NTSC Technology Security Roundup

Weekly News Roundup: June 19, 2017

House Hears from Private Sector Cybersecurity Experts About IoT Threats

On Tuesday, the House Energy and Commerce Subcommittee heard from private sector cybersecurity experts about Internet of Things (IoT) threats. According to The Hill, “The hearing explored cyber risks to wireless networks and covered a number of topics — including the state of the cyber workforce and risks to the U.S. power grid — but homed in on threats to smartphones and what the proliferation of internet-connected devices means for the security of the cyber ecosystem.” Mobile and IoT remains a high concern for lawmakers as the proliferation of connected devices increases security vulnerabilities—which is especially a concern for critical infrastructure.

More Bad News About Critical Infrastructure Cybersecurity

In the North America Electric Reliability Corporation’s recent “2017 State of Reliability Report,” the nonprofit oversight organization warns that electricity grid vulnerabilities and threat groups are increasing. According to one of the report’s key findings, “In 2016, there were no reported cyber or physical security incidents that resulted in a loss of load. Nonetheless, grid security, particularly cyber security, is an area where past performance does not predict future risk. Threats continue to increase and are becoming more serious.” And a recent GovTech article reported that “Vulnerabilities in software that automates everything from factories to traffic lights has become the nation's top cybersecurity threat, an agent on the FBI's Denver Cyber Task Force said Thursday in Colorado Springs.”

Gartner Identifies the Top Security Technologies for 2017

In a recent press release, Gartner identified what their analysts consider the top security technologies for 2017. These technologies are:

  • Cloud Workload Protection Platforms
  • Remote Browser
  • Deception
  • Endpoint Detection and Response
  • Network Traffic Analysis
  • Managed Detection and Response
  • Microsegmentation
  • Software-Defined Perimeters
  • Cloud Access Security Brokers
  • OSS Security Scanning and Software Composition Analysis for DevSecOps
  • Container Security

DHS and FBI Release Alert About North Korea’s DDoS Threat

In an alert titled “HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure” (TA17-164A), the DHS and FBI report that they “identified Internet Protocol (IP) addresses associated with a malware variant, known as DeltaCharlie, used to manage North Korea’s distributed denial-of-service (DDoS) botnet infrastructure.” This malware was created to “target the media, aerospace, financial, and critical infrastructure sectors in the United States and globally.” The alert goes on to outline details about the threat and ways to mitigate it. Forbes contributor Lee Mathews hints at the seriousness of this alert, saying “It's not often that the FBI and Department of Homeland Security call out a nation behind a team of state-sponsored hackers for their activities.”

US Cyber Command Cyber Mission Force Teams Reach 70 Percent “Fully Operational Capable” Mode

Cyberscoop recently reported that the US Cyber Command’s Cyber Mission Force teams are now at 70 percent “fully operational capable” mode according to testimony from Gen. Joseph Dunford at a Tuesday House Armed Services Committee hearing. According to Cyberscoop, “The Cyber Mission Force teams are tasked with defending Defense Department networks (68 teams), supporting military objectives (27 teams), providing analytic support to combat missions (25 teams) and defending U.S. critical infrastructure (13 teams).”

Headquartered in Fort Gordon, Georgia, US Cyber Command “plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.”

US and UK Intelligence Both Point to North Korea as Source of WannaCry

Both the US National Security Agency (NSA) and the UK National Cyber Security Centre (NCSC) point to the same WannaCry culprit: North Korea. According to the BBC, “Security sources have told the BBC that the NCSC believes that a hacking group known as Lazarus launched the attack.” This was the same group behind the Sony Pictures hack in 2014.

Professional Hacking Groups Stealing Data and Demanding Ransom from North American Companies

A recent Help Net Security article reports that a group of professional hackers are stealing data from North American companies and threatening to publicly release it unless their demand of 100-500 Bitcoin is paid. According to the article, “The group, dubbed FIN10 by FireEye researchers, first gets access to the target companies’ systems through spear-phishing (and possibly other means), then uses publicly available software, scripts and techniques to gain a foothold into victims’ networks.” So far, FIN10 seems primarily focused on mining companies and casinos.

Radware Survey Says Security Automation Has Reached Inflection Point

Radware recently released its 2017 Executive Application & Network Security Survey which addressed some trends in executive perceptions of artificial intelligence (AI) and machine learning systems. According to Radware, “This year’s executive survey supports the assertion that security automation has now reached an inflection point—with about four in five (81%) of the executives reported having already or recently implemented more reliance on automated solutions. Some 57% of executives report trusting automated systems as much or more than humans to protect their organizations. Two in five (38%) executives indicated that within two years, automated security systems would be the primary resource for managing cyber security.”

Secretary of Defense James Mattis Makes Case for More DoD Cybersecurity Funding

Last Thursday, Secretary of Defense James Mattis made a strong case for more cybersecurity funding—pointing out that we are falling behind countries such as Russia that pose a threat to our national security. According to FCW, “Mattis warned that unless Congress can meet the administration's request for $574 billion in base funding and $65 billion for overseas contingency operations, adversaries will continue to close the technology gap that for so long provided the U.S. with military superiority.” Secretary Mattis made these remarks at a House Appropriations Committee Defense Subcommittee hearing.