- America uses stealthy submarines to hack other countries’ systems. From Washington Post. When Donald Trump effectively called for Russia to hack into Hillary Clinton’s emails Wednesday, the GOP nominee’s remarks touched off a (predictable) media firestorm. Here was a presidential candidate from a major U.S. party encouraging a foreign government to target American interests with cyberspying — an act that could not only expose national security information but also potentially undermine the actual security infrastructure of the United States.
‘Guccifer 2.0’ Claims Responsibility for DNC Hack, Releases Docs to Prove it. From Motherboard. A “lone hacker” calling themselves “Guccifer 2.0” has claimed responsibility for hacking the Democratic National Committee and claims reports that the Russian government perpetrated the attack are false. The hacker also says the DNC lied about—or didn’t know the extent of—what was stolen.
ISIS hacker pleads guilty to giving terrorists US military kill list. From ArsTechnica. A hacker the US authorities have labeled as the leader of an overseas Internet hacking group—the Kosova Hacker’s Security—pleaded guilty Wednesday in federal court to charges of providing material support to the US enemy. It was the first known prosecution of a hacker joining forces with a terror group in a bid to carry out terrorism, the government said.
1. U.S. Cyberattacks Target ISIS in a New Line of Combat. From NYTimes. The United States has opened a new line of combat against the Islamic State, directing the military’s six-year-old Cyber Command for the first time to mount computer-network attacks that are now being used alongside more traditional weapons.
2. Cybersecurity Threats Are Real: You And Your Organization Could Be In Danger. From Forbes. When board members were asked about the amount of knowledge they had on cybersecurity, less than 20% had a high level, 65% had some and 15% had little knowledge. During the webinar, over 50% were dissatisfied with the quality of information provided to the board by management pertaining to cybersecurity and IT risk.
3. The future of the NIST Cybersecurity Framework. From IApp.Org. On April 5-7, the National Institute of Science and Technology hosted a Workshop on its “Framework for Improving Critical Infrastructure Cybersecurity.” The workshop was extremely well-attended, with more than 900 registrants and hundreds more attending by webcast. It was preceded by a NIST request for information, which prompted 105 responses, many from industry associations representing hundreds of companies.
4. Aligning Cybersecurity with Corporate Culture. From Wall Street Journal. Creating a “cybersecurity culture” means instilling in employees an acute sensitivity to cyber risks and arming them with knowledge and tools to mitigate these threats. Tightly linking cybersecurity to the day-to-day work environment could vastly improve organizations’ security posture.
5. Singtel launches first-of-its-kind cyber security institute in Asia Pacific. From Straits Times. Telco Singtel on Tuesday (April 26) launched its Cyber Security Institute (CSI), a hybrid between an advanced cyber range and an educational institute. It is the first-of-its-kind in the region to test and train companies in dealing with sophisticated cyber threats. Housed in a permanent space of over 10,000 sq ft in the eastern part of Singapore, the institute provides cyber skills development and education programmes tailored to the varying needs of company boards, C-suite management, technology and operational staff.
- How an email sparked a squabble over Chinese-owned Lenovo’s role at Pentagon. From Washington Post. Ever since Chinese computer maker Lenovo spent billions of dollars to acquire IBM’s personal-computer and server businesses, some lawmakers have called on federal agencies to stop using the company’s equipment out of concerns over Chinese spying. But an email circulated within the Air Force appeared to indicate Lenovo being kicked out.
A Brief History Of Ransomware. From DarkReading. The rise in ransomware extortion as a reliable weapon for cybercriminals to make the most of victims’ system vulnerabilities has now spanned the better part of a decade. But the last year has seen hockey stick growth as attackers perfected their methods and targeted victims. At this point ransomware has established itself as $60 million a year criminal enterprise, with that number sure to rise as the income is funneled into improving the next ransomware generation.
- FireEye Threat Intelligence Review. From SC Magazine (2015). This is an extremely powerful system for gathering, analyzing and acting on cyberthreat intelligence. The wealth of available data is impressive and FireEye is an experienced player with a heavy recorded history of data going back 10 years or more. We do wish, however, that this wealth of analytical power was readily available as a standalone service for threat analysts who are not necessarily part of a network defense team.
- Interview: Security and scalability of the IoT in business. From ITProPortal.
We spoke to Klaus Gheri, VP and GM of Network Security at Barracuda Networks about the challenge of securing IoT devices in industry and the tools being developed to overcome IoT barriers to adoption.
Transportation Official: Cybersecurity Rules May Be Needed for Cars. From MorningConsult. The head of the National Highway Traffic Safety Administration told a House panel Thursday that his agency may need to craft rules to enhance cybersecurity as more vehicles are connected to the internet. “You need some best practices, and potentially rules, to establish certain kinds of hard protections in things,” NHTSA Administrator Michael Rosekind said.