TOP OF THE DAY
Iran’s APT34 Abuses MS Exchange to Spy on Gulf Gov’ts
(Nate Nelson – Dark Reading – 17 October 2024) An Iranian threat actor has been ramping up its espionage against Gulf-state government entities, particularly those within the United Arab Emirates (UAE). APT34 (aka Earth Simnavaz, OilRig, MuddyWater, Crambus, Europium, Hazel Sandstorm) is a group that has been previously tied to the Iranian Ministry of Intelligence and Security (MOIS). It’s known to spy on high-value targets in major industries across the Middle East: oil and gas; finance; chemicals; telecommunications; other forms of critical infrastructure; and governments. Its attacks have demonstrated a sophistication befitting its targets, with suites of custom malware and an ability to evade detection for long periods of time. – Iran’s APT34 Abuses MS Exchange (darkreading.com)
Iranian Hackers Use Brute Force in Critical Infrastructure Attacks
(Ionut Arghire – SecurityWeek – 17 October 2024) Iranian state-sponsored threat actors have been using brute force and other techniques in attacks targeting critical infrastructure organizations, government agencies in the US, Australia, and Canada warn in a joint advisory. Since October 2023, Iranian threat groups have been observed relying on password spraying, multi-factor authentication (MFA) ‘push bombing’, and other techniques to hack into user accounts and compromise organizations, the US cybersecurity agency CISA, the FBI, the NSA, Canada’s CSE, and Australia’s AFP and ACSC say. – Iranian Hackers Use Brute Force in Critical Infrastructure Attacks – SecurityWeek
Two-thirds of Attributable Malware Linked to Nation States
(Phil Muncaster – Infosecurity Magazine – 17 October 2024) Most of the attributable malware used in attacks on Netskope customers over the past year are linked to state-backed groups, the vendor has claimed. The SASE provider based its findings on 12 months of data collected from customer environments, claiming the largest share of malware attacks came from North Korean groups, followed by China and Russia. The figure could be even higher, given that Microsoft revealed this week that state-affiliated actors are outsourcing operations to cybercriminals. – Two-thirds of Attributable Malware Linked to Nation States – Infosecurity Magazine (infosecurity-magazine.com)
Commerce Department eases export controls on satellites, including for remote sensing
(Theresa Hitchens – Breaking Defense – 17 October 2024) The Commerce Department today announced a tripartite set of export reform rules for a variety of commercial space technologies — including the removal of licensing restrictions on sales of remote sensing satellites and on-orbit servicing platforms to Australia, Canada and the United Kingdom. A senior Commerce official emphasized that “this isn’t just a regulatory update” in a background briefing with reporters today. “This is about maintaining our leadership in space technology, protecting our national security and bolstering our partnerships around the world.”. The export control changes also will bolster national security, allowing the Defense Department to more easily cooperate with allies and partners to implement its ambitious plans to create a “hybrid space architecture” that would enable commercial and friendly government satellites to augment US military space capabilities. – Commerce Department eases export controls on satellites, including for remote sensing – Breaking Defense
Mandiant founder calls Chinese wiretap hack unsurprising
(David DiMolfetta – NextGov – 17 October 2024) An alleged Chinese government-backed infiltration into U.S. wiretap infrastructure is leaving at least one cybersecurity leader unsurprised, arguing that telecommunications technology has always been prime real estate for hackers since its inception.The Wall Street Journal on Oct. 5 reported that a Chinese state-backed hacking collective dubbed Salt Typhoon penetrated the networks of AT&T, Verizon and Lumen, and for months was possibly inside systems that handle court-authorized wiretap requests. Kevin Mandia, a top voice in the cybersecurity community who founded the eponymously named firm Mandiant, said in an interview with Nextgov/FCW that telecoms are a logical target for adversaries in an espionage operation. – Mandiant founder calls Chinese wiretap hack unsurprising – Nextgov/FCW
Anjos Nijk on Defending Europe’s Electricity Grid Networks
(James Coker – Infosecurity Magazine – 17 October 2024) The electricity sector, among other risks critical national infrastructure (CNI) organizations, has found itself in the crosshairs of cyber threat actors amid rising geopolitical tensions. Frequent Russian cyber-attacks which targeted Ukrainian power grids before and since the Kremlin’s invasion of the region underlines the scale of this threat and potential impact on Western nations. One organization tackling this challenge is the European Network for Cyber Security (ENCS) which aims to increase awareness of cybersecurity risks facing the electricity sector and how to address these collaboratively. The ENCS is a non-profit organization owned by grid operators, focused on enhancing the cybersecurity of the European Union’s (EU) grid infrastructure. – Anjos Nijk on Defending Europe’s Electricity Grid Networks – Infosecurity Magazine (infosecurity-magazine.com)
Geostrategies
(Sangsoon Lee – ASPI The Strategist) Australia and South Korea should collaborate on space technology by building and launching small surveillance satellites from Australian space launch facilities. It would be in the military and industrial interests of both countries to do so. Over the past 30 years, South Korea has made significant progress in space technology. In 2022, it became the seventh nation capable of independent space launches, with its Nuri rocket. A few months later, South Korea’s first lunar probe, Danuri, reached the Moon’s orbit, where it is surveying future lunar landing sites. – Space: an opportunity for South Korea and Australian defence cooperation | The Strategist (aspistrategist.org.au)
Governance
(Natasha Lomas – TechCrunch – 17 October 2024) An incoming privacy policy update to Elon Musk-owned X (formerly Twitter) will see the company making it clearer to users in the European Union that they have the right to appeal decisions under the bloc’s Digital Services Act (DSA), such as account bans, content takedowns and shadowbanning. The online governance regulation, which applies on scores of services and platforms operating across the bloc, carries stiff penalties for breaches — of up to 6% of global annual turnover so there’s high regulatory risk for anyone flouting the rules. – Elon Musk’s X boosts DSA info for EU users as bloc’s probe of its complaint handling continues | TechCrunch
(Brookings – 16 October 2024) Rwanda has made impressive progress in driving inclusive digitalization across its economy. By harnessing data-driven insights, the country has empowered evidence-based policymaking, fostered innovation, and catalyzed digital transformation of Rwandan society. Landry Signé speaks with Crystal Rugege, the managing director of Rwanda’s Center for the Fourth Industrial Revolution about her journey from Silicon Valley to driving impactful technology initiatives in Rwanda and Africa. – Advancing tech, innovation, and AI governance in Africa (brookings.edu)
Security
(Matthew Shallbetter – NextGov – 17 October 2024) As cyber threats against government agencies and critical infrastructure continue to grow, federal cybersecurity leaders must expand their focus beyond IT to include threats against all physical and virtual assets connected to the network, such as operational technology, the internet of things, building management systems and more. This necessity has been recognized at the highest levels of the federal government. Over the past few years, we have seen a strong policy push from the White House and oversight agencies like the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency for asset visibility. The Biden Administration’s cybersecurity executive order and CISA’s binding operational directive 23-01 specifically call out the importance of identifying and inventorying IT assets on federal networks. – Organizing to meet the most urgent threats – Nextgov/FCW
(Dark Reading – 17 October 2024) Hong Kong police arrested 27 people Monday for their involvement in a deepfake scam operation, stealing $46 million from the scam’s victims. The scammers used AI face-swapping technology to create female personas for online dating, using tools to alter their appearance and voices. They then contacted their victims via social media platforms using these AI-generated photos of people with made-up personalities, occupations, and backgrounds. – Hong Kong Crime Ring Swindles Victims Out of $46M (darkreading.com)
(Stu Sjouwerman – SecurityWeek – 17 October 2024) Email phishing is by far one of the most prevalent forms of phishing. However, there are a number of lesser-known phishing techniques that are often overlooked or underestimated yet increasingly being employed by attackers. – Be Aware of These Eight Underrated Phishing Techniques – SecurityWeek
(Alessandro Mascellino – Infosecurity Magazine – 17 October 2024) A new ransomware group, Cicada3301, has emerged as a significant threat since its discovery in June 2024, targeting businesses in critical sectors across the US and UK. In just three months, the group has reportedly published data from 30 companies on their dedicated leak sites, underscoring the severity of the threat. – Cicada3301 Ransomware Targets Critical Sectors in US and UK – Infosecurity Magazine (infosecurity-magazine.com)
(Carly Page – TechCrunch – 17 October 2024) Insurance giant Globe Life, which provides life and health insurance policies to millions of Americans, says it is being extorted by a hacker that has stolen customers’ sensitive data. In a regulatory filing with the U.S. Securities and Exchange Commission on Thursday, the Texas-based conglomerate said it has “recently received communications” from an unknown threat actor who is seeking to extort money from the company in exchange for not disclosing data stolen from its systems. – Hackers are extorting Globe Life with stolen customer data | TechCrunch
(Carly Page – TechCrunch – 17 October 2024) Japanese electronics giant Casio has confirmed that many of its systems remain unusable almost two weeks after it was hit by a ransomware attack. Casio spokesperson Ayuko Hara told TechCrunch on Thursday that the company sees “no prospect of recovery yet” as it struggles to bounce back from the cyberattack. “Since October 5, our servers experienced a system failure that rendered several of them unusable,” Hara told TechCrunch, adding that the company subsequently took measures to disconnect its servers to prevent the spread of damage. – Casio says ‘no prospect of recovery yet’ after ransomware attack | TechCrunch
(Eduard Kovacs – SecurityWeek – 17 October 2024) Brazil’s Federal Police on Wednesday announced the arrest of a hacker whose description matches that of the notorious leaker known as USDoD. USDoD, aka EquationCorp, has leaked significant amounts of information stolen from major organizations. His targets include the FBI’s InfraGard portal, Airbus, TransUnion, National Public Data (NPD), and CrowdStrike. – Brazilian Police Arrest Notorious Hacker USDoD – SecurityWeek
(James Coker – Infosecurity Magazine – 17 October 2024) North Korean threat actors have adopted new tactics to escalate fake IT worker insider attacks, including extorting their former employers, researchers from Secureworks have found. The cybersecurity firm said the development, attributed to the Nickel Tapestry threat group, marks a significant deviation from previously established tactics. In many earlier North Korea fake IT worker schemes, the threat actors demonstrated a financial motivation by maintaining employment and collecting a paycheck. – North Korea Escalates Fake IT Worker Schemes to Extort Employers – Infosecurity Magazine (infosecurity-magazine.com)
(Phil Muncaster – Infosecurity Magazine – 17 October 2024) RansomHub is now the number one ransomware operation in terms of claimed successful attacks, according to new data from Symantec. The security vendor’s latest threat intelligence report for Q3 2024, Ransomware: Threat Level Remains High in Third Quarter, is based on analysis of leak sites. Overall, threat actors claimed 1255 attacks in the quarter, down slightly from 1325 in Q2. However, the macro trend is of attacks ticking up, Symantec warned. – RansomHub Overtakes LockBit as Most Prolific Ransomware Group – Infosecurity Magazine (infosecurity-magazine.com)
(Matt Swayne – The Quantum Insider – 16 October 2024) Critical infrastructure sectors such as healthcare, energy, finance, and agriculture can be defined as industries essential to a nation’s economy and daily functioning. Over the last decade, these critical infrastructure sectors have increasingly come under threat from cyber-attacks due, in part, to the lasting damage and ripple effects these attacks can have if even one critical sector is compromised. The advent of quantum computing’s accelerated development amplifies the risks of quantum decryption and presents a substantial and growing threat to the stability and security of these essential industries. – Quantum Computing and Critical Infrastructure (thequantuminsider.com)
(David DiMolfetta – NextGov – 16 October 2024) The U.S. on Wednesday unsealed charges against a pair of Sudanese brothers, alleging they operated a notorious hacking group that targeted U.S. government facilities, hospitals and other critical infrastructure around the world. Ahmed Salah Yousif Omer and Alaa Salah Yusuuf Omer are accused of running Anonymous Sudan, which, since last year, has made a name for launching some 35,000 distributed denial of service, or DDoS, attacks that take down victim organizations’ websites by overwhelming them with bot-generated network traffic. – US charges 2 with running ‘Anonymous Sudan’ hacking group – Nextgov/FCW
Defense, Intelligence, and War
(Ashley Roque – Breaking Defense – 17 October 2024) Cargo aerial drones and autonomous boats will team up at next year’s Project Convergence capstone exercise to help the service flesh out future operating concepts and drive investment decisions, according to a senior Army leader. “We’re going to have to figure out how to resupply dispersed formations,” Brig. Gen. Shane Upton, the director for the Contested Logistics Cross Functional Team, told Breaking Defense on Tuesday. “The Pacific, by nature, drives you to that. There’s no other option if you start putting a Multi Domain Task Force lethal firing asset on a remote island chain, I have to resupply them with ammo and we may not be able to fly a traditional C-17 or C-130 in there,” the one-star general added. “The enemy will be like: ‘You’re not using that port because I just shot it up and it’s gone.’” – Army picking 2 cargo drones to pair with autonomous boats for Project Convergence 2025 – Breaking Defense
(David DiMolfetta, Alexandra Kelley – NextGov – 16 October 2024) Google will be offering a version of its Gemini AI model capable of working within classified environments early next year, the tech giant announced Wednesday. A “large percentage” of the United States government’s military and intelligence enterprise has expressed interest in a specialized, air-gapped version of Google’s Gemini AI model, signaling high demand from analysts wanting to support their day-to-day workload with AI tools that have stormed the consumer tech market over the past two years, according to Ron Bushar, who heads public sector solutions for Google-owned cyber intelligence vendor Mandiant. – Google announces AI offering for classified environments – Nextgov/FCW
(Vadim Shtepa – The Jamestown Foundation – 16 October 2024) Russia’s war against Ukraine has turned into the first major full-scale drone war, and Ukraine is dominating this aspect of the conflict through its innovation and leadership in drone production. Moscow is lagging behind in the drone war, relying on outdated Iranian drones and facing technological limitations due to global sanctions despite efforts such as drone production and training programs. While Ukraine leads in drone production and continues to attack Russia’s own infrastructure, Russia still has more resources than Ukraine. For Ukraine to turn the tide of war, Western allies must continue to supply long-range weapons and authorize their use at range against targets in Russia. – Ukrainian Drone War Shakes Up Russian Society – Jamestown
Frontiers
(Paul Sawers – TechCrunch – 17 October 2024) The private equity realm has been pretty active so far in 2024, serving as a powerful “alternative” source of liquidity for technology startups and scale-ups in search of an exit. In August, TechCrunch reported that EQT had picked up a majority stake in cybersecurity firm Acronis at a valuation of around $4 billion, following in the footsteps of another exit, in which EQT snapped up enterprise middleware company WSO2 for $600 million. However, private equity has also been busy in the public markets, with some big deals going down to transform underperforming companies with strong growth prospects. According to PitchBook, there were 136 take-private deals led by private equity firms in 2023, up 15% on the previous year. New data provided to TechCrunch by PitchBook indicates that by the midway point of 2024, there had been 97 such deals, meaning we’re roughly on course to match last year’s figure (give or take) if the current trajectory holds. Of the take-private deals that have closed so far in 2024, 46 belong to the technology sector. TechCrunch has filtered through these transactions to identify deals specifically focused on product-centric companies (rather than IT consultancies or services firms), and pulled out all the acquisitions valued at $1 billion or more. We’ve included transactions that have either already closed in 2024 or are set to close in 2024; this includes deals first announced last year. – The 14 biggest take-private PE acquisitions so far this year in tech | TechCrunch
Legislation
(Seemant Sehgal – Infosecurity Magazine – 17 October 2024) Recently, many Chief Information Security Officers have been asking about NIS2 – What it is, what they and their organisation need to do to prepare and comply, and what security providers can do to ensure they meet the requirements of this new regulation. Part I of this series will focus on the NIS2 Directive, what it is, and what led up to the new and expanded updates that go into effect October 17, 2024. Part II of this series entitled, “Part II: NIS2 Directive – Everything EU Member States and Organisations Need to Know to Prepare and Comply” will focus on the regulated sectors, how NIS2 requirements will affect these organisations, and what security providers can do to help them prepare and comply. – What is the NIS2 Directive and Why Now? – Infosecurity Magazine (infosecurity-magazine.com)