NSI Security NewsWatch Banner

A weekly roundup of news, trends and insights designed exclusively for security professionals. This publication is intended for security staff only.


In this issue — November 6, 2019

  • State Dept.: Iran Remains World’s Worst State Sponsor of Terrorism
  • Sources: U.S. Opens National Security Investigation into TikTok
  • Government Officials Around the Globe Targeted for Hacking Through WhatsApp
  • Pentagon IG: Taliban Grew Far Deadlier in 2019
  • Renewable Energy Company Was Hit by a Rare Cyberattack
  • Interior Dept. Grounds 800 Drones, Launches Probe into Espionage Risk
  • Chinese Cyber Espionage Group Steals SMS Messages via Telco Networks
  • Judge: Searches of Ex-CIA Employee's Home and Phones OK
  • Report: 2020 Is the Year Data Gets Weaponized
  • FCC Chair's Proposal Targets Chinese Technology Firms

State Dept.: Iran Remains World’s Worst State Sponsor of Terrorism (Radio Free Europe, 11/2/19)
Iran remains "the world’s worst state sponsor of terrorism," funding international terrorist groups and engaging in "its own terrorist plotting" around the globe, particularly in Europe, a new report by the State Department says.  The report, just released, says Iran has spent nearly $1 billion dollars annually to "support terrorist groups that serve as its proxies and expand its malign influence across the globe."

It cited the Lebanese Shi'ite movement Hizballah and the Palestinian Islamist groups Hamas and Islamic Jihad.  "The Iranian threat is not confined to the Middle East - it's truly global," Nathan Sales, the department’s coordinator for counterterrorism, told a news briefing in Washington.  The Country Reports on Terrorism has been issued annually since 2004 under a mandate that requires the State Department to provide Congress with regular updates on terrorism throughout the world.  More

Sources: U.S. Opens National Security Investigation into TikTok (Reuters, 11/1/19)
The U.S. government has launched a national security review of TikTok owner Beijing ByteDance Technology’s $1 billion acquisition of U.S. social media app Musical.ly, according to three people familiar with the matter.  While the $1 billion acquisition was completed two years ago, U.S. lawmakers have been calling in recent weeks for a national security probe into TikTok, concerned the Chinese company may be censoring politically sensitive content, and raising questions about how it stores personal data.
TikTok has been growing more popular among U.S. teenagers at a time of growing tensions between Washington and Beijing over trade and technology transfers.  About 60% of TikTok’s 26.5 million monthly active users in the United States are between the ages of 16 and 24, the company said this year.  The Committee on Foreign Investment in the United States, which reviews deals by foreign acquirers for potential national security risks, has started to review the Musical.ly deal, the sources said. More

Government Officials Around the Globe Targeted for Hacking Through WhatsApp (Reuters, 10/31/19)
Senior government officials in multiple U.S.-allied countries were targeted earlier this year with hacking software that used Facebook’s WhatsApp to take over users’ phones, according to people familiar with the messaging company’s investigation.  Sources familiar with WhatsApp’s internal investigation into the breach said a “significant” portion of the known victims are high-profile government and military officials spread across at least 20 countries on five continents. Many of the nations are U.S. allies, they said.
The hacking of a wider group of top government officials’ smartphones than previously reported suggests the WhatsApp cyber intrusion could have broad political and diplomatic consequences.  WhatsApp filed a lawsuit last week against Israeli hacking tool developer NSO Group.  The Facebook-owned software giant alleges that NSO Group built and sold a hacking platform that exploited a flaw in WhatsApp-owned servers to help clients hack into the cellphones of at least 1,400 users.  More


Poor Cyber Security Habits: A Recipe for a Breach

What your employees don't know about cyber security could hurt you -- and your organization.  An analysis of 1200 data breaches within the U.S. Government found that 95% of the breaches could be traced to poor security habits and human error.  Despite this fact, security awareness training is still ignored by many organizations. If there's a common thread the experts all agree on, it’s that poor training and unaware employees lie at the root of many if not most security breaches.

So, how do you make sure that your organization's critical information is protected? The first (and best) line of defense is employee awareness.  The more they understand—and care—about how their cyber behavior affects your company’s security posture, the better off the company will be.  NSI’s SECURITYsense awareness program gives your employees the tools and information they need to make security second nature. Find out how this valuable resource can help protect your hard-earned reputation and ensure that your employees are part of the solution and not part of the problem. To know more, click here https://www.nsi.org/securitysense/what-is-securitysense.shtml


Pentagon IG: Taliban Grew Far Deadlier in 2019 (DefenseOne, 10/31/19)
Taliban attacks that wounded or killed civilians or U.S.-allied troops spiked this summer ahead of September’s turbulent national elections and the disintegration of the U.S.-led peace process.  Roughly half of the group’s 3,500 attacks between June and August caused casualties, a 24% rise over the previous quarter and 10% more than the same period in 2018, according to the latest quarterly report from the Special Inspector General for Afghanistan Reconstruction, or SIGAR. 
Most of those successful attacks occurred in the south of the country, others in the north and the west.  The single worst-hit province was Helmand.  The number of Afghan security forces killed or wounded rose by 5% compared to the same period last year.  Seven American servicemembers were killed in action between mid-July and mid-October, bringing the 2019 total to 17 killed and 124 wounded in action.  That’s the highest annual total of U.S. combat casualties in the past five years, according to DoD.  More

Renewable Energy Company Was Hit by a Rare Cyberattack (Cyber Scoop, 10/31/19)
A Utah-based renewable energy company was the victim of a rare cyberattack that temporarily disrupted communications with several solar and wind installations in March, according to documents obtained under the Freedom of Information Act.  The attack left operators at the company, sPower, unable to communicate with a dozen generation sites for five-minute intervals over the course of several hours on March 5.
Each generation site experienced just one communication outage.  It is believed to be the first cybersecurity incident on record that caused a “disruption” in the U.S. power industry, as defined by the Department of Energy.  DOE defines a “cyber event” as a disruption to electrical or communication systems caused by unauthorized access to hardware, software or communications networks.  Utilities have to promptly report any such incidents.  More

Interior Dept. Grounds 800 Drones, Launches Probe into Espionage Risk (Slash Gear, 10/31/19)
The Department of the Interior has grounded its fleet of more than 800 drones over concerns that they may be a security vulnerability.  According to recent reports, officials have cited worries over drones made in China, as well as drones that feature components manufactured in the nation.  The decision is the latest in a long line of security worries over Chinese gadgets.
News about the decision comes from the Wall Street Journal, which reports that Interior Department Secretary David Bernhardt gave the order to ground the fleet and initiate an investigation into potential security vulnerabilities introduced by the drones.  The fleet may return to the skies when the investigation is over, depending on what it finds.  At the heart of the matter are concerns over hardware manufactured in China and its potential for facilitating espionage.  More

Chinese Cyber Espionage Group Steals SMS Messages via Telco Networks (Dark Reading, 10/31/19)
APT41, a Chinese hacking group known for its prolific state-sponsored espionage campaigns, has begun targeting telecommunications companies with new malware designed to monitor and save SMS traffic from phones belonging to individuals of interest to the government.  Researchers from FireEye Mandiant earlier this year spotted the malware — which they have dubbed MESSAGETAP — deployed on a Short Message Service Center server being used by a telecommunications firm to route SMS messages.
The malware is being used to extract SMS message content, mobile subscriber identity numbers, and the source and destination phone numbers of targeted individuals.  APT41 is also using MESSAGETAP to collect call data records of high-ranking foreign individuals of interest to the Chinese government.  FireEye's s investigation showed that APT41 has targeted at least four other telecommunications companies in similar fashion in 2019. More

Judge: Searches of Ex-CIA Employee's Home and Phones OK (AP, 10/31/19)
A judge in New York says investigators properly carried out searches that led to espionage charges against a former CIA employee.  U.S. District Judge Paul Crotty ruled last week in the case against Joshua Schulte.  Schulte's lawyers had urged Crotty to suppress the evidence, including electronic devices, saying the government misrepresented numerous important facts in getting search warrants.
Schulte's New York City apartment was searched in 2017 after WikiLeaks disclosed what the government says were over 8,000 documents and files containing classified information.  Schulte, a CIA computer engineer from 2010 to November 2016, has pleaded not guilty to charges that he leaked classified information.  Crotty noted there were several incorrect factual statements in a government affidavit but not enough to negate probable cause. More

Report: 2020 Is the Year Data Gets Weaponized (Nextgov, 10/30/19)
The beginning of the next decade is going to be scary from the cybersecurity standpoint, according to a report released last week by research firm Forrester.  The report depicts a near-future where “evil can adopt artificial intelligence and machine learning faster than security leaders can,” and companies’ and consumers’ dependency on tech will coax governments to create assistance programs to “help them weather the impact of cyber-catastrophes.”
The report estimates deep fakes—audio and video altered by algorithms to make them appear real—will cost business more than $250 million in 2020.  Already, deep fakes threaten to upend political norms, as fabricated videos of politicians have become hard to distinguish from genuine ones.  However, Forrester’s estimate also comes after a social engineering scheme in March saw an attacker defraud a German energy company out of $243,000 by spoofing the voice of the company’s chief executive officer, convincing another executive to wire funds.  As the quality and accessibility of these sorts of algorithms improve, these kinds of attacks will become more mainstream, Forrester states. More

FCC Chair's Proposal Targets Chinese Technology Firms (Gov Info Security, 10/30/19)
Federal Communications Commission Chairman Ajit Pai is pushing a proposal that would ban U.S. telecommunications firms from using commission funds to buy equipment from companies deemed national security threats.  The new rule would first target Chinese telecom companies Huawei and ZTE.  Pai unveiled two new draft rules last week, and the five-member commission is expected to vote on the proposals at a Nov. 19 meeting.
The proposals come as telecom companies gear up to launch 5G networks.  One rule would ban companies from using funds from the FCC's Universal Service Fund to buy equipment from any company that is deemed a national security threat.  This $8.5 billion fund is designed to help provide all Americans with access to communication technologies.  The proposal would designate Huawei and ZTE as companies that pose a national security threat to the U.S, but other firms could be added later. More

Keep Getting This Newsletter

To ensure delivery to your inbox (not bulk or junk folders), please add NSI@nsi.org to your address book.

SUBSCRIBE: If you were sent this by a colleague and wish to subscribe to NSI's complementary Security NewsWatch e-newsletter, visit http://nsi.org/newsletter.html.


Please feel free to share this e-mail with your colleagues and encourage them to sign up to get their own copy at http://nsi.org/newsletter.html

ADVERTISERS: For information about sponsoring this e-letter, contact sburns@nsi.org or call

NSI LogoNational Security Institute
165 Main Street, Suite 215
Medway, MA 02053
Tel: 508-533-9099
Fax: 508-507-3631
Internet: http://nsi.org



Mark Your Calendar

Reshaping Government Security
for a New Decade

Raise your security expertise to a new level.  Plan now to attend the 35th annual NSI security forum to be held on April 20-22, 2020 at the Westfields Marriott in Chantilly, VA.


Who's Worse:
Employees or Hackers?

Experts agree, well intentioned but careless employees pose just as much of a danger to your organization as faceless hackers on the outside. In fact, 95 percent of successful hack attacks or incidents are attributed to human error.

Learn how to mitigate the accidental insider threat and empower your employees to think securely with these valuable lessons:

  1. How to recognize and respond to social engineering attacks
  2. How to avoid spear-phishing and email scams
  3. How avoid becoming an easy target for hackers
  4. How to prevent human errors that cause security breaches
  5. How to protect sensitive data from hackers, spies and ID thieves

Learn More Button