NTSC Blog

Weekly News Roundup: June 15, 2020

Legislative Cybersecurity News Update

Here, we’ve provided a roundup of cybersecurity legislation news stories from last week.

• Senate Democrat introduces legislation to protect US against crippling cyberattack: According to The Hill, “Sen. Gary Peters (D-Mich.) [last] Friday introduced two bills designed to protect and defend the United States in the event of a nationwide cyberattack that impacts critical systems and cripples the economy. The Continuity of Economy Act would require the president to develop a plan to enable the economy and critical services to continue functioning in the wake of a debilitating cyberattack. The second bill, the National Guard Cyber Interoperability Act, would funnel more resources to the National Guard to enable them to provide support to states to defend against and respond to cyber incidents.”
• Setback for national cyber director proposal, but fight’s not over: According to Politico, “The Senate’s annual defense policy bill punted on the Cyberspace Solarium Commission’s recommendation to establish a national cyber director… […] Instead, the Senate Armed Services Committee’s fiscal 2021 National Defense Authorization Act, a summary of which was released [last] Thursday, calls for an ‘independent assessment on the feasibility and advisability’ of creating such an office.”
• FCC failed to monitor Chinese telecoms for almost 20 years: Senate report: According to Ars Technica, “The Federal Communications Commission and other US agencies have failed to properly oversee Chinese telecom companies that operate in the United States, according to a bipartisan Senate report released [last Tuesday]. After a year-long investigation, the staff report by the US Senate's Permanent Subcommittee on Investigations ‘found that the FCC and 'Team Telecom'—an informal group comprised of officials from the Departments of Justice, Homeland Security, and Defense—have failed to monitor these three Chinese government-owned carriers,’ a joint announcement by the subcommittee's Republican and Democratic leaders said. The three carriers the subcommittee referred to are China Telecom Americas (CTA), China Unicom Americas (CUA), and ComNet USA.”
• Senate Intelligence Committee wants DNI to investigate commercial spyware threats: According to CyberScoop, “The Senate Intelligence Committee quietly approved a measure [the week of June 1] that would require the Director of National Intelligence to submit a report to Congress on the threats posed by foreign governments’ and entities’ use of commercially available surveillance software. The DNI’s report, which would be sent to Congress 180 days after the Intelligence Authorization Act for 2021 passes, would include information on how the U.S. — and other countries — can work to reduce the threats of commercial spyware, including through export controls, diplomatic pressure, trade agreements, and work with the technology and telecommunications sectors to better secure consumers’ software. The committee wants the DNI to specifically address the threat posed to U.S. citizens, in addition to those living abroad or employed by the U.S. government.”

Federal Cybersecurity News Roundup

In federal cybersecurity news last week…

• FCC’s security advisors post report on securing 5G from legacy vulnerabilities: According to Inside Cybersecurity, “The Federal Communications Commission’s industry-led security advisory panel has posted a new working group report on vulnerabilities in the transition to fifth-generation networks, an expansive 67-page document examining risks inherent in leveraging 4G architecture to quickly deploy 5G networks and mitigation best practices.”
• NIST seeks comment on possible revisions to security guidelines on digital identity: According to Inside Cybersecurity, “The National Institute of Standards and Technology has issued a request for comment on possible updates to its ‘800-63’ series of documents on digital identity security, ‘in response to agency and industry implementations, industry and market innovation and the current threat environment.’”
• CISA task force to investigate COVID-19 impacts on telecom supply chain: According to Inside Cybersecurity, “A CISA-led supply chain taskforce that includes telecom and IT industry leaders is in the process of developing ‘workstreams’ to determine how the COVID-19 pandemic has impacted manufacturing of components that go into critical telecom systems.”
• FBI warns hackers are targeting mobile banking apps: According to The Hill, “The FBI [last] Wednesday warned that malicious cyber actors were targeting mobile banking apps in an attempt to steal money as more Americans have moved to online banking during the coronavirus pandemic. In a public service announcement, the FBI noted it expects to see hackers ‘exploit’ mobile banking platforms, which have seen a 50 percent surge in use since the beginning of the pandemic.”

National Cyber Security News Update

Here, we’ve provided a roundup of cybersecurity news stories related to national security from last week.

• DHS’s cyber wing pledges to invest more in industrial control systems security: According to CyberScoop, “The Department of Homeland Security’s cybersecurity division [last] Tuesday unveiled a strategy to help protect industrial control systems that support energy, transportation, and other critical sectors from being hacked. The goal is to use data analytics, enhanced training, and better technology to help guard U.S. critical infrastructure operators from foreign hacking groups that have shown a steady interest in their networks.”
• Paid hackers targeted thousands of people and hundreds of institutions worldwide, report says: According to the Los Angeles Times, “A hackers-for-hire group dubbed ‘Dark Basin’ has targeted thousands of individuals and hundreds of institutions around the world, including advocacy groups, journalists, elected officials, lawyers, hedge funds and companies, according to the internet watchdog Citizen Lab. Researchers discovered almost 28,000 web pages created by hackers for personalized ‘spear phishing’ attacks designed to steal passwords, according to a report published [last] Tuesday by Citizen Lab, part of the University of Toronto’s Munk School.”
• Ransomware: Hackers took just three days to find this fake industrial network and fill it with malware: According to ZDNet, “Industrial control networks are coming under attack from a range of ransomware attacks, security researchers have warned, after an experiment revealed the speed at which hackers are uncovering vulnerabilities in critical infrastructure. Security company Cybereason built a 'honeypot' designed to look like an electricity company with operations across Europe and North America. […] The honeypot went live earlier this year and it was only three days until attackers discovered the network and were finding ways to compromise it – including a ransomware campaign that infiltrated chunks of the network, as well as grabbing log-in credentials.”
• Readers of a certain age will remember GPRS: Old insecure tech from turn of millennium still haunts 5G networks: According to The Register, “Long-standing vulnerabilities in older wireless broadband standards will continue to dog new 5G networks, despite efforts to improve network security, a new report has claimed. Researchers with Positive Technologies say that a legacy standard known as GPRS Tunneling Protocol (GTP) is the culprit behind security issues that will leave many of the early 5G networks open to attacks such as spoofing, man-in-the-middle, and denial of service.”
• Cyber Command creates new malware sharing portal with National Guard: According to Defense News, “A new portal created by U.S. Cyber Command and the National Guard provides a two-way interface for sharing malware and gain[ing] better insights into cyber threats facing the nation, according to a June 9 release from the command. This portal, called Cyber 9-Line, allows participating Guard units from their perspective states to quickly share incidents with Cyber Command. Cyber Command’s elite Cyber National Mission Force, which conducts operations aimed at disrupting specific nation state actors, is then able to provide analysis on the malware and offer feedback to the states to help redress the incident.”
• US energy providers hit with new malware in targeted attacks: According to Bleeping Computer, “U.S. energy providers were targeted by spear-phishing campaigns delivering a new remote access trojan (RAT) capable of providing attackers with full control over infected systems. The attacks took place between July and November 2019, and the threat actor behind it — tracked as TA410 by Proofpoint researchers who spotted the campaigns — used portable executable (PE) attachments and malicious macro laden Microsoft Word document[s] to deliver the malicious payload.”

Cybersecurity Reports and Surveys Roundup

We’ve rounded up a few of the best cybersecurity reports and surveys released last week:

• Cloud Service Providers and Security: IBM Research Findings: Reported in MSSP Alert, “Basic security oversight issues such as governance, vulnerabilities, and misconfigurations are the top risk factors organizations must address to secure expanding cloud-based operations, a new IBM survey found. The 2020 Cloud Security Landscape report, conducted jointly by IBM’s Institute for Business Value (IBV) and the vendor’s X-Force Incident Response and Intelligence Services (IRIS), concluded that the ease and speed at which new cloud tools are deployed can also challenge security teams to control their usage.”
• Average cost of DNS attacks hovering around $924,000: Reported in Help Net Security, “79% of organizations experienced DNS attacks, with the average cost of each attack hovering around $924,000, according to EfficientIP.”
• Rate of Ransomware Attacks in Healthcare Slows in H1 2020: Reported in Dark Reading, “Corvus Insurance recently analyzed threat data related to hospitals, health systems, doctors' offices, consultants, and other entities in the healthcare sector during the first several months of this year. The data shows a total of 18 publicly reported ransomware attacks on healthcare organizations through mid-May compared with 20 attacks in total during the entire first half of 2019.”
• Search traffic reveals 'mad scramble' for cybersecurity at pandemic peak: Reported in IT Pro Portal, “Based on analysis of search traffic, the report states there was a 126 percent surge in ‘cyber defense’ search queries between January and March, the point at which many lockdown policies were implemented. In comparison to March 2019, meanwhile, the search for the query was up by 116 percent. March also saw a spike in related cybersecurity keywords, such as ‘cyber security services’ (up 44 percent) and ‘how to install a VPN’ (up 40 percent).”
• Cybercrime against retail brands is up 41% during pandemic: Reported in TechRepublic, “41% of retail executives surveyed cited a dramatic shift in retail and e-commerce, and a higher rate of cybercrime against their brands since the beginning of the pandemic. The crimes include scams, counterfeiting and hacking. Counterfeiting rose 39%.”
• Mimecast State of Email Security 2020 Report Reveals 60% of Organizations Expect to Suffer from an Email-borne Attack: According to a press release, “The large majority (77%) of respondents say they have or are actively rolling out a cyber resilience strategy, yet an astounding 60% of respondents believe it is inevitable or likely they will suffer from an email-borne attack in the coming year. Respondents cite data loss (31%), a decrease in employee productivity (31%) and business downtime (29%) due to a lack of cyber resilience preparedness.”

GitLab Acquires Peach Tech and Fuzzit to Expand its DevSecOps Offering

According to a press release, GitLab announced it has acquired Peach Tech, a security software firm specializing in protocol fuzz testing and dynamic application security testing (DAST) API testing, and Fuzzit, a continuous fuzz testing solution providing coverage-guided testing. GitLab says these acquisitions will add fully-mature testing solutions including protocol fuzzing, API fuzzing, DAST API testing, and coverage-guided fuzz testing.