Public Sector Cybersecurity Weekly Briefing 10-13-2017

Russians Still Have An Open Path to U.S. Election Subversion
Not only that, the White House hasn’t even nominated someone to replace now-White House chief of staff John Kelly as secretary of the Department of Homeland Security (DHS), or someone to run its units responsible for protecting the nation’s strategic infrastructure, which includes federal, state and local voting systems. Both are in the hands of “acting” officials. “The administration is having a hard time finding individuals that want to do the job, could do a good job, and could pass Senate confirmation,” a congressional expert tells Newsweek, speaking candidly only on the basis he not be quoted by name.

 

China Denies Links to Alleged Cyber Attacks in United States Targeting Exiled Tycoon Guo
China has denied responsibility for alleged cyber attacks in the United States appearing to target exiled tycoon Guo Wengui, who has levelled corruption allegations against senior Communist Party officials and applied for political asylum. The Ministry of Public Security said in a statement provided to Reuters on Sunday an investigation had found “no evidence” of Chinese government involvement in the alleged cyber attacks.

 

North Korean Hackers Allegedly Probing US Utilities for Weaknesses
“This activity was early-stage reconnaissance, and not necessarily indicative of an imminent, disruptive cyber attack that might take months to prepare if it went undetected.” FireEye has previously detected suspected Nork hackers probing the systems of South Korean utilities. The firm adds that DPRK hackers are yet to display ability to interfere with industrial control systems much less cause power outages. All this probing is nonetheless a cause for concern.

 

Kaspersky Antivirus Software Was Reportedly Used as a Google-like Search Tool for Russian Hackers Targeting the US
Israeli intelligence agents discovered the exploit after they broke into Kaspersky’s systems in 2014, and later tipped off US intelligence agencies on the matter. The Israeli agents reportedly stole passwords, took screenshots, and collected emails and documents, ostensibly to learn about Russian cyberespionage activities, and in doing so, found that Russian-sponsored hackers were using the Kaspersky software to scan for classified US information that could be relayed back to intelligence agencies in Russia.

 

Maritime Cyber Security: No Substitute for Testing
No organization, be those international institutions, government agencies or small businesses can ever be 100 per cent cyberattack proof, as several examples have recently indicated. Therefore preparedness, in the form of testing cybersecurity structure via different tools for any potential attacks, is vital for minimizing cyber risks. This is as true for the maritime sector and any other, since the outcomes of such an attack may vary from loss of revenue to environmental disaster and loss of life.

 

Smart Cities are Making the Places We Live More Vulnerable to Attacks
While smart city technologies no doubt bring benefits, the rush to embrace them carries considerable risk,” said the EIU in its “Safe Cities Index” report. “If investments in digital technologies are not accompanied by commensurate investments in cyber security, the consequences could be dire. An entire city could be left in chaos if hackers were to shut down the power supply; a prospect city officials now need to plan against.”

 

Kaspersky in Focus as US-Russia Cyber-Tensions Rise
“Given that the Russians have so far got away with no real consequences for the biggest, most impactful operation, the hacks and influence campaign targeting the 2016 US election, I’d say they are doing pretty well.”  But Gabriel Weimann, a professor at Israel’s University of Haifa and author who has written on cybersecurity, said it may be premature to declare Russia the winner.  “We don’t really know the achievements of NSA in monitoring the web, this kind of information is secret,” Weimann said.  “This is a cat-and-mouse game.

 

Stay up to date on the Public Sector Information Security news that you need to know by signing up for our Public Sector Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>