Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label National Security. Show all posts
telecoms
Cyber Security Elon Musk Internet Service Providers National Security regulatory measures Satellite Starlink telecoms

Concerns Over Starlink in India: Potential Risks to National Security


As Starlink, Elon Musk’s satellite internet service, prepares to enter India’s broadband market, think tank Kutniti Foundation has raised significant concerns about its potential risks to India’s national security. A report cited by PTI claims Starlink’s close ties with U.S. intelligence and military agencies could make it a threat to India’s interests. The foundation described Starlink as “a wolf in sheep’s clothing,” alleging that its dual-use technology serves American governmental agendas. Unlike traditional telecom networks operating under Indian jurisdiction, Starlink’s global satellite system bypasses local control, granting operational authority to U.S.-based entities. 

Kutniti suggests this could allow for activities such as surveillance or other strategic operations without oversight from India. The report also highlights that Starlink’s key clients include U.S. intelligence and military organizations, positioning it within what the foundation calls the U.S. “intel-military-industrial complex.” India’s Communications Minister Jyotiraditya Scindia recently addressed these concerns, stating that Starlink must meet all regulatory and security requirements before its services can be approved. He confirmed that the government will only consider granting a license once the platform fully complies with the country’s safety standards for satellite broadband.  

Kutniti’s report also examines the broader implications of Starlink’s operations, emphasizing how its ownership and infrastructure could support U.S. strategic objectives. The foundation referenced U.S. laws that prioritize national interests in partnerships with private enterprises, suggesting this could undermine the sovereignty of nations relying on Starlink’s technology. The think tank further criticized the role of Musk’s ventures in geopolitical scenarios, pointing to Starlink’s refusal to assist a Ukrainian military operation against Russia as an example of its influence. 

Additionally, Kutniti noted Musk’s association with Palantir Technologies, a firm known for intelligence collaborations, as evidence of the platform’s involvement in sensitive political matters. Highlighting incidents in countries like Brazil, Ukraine, and Iran, Kutniti argued that Starlink’s operations have, at times, bypassed local governance and democratic norms. The report warns that the satellite network could serve as a tool for U.S. geopolitical leverage, further cementing American dominance in space and global communications. 

India’s careful consideration of Starlink reflects a broader need to balance the benefits of cutting-edge technology with national security concerns. Kutniti’s findings underscore the risks of integrating foreign-controlled networks, especially those with potential geopolitical implications, in an increasingly complex global landscape.
Read more »
Vulnerability
AI developers CISA Cyber Security data security Encryption Executive Order 14117 government data National Security U.S. personal data Vulnerability

CISA Proposes New Security Measures to Protect U.S. Personal and Government Data

 

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has proposed a series of stringent security requirements to safeguard American personal data and sensitive government information from potential adversarial states. The initiative aims to prevent foreign entities from exploiting data vulnerabilities and potentially compromising national security.

These new security protocols target organizations involved in restricted transactions that handle large volumes of U.S. sensitive personal data or government-related data, especially when such information could be exposed to "countries of concern" or "covered persons." This proposal is part of the broader implementation of Executive Order 14117, signed by President Biden earlier this year, which seeks to address critical data security risks that could pose threats to national security.

The scope of affected organizations is wide, including technology companies such as AI developers, cloud service providers, telecommunications firms, health and biotech organizations, financial institutions, and defense contractors. These businesses are expected to comply with the new security measures to prevent unauthorized access to sensitive information.

"CISA’s security requirements are split into two main categories: organizational/system-level requirements and data-level requirements," stated the agency. Below is a breakdown of some of the proposed measures:

  • Monthly Asset Inventory: Organizations must maintain and update a comprehensive asset inventory that includes IP addresses and hardware MAC addresses.
  • Vulnerability Remediation: Known exploited vulnerabilities should be addressed within 14 days, while critical vulnerabilities, regardless of known exploitation, must be remediated within 15 days. High-severity vulnerabilities should be resolved within 30 days.
  • Accurate Network Topology: Companies must maintain a precise network topology, which is crucial for identifying and responding to security incidents swiftly.
  • Multi-Factor Authentication (MFA): All critical systems must enforce MFA, and passwords must be at least 16 characters long. Immediate access revocation is required upon employee termination or a change in roles.
  • Unauthorized Hardware Control: Organizations must ensure that unauthorized hardware, such as USB devices, cannot be connected to systems handling sensitive data.
  • Log Collection: Logs of access and security-related events, including intrusion detection/prevention, firewall activity, data loss prevention, VPN usage, and login events, must be systematically collected.
  • Data Reduction and Masking: To prevent unauthorized access, organizations should reduce the volume of data collected or mask it, and encrypt data during restricted transactions.
  • Encryption Key Security: Encryption keys must not be stored alongside the encrypted data, nor in any country of concern.
  • Advanced Privacy Techniques: The use of techniques like homomorphic encryption or differential privacy is encouraged to ensure sensitive data cannot be reconstructed from processed data.
CISA has called for public feedback on the proposed security measures before they are finalized. Interested parties can submit their comments by visiting regulations.gov, entering CISA-2024-0029 in the search bar, and submitting feedback through the available form.
Read more »
Vulnerabilities
CPS critical Cyber Security Cyberattack Cybersecurity Digital Infrastructure National Security public safety Supply Chain Vulnerabilities

Cyberattacks on Critical Infrastructure: A Growing Threat to Global Security

 

During World War II, the U.S. Army Air Forces launched two attacks on ball bearing factories in Schweinfurt, aiming to disrupt Germany’s ability to produce machinery for war. The belief was that halting production would significantly affect Germany’s capacity to manufacture various war machines.

This approach has a modern parallel in the cybersecurity world. A cyberattack on a single industry can ripple across multiple sectors. For instance, the Colonial Pipeline attack affected American Airlines operations at Charlotte Douglas Airport. Similarly, the Russian NotPetya attack against Ukraine spilled onto the internet, impacting supply chains globally.

At the 2023 S4 Conference, Josh Corman discussed the potential for cascading failures due to cyberattacks. The creation of the Cybersecurity and Infrastructure Security Agency’s National Critical Functions was driven by the need to coordinate cybersecurity efforts across various critical sectors. Corman highlighted how the healthcare sector depends on several infrastructure sectors, such as water, energy, and transportation, to provide patient care.

The question arises: what if a cyber incident affected multiple segments of the economy at once? The consequences could be devastating.

What makes this more concerning is that it's not a new issue. The SQL Slammer virus, which appeared over two decades ago, compromised an estimated one in every 1,000 computers globally. Unlike the recent CrowdStrike bug, Slammer was an intentional exploit that remained unpatched for over six months. Despite differences between the events, both show that software vulnerabilities can be exploited, regardless of intent.

Digital technology now underpins everything from cars to medical devices. However, as technology becomes more integrated into daily life, it brings new risks. Research from Claroty’s Team82 reveals that insecure code and misconfigurations exist in software that controls physical systems, posing potential threats to national security, public safety, and economic stability.

Although the CrowdStrike incident was disruptive, businesses and governments must reflect on the event to prevent larger, more severe cyber incidents in the future.

Cyber-Physical Systems: A Shifting Threat Landscape

Nearly every facility, from water treatment plants to hospitals, relies on digital systems known as cyber-physical systems (CPS) to function. These systems manage critical tasks, but they also introduce vulnerabilities. Today, billions of tiny computers are embedded in systems across all industries, offering great benefits but also exposing the soft underbelly of society to cyber threats.

The Stuxnet malware attack in 2014, which disrupted Iran's nuclear program, was the first major cyber assault on CPS. Since then, there have been several incidents, including the 2016 Russian Industroyer malware attack that disrupted part of Ukraine’s power grid, and the 2020 Iranian attempt to attack Israeli water utilities. Most recently, Chinese hackers have targeted U.S. critical infrastructure.

These incidents highlight how cybercriminals and nation states exploit vulnerabilities in critical infrastructure to understand weaknesses and the potential impact on security. China, for example, has expanded its objectives from espionage to compromising U.S. infrastructure to weaken its defense capabilities in case of a conflict.

The CrowdStrike Bug and Broader Implications

The CrowdStrike bug wasn’t a malicious attack but rather a mistake tied to a gap in quality assurance. Still, the incident serves as a reminder that our dependence on digital systems has grown significantly. Failures in cyber-physical systems—whether in oil pipelines, manufacturing plants, or hospitals—can have dangerous physical consequences.

Although attacks on CPS are relatively rare, many of these systems still rely on outdated technology, including Windows operating systems, which account for over 25% of vulnerabilities in the CISA Known Exploited Vulnerabilities Catalog. Coupled with long periods of technological obsolescence, these vulnerabilities pose significant risks.

What would happen if a nation-state deliberately targeted CPS in critical infrastructure? The potential consequences could be far worse than the CrowdStrike bug.

Addressing the vulnerabilities in CPS will take time, but there are several steps that can be taken immediately:

  • Operationalize compensating controls: Organizations must inventory assets and implement network segmentation and secure access to protect vulnerable systems.
  • Expand secure-by-design principles: CISA has emphasized the need to focus on secure-by-design in CPS, particularly for medical devices and automation systems.
  • Adopt secure-by-demand programs: Organizations should ask the right questions of software vendors during procurement to ensure higher security standards.
Although CPS drive innovation, they also introduce new risks. A failure in one link of the global supply chain could cascade across industries, disrupting critical services. The CrowdStrike bug wasn’t a malicious attack, but it underscores the fragility of modern infrastructure and the need for vigilance to prevent future incidents
Read more »
threat mitigation
AI collaboration connected mindset Cybersecurity defense strategy Machine learning National Security public-private partnerships Technology threat mitigation

Adopting a Connected Mindset: A Strategic Imperative for National Security

 

In today's rapidly advancing technological landscape, connectivity goes beyond being just a buzzword—it has become a strategic necessity for both businesses and national defense. As security threats grow more sophisticated, an integrated approach that combines technology, strategic planning, and human expertise is essential. Embracing a connected mindset is crucial for national security, and here's how it can be effectively implemented.What is a Connected Mindset?A connected mindset involves understanding that security is not an isolated function but a comprehensive effort that spans multiple domains and disciplines. It requires seamless collaboration between government, private industry, and academia to address security challenges. This approach recognizes that modern threats are interconnected and complex, necessitating a comprehensive response.Over the past few decades, security threats have evolved significantly. While traditional threats like military aggression still exist, newer challenges such as cyber threats, economic espionage, and misinformation have emerged. Cybersecurity has become a major concern as both state and non-state actors develop new methods to exploit vulnerabilities in digital infrastructure. Attacks on critical systems can disrupt essential services, leading to widespread chaos and posing risks to public safety. The recent rise in ransomware attacks on healthcare, financial sectors, and government entities underscores the need for a comprehensive approach to these challenges.The Central Role of TechnologyAt the core of the connected mindset is technology. Advances in artificial intelligence (AI), machine learning, and big data analytics provide valuable tools for detecting and countering threats. However, these technologies need to be part of a broader strategy that includes human insight and collaborative efforts. AI can process large datasets to identify patterns and anomalies indicating potential threats, while machine learning algorithms can predict vulnerabilities and suggest proactive measures. Big data analytics enable real-time insights into emerging risks, facilitating faster and more effective responses.Despite the critical role of technology, human expertise remains indispensable. Cybersecurity professionals, intelligence analysts, and policymakers must collaborate to interpret data, evaluate risks, and devise strategies. Public-private partnerships are vital for fostering this cooperation, as the private sector often possesses cutting-edge technology and expertise, while the government has access to critical intelligence and regulatory frameworks. Together, they can build a more resilient security framework.To implement a connected mindset effectively, consider the following steps:
  • Promote Continuous Education and Training: Regular training programs are essential to keep professionals up-to-date with the latest threats and technologies. Cybersecurity certifications, workshops, and simulations can help enhance skills and preparedness.
  • Encourage Information Sharing: Establishing robust platforms and protocols for information sharing between public and private sectors can enhance threat detection and response times. Shared information must be timely, accurate, and actionable.
  • Invest in Advanced Technology: Governments and organizations should invest in AI, machine learning, and advanced cybersecurity tools to stay ahead of evolving threats, ensuring real-time threat analysis capabilities.
  • Foster Cross-Sector Collaboration: Cultivating a culture of collaboration is crucial. Regular meetings, joint exercises, and shared initiatives can build stronger partnerships and trust.
  • Develop Supportive Policies: Policies and regulations should encourage a connected mindset by promoting collaboration and innovation while protecting data privacy and supporting effective threat detection.
A connected mindset is not just a strategic advantage—it is essential for national security. As threats evolve, adopting a holistic approach that integrates technology, human insight, and cross-sector collaboration is crucial. By fostering this mindset, we can create a more resilient and secure future capable of addressing the complexities of modern security challenges. In a world where physical and digital threats increasingly overlap, a connected mindset paves the way for enhanced national security and a safer global community.

Read more »
Ukraine
Cyber Attacks National Security Phishing Campaign Targeted Attacks Ukraine

Ukraine Faces New Phishing Campaign Targeting Government Computers, Warns CERT

Ukraine Faces New Phishing Campaign Targeting Government Computers

The  CERT-UA (Computer Emergency Response Team of Ukraine) has issued a warning about a sophisticated phishing campaign targeting Ukrainian government computers. This campaign, which began in July 2024, has already compromised over 100 government systems, posing a significant threat to national security and data integrity.

The attackers behind this campaign are impersonating the Security Service of Ukraine (SSU), a tactic designed to exploit the trust and authority associated with this organization. By doing so, they aim to deceive recipients into believing that the phishing emails are legitimate and urgent. This method of social engineering is particularly effective in high-stakes environments where quick responses are often required.

The phishing emails contain a ZIP file attachment, which, when opened, reveals an MSI installer. This installer is loaded with a malware strain known as ANONVNC. Once installed, ANONVNC provides the attackers with remote desktop access to the infected computers. This level of access allows them to monitor activities, steal sensitive information, and potentially disrupt operations.

The Mechanics of the Attack

The phishing emails are crafted to appear as official communications from the SSU. They often contain subject lines and content that create a sense of urgency, prompting the recipient to open the attachment without due diligence. Once the ZIP file is opened and the MSI installer is executed, the ANONVNC malware is deployed.

ANONVNC is a remote access tool (RAT) that enables the attackers to take control of the infected computer. This includes the ability to view the screen, access files, and execute commands. The malware operates stealthily, making it difficult for users to detect its presence. This allows the attackers to maintain prolonged access to the compromised systems, increasing the potential for data theft and other malicious activities.

Broader Implications

By targeting government computers, the attackers are not only seeking to steal sensitive information but also to undermine the operational integrity of Ukrainian governmental functions. This can have a cascading effect, potentially disrupting public services and eroding trust in governmental institutions.

Moreover, the use of ANONVNC as the malware of choice highlights the evolving nature of cyber threats. Remote access tools are becoming increasingly sophisticated, enabling attackers to carry out complex operations with relative ease. This underscores the need for robust cybersecurity measures and continuous vigilance.

Read more »
Privacy
CFPB Regulations Data Brokers Micro-Targeting National Security Privacy

National Security at Risk: The CFPB’s Battle Against Data Brokers

The CFPB’s Battle Against Data Brokers

Data brokers work in secrecy, collecting personal details about our lives. These entities collect, and misuse our personal information without our explicit consent. 

The Rise of Data Brokers

The Consumer Financial Protection Bureau (CFPB) has taken notice, and their proposed regulations seek to hold data brokers accountable by subjecting them to the Fair Credit Reporting Act (FCRA). This move transcends mere privacy concerns—it is a matter of national security.

For instance, data brokers can facilitate targeting individuals by allowing entities to purchase lists that match multiple categories, such as “Intelligence and Counterterrorism” combined with descriptors like “substance abuse,” “heavy drinker,” or even “behind on bills.” 

In other contexts, entities can buy records for pennies per person, leveraging relatively small investments into mass data collection. The concern is that adversaries, including countries like China, can use this data to identify targets for surveillance and other purposes. The government is increasingly worried about foreign governments’ access to Americans’ data.

The CFPB’s Call to Action

The Consumer Financial Protection Bureau intends to propose new regulations that will compel data brokers to follow the Fair Credit Reporting Act. Earlier this month, CFPB Director Rohit Chopra stated that the agency is looking into rules to "ensure greater accountability" for companies that buy and sell consumer data, in line with an executive order signed by President Joe Biden in late February.

Chopra added that the agency is examining suggestions that would classify data brokers who sell specific categories of data as "consumer reporting agencies," requiring them to comply with the Fair Credit Reporting Act (FCRA). The statute prohibits the sharing of certain types of data with companies unless they have a legally defined purpose.

The CFBP considers the purchase and sale of consumer data to be a national security issue rather than a privacy concern. Chopra cited three large data breaches—the 2015 Anthem leak, the 2017 Equifax hack, and the 2018 Marriott breach—as instances of foreign enemies illegally collecting Americans' personal information.  

The National Security Angle

He said, "When Americans' health information, financial information, and even their travel whereabouts can be assembled into detailed dossiers, it's no surprise that this raises risks when it comes to safety and security,". However, the attention on high-profile intrusions hides a more widespread, entirely legal phenomenon: data brokers' capacity to sell precise personal information to anyone willing to pay for it. 

The government is increasingly concerned about foreign governments gaining access to Americans' data. In March, the House passed legislation that would bar data brokers from selling Americans' personally identifiable information to "any entity controlled by a foreign adversary." 

Why Data Brokers Matter

According to the Protecting Americans' Data from Foreign Adversaries Act, data brokers would be facing fines from the Federal Trade Commission if they sold sensitive information — such as location or health data — to any person or business situated in a few countries. The Senate has yet to vote on the legislation.

US government agencies also depend on data brokers to keep surveillance on Americans. In 2022, the American Civil Liberties Union released a series of files exposing how the DHS (Department of Homeland Security) exploited location data to track the movement of millions of cell phones — and the users who own them — across the United States.

Read more »
Zambia
Cyber Crime Golden Top National Security State-sponsored Hackers Zambia

Unmasking the “Golden Top” Cybercrime Syndicate: Zambia’s Battle Against Deception


Zambia has exposed a sophisticated Chinese cybercrime syndicate that preyed on unsuspecting victims across the globe. The operation, which unfolded during a multi-agency raid, led to the apprehension of 77 individuals, including 22 Chinese nationals. 

This case sheds light on the intricate web of cybercriminal activities and underscores the importance of international cooperation in combating fraud.

The Deceptive Web

The story begins with a seemingly innocuous Chinese-run company named “Golden Top Support Services.” Operating in Zambia, this company had recruited young Zambians, aged between 20 and 25, under the guise of call center agents. 

However, their actual task was far from ordinary. These recruits engaged in scripted conversations with mobile users across various platforms, including WhatsApp, Telegram, and chatrooms. Their mission? To deceive unsuspecting victims.

The Sim Box Connection

During the raid, authorities seized several crucial pieces of evidence. The most intriguing find was a collection of “Sim boxes.” These seemingly innocuous devices can route calls in a way that bypasses legitimate phone networks. In the hands of cybercriminals, SIM boxes become powerful tools for fraudulent activities, including internet scams.

The scale of the operation was staggering. Over 13,000 SIM cards—both domestic and international—highlighted the extensive reach of the syndicate. The illicit operations extended beyond Zambia’s borders, targeting people in countries as diverse as Singapore, Peru, the United Arab Emirates (UAE), and other African nations. The global nature of the deception underscores the need for cross-border collaboration in tackling cybercrime.

The Human Cost

The victims of this elaborate scheme were ordinary individuals who fell prey to the syndicate’s well-crafted narratives. Whether promising financial windfalls, romantic connections, or business opportunities, the cybercriminals manipulated emotions and trust. The consequences were devastating—financial losses, shattered dreams, and broken trust.

The International Dimension

The involvement of Chinese nationals in this operation raises questions about the role of foreign actors in cybercrime. While the Zambian nationals have been charged and released on bail, the 22 Chinese men and a Cameroonian remain in custody. The case highlights the need for international cooperation in tracking down and prosecuting cybercriminals.

Lessons Learned

Vigilance: The fight against cybercrime requires constant vigilance. Authorities must stay ahead of evolving tactics and technologies used by criminals.

Collaboration: Cybercrime knows no borders. International cooperation is essential to dismantle syndicates that operate across multiple countries.

Education: Public awareness campaigns can help individuals recognize red flags and protect themselves from deception.

Legal Frameworks: Countries must strengthen their legal frameworks to address cybercrime effectively.

What's next?

Zambia’s unmasking of the “Golden Top” cybercrime syndicate serves as a wake-up call for nations worldwide. The battle against deception requires collective efforts, technological advancements, and unwavering commitment. No one is immune to cyber threats, and our shared responsibility is to safeguard trust, integrity, and justice.

Read more »
US Congress
Cyber Security Data Brokers National Security Privacy Bill Threat Intelligence US Congress

Data Brokers are Preparing to Challenge Privacy Legislation

 

Congress has been attempting to crack down on data brokers, and they are fighting back. In late March, the House voted unanimously to ban the sale of Americans' data to foreign rivals. And a data-collecting provision is included in the bill reauthorizing Section 702 of the Foreign Intelligence Surveillance Act (FISA), the contentious act that authorises the National Security Agency, which is set to expire later this month. 

Negotiations over FISA's reauthorization became so heated that House Speaker Mike Johnson pulled the bill from consideration in February. The most contentious issue was an amendment proposed by Rep. Warren Davidson (R-OH) that would bar data brokers from selling customer data to law enforcement and require a warrant to access Americans' information, according to Politico's Influence newsletter in February. 

National security hawks in Congress and local law enforcement groups joined forces to oppose the amendment, with the National Sheriffs' Association alleging in a letter to Congress that it would "kneecap law enforcement". 

"On House amendments, the Sheriffs of this great country don't usually keep score. But on this one, we will keep score and know who our friends are by their votes against Congressman Davidson's amendment, which further erodes the rule of law in our country and empowers the cartels," the letter stated. 

With FISA about to expire at the end of the month, Congress will undoubtedly bring it up again. Some legislators have indicated that they are unlikely to support the bill unless privacy updates are included. "We must have these amendments. Rep. Jim Jordan (R-OH), leader of the House Judiciary Committee, told Politico in February that "there's no way we're not going to have them.” 

Data brokers also seem to be entering the fight. Politico's Influence newsletter revealed that early this year, when the amendment was being discussed in the House, Relx, the parent company of data analytics company LexisNexis, based in the United Kingdom, hired the lobbying firm Venable. 

Recently, criticism of other Relx subsidiaries' data collecting and distribution policies has also surfaced. The New York Times revealed in March that a number of automakers were providing LexisNexis Risk Solutions with driving records of their clients, who then sold the data to insurance firms.
Read more »
Security Concerns
Chinese-made surveillance cameras Cyber Security cybersecurity risks Dahua data vulnerabilities Hikvision National Security NATO alliance Romanian military sites Security Concerns

Security Concerns Arise Over Chinese-Manufactured Surveillance Cameras Deployed at Romanian Military Locations

 

A routine procurement made by the Romanian military on January 16 for surveillance equipment manufactured in China has sparked concerns regarding national security implications.

Valued at under $1,000, an employee of the Romanian Defense Ministry purchased an eight-port switch and two surveillance cameras from Hikvision, a Chinese company with purported ties to the Chinese military. Notably, both the United States and Britain have blacklisted Hikvision due to identified data and security vulnerabilities.

Although there is currently no evidence of breaches at the Deveselu military base, an investigation by RFE/RL's Romanian Service revealed that Hikvision and Dahua, another Chinese company partly owned by the government, supply surveillance equipment to at least 28 military facilities and numerous other public institutions involved in national security across Romania.

While Romanian authorities assert that the equipment is used in closed-circuit systems without internet connectivity, experts argue that vulnerabilities in firmware could still pose risks, enabling remote access, data interception, and network attacks. Despite these concerns, Romania does not impose restrictions on the use of Hikvision or Dahua equipment, unlike some NATO allies such as the United States and Britain.

Both Hikvision and Dahua refute allegations of being security risks and claim to promptly address vulnerabilities. However, critics like Romanian parliament member Catalin Tenita argue that existing legislation could justify banning these companies' products.

The Romanian Defense Ministry maintains that its surveillance systems are secure, emphasizing strict testing and evaluation procedures. Similarly, the Deveselu Naval Facility, operated by U.S. forces, declined to comment on Romanian military purchases but emphasized their commitment to regional security.

NATO, while not formally banning third-country equipment, encourages vigilance against potential security risks. Secretary-General Jens Stoltenberg cautioned against reliance on Chinese technology in critical infrastructure, echoing concerns about Hikvision and Dahua's involvement.

Despite assurances from Romanian authorities, the history of vulnerabilities associated with Hikvision and Dahua equipment raises concerns among experts. Romanian institutions, including law enforcement and intelligence agencies, defend their procurement decisions, citing compliance with national legislation and technical specifications.

Some Romanian lawmakers, like Senator Adrian Trifan, advocate for further investigation and scrutiny into the prevalence of Hikvision and Dahua equipment in national security sites, underscoring the need for immediate clarification and review of procurement procedures.
Read more »
Network Breach
Chinese Hackers Cyber Security Generative AI National Security Network Breach

China Backed Actors are Employing Generative AI to Breach US infrastructure

 

Cybercriminals of all skill levels are utilising AI to hone their skills, but security experts warn that AI is also helping to track them down. 

At a workshop at Fordham University, National Security Agency head of cybersecurity Rob Joyce stated that AI is assisting Chinese hacker groups in bypassing firewalls when infiltrating networks. 

Joyce warned that hackers are using generative AI to enhance their use of English in phishing scams, as well as to provide technical help when penetrating a network or carrying out an attack. 

Two sides of the same coin

2024 is expected to be a pivotal year for state-sponsored hacking groups, particularly those operating on behalf of China and Russia. Taiwan's presidential election begins in a few days, and China will want to influence the result in its pursuit of reunification. However, attention will be centred around the upcoming US elections in November, as well as the UK's general election in the second half of 2024. 

China-backed groups have begun developing highly effective methods for infiltrating organisations, including the use of artificial intelligence. "They're all subscribed to the big name companies that you would expect - all the generative AI models out there," adds Joyce. "We're seeing intelligence operators [and] criminals on those platforms.” 

In 2023, the US saw a surge in attacks on major energy and water infrastructure facilities, which US officials attributed to groups linked to China and Iran. One of the attack techniques employed by the China-backed 'Volt Typhoon' group is to get clandestine access to a network before launching attacks using built-in network administration tools. 

While no specific examples of recent AI attacks were provided, Joyce states, "They're in places like electric, transportation pipelines, and courts, trying to hack in so that they can cause societal disruption and panic at the time and place of their choosing." 

China-backed groups have gained access to networks by exploiting implementation flaws - vulnerabilities caused by poorly managed software updates - and posing as legitimate users of the system. However, their activities and traffic inside the network are frequently odd. 

Joyce goes on to say that, "Machine learning, AI and big data helps us surface those activities [and] brings them to the fore because those accounts don't behave like the normal business operators on their critical infrastructure, so that gives us an advantage." 

Just as generative AI is expected to help narrow the cybersecurity skills gap by offering insights, definitions, and advice to industry professionals, it may also be reverse engineered or abused by cybercriminals to guide their hacking activities.
Read more »
U.S.
CMMC 2.0 Compliance contractors Cyber Security Cyber Threats Cybersecurity Data protection defense industry National Security Sensitive Information Technology U.S.

US Focus on Cybersecurity, But Contractors Lag Behind in Preparedness

 

The leaders of the Five Eyes, a coalition of English-speaking intelligence agencies, have emphasized the critical nature of safeguarding sensitive information in cyberspace, especially in light of the escalating tensions with The People’s Republic of China, which they have dubbed as the paramount threat of this era. Recent cyber intrusions by Chinese hackers, who pilfered 60,000 State Department emails, underscore the urgency of this issue. Additionally, defense intelligence has also been a target. Surprisingly, many companies holding such vital intelligence are unaware of their role in national security.

Almost a decade ago, the Department of Defense (DoD) introduced the Defense Federal Acquisition Regulation Supplement (DFARS) to protect the nation's intellectual property. Despite being included in over a million contracts, enforcement of DFARS has been lax. The DoD is on track to release the proposed rule for Cybersecurity Maturity Model Certification (CMMC) 2.0 in November, a pivotal step in ensuring the defense industrial base adheres to robust security measures.

While security controls like multifactor authentication, network monitoring, and incident reporting have long been stipulated in government contracts with the DoD, contractors were previously allowed to self-certify their compliance. This system operated on trust, without verification. Microsoft has noted an escalation in nation-state cyber threats, particularly from Russia, China, Iran, and North Korea, who are exploiting new avenues such as the social platform Discord to target critical infrastructure.

With over 300,000 contractors in the defense industrial base, there exists a substantial opportunity for hackers to pilfer military secrets. Mandating cybersecurity standards for defense contractors should significantly reduce this risk, but there is still much ground to cover in achieving compliance with fundamental cybersecurity practices. A study by Merrill Research revealed that only 36% of contractors submitted the required compliance scores, a 10% drop from the previous year. Those who did submit had an average score well below the full compliance benchmark.

Furthermore, the study highlighted that contractors tend to be selective in their adherence to compliance areas. Only 19% implemented vulnerability management solutions, and 25% had secure IT backup systems, both crucial elements of basic cybersecurity. Forty percent took an extra step by denying the use of Huawei, a company identified by the Federal Communications Commission as a national security risk.

This selectiveness suggests that contractors recognize the risks but do not consistently address them, perhaps due to the lack of auditing for compliance. It is important to understand that the government's imposition of new rules on defense contractors is not unilateral; CMMC 2.0 is the result of a decade-long public-private partnership.

Enforcement of CMMC 2.0 is vital for safeguarding sensitive defense information and national security assets, which have been in jeopardy for far too long. Adversaries like China exploit any vulnerabilities they can find. Now that the DoD has established a compliance deadline, it is imperative for defense contractors to adopt the requirements already embedded in their contracts and fully implement mandatory minimum cybersecurity standards.

Preserving American technological superiority and safeguarding military secrets hinges on the defense industry's commitment to cybersecurity. By embracing the collaborative vision behind CMMC 2.0 and achieving certification, contractors can affirm themselves as custodians of the nation's security.
Read more »
State Secrets
Cyber Attacks Data Leak Nation-State Attack National Security Phillipines Private Data State Secrets

Cybersecurity Crisis Deepens in Phillipines as Hackers Leak State Secrets

 

The security of millions of people is at risk due to the Philippines' lax cybersecurity regulations, which have allowed government websites to be compromised in a recent string of cyberattacks.

According to the South China Morning Post, hackers attacked the Philippine Health Insurance Corporation (PhilHealth), compromising the data of millions of people, including Filipino employees working overseas. 

The state insurer's reluctance to go with $300,000 triggered the breach. Furthermore, the homepage of the House of Representatives was defaced, highlighting the government's weaknesses in the digital world. 

A hacker going by the moniker DiabloX Phantom claimed that he had gained access to five critical government agencies and downloaded a substantial amount of data. His intention was to expose the vulnerabilities in the government's cybersecurity. 

The hacker gained access to the forensics database held by the Philippine National Police, which contained sensitive case files, and the servers of the Philippine Statistics Authority, which is in charge of issuing national identification cards. 

He also attacked the websites of the Technical Education and Skills Development Authority (Tesda), Clark International Airport, and the Department of Science and Technology. 

Among his techniques were using open subdomains, propagating malware via email, making use of weak passwords, and taking advantage of vulnerabilities left by earlier hackers. 

As stated by DiabloX Phantom, he focused on highlighting the government's cybersecurity flaws rather than sell the information he had acquired, reported to the South China Morning Post.

He waited for a government reaction to deal with these problems. Cybersecurity specialists in the Philippines independently confirmed his assertions. Some hackers want to reveal system weaknesses, get fame for their expertise, or just have fun with cyber activities, but there isn't a single person or organisation behind all of the breaches. 

Past violations of cybersecurity

Cybersecurity incidents are not unusual, as evidenced by the recent breaches in the Philippines. 

The personal information of up to 55 million Filipino voters was made public in 2016 by the "Comelec leak". No one was prosecuted or held accountable for this breach, despite its magnitude. 

Vulnerabilities must be fixed immediately, such as weak passwords, poor personnel training, and inadequate monitoring. Taking care of these problems is essential to preserving private information and millions of people's privacy.
Read more »
US Congress
Data Spying FBI National Security Privacy US Congress

White House Panel Recommends Restricting the FBI's Access to spy Data

FBI spying

A team of national security experts created by the Biden administration has advised that the FBI be restricted from accessing surveillance data that captures communications by Americans. The Presidential Intelligence Advisory Board gave the basis for this proposal as frequent failings by the agency.

Foreign Intelligence Surveillance Act Section 702 

The panel examined Section 702 of the Foreign Intelligence Surveillance Act, which permits the US intelligence agency to collect information on non-US citizens believed to be located outside the US. The section is slated to expire on December 31 unless Congress renews it. The board determined that this portion is a vital national security tool.

However, the program also records conversations with or about US citizens and businesses. US intelligence services can then search the data trove by entering Americans' names, phone numbers, and email addresses in what is known as "US person queries." Critics call this method of eavesdropping on Americans' personal information — and even their communications — a "back-door search."

Congressional Renewal in Question 

With reforms, the surveillance authority will be renewed by Congress. Republicans have joined Democrats, civil liberties groups, and industry titans such as Alphabet Inc.'s Google and Apple Inc. in criticizing Section 702.

The White House will review all of the board's recommendations, according to a senior administration official who briefed reporters on the condition of anonymity, with particular attention being paid to the first: dropping the FBI's ability to examine the Section 702 database for proof of crimes that aren't associated with national security.

Findings of the Panel 

Nonetheless, the advisory group ruled that "Section 702 authorities are critical to national security and do not jeopardize civil liberties, so long as the necessary culture, processes, and oversight are in place." 
The board observed that the Federal Bureau of Investigation, which receives 4% of the data captured under Section 702, engaged in frequent noncompliance with the law's standards. This problem board members attributed to carelessness rather than purposeful data misuse.

National Security Advisor Jake Sullivan and Deputy Jon Finer stated that the provision "should be reauthorized without new and operationally damaging restrictions on reviewing intelligence lawfully collected by the government, and with measures that build on proven reforms to enhance compliance and oversight, among other improvements."

This development draws attention to the ongoing debate over privacy and national security. While surveillance programs are necessary for national security, it is critical to guarantee that they do not violate civil liberties. The White House panel's recommendation to limit FBI access to surveillance data is a step in the right direction toward reconciling these two interests.

How Congress reacts to these recommendations and whether Section 702 is renewed remains to be seen. In any event, this development highlights the significance of transparency and accountability in government monitoring activities.
Read more »
US Organisations
AI Tool Cyber Security National Security Social Media US Organisations

Homeland Security Employs AI to Analyze Social Media of Citizens and Refugees

 

The Customs and Border Protection (CBP) division of the US Department of Homeland Security (DHS) is using intrusive AI-powered systems to screen visitors coming into and leaving the nation, according to a document obtained by Motherboard through a freedom of information request this week. 

According to this study, the CBP keeps track of US citizens, migrants, and asylum seekers and, in some instances, uses artificial intelligence (AI) to connect people's social media posts to their Social Security numbers and location information. 

AI-Powered government surveillance tool 

Babel X is the name of the monitoring technology that the government department uses. Users can enter details, such as a target's name, email address, or phone number, about someone they want to learn more about.

The algorithm then provides a wealth of additional information about that person, including what they may have posted on social media, their employment history, and any related IP addresses. 

Software dubbed Babel X, created by a company called Babel Street, combines data that is both publicly and commercially available in more than 200 languages and is allegedly AI-enabled.

In fact, Babel Street announced plans to purchase AI text analysis business Rosette in November of last year. The company said that this would aid its Babel X tool with "identity resolution," which might improve national security and the battle against financial crime. 

Freedom activists concerned 

Babel data will be used/captured/stored in support of CBP targeting, vetting, operations, and analysis, according to the paper made public by CBP, and will be kept on the organisation's computer systems for 75 years. 

According to senior staff attorney at the Knight First Amendment Institute Carrie DeCell, "the US government's ever-expanding social media dragnet is certain to chill people from engaging in protected speech and association online."

“And CBP’s use of this social media surveillance technology is especially concerning in connection with existing rules requiring millions of visa applicants each year to register their social media handles with the government. As we’ve argued in a related lawsuit, the government simply has no legitimate interest in collecting and retaining such sensitive information on this immense scale." 

Patrick Toomey, the ACLU's deputy project director for the national security project, told Motherboard that the document "raises a number of questions about what specific purposes CBP is using social media monitoring for and how that monitoring is actually conducted" in addition to providing important new information. 
Read more »
United States
Cyber Security Malicious Campaign National Security Swatting Calls Swatting Service United States

Digitally Crafted Swatting Service Is Wreaking Havoc Across United States

 

A Telegram user who claimed to have left bombs in places like high schools by using a digitally synthesised voice has been linked to a series of swatting calls that have occurred over several months across the United States. 

According to Vice, the user going by the alias "Torswats" on the messaging app Telegram provides a paid service to make swatting calls. Swatting is the act of lying to law authorities about a bomb threat or falsely accusing another person in a specific location of committing a crime or storing illegal materials. 

Customers may purchase "extreme swattings" for $50, which typically involve cops handcuffing a suspect and searching their home, and for $75, Torswats can reportedly lock down a school. In accordance with a story from Vice, Torswats would take bitcoin as payment, give loyal clients a discount, and will haggle over prices for well-known targets.

“Hello, I just committed a crime and I want to confess. I placed explosives in a local school,” says the voice on a tape of a Torswats call with law police. 

Torswats' voice is artificial intelligence generated digitally, however, it's not immediately clear whether this is the same technology that has made some voice performers obsolete by so expertly simulating human vocalisations. Vice found two recordings out of 35 that didn't employ a digital voice. Torswats threatened to detonate a bomb at Hempstead High School in Dubuque, Iowa, according to a phone call tape obtained by Vice. Local media reported on the threat. 

Torswats allegedly also targeted a CBD store in Florida, a business in Maryland, and homes in Virginia, Massachusetts, Texas, and California. 

Steve Bernd, FBI Seattle's public affairs officer, said, "The FBI takes swatting extremely seriously because it puts innocent people at harm." Since at least ten years ago, police have been discussing the "swatting" issue, and more recent headlines have been made about other incidents.

Indictments for extortion and threats were issued against a Seattle man just last month after more than 20 swat calls to the police were made by him. It is said that the man would broadcast these calls live to a certain Discord group.
Read more »
User Privacy
Cyber Security Cyberwarfare National Security Online Safety User Privacy

Customers are Being Used as Cyber "Crash Test Dummy," Says CISA Director

 

The CEO of the Cybersecurity and Infrastructure Security Agency, Jen Easterly, referred to the current state of commercial cybersecurity as "unsustainable," and she argued that businesses, consumers, and the government as a whole needed to change their expectations so that users, not the major software and hardware manufacturers, would be held accountable for insecure products. 

A policy from the Biden administration that will place more of an emphasis on controlling the security and safety design decisions made by technology makers is anticipated to be released in the coming days. 

In a speech given on February 27 at Carnegie Mellon University, Easterly claimed that American lawmakers, consumers, and users of third-party products had allowed software programmes rife with flaws or hardware that was vulnerable on practically every level to become the standard. 

“We’ve normalized the fact that the cybersecurity burden is placed disproportionately on the shoulders of consumers and small organizations, who are often least aware of the threat and least capable of protecting themselves. We’ve normalized the fact that security is relegated to the IT people in smaller organizations, or to a chief information security officer and enterprises,” stated Easterly. “But few have the resources and influence or accountability to incentivize adoption of products in which safety is appropriately prioritized against cost, and speed to market and features.”

Easterly pointed out that Beijing's decades-long campaign of cyber-enabled espionage and intellectual property theft has been far more detrimental to U.S. economic and national security, even if those intrusions aren't similarly visible to the naked eye. While the U.S. reacted collectively with shock and anger at the sight of a surveillance balloon launched by China that crossed over American borders earlier this month, she noted that Beijing's campaign has been far more damaging to the U.S. 

The public hears about hundreds of significant breaches of corporations each year through the mainstream media, legislation requiring breach disclosure, ransomware leak sites, and other sources. They are but a portion of the issue because there are a great number of other invasions that go unnoticed or unreported.

Until the commercial sector prioritises security and safety on the front end, eliminating occasions like "Patch Tuesday" as an anachronism, adversaries like Russia and China, ransomware groups, and hackers will continue to take advantage of that paradigm. 

“The cause, simply put, is unsafe technology products, and because the damage caused by these unsafe products is distributed and spread over time, the impact is much more difficult to measure, but like the balloon, it’s there,” said Easterly. “It’s a school district shut down, a patient forced to divert to another hospital, another patient forced to cancel a surgery. A family defrauded of their savings, a gas pipeline shutdown, a 160-year-old college forced to close its doors because of a ransomware attack, and that’s just the tip of the iceberg.”

Role of large businesses 

The biggest firms, or "those most capable and in greatest position to do so," should be held accountable by society for protecting technology, according to Easterly. This includes standardising basic security features, such as logging, identity protection, and access controls, into base rate packages rather than as an added feature in higher priced tiers. It also includes having a "radically" transparent disclosure process for vulnerabilities as well as internal statistics around the use of multifactor authentication and other basic protections. 

She also suggested a number of legislative options for Congress to take into consideration, such as prohibiting manufacturers from structuring their contracts and terms of service to disclaim all liability for security incidents resulting from the use of their products, establishing higher security standards for software used in specific critical infrastructure sectors, and creating a legal framework to provide Safe Harbor from liability for businesses that do take meaningful security measures. 

Later, during a Q&A session, Easterly said she might be in favour of excluding from legal liability businesses that have been attacked by well-funded and knowledgeable nation-states, but she emphasised that these attacks represent just a small portion of the malicious cyber activity that affects American citizens and businesses every day. 

Although executives from firms like Google and Microsoft have made public statements endorsing similar principles of moving towards security by design and implemented some initiatives, it is still unknown how much they will ultimately embrace the regulations that Easterly and the Biden administration have in mind. Any legislation would need to clear the Republican-controlled House, which is no easy task, if it were to be pursued during the following two years.

While regulation is anticipated to play a significant role in the Biden administration's cyber strategy, it is just one of many pillars of action that were mentioned in earlier draughts, and Easterly emphasised that regulation won't be able to address all of our problems on its own. Many of the same issues can also be solved through other means, such as using the government's purchasing power to encourage better baseline security among its hundreds of thousands of contractors, continuing collaborative initiatives like the Joint Cyber Defense Collaborative, and encouraging wider adoption of safer software development techniques like memory safe languages and software bills of material. 

Easterly cautioned that, despite how challenging this effort will be, continuing with the status quo will cause American consumers and businesses much more harm in the long run – in both the cyber and physical spheres. 

"Imagine a world where none of the things we talked about today come to pass, where the burden of security continues to be placed on consumers or technology manufacturers continue to create unsafe products or upsell security as a costly add-on feature, where universities continue to teach unsafe coding practices, where the services that we rely on every day remain vulnerable. This is a world that our adversaries are watching carefully and hoping never changes,” she concluded.
Read more »
User Privacy
Chinese App Data Leak Mobile Security National Security User Privacy

FCC Commissioner Brendan Carr Calls Out for Tik Tok Ban in US

 

The US government should take action to ban TikTok rather than negotiate with the social media app, Brendan Carr, one of five commissioners at the Federal Communications Commission, told a local media outlet in an interview. 

With more than 200 million downloads in the U.S. alone, the app’s immense popularity is concerning because ByteDance, a Chinese company, owns it. That means there’s potential for data on US residents to flow back to China. However, the FCC has no power to ban TikTok directly, but Congress previously acted after Carr raised concerns regarding Chinese telecom firms, including Huawei. 

TikTok is currently in negotiations with Council on Foreign Investment in the U.S. (CFIUS), a multi-agency government body charged with reviewing business deals involving foreign ownership, to determine whether it can be divested by ByteDance to an American firm and remain operational in the United States. 

Earlier this year in September, the New York Times reported, that a deal was taking shape but not yet in its final form and that Department of Justice official Lisa Monaco was concerned the deal did not provide enough insulation from China. 

"I don’t believe there is a path forward for anything other than a ban," Carr said, citing recent incidents regarding how TikTok and ByteDance managed American consumer's data. “Perhaps the deal CFIUS ends up cutting is an amazing, airtight deal, but at this point, I have a very, very difficult time looking at TikTok’s conduct thinking we’re going to cut a technical construct that they’re not going to find a way around.” 

A few months ago, Carr sent letters to Apple and Google asking the tech giants to remove TikTok from their respective app stores. The commissioner is now calling for a nationwide ban despite the efforts made by both parties – the US government and TikTok – to come to an agreement. 

“Commissioner Carr has no role in or direct knowledge of the confidential discussions with the US government related to TikTok and is not in a position to discuss what those negotiations entail” a TikTok spokesperson responded. “We are confident that we are on a path to reaching an agreement with the US government that will satisfy all reasonable national security concerns.” 

For now, it’s still business as usual for a Chinese app in the US, though it may be a good idea for creators to have a backup plan in case of a ban. YouTube Shorts is a good option, and it pays better too.
Read more »
State Sponsored Hackers
cyber attack Data Privacy Facebook National Security Privacy State Sponsored Hackers

NIA Starts Probe into Malware Attacks on Social Media of Defense Personnels

NIA (National Investigation Agency) has started an inquiry into the use of fake Facebook profile through which various defense personnel was contacted and their devices hacked using malware for personally identifiable information. NIA suspects that the main account was being handled from Pakistan. Vijaywada Counter Intelligence Cell first found the spying campaign in 2020, after which it registered a case under several provisions of IPC, Official Secrets Act, Information Technology Act, and UAPA (Unlawful Activities Prevention Act). 

According to the allegation, confidential information related to national security was hacked via remotely deploying a hidden malware into electronic devices, which includes mobile phones and computers, belonging to defense personnels and other defense agencies via a FB account with the profile name "Shanti Patel." Actors handling the account added concerned personnel via private Facebook messenger chats on the web. 

The victims' devices were hacked using malware to get unauthorized access to confidential data of computer resources and steal sensitive information with an aim to carry out acts of terrorism and threaten the unity, integrity, and sovereignty of India. As per the report from Counter Intelligence Cell, the threat actors distributed the malware by sending a folder that contained photos of a woman to the defense personnels. The evidence suggests that malware originated somewhere from Islamabad. A similar case happened last year where the police arrested army personnel in Rajasthan, the accused was posted in Sikkim. 

The Hindu reports "on October 31, 2020, following a tip-off from the Military Intelligence, the Rajasthan police nabbed one Ramniwas Gaura, a civilian working with a Military Engineering Services (MES) unit. The accused had been contacted using a Facebook profile by someone using pseudonyms Ekta and Jasmeet Kour. They then remained in touch on Whatsapp. "In the recent years, multiple attacks targeting defense agencies using social media have surfaced." The handlers usually send money to the information providers through the ‘hawala’ channel. Several preventive measures have been taken by the agencies concerned,” an official said," says the Hindu.

Read more »
Russian Hackers
America cyber espionage Cyberattack National Cyber Security National Security Russia Russian Hackers

What is "Sunburst"? A look into the Most Serious Cyberattack in American History

 

A number of organisations have been attacked by what has been chronicled as one of the most severe acts of cyber-espionage in history named "Sunburst", the attackers breached the US Treasury, departments of homeland security, state, defence and the National Nuclear Security Administration (NNSA), part of Department of Energy responsible for safeguarding national security via the military application of nuclear science. While 4 out of 5 victims were US organisations, other targets include the UK, the UAE, Mexico, Canada, Spain, Belgium, and Israel. 
 
The attack came in the wake of the recent state-sponsored attack on the US cybersecurity firm FireEye. The company's CEO, Kevin Mandia said in his blog that the attackers primarily sought information pertaining to certain government customers.  
 
FireEye classified the attack as being 'highly sophisticated and customized; on the basis of his 25 years of experience in cybersecurity, Mandia concluded that FireEye has been attacked by a nation with world-class offensive capabilities. 

Similarly, last Sunday, the news of SolarWinds being hacked made headlines for what is being called as one of the most successful cyber attacks yet seen. As the attack crippled SolarWinds, its customers were advised to disengage the Orion Platform, which is one of the principal products of SolarWinds   used to monitor the health and performance of networks.  
 
Gauging the amplitude of the attack, the US Department of Homeland Security's Cybersecurity and Infrastructure Agency (CISA) described the security incident as a "serious threat", while other requesting for anonymity labelled it as the "the most serious hacking incident in the United State's history". The attack is ongoing and the number of affected organisations and nations will unquestionably rise. The espionage has been called as "unusual", even in this digital age.  
 
As experts were assessing how the perpetrator managed to bypass the defences of a networking software company like SolarWinds, Rick Holland came up with a theory, "We do know that SolarWinds, in their filing to the Security and Exchange Commission this week, alluded to Microsoft, which makes me think that the initial access into the SolarWinds environment was through a phishing email. So someone clicked on something they thought was benign - turned out it was not benign." 
 
Meanwhile, certain US government officials have alleged Russia for being behind these supply chain attacks, while Russia has constantly denied the allegations as the Russian Embassy wrote on Facebook, "Malicious activities in the information space contradicts the principles of the Russian foreign policy, national interests and our understanding of interstate relations,".  
 
"Russia does not conduct offensive operations in the cyber domain." The embassy added in its post to the US.
Read more »
Security patches
cyber attack National Cyber Security National Security Security patches

NSA Issued Warning Against Russian State-Sponsored Attackers for Exploiting VMware Access

An advisory warning has been issued by the United States National Security Agency (NSA) on 7th December that Russian malicious actors are posing a big threat to VMware by installing malware on corporate systems and accessing protected data. 
The attack came two weeks after the virtualization software company publicly disclosed vulnerabilities. According to the company malicious actor (s) is accessing —VMware workspace one, Connector, Identity Manager, and Identity Manager Connector products for Windows and Linux. However, the identities of malicious actors and when all of this started have not been disclosed. 

What is VMware? 

VMware is an American Software Company that provides cloud computing and virtualization software and services. VMware was one of the commercially successful companies to virtualize the x86 architecture.

Its desktop software runs on Microsoft Windows, Linux, and macOS, while its enterprise software hypervisor for servers, VMware ESXi, is a bare-metal hypervisor that runs directly on server hardware without requiring an additional underlying operating system. 

When The Threat Surfaced? 

It was about in late November when Vmware had addressed the attacking threat and pushed temporary workarounds to dig deeper into the issue. However, the ‘escalation-of-privileges ‘bug resolution had to wait till the 3rd of December 2020 to get resolved. 

The same day witnessed the United States Cybersecurity and Infrastructure Security Agency (CISA) releasing a brief bulletin to encourage administrators to review, apply, and patch as soon as possible.

Meanwhile, as per the National Security Advisor, VMware didn’t clearly disclose that the bug was being actively exploited by the attackers, which led to adversaries leveraging the vulnerability for launching attacks to steal data and exploit shared authentication systems. 

''The misuse via shell injection led to the installation of a web shell and follow up malicious activity where Security Assertion Markup Language (SAML) in the form of authentication assertions generated and sent to Microsoft Active Directory Federation Services, which allow actors access to protected data," the agency said. 

What is SAML? 

Security Assertion Markup Language or SAML an Open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions (statements that service providers use to make access-control decisions). 

Besides insisting on the organizations to update compromised systems to the latest version, the agency is also moving forward towards securing strong management. 

As of now, the threat hasn’t gone anywhere; the US National Security Advisory has advised the agencies to monitor all the systems, scan server logs for the presence of "exit statements" that indicate possible malicious activity. 
Read more »
Subscribe to: Posts (Atom)