NTSC Blog

Weekly News Roundup: October 15, 2018

DoD Weapon Systems Cybersecurity Receives Failing Grade from GAO

In a report released last week entitled “Weapon Systems Cybersecurity: DOD Just Beginning to Grapple with Scale of Vulnerabilities,” the Government Accountability Office pointed out that weapon systems cybersecurity measures were easily skirted and hacked. According to the report, “Although GAO and others have warned of cyber risks for decades, until recently, DOD did not prioritize weapon systems cybersecurity. Finally, DOD is still determining how best to address weapon systems cybersecurity. In operational testing, DOD routinely found mission-critical cyber vulnerabilities in systems that were under development, yet program officials GAO met with believed their systems were secure and discounted some test results as unrealistic. Using relatively simple tools and techniques, testers were able to take control of systems and largely operate undetected, due in part to basic issues such as poor password management and unencrypted communications.”

A few months ago, the DoD released an updated version of its cyber strategy—the first update since 2015. Previously operating from a “doctrine of restraint” in cyberspace, the new cyber strategy says the DoD will “defend forward to halt or degrade cyberspace operations targeting the Department” and “preempt, defeat, or deter malicious cyber activity targeting U.S. critical infrastructure that could cause a significant cyber incident regardless of whether that incident would impact DoD’s warfighting readiness or capability.”

Symantec Publishes Report on Cyberattack Group Targeting Government, Military, and Defense

According to a Symantec blog post, “Symantec researchers have uncovered a previously unknown attack group that is targeting government and military targets, including several overseas embassies of an Eastern European country, and military and defense targets in the Middle East. This group eschews custom malware and uses living off the land (LotL) tactics and publicly available hack tools to carry out activities that bear all the hallmarks of a cyber espionage campaign.” Symantec also notes that “The group has carried out attacks most months since December 2017. Its activity subsequently increased in the second quarter of 2018, with a particular spike in April 2018. Gallmaker’s activity points strongly to it being a cyber espionage campaign, likely carried out by a state-sponsored group.” This report is an example of the growing sophistication of nation state cyberattack capabilities that threaten both the public and private sectors.

DHS Warnings and Alerts

Last week, the Department of Homeland Security (DHS) released a warning about threats to precision agriculture and an alert about global cyberattacks.

• Report: Threats to Precision Agriculture: According to the DHS, “The adoption of advanced precision agriculture technology and farm information management systems in the crop and livestock sectors is introducing new vulnerabilities into an industry which had previously been highly mechanical in nature. The research group visited and/or interviewed several large farms, and precision agriculture technology manufacturers located throughout the United States. The group identified that the potential threats to precision agriculture were often not fully understood or were not being treated seriously enough by the front-line agriculture producers.”
• US-CERT Alert: Publicly Available Tools Seen in Cyber Incidents Worldwide: Summarized in Cyware, “The warning suggested a widespread threat about global malicious cyberattacks based on ‘publicly available tools’. The warning also provided an overview and capabilities of the tools allowing users to defend against potential threats that could target their network using these tools. The tools listed in the Activity Alert have been used worldwide to compromise information across a wide range of critical sectors, including health, finance, government, and defense, said the alert.”

Cybersecurity Reports and Surveys Roundup

We’ve rounded up a few of the best cybersecurity reports and surveys released last week:

• Cryptocurrency theft hits nearly $1 billion in first nine months: report: Reported in Reuters, “Theft of cryptocurrencies through hacking of exchanges and trading platforms soared to $927 million in the first nine months of the year, up nearly 250 percent from the level seen in 2017, according to a report from U.S.-based cyber security firm CipherTrace released [last] Wednesday.”
• Cybersecurity in organizations must enable competitive advantage while they continue to protect and optimize security, EY report reveals: According to EY, “87% of organizations operate with a limited budget to provide for the level of cybersecurity and resilience they require and […] 55% of organizations don’t make the protection of the organization an integral part of their overall business strategy and execution plans.”
• Most Malware Arrives Via Email: Reported in Dark Reading, “A new report finds malware, malice, and email messages inextricably bound together in employee inboxes. The tie is so strong that more than 90% of all malware is delivered via email…”
• Costly cryptojacking overtakes ransomware in the enterprise threat stakes: Reported in SC Media, “According to the newly published Mid-Year Threat Report from Webroot there has been a ‘massive shift from ransomware to cryptomining’ in the first six months of the year. Webroot reports that cryptojacking accounted for 35 percent of threats.”
• More than half of working adults don't know what ransomware is: Reported in TechRadar, “New research has revealed that 64 percent of working adults don't know what ransomware is, raising concerns over the general public's understanding of cybersecurity risks.”
• Why 60% of IT security pros want to quit their jobs right now: Reported in TechRepublic, “Some 60% of IT security professionals are looking to quit their current jobs, according to a […] press release from tech recruiting company, Mondo. The main reasons cited by the IT pros who wanted to leave were job dissatisfaction and the lack of growth opportunities within their companies…”
• Cyberattacks increase as lines blur between state-sponsored and trade-craft attacks, report: Reported in SC Media, “CrowdStrike researchers observed nearly half (48 percent) of intrusions detected were state-sponsored attacks while 33 percent were unknown and 19 percent were instances of eCrime, according to the firm’s OverWatch Report.”
• Mobile security threats: Lack of visibility is putting businesses at risk: Reported in Help Net Security, “50 percent of mobile workers spend the majority of their worktime connected to non-corporate public Wi-Fi and carrier networks. Of that 50 percent, over 27 percent claim to connect to non-corporate owned networks more than 76 percent of the time. And, over 60 percent lack tools to audit when a device connects to a third-party network.”
• New Reports Show Increased Cyber Threats, User Risks Remain High: Reported in Bleeping Computer, “Two new reports from eSentire and Proofpoint show that that as online threats remain an issue, user security leaves much to be desired. The mismatch between the danger of cyberthreats and lack of user readiness could leave individuals or businesses at risk of serious losses to data or property.”
• Gemalto reports 4.6 billion record breaches in the first half of 2018: Reported in ZDNet, “In the first six months of 2018, a total of 4,553,172,708 records were compromised, an increase of 133 percent over the first-half of 2017...”
• Global spending on security solutions to reach $133.7 billion in 2022: Reported in Help Net Security, “Worldwide spending on security-related hardware, software, and services is forecast to reach $133.7 billion in 2022, according to IDC.”

Two Cybersecurity Acquisitions Last Week

Two cybersecurity acquisitions were announced last week. According to a Singtel press release, “Singtel announced [last Wednesday] that its wholly-owned subsidiary Optus Cyber Security Pty Limited has signed an agreement to fully acquire Hivint, an award-winning cyber security consulting company in Australia, to enhance the Group’s cyber security capabilities.” Optus is the second largest telecommunications provider in Australia. Also, according to cybersecurity company Imperva, it “entered into a definitive agreement [last Wednesday] to be acquired by leading private equity technology investment firm Thoma Bravo, LLC. Upon the close of the transaction, Imperva will operate as a privately-held company with the flexibility to focus on execution and drive to be a world-class profitable growth company. Under the terms of the agreement, Imperva stockholders will receive $55.75 per share in cash in a transaction valued at approximately $2.1 billion.”