Tag: Government

Four big questions for cybersecurity in 2019

How will cybersecurity experts remember 2018? In the past year, the Trump administration announced it would take more offensive hacking operations against foreign countries, the Department of Justice announced sweeping indictments against Chinese hackers and the U.S. intelligence community reported that foreign countries continued to interfere in American elections.

So what comes next? Read four overarching questions for the cybersecurity community in 2019 on FifthDomain.

China Says Cyber Indictments ‘Seriously Damaged’ US Cooperation

China has responded strongly to the U.S. indictments of two nationals for alleged cyberattacks on more than 45 American companies and government departments, saying the charges “seriously damaged” cooperation between the two nations.

The strong rebuttal came in the face of charges claiming the individuals – Zhu Hua and Zhang Shilong – stole sensitive data from a vast number of organizations working as part of a hacking crew dubbed APT10, which is linked to the Chinese government. A spokesperson with the Chinese embassy in London said the charges were “egregious” and “gravely violated the basic norms governing international relations and seriously damaged China-US cooperation.”

Read more about this story on Forbes.

How the new acting Pentagon chief views cybersecurity

President Donald Trump announced in a Dec. 23 tweet that Patrick Shanahan will become acting secretary of defense Jan. 1, replacing outgoing Pentagon chief Jim Mattis two months early. While it is not clear how long Shanahan will remain in the job, he is on the short list of officials who could become the full-time Pentagon chief.

Regardless of the length of his tenure, Shanahan, the Pentagon deputy since 2017, has been one of the Pentagon’s top advocates for stronger contractor cybersecurity and IT acquisition and will lead the department months after it was given expansive and loosely defined authorities to conduct offensive cyber operations. How Shanahan will handle these greater cyber authorities, even on a temporary basis, remains an open question.

Read more about the Pentagon chief’s cybersecurity views on Fifth Domain.

US Treasury sanctions Russians for hacking and election meddling

The US government isn’t done taking action against Russians accused of hacking and interference campaigns. The Treasury Department has leveled sanctions against 16 current and former GRU intelligence officers (some of whom were targeted in earlier indictments) for their involvement in multiple campaigns against the US, including the Democratic National Committee hacks, World Anti-Doping Agency hacks and election meddling efforts.

The targets include Elena Khusyaynova, the primary accountant for the Project Lakhta influence campaign that included the Internet Research Agency. The sanctions also target associated entities like the Federal News Agency.

Read more about the US Treasury sanctions against Russians on Engadget.

Hackers earned $1.7 million from trading stolen US gov payment portal data

In September this year, cybersecurity firm FireEye disclosed that Click2Gov, a payment portal system used by many US cities, had been breached by hackers. Security research firm Gemini Advisory has now released a report examining the after-effects of the attack, in which it is believed 294,929 payment records have been compromised across at least 46 cities in the US, as well as one in Canada.

The report findings suggest that less than 50 percent of cities which have lost customer data either know or have publicly disclosed data breaches occurring at their sites. The company said that by selling this information in the Dark Web, the threat actors have earned themselves at least $1.7 million.

Read more about the findings of the new report on ZDNet.

Over 40,000 credentials for government portals found online

A Russian cyber-security firm says it discovered login credentials for more than 40,000 accounts on government portals in more than 30 countries. The data includes usernames and cleartext passwords, and the company believes they might be up for sale on underground hacker forums.

Alexandr Kalinin, head of Group-IB’s Computer Emergency Response Team (CERT-GIB), says these account details have been collected over time by cyber-criminals with the help of off-the-shelve malware strains such as the Pony and AZORult infostealers, but also the Qbot (Qakbot) multi-purpose trojan.

Read more about the discovered government login credentials on ZDNet.

Congressional committee slams Equifax in report on data breach

Equifax didn’t take steps to prevent a massive data breach in 2017 that allowed hackers to steal the personal information of 147.7 million Americans from its servers. It wasn’t ready to handle the aftermath, either. That’s the takeaway from a House Oversight Committee report (PDF), released Monday, which calls the breach “entirely preventable.”

The 96-page report said Equifax lacked clear lines of authority in its IT department, which meant important security measures weren’t put in place when they should have been. What’s more, the company’s collection of sensitive consumer information was spread out among out-of-date, custom-built systems, the report said.

Read more about the congressional report slamming Equifax on CNet.

Trump’s Cybersecurity Advisor Rudy Giuliani Thinks His Twitter Was Hacked Because Someone Took Advantage of His Typo

Rudy Giuliani, who was named President Trump’s cybersecurity advisor last year, has demonstrated that he does not understand how Twitter works…or hyperlinks…or domain registration. Giuliani tweeted that Twitter had allowed someone to “invade” a tweet he sent, because that tweet linked to a website with the words “Donald J. Trump is a traitor to our country.”

However, the reason the text linked to the site was due to a typo in a hyperlink in Giuliani’s original tweet. Shortly after, an anonymous (and quick-thinking) user bought the domain erroneously referred to in the tweet.

Read more about this bizarre story on Motherboard.

Ukraine Accuses Russia of Cyberattack on Judiciary Systems

Ukraine has once again accused Russian intelligence services of launching cyberattacks against one of its government organizations. Ukrainian security service SBU announced that its employees blocked an attempt by Russian special services to breach information and telecommunications systems used by the country’s judiciary.

According to the SBU, the attack started with a malicious email purporting to deliver accounting documents. The documents hid a piece of malware that could have been used to disrupt judicial information systems and steal data.

Read more about the cyberattack attributed to Russia on SecurityWeek.

U.S. Advises Allies To Shun Huawei Telecom Equipment Citing Potential Cyberthreats

U.S. intelligence agencies have been urging consumers, contractors, and government officials to avoid using Huawei products for quite some time. Although there haven’t been any specific threats detailed publicly, U.S. intelligence agencies – including the CIA, FBI, and NSA – have all spoken out against Huawei in various forums since the company was banned from bidding for government contracts in 2014, after being labeled a national security threat in a congressional report two years earlier.

Huawei was founded by a former engineer in China’s People’s Liberation Army, and is closely tied to the Chinese government.

Read more about this story on Forbes.