arguably the best known of its threat actors. This is the group behind the Microsoft Outlook exploit in July, prompting a U.S. government warning, and which deployed its own VPN to veil “aggressive attacks” on U.S. and Middle East targets in the oil and gas sector. APT33 was also behind the infamous 2012 Shamoon attack on Saudi Aramco, an attack which erased the data on most of the company’s computers.
https://www.forbes.com/sites/zakdoffman/2019/12/04/iranian-hackers-launch-malicious-new-wiper-malware-ibm-warns-of-destructive-attacks/#1794795e7ec2
Bitcoin ransomware locks 10 years’ worth of government data in Argentina
Some 7,700 GB — approximately 10 years worth data — was originally compromised as a result of the attack. [...] Governments have proved to be popular targets. A group of cybercriminals calling themselves the “Shadow Kill Hackers” attacked the City of Johannesburg (South Africa) administration website in late October and threatened to upload the stolen data on the internet unless they received a $300,000 (4 BTC) Bitcoin ransom.
https://thenextweb.com/hardfork/2019/12/09/bitcoin-ransomware-government-data-argentina/
Beijing orders state offices to replace foreign PCs and software
The move is part of a broader campaign to increase China’s reliance on home-made technologies, and is likely to fuel concerns of “decoupling”, with supply chains between the US and China being severed. [...] Analysts at China Securities, a broker, estimate that 20m to 30m pieces of hardware will need to be swapped out as a result of the Chinese directive, with large-scale replacement beginning next year. They added that the substitutions would take place at a pace of 30 per cent in 2020, 50 per cent in 2021 and 20 per cent the year after, earning the policy the nickname “3-5-2”.
https://www.ft.com/content/b55fc6ee-1787-11ea-8d73-6303645ac406
North Korea Hackers Breached Indian Nuke Reactor In Search For Advanced Thorium Technology
The hackers are alleged to have belonged to Lazarus, the cyber arm of the North Korean government and are expected to have been after Thorium based nuclear energy, which has been developed indigenously by India. It seems that a “Dtrack” malware was planted in the nuclear power plant’s systems using phishing emails and the attackers may have gained high-level access to crucial targets, according to an internal report. The emails were disguised as originating from the country’s Atomic Energy Regulation Board and the Bhabha Atomic Research Center of India.
https://www.ibtimes.com/north-korea-hackers-breached-indian-nuke-reactor-search-advanced-thorium-technology-2878052
Global Offshore Corporate Networks Exposed in Massive Data Leak
The transparency collective ‘Distributed Denial of Secrets‘ obtained these documents from a source dubbed “Babylon” and is publishing them online. More than 100,000 recorded phone calls between Formations House, its customers, and related figures, are included. [...] In only a matter of days, a client could purchase offshore companies bundled into packages touting minimal compliance requirements, tax-free operations, and anonymity for directors and shareholders. The emails provide a window into an international industry where the rich and powerful are able to circumnavigate borders using the citizenship by investment program and exploit loopholes in notorious tax havens like the British Virgin Islands and the Cayman Islands.
https://unicornriot.ninja/2019/global-offshore-corporate-networks-exposed-in-massive-data-leak/
What we're missing in the CCPA de-identification debate
Widely misunderstood are the CCPA’s de-identification provisions, which identify the types of data that can be excluded from CCPA’s scope or which should generate a much lighter compliance burden. As a result, companies have an incentive to de-identify their data to reduce their obligations and protect consumers. Yet, by focusing upon the legalese and apparent inconsistencies of language between sections, lawyers often fail to see that de-identification is in fact a spectrum. Businesses using de-identified data should not be given ‘carte blanche.’
https://thehill.com/opinion/cybersecurity/473652-what-were-missing-in-the-ccpa-de-identification-debate
Regaining Customer Trust During A Crisis: Four Realities For Business Owners And Leaders
When you have strong trust equity and a crisis erupts, your customers and stakeholders may be more forgiving and are more likely to put the situation into context. [...] How you handle the crisis will determine the damage it might do to your trust equity. If you already have a strong relationship of trust with your customers and you handle the crisis effectively, you can regain trust. In fact, if handled well, you can significantly strengthen the trust relationship.
https://www.forbes.com/sites/forbescoachescouncil/2019/12/09/regaining-customer-trust-during-a-crisis-four-realities-for-business-owners-and-leaders/#600db152491e
2020 is when cybersecurity gets even weirder, so get ready
If employees are regularly tricked into handing money over to fraudsters on the strength of a bogus email (and they still are), imagine how easy it would be to be fooled by a deepfaked video chat with the CEO instead? The continued expansion of the Internet of Things will greatly increase the number of devices and applications that security teams will have to protect. That's hard for teams that have been used to protecting just PCs and servers and now have to worry about everything from smart air-conditioning units or vending machines in the canteen, right through to power plants and industrial machinery.
https://www.zdnet.com/article/2020-is-when-cybersecurity-gets-even-weirder-so-get-ready/
Here's the Pentagon's Terrifying Plan for Cyborg Supersoldiers
A new report from the U.S. Army Combat Capabilities Development Command Chemical Biological Center—a scientific research division of the Army with a focus on biological and chemical weapons—detailed what the field of cybernetics might look in 2050. The report, titled Cyborg Soldiers 205: Human/ Machine Fusion and the Implications for the Future of the DOD, reads like the framework for a dystopian novel set in a near future where injured soldiers are cybernetically enhanced, but come home to an America terrified of cyborgs.
https://www.vice.com/en_us/article/xwee47/heres-the-pentagons-terrifying-plan-for-cyborg-supersoldiers
|
