The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

CSIAC ANNOUNCEMENTS:

CSIAC Podcast Series – Did You Know? – Inviting Other Users - CSIAC

Registered members of CSIAC.org can now easily invite others to join them and take part in CSIAC's free services and resources. Watch the short video to learn how.

Protecting Critical Infrastructure from Cyber Threats – National Cyber Security Awareness Month – Week 5: October 30-31 - CSIAC

The essential systems that support our daily lives - such as electricity, financial institutions, and transportation - are all dependent upon the Internet. Building resilience in critical infrastructure is crucial to our national security. Week 5 will look at cybersecurity in relation to keeping our traffic lights, running water, phone lines, and other critical infrastructure secure. It also facilitates the transition to November's Critical Infrastructure Security and Resilience Month (CISR), highlighting the tie between cybersecurity and our nation's critical infrastructure.

Free CSIAC Webinar Tomorrow Nov 15 @ 12:00PM EST – Software Defined WAN (SD-WAN): Security Implications and Design Solutions - CSIAC

Software Defined WAN (SD-WAN) is transforming Wide Area Networks (WANs) by providing a highly available Secure WAN Transport combined with Direct Internet Access in the branches. With SD-WAN, Enterprises can mix WAN service offerings from multiple providers (MPLS, Internet, Carrier Ethernet, 3G/4G, ...) to optimize their bandwidth costs and dynamically balance applications across the various links. This session will discuss the security implications of this new architecture.

RECENT HEADLINES:

Cyber Crime:

Merck Cyber Attack May Cost Insurers $275 Million: Verisk’s PCS - Reuters

Insurers could pay $275 million to cover the insured portion of drugmaker Merck & Co's loss from a cyber attack in June, according to a forecast by Verisk Analytics Inc's Property Claim Services (PCS) unit.

New Wave of Cyber Attacks Hits Russia, Other Nations - Reuters

Cyber attacks using malware called "BadRabbit" hit Russia and other nations on Tuesday, affecting Russian Interfax news agency and causing flight delays at Ukraine's Odessa airport.

Cyberwarfare:

Cybercom Establishes Strategic Concepts to Mitigate Cyber Threats to Natl Security - Executive Gov

The U.S. Cyber Command has developed an operational approach to defensive cyber operations and strategic concepts which aim to help address a number of cyber threats to national security.

Russia’s Election Hackers Use D.C. Cyber Warfare Conference as Bait - The Daily Beast

The Russian military hackers behind last year's election meddling are using an upcoming cyber warfare conference in Washington D.C. as a lure to infect a new crop of victims with malware, security researchers said Sunday, effectively turning a high-level gathering packed with NATO and U.S. military cyber defenders into an opportunity for more attacks.

“Cyber Conflict” Decoy Document Used In Real Cyber Conflict - Talos

Cisco Talos discovered a new malicious campaign from the well known actor Group 74 (aka Tsar Team, Sofacy, APT28, Fancy Bear...). Ironically the decoy document is a deceptive flyer relating to the Cyber Conflict U.S. conference.

North Korea Hackers Stole South Korea-U.S. Military Plans to Wipe Out North Korea Leadership: Lawmaker - Reuters

Democratic Party representative Rhee Cheol-hee said 235 gigabytes of military documents were taken from the Defense Integrated Data Center in September last year, citing information from unidentified South Korean defense officials.

DOD Tests and Deploys Upgraded JRSS - Defense Systems

The Navy is now assessing its implementation of its Joint Regional Security Stacks data consolidation and interoperability initiative by subjecting data networks to a wide range of attack scenarios, emerging threats and operational conditions.

Data Security:

No Macros? No Problem for New Malware Attack - SecurityIntelligence

Macro-based Microsoft Office malware is a go-to tactic for aspiring cybercriminals because it's reliable and effective. Since macros remain an integral part of Word documents, many companies don't disable them by default, and users often open .doc attachments. But with enterprise IT on the war path for signs of any macro malware attack, criminals are getting creative. According to Bleeping Computer, they're now using an outdated Office feature known as Dynamic Data Exchange (DDE) to infiltrate and infect corporate devices.
Tags: Microsoft

Kaspersky: NSA Staffer’s Laptop Was Infected with Malware - CNET

The Russian cybersecurity company releases details from its internal investigation into an NSA hack, which it's accused of being behind.

Security Vulnerability Puts Linux Kernel at Risk - SecurityIntelligence

The security vulnerability impacts the Advanced Linux Sound Architecture (ALSA), which is a software framework that establishes an application programming interface (API) for sound card drivers in the Linux kernel. While the potential damage from escalated privileges is high, IT decision-makers should note that a patch has already been made available. An active development community helps keep security concerns associated with Linux at bay. However, IT managers and users must stay alert to potential concerns and work to apply recommended fixes at the earliest opportunity.
Tags: Linux

Exclusive: Microsoft Responded Quietly After Detecting Secret Database Hack in 2013 - Reuters

The database contained descriptions of critical and unfixed vulnerabilities in some of the most widely used software in the world, including the Windows operating system. Spies for governments around the globe and other hackers covet such information because it shows them how to create tools for electronic break-ins. The Microsoft flaws were fixed likely within months of the hack, according to the former employees. Yet speaking out for the first time, these former employees as well as U.S. officials informed of the breach by Reuters said it alarmed them because the hackers could have used the data at the time to mount attacks elsewhere, spreading their reach into government and corporate networks.
Tags: Microsoft

Severe Flaw in WPA2 Protocol Leaves Wi-Fi Traffic Open to Eavesdropping - ARS Technica

An air of unease set into the security circles on Sunday as they prepared for the disclosure of high-severity vulnerabilities in the Wi-Fi Protected Access II protocol that make it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points. The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks.

Healthcare Security:

The Need for Increased Investment in Medical Device Security - Tripwire

In 2014, the FBI warned that healthcare systems, including medical devices, were at an increased risk of cyber-attacks due to the unfortunate coupling of poor cybersecurity practices in the healthcare industry with patient health information (PHI) that commands high value on the dark web. This warning has largely been realized. The cost and frequency of data breaches in healthcare have risen over the past six years. This state of affairs should come as no surprise to medical device manufacturers and healthcare delivery organizations (HDOs). According to a study by the Ponemon Institute, 67% of medical device manufacturers and 56% of HDOs believe that their medical devices are at risk for an attack. Despite recognizing the risk, only 17% of device manufacturers and 15% of HDOs have taken significant steps to prevent an attack. Remarkably, only 41% of device manufacturers and 22% of HDOs have an incident response plan in place in the event of an attack.

Internet-of-Things:

After Quietly Infecting a Million Devices, Reaper Botnet Set to be Worse Than Mirai - ZDnet

A little over a month ago, a sizable botnet of infected Internet of Things devices began appearing on the radar of security researchers. Now, just weeks later, it's on track to become one of the largest botnets recorded in recent years.

Machine Learning and Artificial Intelligence:

Google Built a New Trojan Horse to Get Inside Every Aspect of Your Life - Business Insider

Google is taking hardware seriously after years of experimentation. But it doesn't have a chance at becoming another Apple or Samsung. Instead, Google's hardware division will be used to sneak the company's AI technology into everything else.

Network Security:

The Flawed System Behind the Krack Wi-Fi Meltdown - Wired

The security community scrambled to unpack Krack, a fundamental vulnerability in the ubiquitous, secure Wi-Fi network standard known a WPA2. Though some of the most popular devices are mercifully already protected (like most of those that run Windows and iOS), a staggering population remains exposed to data theft and manipulation every time they connect to WPA2 Wi-Fi. But as another interminable patching process begins, a different conversation is picking up, too, about how to catch flaws in crucial standards more quickly, and make it easier to patch them.

Neuromorphic Computing:

Resistive Memory Components the Computer Industry Can’t Resist - Yale

For years, the computer industry has sought memory technologies with higher endurance, lower cost, and better energy efficiency than commercial flash memories. Now, an international collaboration of scientists may have solved many of those challenges with the discovery of thin, molecular films that can store information.

Public Sector:

Twenty-Five Percent of Email “From” U.S. Federal Agencies is Fraudulent or High-Risk, Agari Finds - Businesswire

Agari, a leading cybersecurity company, today issued the Agari U.S. Federal Government DMARC Adoption report showing that 25 percent of email claiming to be from federal agencies is either fraudulent or otherwise unauthenticated. Among the 400 government domains protected by Agari, cybercriminals targeted 90 percent of them with deceptive emails that appear to come from a federal agency.

Secure Wi-Fi Enters the Battlefield - AFCEA

Secure Wi-Fi for classified operations is now available to the U.S. military, thanks to recent policy, hardware and software improvements. This is of great importance, especially to the Army, which faces challenges with command-post networks. Given size, weight and power constraints, these networks lack mobility, explained Paul Mehney, director of public communications for the Army's Program Executive Office Command, Control, Communications-Tactical (PEO C3T). The Army needs more rapid network initialization and faster command-post setup and teardown.

Roles and Responsibilities for Defending the Nation from Cyber Attack - FBI

As the committee is well aware, the frequency and impact of cyber attacks on our nation's private sector and government networks have increased dramatically in the past decade and are expected to continue to grow. We continue to see an increase in the scale and scope of reporting on malicious cyber activity that can be measured by the amount of corporate data stolen or deleted, personally identifiable information compromised, or remediation costs incurred by U.S. victims. Within the FBI, we are focused on the most dangerous malicious cyber activity: high-level intrusions by state-sponsored hackers and global organized crime syndicates, as well as other technically sophisticated attacks.

Quantum Computing:

Google’s Quantum Computing Plans Threatened by IBM Curveball - New Scientist

Just when it was looking like the underdog, classical computing is striking back. IBM has come up with a way to simulate quantum computers that have 56 quantum bits, or qubits, on a non-quantum supercomputer - a task previously thought to be impossible. The feat moves the goalposts in the fight for quantum supremacy, the effort to outstrip classical computers using quantum ones.

Space-Based Test Proves Light’s Quantum Weirdness - Scientific American

Physicists sometimes say that a beam of light traveling through space is like a "great smoky dragon." One can know much about where the light comes from (the dragon's tail) and where it is seen (the dragon's head), yet still know precious little about the journey in between (the dragon's mysterious, nebulous body). As light travels from source to detection, it can behave as either a particle or a wave-or, paradoxically, both states or neither state. Now an experiment using laser beams shot at satellites in low-Earth orbit has confirmed that this bizarre detail about the nature of light holds true across record-breaking distances.

CSIAC Supported Communities

CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.

Technical Resources, Policy and Guidance

This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.