NSI Security NewsWatch Banner

A weekly roundup of news, trends and insights designed exclusively for security professionals. This publication is intended for security staff only.

 

In this issue — November 18, 2020

  • Ex-Green Beret charged with Russian espionage to enter plea
  • Your Security Clearance Score: How AI Could Rank Your Clearance Chances
  • Is the Aviation Industry Doing Enough to Mitigate Insider Threats Amid COVID?
  • Coronavirus Vaccine Researchers Targeted by North Korean, Russian Hackers
  • U.S. Bars Investments in 'Chinese Military Companies'
  • Starting Dec. 1, Cybersecurity Is No Longer Optional
  • Hackers for Hire Target Victims with Cyber Espionage Campaign
  • Utah Man Admits He Provided Terror Support to Contact He Thought Was ISIS
  • Former Secretaries Ask Congress to Reform DHS Oversight During Lame Duck
  • DOJ Makes Largest Cryptocurrency Seizure to Date

Ex-Green Beret charged with Russian espionage to enter plea (AP, 11/16/20)

A former Army Green Beret charged with espionage activity on behalf of Russia is scheduled to plead guilty to federal charges. A plea hearing has been scheduled Wednesday in federal court in Alexandria for Peter Rafael Dzibinski Debbins, 45, of Gainesville, Virginia. Court records do not spell out the specific charge to which he is expected to plead; when he was arrested in August, he was charged under the federal Espionage Act with divulging U.S. military secrets about his unit’s activities in former Soviet republics to Russian intelligence agents.

Debbins, a Minnesota native, had a 15-year relationship with Russian intelligence, according to the indictment issued earlier this year. It began in late 1996 when he was still an ROTC undergrad at the University of Minnesota and on a visit to Russia for an independent study program gave a Russian handler the names of four Catholic nuns he had visited. He joined the Army as an active duty officer in 1998 and served through 2005, the last two years as a Special Forces officer. He was discharged and lost his security clearance after violating protocols while on assignment in Azerbaijan. More

Your Security Clearance Score: How AI Could Rank Your Clearance Chances (ClearanceJobs.com, 11/16/20)

Technology is the future of the security clearance process.  That may be hard to believe for a system that still relies on shoestring investigations and notepaper notes, but from the development of the National Background Investigation System to the rollout of Continuous Vetting and automated checks, security clearance applicants should be prepared for technology to be an ongoing part of every part of the investigation process.

Application tracking software already powers some aspect of nearly every hiring decision made today.  Individuals applying to positions in the open web don’t have to get past a recruiter to land an interview, they first have to get past a robot (that’s why connecting directly with a recruiter when or as you reply is always more ideal than blindly applying to openings).  A recent Request for Information made by Immigrations and Customs Enforcement is looking for a similar tool to help them score complexity and save time in the review of SF-86 applications.  The obvious issue often comes with how AI will impact OFCCP and efforts to avoid discrimination in the job application process. More


Is the Aviation Industry Doing Enough to Mitigate Insider Threats Amid COVID? (Aviation Today, 11/16/20)

Insider threats have long existed in the airline industry, such as when a Horizon Air employee commandeered a turboprop passenger plane from Seattle-Tacoma International Airport in August 2018, or an American Airlines mechanic tampered with an aircraft’s air data module system in 2019.  These same threats are amplified in 2020 as the aviation industry faces a global pandemic that has forced airlines to upend every part of their business and increased the risk of negligent or malicious insiders.

Aviation leaders need to take a holistic approach by creating an insider threat program across the aviation industry, according to a new report from experts at Deloitte.  The report offers ten recommendations that make up a holistic approach for aviation leaders to use when creating insider threat programs.  “You want to set up an insider threat program based on looking at a variety of different aviation incidents and then insider threat incidents as a whole, because many of these threats are cross-industry things that you should begin to do … in many instances, you may be doing some of these, but you may not be doing all of them,” Mike Gelles, director at Deloitte, said. More

******************************************************************************************

Raising Security Awareness in the Age of Social Distancing

Hackers have wasted no time figuring out how to exploit the worldwide COVID-19  pandemic.  Their prime target—employees working from home. With increased remote work, there is increased risk of employees accessing data through unsecured and unsafe Wi-Fi networks, falling prey to phishing and ransomware attacks, using personal devices to perform work, and not following security policies established by your organization. This increasing risk curve can be flattened dramatically simply by increasing employee awareness.

In addition to advice about washing our hands, people need to be reminded about practicing good cyber hygiene as well. Now you can take advantage of the service America’s most respected companies have been using to protect their critical information caused by lax employee cyber habits. NSI’s SECURITYsense awareness program gives employees the tools and information they need to make security second nature. Find out how this valuable resource can help protect your employees and ensure they’re part of the solution and not part of the problem. Click here https://www.nsi.org/securitysense/what-is-securitysense.shtml for more information.

******************************************************************************************

Microsoft: Coronavirus Vaccine Researchers Targeted by North Korean, Russian Hackers (Reuters, 11/13/20)

Hackers working for the Russian and North Korean governments have targeted more than half a dozen organizations involved in COVID-19 treatment and vaccine research around the globe, Microsoft said last week.  The software company said a Russian hacking group commonly nicknamed “Fancy Bear” – along with a pair of North Korean actors dubbed “Zinc” and “Cerium” – were implicated in recent attempts to break into the networks of seven pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea, and the United States.

Microsoft said the majority of the targets were organizations that were in the process of testing COVID-19 vaccines.  Most of the break-in attempts failed but an unspecified number succeeded, it added.  Few other details were provided by Microsoft.  It declined to name the targeted organizations, say which ones had been hit by which actor, or provide a precise timeline or description of the attempted intrusions. More


U.S. Bars Investments in 'Chinese Military Companies' (BBC, 11/12/20)

President Donald Trump has issued an order banning American investments in Chinese firms the government determines have ties to the Chinese military.  In the order, Trump accused China of "increasingly exploiting" U.S. investors "to finance the development and modernization of its military."  The ban is to go into effect in January.  It could affect some of China's biggest publicly-listed firms, including China Telecom and tech firm Hikvision.

Throughout his administration, Trump has made efforts to disentangle the U.S. from its close economic ties with China.  He has raised border taxes on billions of dollars’ worth of China goods and imposed sanctions on some of its tech companies.  Relations between the two superpowers have also soured over issues such as coronavirus and China's moves in Hong Kong.  Officials said the new order had been under review for months. It applies to shares owned directly or indirectly in 31 firms identified as backed by the Chinese military. More


Starting Dec. 1, Cybersecurity Is No Longer Optional (Breaking Defense, 11/12/20)

As the deadline nears for the first 15 contracts awarded in compliance with the new Cybersecurity Maturity Model Certification, the Pentagon made it clear that is just the beginning, saying it will probably need to certify at least 1,500 contractors and subcontractors.  “It’s trust but verify.  This is the start of a new day in the DoD where cybersecurity, as we’ve been saying for years is foundational for acquisitions, we’re putting our money where our mouth is,” said Katie Arrington, CISO for the undersecretary of Defense for acquisition and sustainment.

On Dec. 1, the rules come into effect for new work contracts.  Adversaries who target weak security in the United States can attack both commercial and military networks, looking to steal secrets.  “We’re doing it because it is so critical to our commerce, our national security.”  Arrington said she and her team are pushing straight ahead: “The CMMC is going to continue.  We are not stopping.  We haven’t let up on the gas, we are rapidly rolling through mere days until the interim rule becomes effective.” More


Hackers for Hire Target Victims with Cyber Espionage Campaign (Techrepublic.com, 11/12/20)

Cybercrime is an activity that increasingly is being farmed out to third-party players. Such threats as ransomware, phishing, and malware are now available as services that can be bought and sold on the Dark Web. A new type of campaign that involves cyber espionage is the latest example of a cybercrime being perpetrated by people for hire.

In its new report "The CostaRicto Campaign: Cyber-Espionage Outsourced," BlackBerry describes the actions of a malicious campaign carried out by freelance mercenaries. Dubbed CostaRicto, this form of cyber espionage is being handled by an APT (Advanced Persistent Threat) group with skills in malware tooling, VPN proxy, and SSH tunneling. APT attacks often come from state-sponsored groups or even nation-states that have the means and motive to launch stealthy and prolonged campaigns. More


Utah Man Admits He Provided Terror Support to Contact He Thought Was ISIS (Gephardt Daily, 11/12/20)

A Salt Lake City man has pleaded guilty after law enforcement officials say he provided a bomb-making video to contacts he believed to be ISIS leaders planning a violent attack.  Murat Suljovic, 23, pleaded guilty in U.S. District Court in Salt Lake City to one count of attempting to provide material support to a designated foreign terrorist organization. U.S.

A statement from the DOJ and the office of U.S. Attorney John W. Huber says that according to the plea agreement, Suljovic admitted that in January 2019, he corresponded with a person, identified as Person A in the court document, whom he believed to be an agent of ISIS.  “Suljovic admitted he believed Person A was interested in performing an attack for ISIS,” the statement says.  “He also believed Person A was assisting another individual, referred to as Person B in the plea agreement, who was also interested in performing an attack for ISIS.” More


Former Secretaries Ask Congress to Reform DHS Oversight During Lame Duck (HS Today, 11/12/20)

Six former secretaries and acting secretaries of DHS told congressional leaders that the House and Senate should finally move to consolidate oversight of DHS before the new Congress comes into session Jan. 4.  The Atlantic Council’s Future of DHS Project, in which more than 100 national security experts reviewed the department this year to study its handicaps and craft suggestions on the best way to focus the mission, highlighted this core challenge that has plagued the department from the start: DHS reports to dozens of congressional committees and subcommittees, while other cogs in the nation’s security apparatus such as the DoD enjoy streamlined authorization and oversight.

Tom Ridge, Michael Chertoff, Janet Napolitano, Jeh Johnson, Rand Beers, and Kevin McAleenan released an open letter last week calling on Speaker of the House Nancy Pelosi (D-Calif.), Senate Majority Leader Mitch McConnell (R-Ky.), Senate Minority Leader Chuck Schumer (D-N.Y.), and House Minority Leader Kevin McCarthy (R-Calif.) to remedy the problem in the lame-duck session — a window in which it is easier to change committee responsibilities before the 117th Congress convenes. More


DOJ Makes Largest Cryptocurrency Seizure to Date (Nextgov, 11/11/20)

The DOJ recently got its grips on thousands of bitcoins—worth roughly more than $1 billion—in a move that marks the largest seizure of cryptocurrency in the agency’s 150-year history.  The money traces back to Silk Road, the infamous online black market that government authorities shut down in 2013.  “Silk Road was the most notorious online criminal marketplace of its day,” United States Attorney David Anderson said in the department’s announcement of the seizure. 

At the underground shop’s prime, thousands of drug dealers and other vendors would tap in to conduct business.  When Silk Road was seized almost a decade ago, it was “the most sophisticated and extensive criminal marketplace on the Internet, serving as a sprawling black market bazaar where unlawful goods and services, including illegal drugs of virtually all varieties, were bought and sold regularly by the site’s users,” according to the complaint, filed last week.  There were then nearly 13,000 listings for drugs, and more for services like hacking and murder-for-hire, which the DOJ said generated more than 9.5 million bitcoins in sales revenue. More


Keep Getting This Newsletter

To ensure delivery to your inbox (not bulk or junk folders), please add NSI@nsi.org to your address book.

SUBSCRIBE: If you were sent this by a colleague and wish to subscribe to NSI's complementary Security NewsWatch e-newsletter, visit http://nsi.org/newsletter.html.

UNSUBSCRIBE:

Please feel free to share this e-mail with your colleagues and encourage them to sign up to get their own copy at http://nsi.org/newsletter.html

ADVERTISERS: For information about sponsoring this e-letter, contact sburns@nsi.org or call
508-533-9099.

NSI LogoNational Security Institute
165 Main Street, Suite 215
Medway, MA 02053
Tel: 508-533-9099
Fax: 508-507-3631
Internet: http://nsi.org

 

 

Impact 2020 Announcement

*****************************

Help Your Employees Become Cyber Aware

Experts agree, well intentioned but careless employees pose just as much of a danger to your organization as faceless hackers on the outside. In fact, 95 percent of successful hack attacks or incidents are attributed to human error.

Learn how to mitigate the accidental insider threat and empower your employees to think securely with these valuable lessons:

  1. How to recognize and respond to social engineering attacks
  2. How to avoid spear-phishing and email scams
  3. How avoid becoming an easy target for hackers
  4. How to prevent human errors that cause security breaches
  5. How to protect sensitive data from hackers, spies and ID thieves

Learn More Button