NSI Security NewsWatch Banner

A weekly roundup of news, trends and insights designed exclusively for security professionals. This publication is intended for security staff only.

 

In this issue — October 15, 2020

  • Cyber Command, Microsoft Take Action Against Trickbot Botnet Before Election Day
  • Singapore Man Gets Prison; Spied for China in the U.S.
  • Why Are Some Employees More Likely to Comply with Infosec Policies Than Others?
  • U.S. Unveils Enforcement Framework to Combat Terrorist Cryptocurrency Activity
  • DoD Publishes Long-Anticipated Data Strategy
  • Takedown of 92 Iran-Owned Domains Includes 4 Used for Disinformation in U.S.
  • DHS: Russia Poses Greatest Threat to Election
  • DOJ Charges British Islamic State Terrorists in Gruesome Beheadings
  • NATO Chief Calls for New Strategy on Cyber, China
  • Report: Workforce Changes Needed to Make IC More Agile

Cyber Command, Microsoft Take Action Against Trickbot Botnet Before Election Day (Cyber Scoop, 10/12/20)

The Pentagon’s offensive hacking arm, Cyber Command, has carried out an operation to hinder the ability of TrickBot, one of the world’s largest botnets, from attacking American targets.  Microsoft also has sought to disrupt TrickBot, according to Tom Burt, the company’s corporate vice president of customer security and trust.

The two operations represented distinct efforts to interrupt a pernicious threat that U.S. government officials say could be used to launch ransomware attacks against IT systems that support the voting process ahead of Election Day.  Such an attack against voter registration systems, for instance, could result in confusion, delays or other uncertainties when Americans cast their ballots.  As a result of the Microsoft operation, the people behind the TrickBot botnet — a collection of compromised zombie computers controlled by Russian-speaking attackers — will be limited in their ability to infect new victims and activate ransomware they may have been preparing to deploy against targets. More


Singapore Man Gets Prison; Spied for China in the U.S. (NYDN, 10/10/20)

A Singapore man has been sentenced to prison for tricking unsuspecting Americans out of valuable — but unclassified — military and political information he would then pass along to the Chinese government.  Jun Wei Yeo was handed 14 months behind bars in U.S. Federal Court for duping U.S. government employees into writing reports that he claimed would be sent to clients in Asia. 

Instead, they were transmitted to the Chinese government as part of what the Trump administration has called a broader effort by the nation to steal American secrets.  In July, Yeo pleaded guilty to acting as an agent of a foreign government.  He was arrested in November after he was approached at an airport by an FBI agent, who requested an interview.  While Yeo initially declined and set out toward his flight, he changed his mind and confessed to his scheme to dupe Americans out of information. More


Why Are Some Employees More Likely to Comply with Infosec Policies Than Others? (Help Net Security, 10/9/20)

Information security policies that are not grounded in the realities of an employee’s work responsibilities and priorities expose organizations to higher risk for data breaches, according to a research from SUNY Binghamton.  The study’s findings, that subcultures within an organization influence whether employees violate security policies or not, have led researchers to recommend an overhaul of the design and implementation of those policies and to work with employees to find ways to seamlessly fit compliance into their day-to-day tasks.

“The frequency, scope and cost of data breaches have been increasing dramatically in recent years, and the majority of these cases happen because humans are the weakest link in the security chain.  Non-compliance to security policies by employees is one of the important factors,” said Sumantra Sarkar, associate professor of management information systems.  “We wanted to understand why certain employees were more likely to comply with information security policies than others in an organization.” More

******************************************************************************************

Surge in Remote Work Heightens Cybersecurity Risks

Hackers have wasted no time figuring out how to exploit the worldwide COVID-19  pandemic.  Their latest target—employees working from home. With increased remote work, there is increased risk of employees accessing data through unsecured and unsafe Wi-Fi networks, falling prey to phishing and ransomware attacks, using personal devices to perform work, and not following security policies established by your organization. This increasing risk curve can be flattened dramatically simply by increasing employee awareness.

In addition to advice about washing our hands, people need to be reminded about practicing good cyber hygiene as well. Now you can take advantage of the service America’s most respected companies have been using to protect their critical information caused by lax employee cyber habits. NSI’s SECURITYsense awareness program gives employees the tools and information they need to make security second nature. Find out how this valuable resource can help protect your employees and ensure they’re part of the solution and not part of the problem. Click here https://www.nsi.org/securitysense/what-is-securitysense.shtml for more information.

******************************************************************************************

U.S. Unveils Enforcement Framework to Combat Terrorist Cryptocurrency Activity (ZD Net, 10/9/20)

U.S. officials have outlined how criminal applications of blockchain technologies and cryptocurrency should be responded to through a new framework.  While the possibilities of the blockchain are considered "breathtaking" prospects that could allow humans to "flourish," the new "cryptocurrency enforcement framework" focuses on darker applications, such as the use of virtual assets in criminal enterprises. 

The DOJ, together with Attorney General William Barr, announced the public release of the framework last week.  The report is based on the efforts of the Attorney General's Cyber-Digital Task Force, tasked with investigating "emerging threats and enforcement challenges associated with the increasing prevalence and use of cryptocurrency," according to the department. More

DoD Publishes Long-Anticipated Data Strategy (Fed Scoop, 10/8/20)

The DoD last week published its first data strategy, calling for a broad cultural shift across the military to use data at every echelon in support of warfighting.  Developed under the leadership of new DoD Chief Data Officer Dave Spirk, the strategy repeats common calls from technology leaders in the military to use data as a strategic asset and to make data available for all users — but it adds a new emphasis on data’s use in war.

The strategy comes after Spirk went on a listening tour across the department to find ways for the military to use data as a warfighting tool.  Now the DoD is turning to implement the cultural shifts that are required to make the department’s goals reality under the single strategy.  A senior defense official described the strategy as an “overarching vision” that will need time to become the reality, but Spirk is working with the DoD Office of the CIO to implement it across the department. More


Takedown of 92 Iran-Owned Domains Includes 4 Used for Disinformation in U.S. (Cyber Scoop, 10/7/20)

The U.S. seized 92 internet domains used “to spread pro-Iranian disinformation around the globe,” including four that directly targeted U.S. audiences.  Iran’s Islamic Revolutionary Guard Corps operated the domains in violation of U.S. sanctions, according to a DOJ announcement.  The department said the operation was based on intelligence provided by Google, and was a collaborative effort between the FBI and Google, Facebook and Twitter.

The other 88 domains “targeted audiences in Western Europe, the Middle East, and South East Asia and masqueraded as genuine news outlets,” the department said.  The feds claimed jurisdiction over all 92 domains because the government of Iran and the IRGC ran them through website and domain services in the U.S. without a license from the Treasury’s Office of Foreign Assets Control.  The announcement is the latest in a steady stream of news about attempts by U.S. agencies or Silicon Valley giants to monitor foreign information operations as Election Day looms. More


DHS: Russia Poses Greatest Threat to Election (Gov Info Security, 10/7/20)

In the latest in a series of election security reports from government agencies, DHS says Russia poses the most serious nation-state disruption threat to the presidential election.  "Nation-states like China, Russia, and Iran will try to use cyber capabilities or foreign influence to compromise or disrupt infrastructure related to the 2020 U.S. presidential election, aggravate social and racial tensions, undermine trust in U.S. authorities and criticize our elected officials," the report notes.  "Perhaps most alarming is that our adversaries are seeking to sway the preferences and perceptions of U.S. voters using influence operations."

Nation-state advanced persistent threat groups will focus on voters' personally identifiable information, municipal and state networks, and will even single out state election officials directly for attack, DHS predicts.  "Adversaries could attempt a range of election interference activities, including efforts to target voter registration systems, to compromise election system supply chain, to exploit poor cybersecurity practices on protected election systems or networks, or to hack official election websites or social media accounts," the report notes. More


DOJ Charges British Islamic State Terrorists in Gruesome Beheadings (Politico, 10/7/20)

The DOJ last week charged two British members of ISIS with terrorism offenses related to their alleged roles in the kidnapping and killing of several American hostages.  El Shafee Elsheikh and Alexanda Kotey are now in FBI custody.  They will stand trial in federal court in the Eastern District of Virginia, officials said.  The two men were captured by U.S.-allied Kurdish forces in Syria in 2018 and had since been held in U.S. military custody in Iraq.

They are believed to be part of the four-person group of Islamic State fighters with British accents known as the “Beatles,” a nickname reportedly used by their captives to refer to them covertly.  FBI Director Christopher Wray said the indictment “makes clear once again that combating terrorism remains the FBI’s top priority, and that the entire United States government remains committed to bringing to justice anyone who harms our citizens.”  The notorious terrorist cell has been accused of at least 27 killings, including the 2014 beheadings of American journalists James Foley and Steven Sotloff and American aid worker Peter Kassig. More


NATO Chief Calls for New Strategy on Cyber, China (AFP, 10/7/20)

NATO needs a new strategic concept adjusted to the global rise of new technologies, terrorism and China to replace a plan developed a decade ago, the head of the alliance said last week.  French President Emmanuel Macron famously branded the alliance "brain dead" last year, demanding a new strategy that would, among other things, reopen dialogue with Russia, stifled after it annexed part of Ukraine, and refocus on the fight against Islamist terrorism.

As part of a "reflection process" triggered by the French leader's controversial remarks, NATO will revise its strategic concept—its overarching statement of the threats it faces and how it might respond, Secretary General Jens Stoltenberg told a conference in Slovakia's capital Bratislava.  "The time has come to develop a new strategic concept for NATO, as the world has fundamentally changed," Stoltenberg said at the GLOBSEC security forum.  He dubbed the initiative "NATO 2030". More


Report: Workforce Changes Needed to Make IC More Agile (FCW, 10/7/20)

Lawmakers want the intelligence community to reform its personnel practices while challenging long-held norms, such as the near-absolute need for a security clearance and resistance to open intelligence sharing, according to a new congressional report.  The House Permanent Select Committee on Intelligence's Subcommittee on Strategic Technologies and Advanced Research last week released a report recommending new employees waiting for a clearance be put in positions where they don't require one for the meantime, and evaluate any barriers to that approach.

But reconsidering whether a security clearance was truly necessary is the bigger challenge raised, especially to improve science and technology developments, even as overall wait times for clearances are dropping.  Reps. Jim Himes (D-Conn.) and Chris Stewart (R-Utah), the subcommittee chair and ranking member who led the report, wrote that "a top secret clearance is not necessary for all IC personnel to perform their job responsibilities, and for [science and technology research and development] in particular, much work can be completed without even a secret-level security clearance." More


Keep Getting This Newsletter

To ensure delivery to your inbox (not bulk or junk folders), please add NSI@nsi.org to your address book.

SUBSCRIBE: If you were sent this by a colleague and wish to subscribe to NSI's complementary Security NewsWatch e-newsletter, visit http://nsi.org/newsletter.html.

UNSUBSCRIBE:

Please feel free to share this e-mail with your colleagues and encourage them to sign up to get their own copy at http://nsi.org/newsletter.html

ADVERTISERS: For information about sponsoring this e-letter, contact sburns@nsi.org or call
508-533-9099.

NSI LogoNational Security Institute
165 Main Street, Suite 215
Medway, MA 02053
Tel: 508-533-9099
Fax: 508-507-3631
Internet: http://nsi.org

 

 

Impact 2020 Announcement

*****************************

Help Your Employees Become Cyber Aware

Experts agree, well intentioned but careless employees pose just as much of a danger to your organization as faceless hackers on the outside. In fact, 95 percent of successful hack attacks or incidents are attributed to human error.

Learn how to mitigate the accidental insider threat and empower your employees to think securely with these valuable lessons:

  1. How to recognize and respond to social engineering attacks
  2. How to avoid spear-phishing and email scams
  3. How avoid becoming an easy target for hackers
  4. How to prevent human errors that cause security breaches
  5. How to protect sensitive data from hackers, spies and ID thieves

Learn More Button