American telecommunications company Verizon today released its first ever data-driven report on cyber-espionage attacks. The 2020 Cyber Espionage Report (CER) draws from seven years of Verizon Data Breach Investigations Report (DBIR) content and more than 14 years of the company’s Threat Research Advisory Center (VTRAC) Cyber-Espionage data breach response expertise. Verizon said that it published the CER to serve as a guide for cybersecurity professionals searching for ways to improve their organization’s cyber-defense posture and incident response (IR) capabilities. Key findings of the report are that for cyber-espionage breaches, 85% of actors were state affiliated, 8% were nation-state affiliated, and just 4% were linked with organized crime. Former employees made up 2% of actors.
Welcome Back To The Office. Please Wear This Tracking Device: A Boom In Contact Tracing Devices Could Herald A New Era Of Worker Surveillance
Before April, Radiant RFID, a 16-year-old tech company based in Austin, was mainly in the business of tracking equipment around the workplace. Radiant’s tags, which can use Bluetooth or GPS, can be stuck to anything valuable, like a crash cart in a hospital or a specialty tool in an auto manufacturing plant. Then, the object’s location can be constantly tracked through Radiant’s website or app. But the coronavirus pandemic has pushed the company to stand up an entirely new business: tracking worker interactions. Radiant now sells a stripped-down Samsung smartwatch as a social distance monitoring tool. When an employee wears the watch, it constantly searches for other similar devices worn by other employees, and estimates their distance based on how strong that signal is. If a strong signal is detected for more than 15 minutes, the interaction is recorded and uploaded to the cloud for the company to reference later if a worker tests positive. In addition, an employer can opt to use the device to monitor the specific location of individual employees.
PHOENIX — The Phoenix FBI office warns that attempts from the Chinese government to steal sensitive information happen all across the country and even right here in Arizona. The targets are usually people whose jobs give them access to sensitive U.S. government or business information. “We have seen cases where individuals are being recruited, being incentivized to return to China and take a job for more money,” Assistant Special Agent Craig Moringiello said. Moringiello is in charge of counterintelligence and cyber for the Phoenix FBI office. Just last week, a former engineer at Raytheon Missiles and Defense in Tucson was sentenced to more than three years in prison for taking sensitive military-related technology data in his company-issued computer to China.
It may feel too simplistic to be talking about cyber hygiene with CISOs. But the lack of consistent cyber hygiene is the largest and most persistent threat inside most organizations. And the risk continues to grow as organizations continue to expand their networks and theresultant attack surfaces without a holistic security architecture or management system in place. The concept of cyber hygiene is a deceptively simple one: It involves a series of practices and precautions that, when repeated regularly, keep users safe and their devices working as they should be. But that’s easier said than done with distributed networks, IoT everywhere, the adoption of multi-cloud infrastructures, and a growing reliance on SaaS application usage. Add the convergence of IT and OT, and the number of aging devices that cannot be taken offline because they monitor or manage critical systems 24×7, and the risks are greater, and the table stakes are higher, than ever before.
The Wall Street Journal reported recently that People’s Republic of China (PRC) officials have been warning repeatedly and through multiple channels that they intend to detain Americans. The threatened detentions are expressly in response to U.S. law enforcement prosecutions of PRC scholars. In many PRC-watching circles, this news likely elicited a simple shrug. The PRC has always viewed law enforcement as a tool of the state, meant to serve the political goals of the Chinese Communist Party (CCP) rather than serve the idea of justice. PRC authorities have often tried to use law enforcement actions to influence or exert leverage—but they have never been so explicit in their threat to do so. Until now, they have always been quick to disabuse others of the notion that their law enforcement actions are in retaliation for anything. Two previous and prominent examples of such attempts to exert influence show the occasional hazards of being the citizen of a country that is a law enforcement partner of the United States. In 2014, a Canadian couple, Kevin and Julia Garratt, were arrested in the PRC seemingly in response to the arrest of a Chinese citizen, Su Bin, by Canadian authorities at the request of the United States. Su later admitted that he had conspired with two unnamed individuals in the PRC to illegally export U.S. military information. The PRC, meanwhile, accused the Garratts of running an espionage ring out of their coffee shop in northeast China—an assertion their family denied.
Medical device manufacturers develop some of the most valuable intellectual property (IP) in the world. Protecting that IP is difficult, because it is often targeted by the most skilled adversaries in the world. Foreign governments, competitors and trusted employees all have the motive to steal the information, and traditional security approaches focused on the perimeter are unlikely to protect it. Before I detail steps that organizations can take to protect their IP, let me begin with a story. When I led a managed security services practice, we had a large medical device manufacturer as a client. They were working on a next-generation auto-injector. They had invested $300 million in the technology, and they predicted it would generate $5 billion in revenue over the life of the patent. As part of their data protection program, the VP of engineering had worked with our team to identify and protect the information that was material to the product. A few months later, our team noticed some strange behavior related to the identified information. A contractor had transferred a file that was by itself trivial to a removeable media device. A few days later, the same individual transferred another file that was trivial by itself but matched the policy via the drafts folder of his Gmail account. In the coming weeks, we saw more transfers of small amounts of protected information over various channels. We notified our counterparts in the client organization, and they developed a plan.
While the industry focus is on vehicle hacking, when it comes to the automotive industry cybercriminals are opting for less complex and sophisticated attacks – from phishing to ransomware. Cybercriminals are recognizing that the data that automotive companies have to offer – from customer and employee personal identifiable information (PII) to financial data – is invaluable. Recently, one attacker installed a keystroke logger on the workstation of a car dealership’s finance specialist, to obtain their credentials and access customer credit reports. Another launched a ransomware attack on Toyota Australia, leading to delays in servicing and disruption in the supply of parts. Paul Prudhomme, cyber-threat intelligence analyst at IntSights, warned in new Thursday research that automotive cyberattacks are on the rise – whether they’re aimed at intellectual property (IP) theft or bent on delivering ransomware. And, with the ongoing pandemic shaking up both the sales and supply chain across the automotive industry, the risks of cyberthreats are only adding on to an existing pile of problems.
The COVID-19 pandemic and the resulting shift to a largely remote workforce resulted in new security challenges for many organizations in 2020. In addition to dealing with a constantly changing threat environment, security groups had to suddenly find ways to address risks to the enterprise network and data posed by home-based workers. Remote connectivity and collaboration tools including VPNs and videoconferencing platforms suddenly became big targets for attackers, as did the cloud-based services and file-sharing platforms used by work-from-home employees. Security groups had to find ways to deal with these new issues even as they struggled to address challenges related to ongoing cloud adoption and digital transformation initiatives. In many cases, organizations’ security teams looking after cyber defenses were severely understaffed and unable to find the resources required to fulfill their mission. The trend drove growing interest in managed security services providers and cloud-hosted security services.
The compromise of defense secrets remains a growing problem and the war on terror has limited the Pentagon’s ability to conduct effective counterintelligence, according to a report by the Defense Science Board. The report called for new methods to make stealing more difficult for those with access to classified information, including behavior analysis of cleared workers and identifying dangerous people; advanced computer network monitoring; and watermarking classified documents, both digital and paper. “For almost two decades, the counterintelligence mission has not received the sustained and focused attention that it needs to protect the nation from stand-alone actors or actors working under the direction of a foreign intelligence service,” said Eric D. Evans, chairman of the science board. “The damage that such actors can cause to U.S. national security has grown substantially as classified information is increasingly stored on computers, making more of it available to retrieve and easier to spread,” he added. Mr. Evans stated in a memorandum to the undersecretary of defense for research and engineering that adversaries “have made a concerted effort to access classified and business proprietary information, either to thwart U.S. national security objectives or to advance their own military and civil sectors.”
Banks and other companies can take several steps to minimize the rising number of cybersecurity threats coming from within their organizations. “Banks’ primary concern is they don’t want to be on the front page of any newspaper,” said Shareth Ben, executive director of insider-threat and cyber-threat analytics at Securonix. He worked with Morgan Stanley after a 2014 insider breach in which one of its financial advisers posted information about 350,000 clients on the website Pastebin. “Brand reputation is No. 1, and the second thing is mitigating any financial loss from actions from the [Securities and Exchange Commission] or other regulators,” Ben said. Experts recommend five deterrent measures: closely monitor privileged users, track data flows with special analytics tools, toughen security policies, offer employees more technical and personal support and teach them about security.
This is the time to define the new normal; having well-defined policies in place will help businesses maintain its security posture while bolstering the security of the ever-increasing work-from-home population. Even as state and local governments begin to relax COVID-19-related stay-at-home orders, many businesses have adapted to having more people work from home. This trend is likely to continue: Among the top 20 percent of earners, the number of people that work from home is close to 70 percent, according to Brookings. The majority of these people have desk jobs and rely heavily on technology to complete their tasks. But as companies shift from pandemic-related policies to a new normal, there are some major security implications to consider. In the past (2017-2018), when only 4 percent of the population worked from home full-time, corporations were largely protected from outside cyber-threats with corporate firewalls, intrusion-detection systems and a myriad of other tools. Insider threats from employees and others given access to the network were more easily monitored because they were always connected in some capacity, and so malicious activity could be easily detected.
Problem: If there are thousands of employees scattered around hundreds of places, how do you keep your organization’s network safe? Solution: You should monitor your employees wherever they’re located, and devise a standard baseline of their behavior through machine learning techniques. By using that information, you can identify anomalies and protect your network from cyberattacks. Most organizations still have employees working from home while a small part of the workforce returns to offices, inevitably introducing some changes to user behavior. Keeping an eye out for these changes can prepare you for unexpected internal and external cybersecurity risks to the network. Here are some user behavioral changes that you should look for as organizations continue to adapt to modern work environments in the COVID-19 era.
Ransomware-as-a-service has become so popular and profitable that bad actors in the dark markets are expanding their range of illicit services to offer dedicated phishing and espionage campaigns too. Over the past half a year, BlackBerry’s Research and Intelligence team has been keeping a close eye on a cyber-espionage campaign that is targeting individuals around the world. Dubbed ‘CostaRicto’ by BlackBerry, the campaign seems to be run by ‘hackers-for-hire’, a group of skilled APT actors with bespoke malware tooling and complex VPN proxy and secure shell (SSH) tunnelling capabilities. According to the company, criminal groups offering APT-style attacks are becoming increasingly popular. Their tactics, techniques, and procedures are close in nature to highly sophisticated state-sponsored campaigns, but the profiles and geography of their targets are too diverse to be aligned with a single threat actor’s interests.
Insider threats have long existed in the airline industry, such as when a Horizon Air employee commandeered a turboprop passenger plane from Seattle-Tacoma International Airport in August 2018, or an American Airlines mechanic tampered with an aircraft’s air data module (ADM) system in 2019. These same threats are amplified in 2020 as the aviation industry faces a global pandemic that has forced airlines to upend every part of their business and increased the risk of negligent or malicious insiders. Aviation leaders need to take a holistic approach by creating an insider threat program across the aviation industry, according to a new report from experts at Deloitte. The report, Aviation Insider Threat Mitigation, offers ten recommendations that make up a holistic approach for aviation leaders to use when creating insider threat programs.