How will cybersecurity experts remember 2018? In the past year, the Trump administration announced it would take more offensive hacking operations against foreign countries, the Department of Justice announced sweeping indictments against Chinese hackers and the U.S. intelligence community reported that foreign countries continued to interfere in American elections.
So what comes next? Read four overarching questions for the cybersecurity community in 2019 on FifthDomain.
The strong rebuttal came in the face of charges claiming the individuals – Zhu Hua and Zhang Shilong – stole sensitive data from a vast number of organizations working as part of a hacking crew dubbed APT10, which is linked to the Chinese government. A spokesperson with the Chinese embassy in London said the charges were “egregious” and “gravely violated the basic norms governing international relations and seriously damaged China-US cooperation.”
President Donald Trump announced in a Dec. 23 tweet that Patrick Shanahan will become acting secretary of defense Jan. 1, replacing outgoing Pentagon chief Jim Mattis two months early. While it is not clear how long Shanahan will remain in the job, he is on the short list of officials who could become the full-time Pentagon chief.
Regardless of the length of his tenure, Shanahan, the Pentagon deputy since 2017, has been one of the Pentagon’s top advocates for stronger contractor cybersecurity and IT acquisition and will lead the department months after it was given expansive and loosely defined authorities to conduct offensive cyber operations. How Shanahan will handle these greater cyber authorities, even on a temporary basis, remains an open question.
Read more about the Pentagon chief’s cybersecurity views on Fifth Domain.
The targets include Elena Khusyaynova, the primary accountant for the Project Lakhta influence campaign that included the Internet Research Agency. The sanctions also target associated entities like the Federal News Agency.
Read more about the US Treasury sanctions against Russians on Engadget.
In September this year, cybersecurity firm FireEye disclosed that Click2Gov, a payment portal system used by many US cities, had been breached by hackers. Security research firm Gemini Advisory has now released a report examining the after-effects of the attack, in which it is believed 294,929 payment records have been compromised across at least 46 cities in the US, as well as one in Canada.
The report findings suggest that less than 50 percent of cities which have lost customer data either know or have publicly disclosed data breaches occurring at their sites. The company said that by selling this information in the Dark Web, the threat actors have earned themselves at least $1.7 million.
Read more about the findings of the new report on ZDNet.
A Russian cyber-security firm says it discovered login credentials for more than 40,000 accounts on government portals in more than 30 countries. The data includes usernames and cleartext passwords, and the company believes they might be up for sale on underground hacker forums.
Alexandr Kalinin, head of Group-IB’s Computer Emergency Response Team (CERT-GIB), says these account details have been collected over time by cyber-criminals with the help of off-the-shelve malware strains such as the Pony and AZORult infostealers, but also the Qbot (Qakbot) multi-purpose trojan.
Read more about the discovered government login credentials on ZDNet.
The 96-page report said Equifax lacked clear lines of authority in its IT department, which meant important security measures weren’t put in place when they should have been. What’s more, the company’s collection of sensitive consumer information was spread out among out-of-date, custom-built systems, the report said.
Read more about the congressional report slamming Equifax on CNet.
However, the reason the text linked to the site was due to a typo in a hyperlink in Giuliani’s original tweet. Shortly after, an anonymous (and quick-thinking) user bought the domain erroneously referred to in the tweet.
Ukraine has once again accused Russian intelligence services of launching cyberattacks against one of its government organizations. Ukrainian security service SBU announced that its employees blocked an attempt by Russian special services to breach information and telecommunications systems used by the country’s judiciary.
According to the SBU, the attack started with a malicious email purporting to deliver accounting documents. The documents hid a piece of malware that could have been used to disrupt judicial information systems and steal data.
Read more about the cyberattack attributed to Russia on SecurityWeek.
U.S. intelligence agencies have been urging consumers, contractors, and government officials to avoid using Huawei products for quite some time. Although there haven’t been any specific threats detailed publicly, U.S. intelligence agencies – including the CIA, FBI, and NSA – have all spoken out against Huawei in various forums since the company was banned from bidding for government contracts in 2014, after being labeled a national security threat in a congressional report two years earlier.
Huawei was founded by a former engineer in China’s People’s Liberation Army, and is closely tied to the Chinese government.