Public Sector Cybersecurity Weekly Briefing 10-27-2017

U.S. Warns Public About Attacks on Energy, Industrial Firms
The Department of Homeland Security and Federal Bureau of Investigation warned in a report distributed by email late on Friday that the nuclear, energy, aviation, water and critical manufacturing industries have been targeted along with government entities in attacks dating back to at least May. The agencies warned that hackers had succeeded in compromising some targeted networks, but did not identify specific victims or describe any cases of sabotage.


Why Phishing Attacks are Increasingly Targeting the Public Sector (and What You Can Do About It)
Initially, hackers interact with the supply chain or whatever “weak link” gets them in the door of larger organizations where they can then access a bounty of sensitive data. Attackers take a similar approach with government agencies, targeting smaller organizations that typically lack adequate security defenses and are deemed easy targets.  These vulnerable, smaller government organizations also house an abundance of personal citizen data, including Social Security information and tax returns. While valuable on its own, this kind of highly sensitive user information opens the door for bigger, more sophisticated and expansive attacks that could lead to even more lucrative returns.


Russia’s Election Hackers Use D.C. Cyber Warfare Conference as Bait
The Russian military hackers behind last year’s election meddling are using an upcoming cyber warfare conference in Washington D.C. as a lure to infect a new crop of victims with malware, security researchers said Sunday, effectively turning a high-level gathering packed with NATO and U.S. military cyber defenders into an opportunity for more attacks. […] The Russian hackers’ flier for the event is a Microsoft Word document named “Conference_on_Cyber_Conflict.doc”. It contains the logos of the conference organizers and a sponsor, and text copied from the conference website touting the 2017 theme, “The Future of Cyber Conflict.”


“Our Task Was to set Americans Against Their Own Government”: Russian Troll-farm Operative
The fake stories and false news created and disseminated to millions of American voters by the operatives at the Internet Research Agency (IRA), in the words of an IRA operative, aimed to “rock the boat” on divisive issues like race relations, gun control, immigration, and LGBT rights. The IRA also used the internet to hire 100 American activists to hold 40 rallies in different U.S. cities. These activists did not know they were working for a Russian government agency, and the people who came to the rallies were unaware that they were taking part in Russian-organized and financed events.


Kaspersky Pledges Independent Code Review to Cast off Spying Suspicions
After reports that data collected by the company’s anti-malware client was used to target an NSA contractor and various accusations of connections to Russian intelligence, today Kaspersky Lab announced the launch of what company executives call a “Global Transparency Initiative.” As part of the effort aimed at regaining the trust of corporate and government customers among others, a Kaspersky spokesperson said that the company would open product code and the company’s secure coding practices to independent review by the first quarter of 2018.


Kaspersky Code Review Doesn’t Solve the Spying Problem
Anti-virus software is designed to have access to all the files on a customer’s computer. In this case, the customer was an NSA contractor. By design, Kaspersky’s software would have scanned those files, and if there was a signature match, it’s possible they would have collected them for further analysis. “So that is what Kaspersky has been accused of doing: using (or allowing to be used) its legitimate, privileged access to a customer’s computer to identify and retrieve files that were not malware,” Ledgett explained.


James Mattis Voices Concerns Over Cyber Language in Fiscal 2018 Defense Policy Bill
Defense Secretary James Mattis has asked Congress to remove a language in the proposed fiscal 2018 National Defense Authorization Act that would pressure the U.S. to notify foreign governments of cyber attacks in the event that the Defense Department has decided to counter such breaches, Reuters reported Thursday. “The nature of cyber attacks is ever evolving, and we need to maintain our ability to take decisive action against this increasingly dangerous threat,” Mattis wrote in a Tuesday letter to Congress.


Senators Push Bill Requiring Warrant for U.S. Data Under Spy Law
The effort, led by Democrat Ron Wyden and Republican Rand Paul, would require a warrant for queries of data belonging to any American collected under the program. The bill’s introduction is likely to add uncertainty to how Congress will renew a controversial portion of a spying law due to expire on Dec. 31. […] It would renew Section 702 for four years with additional transparency and oversight provisions, such as allowing individuals to more easily raise legal challenges against the law and expand the oversight jurisdiction of the Privacy and Civil Liberties Oversight Board, a government privacy watchdog.


Days After Activists Sued, Georgia’s Election Server Was Wiped Clean
A server and its backups, believed to be key to a pending federal lawsuit filed against Georgia election officials, was thoroughly deleted according to e-mails recently released under a public records request. […] As the Associated Press reported Thursday, the data was initially destroyed on July 7 by the Center for Elections Systems at Kennesaw State University, the entity tasked with running the Peach State’s elections.


Stay up to date on the Public Sector Information Security news that you need to know by signing up for our Public Sector Briefing Here.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.