NTSC Technology Security Roundup

Weekly News Roundup: July 30, 2018

US Department of Justice Not Giving Up on Desire to Access Encrypted Devices

A long-standing, unresolved cybersecurity debate at the federal level is encryption. When do privacy rights supersede the need for law enforcement to access encrypted devices as part of an investigation? Should a “backdoor” tool exist to help law enforcement that may compromise cybersecurity standards and privacy? According to The Washington Post, “In a highly anticipated cyber task force report commissioned by Attorney General Jeff Sessions, the DOJ outlines a seven-point plan to tackle what it calls the ‘going dark’ problem posed by the spread of strong encryption. Among them: Considering whether to pursue legislation to give law enforcement a guaranteed way in to encrypted devices and software in criminal investigations. And holding service providers accountable if they do not provide all information in their possession when legally required.”

National Defense Authorization Act (NDAA) Strengthens US Cyber Deterrence

When the Department of Defense outlined a cyberspace “doctrine of restraint” in 2015, it probably did not anticipate today’s cyber warfare landscape with nation states such as Russia, China, North Korea, and Iran relentlessly threatening our critical infrastructure, elections, and economy. In the final version of the National Defense Authorization Act (NDAA), The Hill reports that the “…annual defense policy bill would set new authorities for the Department of Defense to deter and respond to attacks in cyberspace, including establishing the first U.S. policy on cyber warfare. Following House and Senate negotiations, a conference report on the National Defense Authorization Act (NDAA) released Monday says the United States should be able to use every option on the table, including offensive cyber capabilities.”

ODNI’s Tonya Ugoretz Explains How WannaCry Serves as Ideal Example of Public-Private Partnership

When WannaCry emerged last year as a serious global threat, the DHS’s cyber threat intelligence sharing programs between the public and private sectors worked to make DHS aware of this dangerous ransomware. According to CyberScoop, “[Tonya Ugoretz, director of ODNI’s Cyber Threat Intelligence Integration Center (CTIIC)] said that CTIIC learned of information about WannaCry that had been fed to Department of Homeland Security by its private sector partners. The information would play an important role in the attribution to North Korea months later, Ugoretz explained. […] ‘DHS had that [information] by virtue of their private sector relationships, and we asked “Could we share that with the intelligence community? Because we think it could be valuable,” she said. ‘DHS went back to the private sector partner, got their permission, we shared it with the intel community, and it helped give us a sense early on about how the infection did spread.’”

Cybersecurity Reports and Surveys Roundup

We’ve rounded up a few of the best cybersecurity reports and surveys released last week:

  • The demand for hacking tools and malware is greater than the current supply: Reported in Yahoo! Finance, “A 34-page report published by Positive Technologies reveals a high demand for malware creation on the dark web: Three times greater than the current supply. The report is based on 25 Russian and English-based dark web sites with around 3 million registered individuals to reveal the most-popular malware in use today, the cost of attack services, and more.”
  • Insider Threats Rise as Businesses Struggle with Cybercrime: Reported in Computer Business Review, “Insider threats are believed by more than half of IT professionals (51 percent) to be one of the greatest security threats facing their organization, according to CyberArk’s 2018 Global Advanced Threat Landscape Report.”
  • 72% of CEOs admit they’ve taken intellectual property from a former employer: Reported in Help Net Security, “In a clear demonstration that top executives defy data security best practices and company policy, 72 percent of CEOs admit they’ve taken valuable intellectual property (IP) from a former employer. 93 percent of CEOs say they keep a copy of their work on a personal device, outside the relative safety of company servers or cloud applications.”
  • More than 40% of reported security breaches are caused by employee negligence: Reported in TechRepublic, “According to 2018 research conducted by Shred-it, more than 40% of senior executives and small business owners report that employee negligence or accidental loss was the root cause of their most recent data security breach.”
  • Half a billion IoT devices vulnerable to 10-year-old DNS rebinding attacks: Reported in CSO Online, “Due to the wide variety of about 496 million vulnerable devices – printers, smart TVs, streaming media players and speakers, IP cameras, IP phones, switches, routers and access points – [IoT security vendor] Armis warned that ‘nearly all enterprises are susceptible’ to DNS rebinding attacks, which give remote attackers a way to get around firewalls and gain access to vulnerable devices on a local network – devices that were never meant to be accessed by the public.”

Gigamon Acquires Network Security Company ICEBRG

Last Tuesday, Gigamon announced the acquisition of ICEBRG, a Seattle-based security company. According to a press release, “The combination of network traffic visibility from the market-leading Gigamon platform and the next-generation approach that ICEBRG employs for the detection and triage of threats, will allow enterprises to reduce risk and keep pace with the rapidly evolving threat landscape. […] Offered as a SaaS solution, SOC and Incident Response teams can rapidly deploy new security technologies as ‘security applications’ and validate them with a robust data set built over time.”