Blog

Blog

Attempted cyberattack highlights vulnerability of global water infrastructure

Articles, Blog, News
featured image

Water utilities often have few cybersecurity resources and are subject to few regulations. A failed Stuxnet-like attack on Israel’s water supply shows how dangerous that could be.

In late April, Israel’s National Cyber Directorate received reports about an attempted “major” cyberattack on its water infrastructure. According to a statement issued by the directorate, the attack consisted of “assault attempts on control and control systems of wastewater treatment plants, pumping stations and sewers.”

The directorate called on water companies to change their internet passwords, make sure their control system software is updated, and undertake other cyber hygiene measures to tighten security. The attempted attacks were unsuccessful, according to the directorate, and appeared to be coordinated. Of concern was the level of chlorine in the water supply. The directorate asked water companies look for any disruptions, particularly regarding chlorine use in the water supply.

The geopolitical nature of the attack points to actors who favor an independent Palestinian state. “It’s more likely a state actor that would be supporting them, such as the Iranians who have built quite a cyber force,” says Matt Lampe, who most recently served as CIO for Los Angeles Water and Power and is now a partner in critical infrastructure cybersecurity advisory firm Fortium Partners.

[This article appeared in CSO Online. To read the rest of the article please visit here.]

No election security funding in latest round of stimulus funding

Articles, Blog, News
featured image

Doubts raised about funding for 2020 election security and mail-in voting as money omitted from the latest stimulus bill.

While the economic and social fallout of the coronavirus captures virtually all federal, state and local policymaking resources, the US is quickly moving into a critical election season with election safety and security issues still unresolved. Yesterday, the House of Representatives voted overwhelmingly to pass the latest in a string of coronavirus-related bills, a $484 billion economic stimulus measure, the Paycheck Protection Program, and Health Care Enhancement Act.

That bill, a companion to a law passed by the Senate, did not contain provisions to help states and local jurisdictions with the likely need for mail-in voting and increased voting security, as some lawmakers and state officials had earlier hoped.

This latest stimulus bill follows several other pieces of stimulus legislation, including a significant bill signed into law on March 27, the Coronavirus Aid, Relief, and Economic Security (CARES) Act. The CARES Act provided $400 million for states to “prevent, prepare for, and respond to coronavirus, domestically or internationally, for the 2020 Federal election cycle.” Those funds are aimed at making voting in the upcoming presidential and other elections in November “safe” given the coronavirus scourge and the likely need for a quick shift to mail-in ballots in addition to continued electronic voting at polling stations.

[This article appeared in CSO Online. To read the rest of the article please visit here.]

Legions of cybersecurity volunteers rally to protect hospitals during COVID-19 crisis

Articles, Blog, News
featured image

The COVID-19 Cyber Threat Intelligence League and other groups cooperate with the industry, law enforcement, and the government to prevent attacks on healthcare providers.

Last month, some of the usual cast of online scammers and malware miscreants promised to refrain from attacking healthcare organizations or exploiting them during the COVID-19 crisis, showing a sense of honor unexpected from ransomware attackers and cryptocurrency thieves.

However, this ceasefire turned out to be a head-fake. Within a week of those vows, malware purveyors and con artists rushed to send out phishing emails while masquerading as healthcare organizations and even launched attacks against hospitals and other critical facilities. Last week, Google alone was blocking 18 million COVID-19 phishing or malware-delivery emails per day.

One group of esteemed hackers and cybersecurity experts couldn’t stand idly by and watch cybercriminals take advantage of this unprecedented crisis or, even worse, damage overtaxed and much-needed healthcare facilities. So, Marc Rogers, head of sec ops for DEF CON and VP of cybersecurity strategy for Okta; Nate Warfield, senior security program manager at Microsoft; Chris Mills, also a key security player at Microsoft; and Ohad Zaidenberg, lead cyber intelligence researcher at Clearsky Cyber Security, formed the COVID-19 Cyber Threat Intelligence League (CTI League).

[This article appeared in CSO Online. To read the rest of the article please visit here.]

Mail-in ballots during COVID crisis necessary, but with risk says expert

Articles, Blog, News
featured image

Noted election security researcher Harri Hursti says mail-in voting is likely the only option for a safe, secure US presidential election, but voter and election worker training needed.

One of the foremost topics facing the nation, the security of the 2020 presidential election, has been obscured by the COVID-19 pandemic. Cybersecurity company Grimm brought the topic to the forefront during its virtual GRIMMcon event held April 14 by inviting noted election security specialist, hacker and researcher Harri Hursti to offer his take on the state of US election security.

HBO’s documentary on the weakness of the US election system called Kill Chain, which premiered in late-2019, follows Hursti as he travels the world and across the US exposing voting insecurities. CSO caught up with Hursti after his GRIMMcon talk to discuss the state of US election security, the feasibility of mass mail-in voting during the COVID-19 pandemic, and whether new voting machine standards under development by a revived Election Assistance Commission could make a difference in election security.

Hursti says that despite years of warning and repeated demonstrations of the insecurity of voting systems, “a lot of the infrastructure in the United States has not even been updated since 2002. Nothing has changed since the Help America Vote Act of 2002. The majority of systems are running 2004, 2005 deployments. The vast majority of systems are old and have not been updated.”

[This article appeared in CSO Online. To read the rest of the article please visit here.]

Trump administration moves to revoke China Telecom’s US licenses on security grounds

Articles, Blog, News
featured image

A legal filing claims China Telecom is in violation of federal and state cybersecurity and privacy laws, but evidence is redacted.

Highlighting the diminished opportunities for Chinese telecom and technology providers in the US, the Department of Justice (DOJ) announced last week that the Trump Administration would seek to revoke and terminate the licenses of mobile operator China Telecom. China Telecom is authorized to provide communications, data, television and business services in the US as a facilities-based common carrier. It obtains spectrum licenses from the Federal Communications Commission (FCC) under what is called international Section 214 authorizations.

The DOJ announcement said relevant executive branch agencies unanimously recommended that the FCC revoke the telco’s licenses because it is an arm of the Chinese government and therefore poses “substantial and unacceptable national security and law enforcement risks.” Those agencies collectively represent an ad hoc arrangement of the Departments of Justice, Defense, and Homeland Security, formerly known as Team Telecom, which was established to ensure that the FCC defers to the executive branch when it comes to, among other things, matters of foreign ownership of communications assets in the US.

The redacted legal filing containing the agencies’ recommendation was submitted to the FCC’s International Bureau Filing System (IBFS) by the Department of Commerce’s National Telecommunications and Information Administration (NTIA), which filed on the agencies’ behalf. NTIA’s filing was the first that followed a somewhat unexpected April 4 Executive Order, which formalized or codified for the first time the Team Telecom arrangement.

[This article appeared in CSO Online. To read the rest of the article please visit here.]

Beware malware-laden emails offering COVID-19 information, US Secret Service warns

Articles, Blog, News
featured image

Beware malware-laden emails offering COVID-19 information, US Secret Service warns.

As the coronavirus crisis continues to capture everyone’s attention, cybercriminals stay busy running scams and delivering malware using the attention-getting virus as a lure. The threats from the scammers and crooks, which began as early as January and continue unabated, range from tricking people out of their financial data to delivering pernicious malware.

mit their crimes, many schemes rely on tried-and-true phishing methods that exploit unpatched software flaws that sometimes have stayed unfixed for years. On April 1, the US Secret Service (USSS) sent out an information alert, “Fraudulent COVID-19 Emails with Malicious Attachments,” that warns about messages masquerading as COVID-19 status emails from employers, merchants and other businesses.

The USSS has uncovered attempted attacks that, using these faux alerts, sought to remotely install malware on the infected system to “harvest financial credential, install keyloggers, or lockdown the system with ransomware.” The malicious attachments are usually Microsoft Office or WordPad file types that exploit a now-patched vulnerability in Microsoft Office, according to the alert. However, the Secret Service says that variations exist and attack vectors evolve.

[This article appeared in CSO Online. To read the rest of the article please visit here.]

White House strategy paper to secure 5G envisions America leading global 5G development

Articles, Blog, News
featured image

Though light on details, the paper offers clues as to how the US government sees the development and security of 5G communications moving forward.

With curiously little fanfare, the White House released last week a six-page document called the National Strategy to Secure 5G, a blueprint that was mandated by the Secure 5G and Beyond Act. That bill, signed into law by President Trump on the same day, March 23, that the White House released its strategy paper, directed the president to release his strategy paper within 180 days of the bill’s enactment.

The paper’s stated goal is to articulate a vision “for America to lead the development, deployment and management of secure and reliable 5G communications infrastructure, worldwide, arm-in-arm with our closest partners and allies.” The four “lines of effort” driving this vision include:

  • Facilitating the domestic roll-out of 5G
  • Assessing the security risks and core principles for infrastructure
  • Managing those economic and security risks
  • Promoting responsible global development and deployment of the 5G infrastructure

The domestic roll-out of 5G, coordinated by the National Economic Council, primarily lies with the Federal Communications Commission (FCC), which has what it calls its 5G FAST plan. FAST makes more radiofrequency spectrum available, streamlines government processes, and “modernizes” regulation to promote the deployment of 5G backhaul. The Commerce Department is also working on a National Spectrum Strategy to plan for future generations of wireless networks.

[This article appeared in CSO Online. To read the rest of the article please visit here.]

New coronavirus-era surveillance and biometric systems pose logistical, privacy problems

Articles, Blog, News
featured image

Governments and companies are using biometrics and geolocation to identify and track potential coronavirus victims in the name of public safety.

As the COVID-19 pandemic grips the globe, new surveillance methods are already raising new privacy and security challenges despite the still-early days of this crisis. Chief among these potential problems is the sudden turn by the government toward using geolocation data to track millions of Americans’ cell phones in monitoring the spread of the disease.

Silicon Valley giants, including Alphabet, Amazon and Facebook, have already been called into the White House to brainstorm ways to use geolocation, public media scraping and other technologies to track users in ways that ostensibly don’t violate users’ privacy. Meanwhile, phone carriers across Europe are sharing data with authorities while Israeli intelligence agencies are using phone tracking technology initially developed to combat terrorism in the fight against COVID-19.

[This article appeared in CSO Online. To read the rest of the article please visit here.]

Virtual security conferences fill void left by canceled face-to-face events

Articles, Blog, News
featured image

Notable members of the infosec community are creating impromptu but highly popular virtual events using cheap, off-the-shelf tools.

Following the swift emergence of the COVID-19 crisis, organizers of cybersecurity and hacking conferences of all sizes have been faced with three choices: Cancel their events altogether, postpone them to the presumably better future, or find some way to hold them in a virtual manner on the internet. Wild West Hacking Fest, originally slated for March 10 to March 13 in San Diego, quickly converted itself into a virtual conference and was soon followed by dozens of conferences that modified their plans to accommodate the need for the social distancing.

A new form of non-traditional information security conference has emerged over the past two weeks. These conferences are organized by leading information security professionals who are leveraging existing, off-the-shelf online video conferencing and collaboration tools such as GotToWebinar or Zoom to rapidly mount internet-based alternatives to in-the-flesh confabs.

[This article appeared in CSO Online. To read the rest of the article please visit here.]

New York’s SHIELD Act could change companies’ security practices nationwide

Articles, Blog, News
featured image

New York’s SHIELD Act could change companies’ security practices nationwide.

The Stop Hacks and Improve Electronic Data Security Act, otherwise known as the SHIELD Act, is a New York State bill signed into law last July. One key provision in the legislation that could significantly change security practices across the country is slated to go into effect March 21, possibly inducing companies big and small to change the way they secure and transmit not only New Yorkers’ private data but all consumers’ sensitive information.

Technically an amendment to the state’s data breach notification law, the SHIELD Act could have as much of an impact on internet and tech companies’ privacy and security practices as the more famous California Consumer Privacy Act (CCPA) or even the European Union’s General Data Protection Regulation (GDPR) experts say.

[This article appeared in CSO Online. To read the rest of the article please visit here.]