NSI Security NewsWatch Banner

A weekly roundup of news, trends and insights designed exclusively for security professionals. This publication is intended for security staff only.

 

In this issue — August 14, 2019

  • Developing personal OPSEC plans: 10 tips for protecting high-value targets
  • Huawei Planned to Covertly Sell Smartphones in U.S.
  • Contractors Have Questions About DoD's Cyber Requirements
  • How Tech Is Transforming the Intel Industry
  • CBP to Use Facial Recognition For ‘All Passenger Applications’
  • FBI Fires 4 for Leaks, Investigates 10 Other Employees Since 2016
  • Turnabout: A Nation-State-Sponsored Phishing Attack Is Targeting Chinese Agencies
  • Intel Center Now Going After Domestic Terror
  • Government Warns of Iranian Threats to Commercial Shipping
  • China's Hackers Using Espionage Tools for Personal Gain: Report 

Developing personal OPSEC plans: 10 tips for protecting high-value targets (CSO Online, 8/13/19)

Criminal hackers are targeting a wide range of employees, from administrative assistants to the C-suite executives they serve. As cybersecurity firm Proofpoint puts it, the hackers’ goals are to “trick your workers into opening an unsafe attachment or clicking on a dubious web link. They impersonate your CEO and order your finance department to wire money. And they con your customers into sharing login credentials with a website they think is yours.”

In an effort to block targeted attacks against employees, some organizations are beginning to develop personal OPSEC plans for high-risk individuals, to better safeguard them both at work and in their personal lives. Such plans go beyond standard enterprise security protocols, practices and tools in order to provide individualized cybersecurity training and protection.  More


Huawei Planned to Covertly Sell Smartphones in U.S. (Free Beacon, 8/13/19)
 
China's Huawei Technologies, the world's No. 2 smartphone maker, covertly planned to sell its smartphones in the United States disguised as non-Huawei devices, according to U.S. officials.  U.S. intelligence agencies learned of the plans last month and alerted senior policymakers.  According to the officials, the Shenzhen, China-based company planned to ship a large number of its smartphones to Mexico where the smartphones would be re-labeled and shipped into the U.S.  As non-Huawei devices, there would be no prohibition on selling them here.
 
The phones, however, could be identified as Huawei devices by examining their electronic components that can be traced to the Chinese telecom.  No other details of the secret smartphone operation could be learned.  Huawei's U.S. affiliate did not return emails seeking comment.  The scheme to disguise Huawei smartphones appears to be the latest effort by the company to penetrate the U.S. market.  More


Contractors Have Questions About DoD's Cyber Requirements (FCW, 8/12/19)
 
The Pentagon is making big moves in an effort to improve cybersecurity for its industrial base, but so far the department's biggest roadblocks early on may be the same confusion, doubt, and uneven compliance from contractors that led to the vulnerabilities in the first place.  Officials from DoD and the National Institute of Standards and Technology gave updates on two nascent programs at a recent Information Security and Privacy Advisory Board meeting: NIST's new draft cybersecurity guidance for contractor systems deemed high value assets and the Pentagon's Cybersecurity Maturity Model Certification (CMMC) program.
 
Both are designed to shore up different aspects of DoD's cybersecurity regime for contractors, and both are causing heartburn among companies who are still unclear about how best to comply.  The NIST draft guidance around high-value assets recently went out for public comment earlier this year.  The more than 600 responses reflect confusion about the scope and application of the requirements.  More

******************************************************************************************

Solve Your Security Awareness Training Problem.  Instantly.

Protecting classified and sensitive information depends more than ever on the human element of security — employees. The sad fact is, employees are still the weakest link in the security chain because they’re not trained to be security-conscious. A report by Ernst & Young finds that "security awareness programs at many organizations are weak, half-hearted and ineffectual." As a result, employees ignore them.

What you can do about it: A simple, proven approach.
Now you can gain visibility and buy-in for your security program with the EMPLOYEE SECURITY CONNECTION – the proven security awareness solution exclusively for cleared defense contractors and government agencies.  It’s the best way to ensure your employees are prepared for your next government security inspection.  To learn more about how this valuable resource can help motivate your employees to practice good security habits…help you achieve better inspection results…and satisfy a major NISPOM awareness requirement… please click on the following link: http://nsi.org/es-connection.html

******************************************************************************************

How Tech Is Transforming the Intel Industry (Tech Crunch, 8/10/19)
 
At a conference on the future challenges of intelligence organizations held in 2018, former Director of National Intelligence Dan Coats argued that he transformation of the American intelligence community must be a revolution rather than an evolution.  The community must be innovative and flexible, capable of rapidly adopting innovative technologies wherever they may arise.  Intelligence communities across the Western world are now at a crossroads: The growing proliferation of technologies, including artificial intelligence, Big Data, robotics, the Internet of Things, and blockchain, changes the rules of the game.
 
The proliferation of these technologies, most of which are civilian, could create data breaches and lead to backdoor threats for intelligence agencies.  Furthermore, since they are affordable and ubiquitous, they could be used for malicious purposes.  The technological breakthroughs of recent years have led intelligence organizations to challenge the accepted truths that have historically shaped their endeavors.  The hierarchical, compartmentalized, industrial structure of these organizations is now changing, revolving primarily around the integration of new technologies with traditional intelligence work and the redefinition of the role of the humans in the intelligence process. More


CBP to Use Facial Recognition For ‘All Passenger Applications’ (NextGov, 8/9/19)
 
Customs and Border Protection plans to significantly ramp up its use of facial recognition technology as part of a broader effort to upgrade its systems for vetting international travelers.  In addition to expanding its biometric capabilities, the agency is working to migrate all its traveler processing tech to the cloud, create more self-service tools for the public, and let officers use mobile devices to verify people entering the country, officials said in a solicitation published last week.
 
CBP is looking for a vendor to assist with those upgrades and support “the full range of life cycle services” for other traveler processing applications and equipment, according to the document.  The contract is scheduled to begin in December and could potentially run through May 2025.  According to the document, expanding CBP’s use of biometrics will be a major component of the modernization effort.  The agency already uses facial recognition technology to keep tabs on international travelers at more than a dozen nationwide airports and multiple checkpoints along the U.S.-Mexico border. More


FBI Fires 4 for Leaks, Investigates 10 Other Employees Since 2016 (Daily Signal, 8/8/19)
 
The FBI has investigated at least 14 employees since 2016 for unauthorized disclosures of bureau information and fired at least four, documents show.  Several of the FBI employees were recommended for termination, but received lighter punishments, such as suspension without pay.  The documents, six pages of summaries of 14 internal investigations released last week, do not reveal the specifics of each unauthorized disclosure.  The summaries are heavily redacted, and include only details of the ultimate decisions of the investigations and when they were closed.
 
Judicial Watch obtained the records as part of a Freedom of Information Act lawsuit.  Tom Fitton, president of Judicial Watch, said the documents reveal “lenient treatment for evident criminal activity.”  Fitton also suggested that one of the investigations involved Andrew McCabe, the former deputy FBI director who was fired for lying to FBI investigators about authorizing leaks to the press about the investigation of former Secretary of State Hillary Clinton. More


Turnabout: A Nation-State-Sponsored Phishing Attack Is Targeting Chinese Agencies (Cyber Scoop, 8/8/19)
 
Attackers with possible ties to an advanced persistent threat (APT) group are trying to steal usernames and passwords of Chinese government officials as part of an apparent cyber-espionage effort, according to reports.  Researchers from the threat intelligence company Anomali have uncovered malicious websites with registrations dating back to November 2018 that impersonate email login pages from the Chinese Ministry of Foreign Affairs; China’s National Development and Reform Commission, an economic management agency under the State Council; and the National Aero-Technology Import and Export Corporation, a Chinese state-owned defense company.
 
While it’s not clear who exactly is behind the effort, reporters independently verified the findings with three external threat intelligence practitioners, two of whom said with confidence the attack resembles a nation-state plot.  Upon discovering a website masquerading as a login page for the Chinese Ministry of Foreign Affairs, Anomali researchers found a family of five domains and close to 40 subdomains which rely on domain validation certificates issued by Let’s Encrypt, a free-to-use certificate authority.  More


Intel Center Now Going After Domestic Terror (Daily Beast, 8/7/19)
 
As white supremacist violence surges, a major hub for American intelligence has quietly expanded its focus on domestic terrorism, according to a senior U.S. counterterrorism official who.  It’s a small shift that draws accolades from veteran national-security officials.  The shift also concerns civil-liberties advocates, who say it may point to an erosion of the boundary between law enforcement and America’s spies.
 
The Bush administration created the National Counterterrorism Center (NCTC) after the Sept. 11, 2001, terrorist attacks as a clearinghouse for all intelligence except, as the center has put it, that “pertaining exclusively to domestic terrorism.”  The NCTC employs approximately 1,000 people, and federal law requires that it act as the government’s “knowledge bank” on known or suspected terrorists.  For example, it keeps a massive database that serves as the basis of the TSA’s no-fly terrorist watchlist.    More


Government Warns of Iranian Threats to Commercial Shipping (CNN, 8/7/19)
 
The Department of Transportation's Maritime Administration has issued a warning to commercial shipping about Iranian threats in the Strait of Hormuz and Persian Gulf, saying that some ships have reported having their GPS interfered with.  Additionally, the administration warned that there have been reports of "unknown entities falsely claiming to be U.S. or coalition warships."  The warning, issued last week, listed a series of incidents involving Iran since May, including Iran's seizure of the United Kingdom-flagged M/V STENA IMPERO and the detention and subsequent release of the Liberian-flagged M/V MESDAR.
 
It said that during "at least two" recent encounters involving Iranian military forces, "vessels reported GPS interference. One vessel reportedly shut off its Automatic Identification System (AIS) before it was seized, complicating response efforts. … "Vessels have also reported spoofed bridge-to-bridge communications from unknown entities falsely claiming to be US or coalition warships," the warning added.  More

China's Hackers Using Espionage Tools for Personal Gain: Report (Forbes, 8/7/19)
 
A damning report issued last week provides further evidence of the extent of the attacks on large-scale enterprises by China's state hackers to promote the interests of the government in Beijing.  This is a report with a twist, though, because these hackers have also been using the tools of their espionage trade to target non-strategic industries for personal gain.
 
The report from cybersecurity researchers at FireEye unveils the activities of a hacking group dubbed APT41, activities traced back to 2012 which have included operations in 14 different countries, including the UK, the U.S., and "dissident" activity in Hong Kong.  China has been, in effect, executing "brute force" campaigns against certain industries to collect mass-scale data, simply to target a small number of individuals.  It might not be a high-finesse approach, but it is effective.  Unlike other observed Chinese state-sponsored hacking groups, FireEye says, "APT41 also conducts explicit financially motivated activity, which has included the use of tools that are otherwise exclusively used in campaigns supporting state interests."   More


Keep Getting This Newsletter

To ensure delivery to your inbox (not bulk or junk folders), please add NSI@nsi.org to your address book.

SUBSCRIBE: If you were sent this by a colleague and wish to subscribe to NSI's complementary Security NewsWatch e-newsletter, visit http://nsi.org/newsletter.html.

UNSUBSCRIBE:

Please feel free to share this e-mail with your colleagues and encourage them to sign up to get their own copy at http://nsi.org/newsletter.html

ADVERTISERS: For information about sponsoring this e-letter, contact sburns@nsi.org or call
508-533-9099.

NSI LogoNational Security Institute
165 Main Street, Suite 215
Medway, MA 02053
Tel: 508-533-9099
Fax: 508-507-3631
Internet: http://nsi.org

 

 


Who's Worse:
Employees or Hackers?

Experts agree, well intentioned but careless employees pose just as much of a danger to your organization as faceless hackers on the outside. In fact, 95 percent of successful hack attacks or incidents are attributed to human error.

Learn how to mitigate the accidental insider threat and empower your employees to think securely with these valuable lessons:

  1. How to recognize and respond to social engineering attacks
  2. How to avoid spear-phishing and email scams
  3. How avoid becoming an easy target for hackers
  4. How to prevent human errors that cause security breaches
  5. How to protect sensitive data from hackers, spies and ID thieves

Learn More Button