How will cybersecurity experts remember 2018? In the past year, the Trump administration announced it would take more offensive hacking operations against foreign countries, the Department of Justice announced sweeping indictments against Chinese hackers and the U.S. intelligence community reported that foreign countries continued to interfere in American elections.
So what comes next? Read four overarching questions for the cybersecurity community in 2019 on FifthDomain.
A server outage at Tribune Publishing on Saturday that prevented the distribution of many leading U.S. newspapers, including the Wall Street Journal, New York Times, Los Angeles Times, Chicago Tribune and Baltimore Sun was actually nothing of the sort.
Instead, it appears to have been a cyber-attack involving what is thought to have been a version of the highly successful Ryuk ransomware family. Interestingly, Ryuk is often attributed to the Lazarus Group which is thought to operate out of China but in the hands of North Korean threat actors.
Read more about the ransomware attack on Tribune Publishing on Forbes.
Leading up to Nov. 6, 2018, anyone with a stake in American democracy was holding their breath. After a Russian effort leading up to 2016 to sow chaos and polarization, and to degrade confidence in American institutions, what sort of widespread cyberattack awaited the voting system in the first national election since? None, it seems.
“We didn’t see any coordinated effort or targeting that interrupted the elections process,” said Matt Masterson, a senior cybersecurity adviser at the Department of Homeland Security. “[Nothing] that prevented folks from voting or compromised election systems in any way … certainly nowhere close to what we saw in 2016.” Experts say that is not because U.S. election systems are hardened in a way that prevents such attacks.
The strong rebuttal came in the face of charges claiming the individuals – Zhu Hua and Zhang Shilong – stole sensitive data from a vast number of organizations working as part of a hacking crew dubbed APT10, which is linked to the Chinese government. A spokesperson with the Chinese embassy in London said the charges were “egregious” and “gravely violated the basic norms governing international relations and seriously damaged China-US cooperation.”
President Donald Trump announced in a Dec. 23 tweet that Patrick Shanahan will become acting secretary of defense Jan. 1, replacing outgoing Pentagon chief Jim Mattis two months early. While it is not clear how long Shanahan will remain in the job, he is on the short list of officials who could become the full-time Pentagon chief.
Regardless of the length of his tenure, Shanahan, the Pentagon deputy since 2017, has been one of the Pentagon’s top advocates for stronger contractor cybersecurity and IT acquisition and will lead the department months after it was given expansive and loosely defined authorities to conduct offensive cyber operations. How Shanahan will handle these greater cyber authorities, even on a temporary basis, remains an open question.
Read more about the Pentagon chief’s cybersecurity views on Fifth Domain.
It’s called the “Dark Side” because the 50 workers there prefer to keep the lights low so they can dim the brightness on their computer screens. Or maybe it’s because of what they do in cyber research and development. Questions about exactly what goes on at the heart of one of the United States’ primary cybersecurity facilities at the Idaho National Laboratory (INL) aren’t always answered, and photos by outsiders aren’t allowed.
What is shared is that the U.S. is rushing to catch up with what cybersecurity experts say are threats by hackers to systems that operate energy pipelines, hydroelectric projects, drinking water systems and nuclear power plants across the country.
Read more about the cybersecurity program of the INL on Phys.org.
Russian efforts to influence U.S. politics and sway public opinion were consistent and, as far as engaging with target audiences, largely successful, according to a new report from Oxford’s Computational Propaganda Project. Based on data provided to Congress by Facebook, Instagram, Google and Twitter, the study paints a portrait of the years-long campaign that’s less than flattering to the companies.
The report summarizes the work of the Internet Research Agency, Moscow’s online influence factory and troll farm. The data cover various periods for different companies, but 2016 and 2017 showed by far the most activity.
Read more about the findings of the insightful report on TechCrunch.
No data encryption, no antivirus programs, no multifactor authentication mechanisms, and 28-year-old unpatched vulnerabilities are just some of the cyber-security failings described in a security audit of the US’ ballistic missile system released on Friday by the US Department of Defense Inspector General (DOD IG).
The report [PDF] was put together earlier this year, in April, after DOD IG officials inspected five random locations where the Missile Defense Agency (MDA) had placed ballistic missiles part of the Ballistic Missile Defense System (BMDS) –a DOD program developed to protect US territories by launching ballistic missiles to intercept enemy nuclear rockets.
Read more about the highly worrisome findings of the report on ZDNet.
As U.S. President Donald Trump re-imposed harsh economic sanctions on Iran last month, hackers scrambled to break into personal emails of American officials tasked with enforcing them, The Associated Press has found — another sign of how deeply cyberespionage is embedded into the fabric of U.S.-Iranian relations.
The AP drew on data gathered by the London-based cybersecurity group Certfa to track how a hacking group often nicknamed Charming Kitten spent the past month trying to break into the private emails of more than a dozen U.S. Treasury officials. Also on the hackers’ hit list: high-profile defenders, detractors and enforcers of the nuclear deal struck between Washington and Tehran, as well as Arab atomic scientists, Iranian civil society figures and D.C. think tank employees.
Read more about the recent Iranian hacking campaign on SecurityWeek.
China summoned the US ambassador to Beijing to protest Canada’s detention of a senior executive of Chinese electronics giant Huawei at Washington’s behest, demanding the US cancel the order for her arrest.
The official Xinhua News Agency said Vice Foreign Minister Le Yucheng “lodged solemn representations and strong protests” with Ambassador Terry Branstad on Sunday against the detention of Huawei’s chief financial officer, Meng Wanzhou. Meng, who is reportedly suspected of trying to evade US trade curbs on Iran, was detained on Dec. 1 in Vancouver, Canada.