The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

CSIAC ANNOUNCEMENTS:

Free CSIAC Webinar – Thursday, October 26 @ 12:00 pm EDT – Applying the 20 Critical Controls for Risk Assessment - CSIAC

This webinar will introduce attendees to the Center for Internet Security (CIS) Top 20 Critical Security Controls. Tools and techniques to implement the controls will be discussed. With the uncertainty and risks associated with the Internet of Things (IoT), it is essential to understand how to assess a system or a business network and implement controls to eliminate, minimize, mitigate or manage risk. The "Top 20" is an industry accepted framework for cyber security managers to address all elements within and threats to a network. The incorporation of these controls provides learners with real world skills and experiences.

National Cyber Security Awareness Month – Week 1: Simple Steps to Online Safety - CSIAC

All members of the public can take some simple actions to protect themselves online and to recover in the event a cyber incident occurs. This week’s topic is simple steps that an individual or organization can take to improve their online safety. CSIAC has a substantial repository of information available to its users. We will highlight a few topics we feel are critical to protecting yourself and point you to both CSIAC and external resources we feel can assist you.

RECENT HEADLINES:

Cloud Computing:

Cut Cord: How Viacom’s Master Controls Were Left Exposed - Up Guard

The UpGuard Cyber Risk Team can now disclose that Viacom Inc, the Fortune 500 corporation that owns Paramount Pictures, as well as cable channels like MTV, Comedy Central, and Nickelodeon, exposed a vast array of internal access credentials and critical data that could be used to cause immense harm to the multinational corporation's business operations.

Critical Infrastructure:

INL to Host National Conversation in Delaware on Protecting Critical Infrastructure - KMVT News

Millions of people were affected by wide-spread power outages in the days following hurricanes Harvey and Irma. Utilities worked to get the power on, and smart meters were credited with helping with response and restoration efforts. As the water recedes, there are lingering questions about the critical attributes of a robust and resilient power grid. Join the conversation on this topic, and others at the 10th annual Resilience Week symposium in Wilmington, Delaware, Sept. 18-22. This symposium is dedicated to advancing the resiliency of critical cyber-physical infrastructures from unexpected and malicious threats, with a particular focus on industrial control systems (ICS), supervisory control and data acquisition (SCADA), and cybersecurity.

Cyber Crime:

Deloitte Hit by Cyber-attack Revealing Clients’ Secret Emails - The Guardian

One of the world's "big four" accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients, the Guardian can reveal. Deloitte, which is registered in London and has its global headquarters in New York, was the victim of a cybersecurity attack that went unnoticed for months.

Hackers Using iCloud’s Find My iPhone Feature to Remotely Lock Macs and Demand Ransom Payments - Mac Rumors

Over the last day or two, several Mac users appear to have been locked out of their machines after hackers signed into their iCloud accounts and initiated a remote lock using Find My iPhone. With access to an iCloud user's username and password, Find My iPhone on iCloud.com can be used to "lock" a Mac with a passcode even with two-factor authentication turned on, and that's what's going on here.

Cyberwarfare:

Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware - Fire Eye

When discussing suspected Middle Eastern hacker groups with destructive capabilities, many automatically think of the suspected Iranian group that previously used SHAMOON - aka Disttrack - to target organizations in the Persian Gulf. However, over the past few years, we have been tracking a separate, less widely known suspected Iranian group with potential destructive capabilities, whom we call APT33. Our analysis reveals that APT33 is a capable group that has carried out cyber espionage operations since at least 2013. We assess APT33 works at the behest of the Iranian government.

Cyber Threat Analysis in Complex Adaptive Systems - Help Net Security

The use of wartime analogies in cybersecurity is common in our industry. Sun Tzu is often quoted in presentations and papers to emphasize an author’s key point. I will spare you that in this article; however, I would like to introduce the idea of applying a rigorous framework derived from kinetic warfare to the cyber realm. The notion of complex adaptive systems (CAS) as introduced by Brigadier General Wayne Michael Hall and Dr. Gary Citrenbaum in their book on intelligence collection provides such a framework.

Data Security:

Additional Information Regarding the Recent CCleaner APT Security Incident - Avast

We would like to update our customers and the general public on the latest findings regarding the investigation of the recent CCleaner security incident. As published in our previous blog posts, analysis of the CnC server showed that the incident was in fact an Advanced Persistent Threat (APT) attack, targeting specific high-tech and telecommunications companies. That is, despite the fact that CCleaner is a consumer product, the purpose of the attack was not to attack consumers and their data; instead, the CCleaner customers were used to gain access to corporate networks of select large enterprises.

Tech Support Scammers Abuse Native Ad and Content Provider Taboola to Serve Malvertising - Malwarebytes

A large number of publishers – big and small – are monetizing their sites by selling space for companies that provide so-called native advertising, cited as more effective and engaging than traditional banner ads.

SEC Discloses Cybersecurity Breach - Politico

The Securities and Exchange Commission on Wednesday said its "EDGAR" public-company filing system had been hacked. SEC Chairman Jay Clayton said in a statement that last month "the Commission learned that an incident previously detected in 2016 may have provided the basis for illicit gain through trading." "Specifically, a software vulnerability in the test filing component of our EDGAR system, which was patched promptly after discovery, was exploited and resulted in access to nonpublic information," Clayton said.

CCleaner Malware Infects Big Tech Companies With Second Backdoor - TheHackerNews

According to the researchers from Kaspersky, the CCleaner malware shares some code with the hacking tools used by a sophisticated Chinese hacking group called Axiom, also known as APT17, Group 72, DeputyDog, Tailgater Team, Hidden Lynx or AuroraPanda. "The malware injected into CCleaner has shared code with several tools used by one of the APT groups from the Axiom APT 'umbrella'," tweeted director of Global Research and Analysis Team at Kaspersky Lab. Cisco researchers also note that one configuration file on the attacker's server was set for China's time zone, which suggests China could be the source of the CCleaner attack. However, this evidence alone is not enough for attribution.

Attackers can Pull Data From Air-gapped Networks’ Surveillance Cameras - SC Magazine

Researchers have demonstrated a way for remote attackers to exfiltrate data from and send malicious commands to air-gapped networks, using infrared surveillance cameras that ironically are supposed to make the organizations using them more secure.

Blockchain and Digital Currency:

Over 1.65 Million Computers Infected With Cryptocurrency Miners in 2017 So Far - Bleeping Computer

Telemetry data collected by Kaspersky Lab shows that in the first nine months of 2017, malware that mines for various types of cryptocurrencies has infected more than 1.65 million endpoints. According to Kaspersky, detections for cryptocurrency mining trojans rose from a lowly 205,000 infections in 2013 to nearly 1.8 million in 2016, and 2017 looks like it will easily surpass that number.

High Performance Computing:

Los Alamos Gains Role in High-Performance Computing for Materials Program - HPC Wire

A new high-performance computing (HPC) initiative announced this week by the U.S. Department of Energy will help U.S. industry accelerate the development of new or improved materials for use in severe environments. Los Alamos National Laboratory, with a strong history in the materials science field, will be taking an active role in the initiative.

Machine Learning and Artificial Intelligence:

Google Reveals Android Robocop AI to Spot and Destroy Malware - The Register

In its ongoing quest to trap and kill Android malware, Google has, as usual, turned to machine learning - and is reporting some success.

Microsoft Launches New Machine Learning Tools - Tech Crunch

Microsoft, just like many of its competitors, has gone all in on machine learning. That emphasis is on full display at the company's Ignite conference, where the company today announced a number of new tools for developers who want to build new A.I. models and users who simply want to make use of these pre-existing models - either from their own teams or from Microsoft.

Neuromorphic Computing:

Intel Unveils Loihi Self-learning Neuromorphic Chip - Bit-Tech

Intel has announced it is doubling down in the field of artificial intelligence, launching a test platform dubbed Loihi which it describes as a self-learning neuromorphic chip aimed at allowing machines to think and learn more like people.

Public Sector:

Special Report: HP Enterprise let Russia scrutinize cyberdefense system used by Pentagon - Reuters

Hewlett Packard Enterprise allowed a Russian defense agency to review the inner workings of cyber defense software used by the Pentagon to guard its computer networks, according to Russian regulatory records and interviews with people with direct knowledge of the issue.

President Donald J. Trump Proclaims October 2017 as National Cybersecurity Awareness Month - White House

All Americans are affected by threats to our Nation's cybersecurity. In recent years, bad actors in cyberspace have launched attacks on a cross-section of America: businesses both small and large, State and local governments, schoolhouses, hospitals, and infrastructure critical to public safety and national security. My Administration is committed to protecting Americans against these threats. During Cybersecurity Awareness Month, we reflect on our Nation's increasing reliance on technology and the internet and raise awareness about the importance of cybersecurity. Keeping our Nation secure in the face of cyber threats is our shared responsibility. Our agility and resilience in responding to these threats will improve as our collective awareness about their nature improves.

Army Initiates New Network Modernization Plan to Enhance Cyber Capabilities - Army

As the Army introduces concepts such as the multi-domain battle (MDB) into joint operations, it also examines how its current network requires modification in order to support warfighters from multiple services in varying areas of operations and with numerous network and cyber challenges.

U.K. Releases Code of Practice for Maritime Cyber Security - American shipper

The U.K. is asking vessels to use better practices in maritime cyber security, according to Transport Minister Lord Callanan. The Department for Transport (DfT) has released a new cyber security code of practice for vessels, which Callanan said will help firms develop cyber security assessments and plan, mitigation measures and manage security breaches. "Anything that threatens the reliability and performance of a shipping sector that carries 95 percent of our trade has to be taken seriously," Callanan said last week during London International Shipping Week.

Quantum Computing:

With New Microsoft Breakthroughs, General Purpose Quantum Computing Moves Closer to Reality - Microsoft

That broad charter has ended up putting Microsoft on the path to building the first topological qubit, a robust type of quantum bit that Microsoft believes will serve as the basis for a scalable, general purpose quantum computer system – and mark a profound breakthrough in the field of quantum physics.

Software Security:

9 WordPress Plugins Targeted in Coordinated 4.5-Year Spam Campaign - Word Fence

In today's post, we are publishing research showing a coordinated effort by the same spammer that targeted WordPress plugins over a 4.5-year period. In some cases, site owners opted in to a vague agreement that didn’t make it clear that their sites would be serving spam; in other cases, plugins were simply "backdoored" to allow posting without a site owner's permission.

FEEDBACK FROM PREVIOUS DIGEST:

Most Popular:

We Tested Equifax’s Data Breach Checker — And It’s Basically Useless - ZDNet

In case you missed it: The credit rating giant admitted hackers had targeted the company in the past few months, stealing records on as many as 143 million consumers. The company went into disaster management mode (albeit with a six-week head start) and flubbed the incident response. Not only did the company botch the roll out of the support site, it also threw potential victims into legalistic chaos with nobody knowing for sure for hours whether or not the site was automatically opting out customers from a future class action suit. Add one more thing to the dumpster fire of this incident response "omni-shambles." The checker, hosted by TrustedID (a subsidiary of Equifax) that millions of users are checking to see if their private information has been stolen doesn't appear to be properly validating entries. In other words: it is giving out incorrect answers.

Equifax Data Breach: What You Need to Know - CNN

Unlike other data breaches, those affected by the breach may not even know they're customers of the company. Equifax (EFX) is one of three nationwide credit-reporting agencies that track and rate the financial history of consumers. The company gets its data from credit card companies, banks, retailers and lenders -- sometimes without you knowing.

Software has a Serious Supply-chain Security Problem - Wired

On Monday, Cisco's Talos security research division revealed that hackers sabotaged the ultra-popular, free computer-cleanup tool CCleaner for at least the last month, inserting a backdoor into updates to the application that landed in millions of personal computers. That attack betrayed basic consumer trust in CCleaner-developer Avast, and software firms more broadly, by lacing a legitimate program with malware-one distributed by a security company, no less.

CSIAC Supported Communities

CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.

Technical Resources, Policy and Guidance

This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.