Category Archives: Threats

What Cyber Malfeasance Will Rear Its Ugly Head in the 2018 Midterm Elections?

With the approach of the United States’ 2018 midterm elections, concerns have been expressed by many regarding the security and integrity of the voting process.  Given the news how suspected Russian agents actively sought to use hacking and influence operations to sway voters in a particular direction during the presidential election, the concern is legitimate, even if there was no evidence that votes were actually altered in 2016.  The preservation of the democratic voting process has been thrust into symbolic “red line” territory that needs and should be protected against foreign interference.  Indeed, the Department of Homeland Security re-enforced this by elevating election infrastructure to the status of “critical infrastructure” in early 2017.

Clearly, hacking and gaining unauthorized access to those systems and devices associated with the election process is something that deserves immediate attention.  After all, many countries would ostensibly agree that breaking into computers is a criminal offense, regardless if data is taken, destroyed, or altered.  In the 2016 U.S. presidential election, there were clear incidents where suspected Russian hackers stole data, and even compromised voter-related records, resulting an indictment of Russian nationals on a wide variety of charges ranging from conspiracy to commit fraud, money laundering, and identity theft, to name a few.

However, while it makes perfect sense that there should be no factor prohibiting, manipulating, or changing votes, trying to stop outside influences from disseminating information – whether it be false or not – is a bit more challenging, especially for those governments that support such liberties of freedom of speech and freedom of the press.  Such rights do not come with the asterisk of having to be true or objective.  After all, the dissemination of information is a hallmark of a democratic society whether an audience agrees with the subject matter or not.  Whether the audience elects to believe such information or be influenced by it is entirely a free choice.  Perhaps this is why there is evidence that Internet “trolls” have already been observed replicating the behavior that garnered so much attention after the 2016 presidential election.  As of late July 2018, Facebook said it has uncovered a coordinated disinformation operation ahead of the 2018 midterm elections.  Twitter has followed suit removing accounts the company identified as related to Iranian propaganda.

The government has gotten involved trying to be proactive in curbing this online element.  In July 2018, the Department of Justice published a report in which it detailed its efforts to improve security for U.S. elections, highlighting how foreign agents used influence operations via social media platforms. Then in August, the Federal Bureau of Investigation announced its “Protected Voices” initiative to mitigate influence operations targeting future elections.  Part of this effort is to raise awareness among political campaigns about the best ways to defend against attempts by all categories of hostile actors to infiltrate their information technology infrastructure.

Of course, the question that lingers is the one that will be answered after the fact – will this be enough?  Suffice to say, aside from the online trolling activity, the volume is greatly reduced as compared to 2016.   This is due to the fact that it is only a mid-term election of Congressional members and not the Executive Office.  Cyber malfeasance will likely keep to the trolling activities of propaganda/disinformation/misinformation, web-page defacements by hacktivist actors, and distributed denial-o-service attacks against political and election-related sites.

Establishing cyber security strategies and the implementation of security measures into election equipment is something that remains to be done.  Outdated equipment, decentralized operations, and lack of a coherent process and framework to safeguard the election process are areas that need to be addressed in the near term.  But focusing on “fake” or “misleading” news seems more like going after low-hanging fruit than putting a dent into the real problem governing election security.  Like jihadi sympathizers, trolls can create new accounts as quickly as old ones are targeted and dismantled.  Such games of “whack-a-mole” tend to favor the moles rather than the ones trying to take them out, despite gaudy data statistics.

The real test of whether the U.S. actually applied “lessons learned” will come in two years with the next presidential election, particularly if the political climate between the candidates is as contentious as it was in 2016, and the potential international implications are as equally disconcerting.  Any successful repeat of the activities that were outlined by the Intelligence Community would be an abject failure and demonstrate negligence for not mitigating known threats.  For two years the problems have been identified and discussed; let’s hope it doesn’t take another two years to start actually coming up with solutions.

This is a guest post by Emilio Iasiello

The post What Cyber Malfeasance Will Rear Its Ugly Head in the 2018 Midterm Elections? appeared first on CyberDB.

Busting 5 Cybersecurity Myths

It is not a secret that many people nowadays do not pay much attention when they surf the web at home or at work. There are new data breaches and exploits on a daily basis and still avoiding to take any precautions may result in a catastrophic consequences. Even the biggest corporations are paying millions of dollars so they can improve their cybersecurity and remain safe. However, if you still believe in some of the cybersecurity myths you may put your own computer or even your whole organization to a huge risk. We from CyberDB have decided to bust some of the top 5 cyber security myths and make it clear for you.

Only the IT department is responsible for cybersecurity

It is not wrong to say that the IT department is responsible to implement new processes and policies to keep the cybersecurity in a top notch state. However, they just don’t have a magic stick to protect all of the computers in the network. In reality each employee should be extremely careful when receiving and opening different e-mail messages from colleagues or third parties. It is dangerous since the infection can spread across all of the departments within the organization and this may cause a further data breach for example.

Using just an antivirus software is enough

Antivirus software might have been enough to safe your business from potential attack 20 years ago – nowadays it definitely is just not enough to protect your whole organization. Hackers find new ways to disable your antivirus and hide their attacks in the system. With ransomware gaining more popularity among hackers the time of getting infected and getting your information locked is just a matter of seconds. So using an antivirus is not always enough, but you also need to stay informed about the latest threats. Check out our database of cyber security vendors to find the best solution for your personal or business needs.

A strong password is enough

It is not a secret that having a long and complex password on your accounts is an essential. However, even big tech giants like Facebook or Apple experience data breaches and are pretty often a target for hackers. Every website requires you to create a strong password, but it is also good to use two-factor-authentication (2FA). At first the user was getting an SMS with a code for 2FA, but even this can be compromised by using a cloned sim card. So make sure you have an app like Google Authenticator for example to make your accounts more secure.

Threats are being spread only through the Internet

Some users may think that disconnecting from the internet will prevent the threats spreading around the network and they are completely wrong. Just imagine what happens if an employee brings an infected flash drive and plugs it in – all of the computers may become infected and your company may lose valuable information. You may have your information stolen even when you shop at a local retailer. So threats are not only online, but in our daily life and we need to be very careful and take care of our personal information.

Only certain industries experience cyber attacks

Some businesses still believe that they may be not targeted by hackers because they are a small or mid-sized business or in a specific industry. Well, they are completely wrong. Some companies also believe they do not have anything that hackers may find valuable to steal. In reality there is information like personal addresses or credit card numbers which can make every business in every industry a potential target. Here are the industries which are most vulnerable to cyber-attacks nowadays:

 Top 10 Sectors Breached

The post Busting 5 Cybersecurity Myths appeared first on CyberDB.

The New Cyber Strategy Frees Up U.S. Cyber Muscle. How Will It Be Flexed?

The White House has recently published its new National Cyber Strategy, rescinding an Obama-era memorandum Presidential Policy Directive-20 (PPD-20) that laid forth the process by which the United States would undertake cyber attacks against cyber foes, to include foreign state actors.  The Strategy consists of four primary pillars designed to guide how the United States will undergo defensive, and perhaps more importantly, offensive actions in order to preserve its interests in cyberspace.  Per the Strategy, the four pillars are:

  • Protect the American People, the Homeland, and the American Way of Life. The themes in the first pillar focus on key aspects of U.S. homeland security to include critical infrastructure protection, securing federal networks, supply chain management, third party contractors, and improving incident reporting to mitigate the threat of cyber crime.
  • Promote American Prosperity. This pillar focuses on technology that supports the digital infrastructure.  The themes of innovation, protecting intellectual property, designing and implementing next generation infrastructure, and developing and sustaining workforce capability to support the talent pipeline.
  • Preserve Peace through Strength. The third pillar focuses on responsible state behavior in cyberspace and implementing deterrent strategies to influence state behavior. Such activities include building a credible deterrence strategy, imposing consequences to hostile actors, and countering influence operations.
  • Advance American Influence. The fourth pillar addresses collaborating with other governments in order to make the Internet safer and more reliable.  Focus in on a multi-stakeholder approach involving government and private sector to come to consensus on topics such as Internet freedom and Internet governance.

The Strategy follows in line with the President’s May 2018 Executive Order that called for government agency cybersecurity audits designed to identify “areas of improvement, or areas where specific legislation would be needed.”  The EO primarily focused on defensive aspects of the larger cyber umbrella, focusing on federal agencies need to adopt the National Institute of Standards and Technology’s Framework for Improving Critical Infrastructure Cybersecurity, largely considered the gold standard for security guidelines.  The Government Accountability Office (GAO) has frequently given poor marks for cyber security to U.S. government agencies, and as observed in the recent U.S. State Department breach, challenges persist in improving agency cyber security postures.

Nevertheless, the part of the Strategy that has garnered attention – and correctly so – is the language that clearly removes the tethers that has traditionally restrained the United States from engaging in offensive cyber actions.  Where PPD-20 appeared to be hindered by interagency wrangling, the new Strategy makes it clear that the United States is unburdening itself from such bureaucratic wrangling positioning itself to launch counter attacks quickly and resolutely.  This shift in U.S. cyber policy comes at a time when Russian suspected involvement in the 2016 U.S. elections failed to elicit a “forceful response” either by the then-Obama or the current Trump Administrations, a frequent criticism levied by politicians.

There have been several iterations of a national cyber security strategy over the last decade.  The Clinton Administration had its National Plan for Information Systems, the Bush Administration had its National Strategy to Secure Cyberspace, and the Obama Administration had its Cybersecurity National Action Plan.  While there have been consistent themes in these strategies (e.g., an open and free Internet, the focus on critical infrastructure protection), the latest Strategy shows a more progressive evolution of thinking on how the cyber landscape has changed and how the United States needs to adapt to it.  Noticeably absent in the title is “security”; it is only the National Cyber Strategy, which accurately conveys the fact that “security” cannot be addressed independently without addressing how offensive actions can play a supporting role.  This is not to condemn or criticize past administrations’ strategies; cyber conflict has been evolutionary, and as such, requires each subsequent administration to review the prior one to ensure that it meets the needs and conditions of its environment.

And indeed, as cyber attacks have grown more prolific and increasingly severe, trying to figure out how to use counter attacks as punishment, retaliation, deterrence, or a combination thereof, is critical for governments.  Acknowledging that cyber threats are more than just disruptive/destructive attacks, but can leverage social media platforms, as well as regular and fabricated media outlets to spread propaganda, misinformation, and disinformation to influence targets, must be considered when determining a cyber retaliatory course of action.  Adversaries have typically not suffered any official punitive cyber response from the United States, which may serve to encourage follow on activities such as cyber spying, intellectual property theft, or undue influence operations.  The Strategy clearly articulates its intention to use all of its domestic and collaborative resources with like-minded states to immediately mitigate the threat.  There is no gray area open for misinterpretation.

Unquestionably, the ability for agile actions is necessary in a domain in which attacks happen instantaneously, and in which attribution can be murky at best.  Depending on the intent for conducting a punishing cyber retaliation, the ability to respond quickly to demonstrate that cyber hostility is not tolerated is critical.  However, one big caveat is that prior to launching a counter attack, is to ensure that striking back is done in an appropriate, proportional manner.  There is little doubt that the U.S. possesses the means and resources to conduct such counter strikes.  The biggest challenge for U.S. cyber retaliation – guaranteeing that the target is viable and not hiding behind some civilian façade or operating out of a third country.  The more the U.S. counters these activities, the more adversaries will invariably learn and adjust their operations accordingly, thereby balancing the scales again.  And all eyes will be on the U.S. once more seeing how it will react.

 

This is a guest blog post by Emilio Iasiello

The post The New Cyber Strategy Frees Up U.S. Cyber Muscle. How Will It Be Flexed? appeared first on CyberDB.

Shouldn’t Sharing Cyber Threat Information Be Easy?

A recent article revealed that the United States government has gotten better at providing unclassified cyber threat information to the private sector.  Law enforcement and intelligence organizations have greatly cut down the time it takes to provide unclassified versions of cyber threat indicators (a term that can reference that can refer to a variety of technical data that includes but is not limited to IP addresses, malware, e-mail addresses, etc.) to the Department of Homeland Security (DHS) to disseminate promptly to the private sector.  The process had traditionally been slow as it involves an originating agency to determine if the indicator has been properly vetted without exposing sources and methods, per the article.

 

Speed of delivering pertinent threat information is certainly an improvement in a domain where attacks occur in seconds.  A November 2017 report from the DHS Office of the Inspector General provided a report on actions taken during 2016 in fulfillment of direction mandated by the Cybersecurity Information Sharing Act of 2015 with regards to the sharing of threat indicators.  Per the report, despite successfully classifying indicators and defensive measures, it still faced challenges effectively sharing such information across the public and private sectors.  The report advocated enhanced outreach and a cross-domain information processing solution.

 

One of the steps taken to ameliorate this situation is the improvement of releasing indicators promptly may have to do with DHS’ Cyber Information Sharing Tool that was set to be updated and upgraded in 2018.  Via the automatic indicator sharing tool (a capability that enables the exchange of cyber threat indicators between the Federal Government and the private sector at machine speed), DHS is able to disseminate such information directly to those organizations that have signed up for it.  As of January 2018, more than 200 private sector and government entities had done so, though it appeared per the article that it was believed that most weren’t using the information that they received to automatically block hostile network traffic.

 

Information sharing continues to be an important endeavor between the public and private sector as such data greatly assists in the detection, mitigation, and remediation efforts of organizations.  It also is a confidence building measure to strengthen the relationship between private companies and a government that has been criticized for not doing an adequate job in cyber security. Much of this private sector outreach falls on DHS’ National Cybersecurity and Communications Integration Center (NCCIC).  Per its website, the NICCIC serves as the hub of information sharing activities for the Department to increase awareness of vulnerabilities, incidents, and mitigations. The NCCIC’s Cyber Information Sharing and Collaboration Program is the cornerstone on which the public-private information sharing rests.

 

An April 2018 report by the Government Accountability Office (GAO) found that DHS needed to enhance its efforts to improve the security of public and private sectors.  Per the GAO findings, DHS had not developed most of the planned functionality for its National Cybersecurity Protection System information-sharing capability, and moreover; “DHS did not always agree about whether notifications of potentially malicious activity had been sent or received, and agencies had mixed views about the usefulness of these notifications.”

 

It’s good to see that bureaucratic red tape is being reduced especially since cyber threats are pervasive, ongoing, and quick.  Any effort that reduces the time to get information out of the classified realm and into the hands of the private sector that has often been cited as owning approximately 85 percent of critical infrastructure, a target-rich environment that is increasingly attracting hostile actor interest.  With only 200 customers signed up to DHS, such an undertaking is destined to spin its wheels.  DHS seems to be making the right moves to improve cyber security to include the recent establishment of its new Risk Management Center.  However, what is consistently lacking is getting private sector organizations on board, a critical component of information-sharing.  While it does not appear that the private sector can be mandated to get on board, something needs to be done to get everyone on the same page whether that be an articulate communications strategy, an incentive-based program, or some combination thereof.  Regardless, DHS is demonstrating its commitment to bringing the private sector on board. When the private sector will finally accept the outstretched hand it’s been given still remains to be seen.

 

This is a guest post by Emilio Iasiello

The post Shouldn’t Sharing Cyber Threat Information Be Easy? appeared first on CyberDB.