NSI Security NewsWatch Banner

A weekly roundup of news, trends and insights designed exclusively for security professionals. This publication is intended for security staff only.


In this issue — October 9, 2019

  • FBI Advises Universities on Chinese Economic Espionage
  • New Tech Aims to Tell Pilots when Their Plane Has Been Hacked
  • Report: Nation-State Hackers, Cyber Criminals Are Spoofing Each Other
  • Military Warns of Iranian Hackers Targeting U.S. Troops with Fake Jobs Website
  • China, Russia Deepen Technological Ties
  • Senators Press Social Media Firms to Fight Deepfake Videos
  • Urgent Need for Federal Role in Drone Detection at Airports
  • Former Officials Flag Disinformation as Top Threat to Elections
  • FBI Issues ‘High Impact’ Warning on Ransomware Attacks
  • DOJ: Nigerian Hacker Targeted Federal Employees in $1M Scheme
  • Support for Expunging Huawei Gear from Carrier Networks Grows

FBI Advises Universities on Chinese Economic Espionage (AP, 10/7/19)
As the U.S. warned allies around the world that Chinese tech giant Huawei was a security threat, the FBI was making the same point quietly to a Midwestern university.  In an email to the associate vice chancellor for research at the University of Illinois-Urbana-Champaign, an agent wanted to know if administrators believed Huawei had stolen any intellectual property from the school.  Told no, the agent responded: “I assumed those would be your answers, but I had to ask.”
It was no random query.  The FBI has been reaching out to colleges and universities across the country as it tries to stem what authorities portray as the wholesale theft of technology and trade secrets by researchers tapped by China.  The breadth and intensity of the campaign emerges in emails obtained through records requests to public universities in 50 states.  The emails underscore the extent of U.S. concerns that universities, as recruiters of foreign talent and incubators of cutting-edge research, are particularly vulnerable targets.  More

New Tech Aims to Tell Pilots when Their Plane Has Been Hacked (Defense One, 10/4/19)
As the military helicopter lifts off the ground and heads skyward, the numbers on the altimeter suddenly stop ticking upward.  The rumble of the helicopter’s engines fade and the chopper starts losing altitude.  A second later, a dire warning flashes in red on a cockpit screen: “Cyber Anomaly.”
The helicopter is under attack, but not from missiles or guns.  Seconds later, it smashes into the ground.  Luckily for the pilot, he’s not in a real helicopter — just a small simulator set up in a conference room of a high-rise office building in Arlington, Virginia.  Greg Fry, the engineer at the controls of the choreographed crash, is part of a Raytheon team that is building a new warning system that tells pilots when their planes are being hacked, something the U.S. military expects to happen in the battles of the future.  “Basically, we’re trying to give the pilot the information about what’s happening internally on his aircraft in real time,” said Amanda Buchanan, the project’s engineering lead.  “We’re telling him what’s going on and allowing him to make decisions about what he needs to do to correct the problems.” More

Report: Nation-State Hackers, Cyber Criminals Are Spoofing Each Other (ZD Net, 10/4/19)
Nation-state hackers and cyber criminals are increasingly impersonating each other to try and hide their tracks as part of advanced attack techniques, says Optiv Security in a new report.  The top industries being targeted are retail, healthcare, government, and financial institutions.  Cryptojacking and ransomware are new exploits that join the traditional list of computer threats from botnets, denial-of-service attacks, phishing, and malware.
Optiv says cyber criminals and nation-state hackers are learning from each other and becoming more successful.  They also try to spoof each other by adopting similar techniques to try and confuse investigators.  Recently, security firm Check Point warned that U.S. government agencies are vulnerable to a new collection of attack techniques that have been associated with a Chinese government-backed hacking group. More


What’s the Number One Cause of Security Breaches and Insider Threats?

It can blow through any firewall, defeat expensive technology controls, expose sensitive data, cause laptops and mobile devices to go missing, and leak corporate or national security secrets.  What, you ask, is it?  Employee negligence — the single most common cause of damaging insider threats. If there's a common thread the experts all agree on, it’s that poor training and unaware employees lie at the root of many if not most employee security breaches.

So, how do you make sure that your company's information assets are protected? The first line of defense is employee awareness – the critical "humanware” component of your data security armor. NSI’s SECURITYsense awareness program gives your employees the tools and information they need to make security second nature.  Don’t put your organization at risk.  Get SECURITYsense and build awareness quickly and affordably. Click here https://www.nsi.org/securitysense/what-is-securitysense.shtml for more information.


Military Warns of Iranian Hackers Targeting U.S. Troops with Fake Jobs Website (Stars and Stripes, 10/4/19)
U.S. military officials warned troops last week that Iranian hackers have set up a fake jobs website for veterans that targets servicemembers considering a transition back to civilian life.  A National Guard Bureau memorandum warns servicemembers to stay away from the website called “Hire Military Heroes,” which appears to offer them assistance finding a job outside the Defense Department via a web application that visitors are encouraged to download.
However, the app actually drops malicious malware and spyware into the user’s computer system, according to the document.  Defense officials have determined the website targets servicemembers close to leaving the military.  Officials believe the Iranian hackers hope to gain access to Pentagon information technology systems by targeting those individuals. More

China, Russia Deepen Technological Ties (Defense One, 10/4/19)
China and Russia are deepening and expanding their ties — economic, military, technological — as external pressures limit their access to overseas markets and technology.  Both countries hope the collaboration will help to compensate for domestic deficiencies and to compete successfully with the United States in today’s critical technologies.  
This bilateral relationship, currently celebrating its 70th anniversary, has ebbed and flowed in the decades since the Soviet Union and the People’s Republic of China opened diplomatic relations.  This relationship, now upgraded to and characterized as a “comprehensive strategic partnership of coordination for a new era,” is continuing to evolve amid today’s great power rivalry.  For Moscow, certain Chinese products, services and experience may be the lifeline for its industry, government, and military need to wean themselves from high-tech Western imports. More

Senators Press Social Media Firms to Fight Deepfake Videos (Gov Info Security, 10/3/19)
Senators Mark Warner, D-Va., and Marco Rubio, R-Fla., are urging social media companies to create new policies and standards to combat the spread of "deepfake" videos.  In letters sent last week, the two lawmakers urge 11 firms take action, citing the potential threat to American democracy.  Deepfake refers to using advanced imaging and machine technologies to convincingly superimpose video images or audio recordings that give the impression that people have done or said something that they did not.
"Even easily identifiable fabricated videos can effectively be used as disinformation when they are deliberately propagated on social media," Warner and Rubio write in the letters.  The senators sent the letters to Facebook, Twitter, TikTok, YouTube, Reddit, LinkedIn, Tumblr, Snapchat, Imgur, Pinterest and Twitch.  More

Urgent Need for Federal Role in Drone Detection at Airports (Homeland Security Today, 10/3/19)
Most airports in the United States and Canada do not have a comprehensive plan to deal with errant unmanned aircraft systems (UAS) — whether careless, clueless, or criminal.  Further, most airports do not have a plan for integrating compliant UAS operations. 
The Blue Ribbon Task Force on UAS Mitigation at Airports has released its report on UAS integration, detection, identification, and mitigation in and around airports.  The task force is chaired by former Federal Aviation Administration Administrator Michael Huerta and the CEO of Los Angeles World Airports, Deborah Flint.  The task force recommended that congress appropriate more funds to the FAA, the Canadian Cabinet appropriate more targeted funds to Transport Canada, and both legislative bodies extend UAS interdiction authority to trained state and local law enforcement agencies. More

Former Officials Flag Disinformation as Top Threat to Elections (FCW, 10/3/19)
Two top former national security officials believe that disinformation campaigns may pose a greater long-term threat to election infrastructure than cybersecurity risks.  "Securing the voting apparatus ... that's hugely important, but that to me at least is one bin of the problem," said former Director of National Intelligence James Clapper last week.  "The other bin is what I would call, for lack of a better term, intellectual security, meaning how do you get people to question what they read, see and hear on the internet?  And this where the Russians exploited our divisiveness by using social media, so that part of the problem I'm not sure about."
Clapper said that when it comes to protecting voting machines and other election infrastructure, agencies like the FBI, Department of Homeland Security, National Security Agency and others have "done a lot" since 2016.  At the same event, former DHS Secretary Michael Chertoff argued that in some respects, voting machines may be the "least vulnerable" component due to the decentralized nature of U.S. elections and because the machines are in theory disconnected from the internet, requiring physical access to compromise them in most cases. More

FBI Issues ‘High Impact’ Warning on Ransomware Attacks (The Hill, 10/3/19)
The FBI last week warned U.S. businesses and organizations of the increasing threat posed by ransomware cyberattacks, following several high-profile attacks on government offices and other public entities.  The agency said the attacks, which involve encrypting a computer before demanding money in return for unlocking it, are “becoming more targeted, sophisticated, and costly.”
“Since early 2018, the incidence of broad, indiscriminate ransomware campaigns has sharply declined, but the losses from ransomware attacks have increased significantly,” the FBI wrote.  The agency has issued similar warnings of malicious actors trying to hack into websites seen as more "secure" and have warned of business email compromises, but this was the first in 2019 highlighting ransomware attacks.  The warning follow attacks on more than 20 Texas small towns and other entities, and attacks on multiple school districts in Louisiana that led Gov. John Bel Edwards to declare a statewide emergency. More

DOJ: Nigerian Hacker Targeted Federal Employees in $1M Scheme (NextGov, 10/3/19)
A Nigerian man accused of using an email phishing scheme to steal login information from government employees appeared in federal court last week.  According to the indictment, Olumide Ogunremi and other conspirators employed phishing attacks in 2013 to trick a number of employees at the Environmental Protection Agency and the Commerce Department into providing their usernames and passwords.  The hacking ring created fake but realistic-looking emails and web pages to dupe feds into revealing their credentials.
Then, according to the indictment, the hacking ring used the stolen credentials “to place fraudulent orders for office products,” often bland items such as printing cartridges, from vendors authorized to do business under the General Services Administration.  Items were shipped to facilities Ogunremi controlled where items were repackaged, shipped overseas to Nigeria, and sold on the black market for profit. Altogether, the scheme netted almost $1 million in profit, according to the Justice Department.  Ogunremi, who is not a Nigerian prince, pleaded not guilty to one count of conspiracy to commit wire fraud. More

Support for Expunging Huawei Gear from Carrier Networks Grows (Gov Info Security, 10/2/19)
A bipartisan group of lawmakers has introduced a bill to help U.S. telecommunications providers "rip and replace" any Chinese-built networking equipment.  The move comes as many experts warn that using Huawei or ZTE 5G equipment poses an unacceptable national security risk.  Last week, the House Committee on Energy & Commerce held a hearing on "Legislating to Secure America's Wireless Future," which included a discussion of proposed legislation called the Secure and Trusted Communications Networks Act.
The bill would allocate $1 billion to help telecommunications carriers - especially smaller and rural operators - to replace suspect Chinese-built gear with more secure alternatives.  It follows a Senate bill, approved in July, that called for allocating $700 million for the same purpose.  The House bill includes a provision that the FCC "develop and maintain a list of communications equipment and services that pose an unacceptable risk to national security." More

Keep Getting This Newsletter

To ensure delivery to your inbox (not bulk or junk folders), please add NSI@nsi.org to your address book.

SUBSCRIBE: If you were sent this by a colleague and wish to subscribe to NSI's complementary Security NewsWatch e-newsletter, visit http://nsi.org/newsletter.html.


Please feel free to share this e-mail with your colleagues and encourage them to sign up to get their own copy at http://nsi.org/newsletter.html

ADVERTISERS: For information about sponsoring this e-letter, contact sburns@nsi.org or call

NSI LogoNational Security Institute
165 Main Street, Suite 215
Medway, MA 02053
Tel: 508-533-9099
Fax: 508-507-3631
Internet: http://nsi.org



Who's Worse:
Employees or Hackers?

Experts agree, well intentioned but careless employees pose just as much of a danger to your organization as faceless hackers on the outside. In fact, 95 percent of successful hack attacks or incidents are attributed to human error.

Learn how to mitigate the accidental insider threat and empower your employees to think securely with these valuable lessons:

  1. How to recognize and respond to social engineering attacks
  2. How to avoid spear-phishing and email scams
  3. How avoid becoming an easy target for hackers
  4. How to prevent human errors that cause security breaches
  5. How to protect sensitive data from hackers, spies and ID thieves

Learn More Button