cyber attack

North Korea conducting massive cyber threats against US, other countries, reports say

North Korea is conducting a wide-ranging malicious campaign against the U.S. and global targets, according to several reports. Last month, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Department of Defense released three reports on malware variants used by the North Korean government. This was preceded by an advisory in April from the State Department, the Treasury, and Homeland Security, and FBI on the North Korean cyber threat. “[It is] essentially a taxonomy of everything the [North Koreans] have been caught doing,” Mike Hamilton, chief information security officer of CI Security, told Fox News, referring to the May Malware Analysis reports. “Trying to summarize tactics, techniques, and procedures that everyone can watch out for,” added Hamilton, who also served previously as the chief information security officer for the city of Seattle. One of the driving forces is North Korea’s need to fund its weapons of mass destruction and ballistic missile programs, the government’s April advisory said. The campaigns are insidious because they often appear as ordinary cybercrime. “The North Koreans are pioneers in the organized-crime false flag business,” Hamilton explained. “They are running ransomware extortion groups, which most people just assume comes from organized crime, not a nation-state.” Hamilton said the aim is cryptomining and financial targets, among other aims. “They show up as commodity, ‘shotgun blast’ types of untargeted attacks to scoop up CPUs [central processing units] for cryptomining,” he said, referring to the mining of digital currencies. “They also use research and targeting against the finance sector, and non-commodity malware that AV [anti-virus] vendors have never seen,” Hamilton added. North Korea-sponsored cyber actors include hackers, cryptologists and software developers who are engaged in espionage, theft from financial institutions and digital currency exchanges, and in politically motivated attacks against foreign media companies, according to the April advisory. For example, an investigation into dozens of suspected North Korean cyber-enabled heists revealed that as of late 2019, North Korea had attempted to steal as much as $2 billion worldwide. Then there are extortion and ransomware campaigns. “In some instances, DPRK [North Korea] cyber actors have demanded payment from victims under the guise of long-term paid consulting arrangements in order to ensure that no such future malicious cyber activity takes place,” the advisory said.

For more, click on the text above.

Air Force preps for massive cyberattacks on large weapons systems

The Air Force is massively revving up efforts to defend stealth fighters, nuclear-armed missiles, air-launched weapons and crucial combat networks from crippling wartime cyber attacks by taking new steps with a special unit put together to find and fix vulnerabilities. The service has now solidified key weapons development procedures for its Cyber Resilience Office for Weapons Systems, or CROWS. The concept for the office, established by Air Force Materiel Command, is grounded upon the realization that more and more weapons systems are increasingly cyber-reliant. “CROWS has completed an acquisition language guidebook to support program offices in development of contracting documents ensuring cyber resiliency is baked into acquisition efforts,” Capt. Hope Cronin, Air Force spokeswoman, told Warrior Maven. This phenomenon, wherein cybersecurity threats continue to rapidly expand well beyond IT and data systems to reach more platforms and weapons systems, is often discussed in terms of a two-fold trajectory. While advanced computer processing, sophisticated algorithms and better networked weapons and fire control bring unprecedented combat advantages, increased cyber-reliance can also increase risk in some key respects. For instance, successful hacking or cyber intrusions could disrupt vital targeting and guidance systems needed for precision weapons, derail computer enabled aircraft navigation and targeting, or even seek to change the flight path of a drone or ICBM. CROWS is also designed to harvest the best thinking when it comes to anticipating potential enemy cyberattacks. By working to “think like and enemy,” CROWS experts work with weapons developers to find vulnerabilities and areas of potential attack. As part of this, the rationale for the effort is to therefore “bake in” cyber protections early in the acquisition process so as to engineer long-term cyber resilience. “CROWS efforts have been successful in identifying the highest risk cyber vulnerabilities and then working with the program offices to develop mitigation solutions to reduce those risks,” Cronin said. The CROWS has also developed multiple cyber training courses and published a cyber assessment methodology to be used in support of testing processes, Cronin added.

Trump Move to Loosen U.S. Use of Cyberweapons Prompts Intrigue

The Trump administration’s move to loosen rules of engagement for U.S. cyberattacks has prompted questions about how the military will carry out offensive digital strikes, and whether hostilities with foreign adversaries will rapidly escalate. Cybersecurity experts and former officials said it was impossible to determine whether President Trump’s move was a step in the right direction or a mistake because the details of such policies are classified. “The devil is in the details,” said Tom Bossert, who as Mr. Trump’s homeland security adviser counseled him on cybersecurity, until he was forced out of his job in April by John Bolton, Mr. Trump’s national security adviser. Mr. Trump on Wednesday reversed an Obama-era set of classified rules dictating an elaborate interagency process that must be followed before cyberweapons can be deployed. The change was described to The Wall Street Journal as an “offensive step forward” by an administration official briefed on the decision. But few specific details have been divulged about what process Mr. Trump is adopting in place of the previous rules, known as Presidential Policy Directive 20. Former President Barack Obama’s rules, adopted in 2012, also were classified but leaked in 2013 by former intelligence contractor Edward Snowden. Mr. Obama’s rules prompted debate, with many former officials from different federal agencies saying the process often produced lengthy interagency discussions about the legal, policy, and diplomatic implications of even modest cyber operations. Other former officials said that cyberweapons were rarely deployed not because of bureaucratic red tape because they were in many cases not ready for real-world deployment. Mr. Bossert said in an interview that he began reviewing the Obama directive and considering ways it could be changed before he left the Trump administration. But he declined to speculate on what was in new rules adopted by the administration. “The content is classified. I have no insight into the details of that content,” he said. Some officials offered tentative optimism about steps to unshackle the process for using cyberweapons, a frequent topic in Congress for lawmakers of both parties who have faulted the past three administrations for failing to develop a coherent cybersecurity strategy. Lawmakers have sought to expand their oversight of cybersecurity matters in recent legislation. “One thing is clear—what we have been doing so far hasn’t worked, and our adversaries believe that they can attack us without any consequences,” said Sen. Mark Warner of Virginia, the top Democrat on the Senate Intelligence Committee…

Fair enough…  For more, click on the text above.

‘Guccifer’ casts doubt on Obama administration’s Russia hacking claims

Romanian hacker Marcel Lehel Lazar, weighing in from a prison 3,700 miles away on the latest diplomatic dust-up between the U.S. and Russia, told Fox News in an exclusive interview that he doubts the Obama administration’s allegations about Moscow directing cyberattacks against Democratic groups in the 2016 election. Lazar, 44, also known as “Guccifer,” spoke to Fox News Senior Executive Producer Pamela Browne in a series of recorded phone calls from his Romanian jail cell in late December. He described the administration’s allegation of Russia cyber-attacks during the 2016 elections as part of “a fake cyber war.” “Americans are crazy about the Russian thing and that Russians are invading the United States,” Lazar said, suggesting the allegations are overblown because of Cold War sensitivities. “It’s crazy … it’s this hysteria you know?” he said. Lazar has been convicted and sentenced to prison in two separate countries, the U.S. and Romania, for his hacking and taunting of major celebrity and political figures. Lazar is expected to finish his Romanian sentence in 2019 and then will be returned to the U.S. to face 52 months in an American prison after pleading guilty to two counts of a nine-count indictment. Largely regarded as a nuisance hacker motivated through his disillusionment and frustration — and some say obsession — with political figures both in the U.S. and Romania, Lazar was the first to expose Hillary Clinton’s use of the private Clintonemail.com address. This revelation ultimately led to the identification of Clinton’s personal account used for all government business while she served as secretary of State. FBI Director James Comey described the handling of classified material as “extremely careless.” The FBI and administration have since turned their attention to responding to alleged Russian hacking of Democratic accounts, which some Clinton allies have blamed for her election loss.  In interviews conducted two weeks before the Obama administration’s expulsion of 35 Russian diplomats in retaliation for alleged interference in the U.S. elections, Lazar predicted there “will be probes and indictments against some Russian people.”

A pretty interesting development..  We’ll, of course, keep an eye on it.  To read the rest of this article, click on the text above.

NSA Director: China can damage US power grid

The head of the NSA issued a blunt warning Thursday to lawmakers: China can shut down the United States.

Our politicians need to start taking the threat that China poses, very seriously.  Adm. Michael Rogers, the Director of the NSA (DIRNSA), is spot on here.  So, kudos to him and his staff for making their case before lawmakers earlier today.  We need to be proactive, both defensively and offensively, in thwarting China’s cyber attack efforts….or we could become a third world country over night.