An Executive Order signed this morning by US President Biden moves the US and the EU closer to agreement on data privacy standards. It specifies the safeguards the US undertakes to put in place pursuant to the agreement reached with the European Union in March of this year. The Executive Order specifically addresses European concerns about US signals intelligence and other intelligence activities.
The US National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI) have issued a joint advisory on the top vulnerabilities being targeted by Chinese state-sponsored threat actors. These include CVE-2021-44228 in Apache Log4j, CVE-2019-11510 in Pulse Connect Secure, CVE-2021-22205 affecting GitLab, CVE-2022-26134 in Atlassian Confluence Server and Data Center, and CVE-2021-26855 in Microsoft Exchange Server. For more details, and industry comment, see CyberWire Pro.
Moody’s Investors Service released a report detailing election risks as they relate to cyber risk. The service discusses how local governments are more exposed to credit risks as there is a shift from core services to election security, and calls on state and federal funding to mitigate risk. See CyberWire Pro for more on Moody's conclusions.
Proofpoint has released research detailing how threat actors took advantage of the COVID-19 pandemic for personal gain. The report highlights how threat actors are creatures of opportunity, acting when a threat is of relevance to their audience. In this case, threat actors could cast a wide net, as COVID-19 was relevant to the entire world. It was noted that the pandemic also provided a good background for any type of cybercrime. The pandemic was also a big change in both personal and business-related matters, so social engineering tactics were found to target both. For more information, see CyberWire Pro.
Researchers at Trustwave SpiderLabs have observed a rise in malicious HTML attachments in phishing emails over the past month. Most of these attachments open a phishing page that impersonates a login portal to steal users’ credentials. The researchers note that some of these files will plug the user’s email address into the login field of the phishing page, to trick the user into thinking they had previously logged in. Attackers are also using HTML smuggling to avoid being detected by email security filters. For more information, see CyberWire Pro.
CyberScoop has an update on how US states, particularly Colorado, Kentucky, and Mississippi, are recovering from the DDoS attacks that took some sites offline briefly this Wednesday. The incidents seem for the most part to have been quickly contained, but that hasn't inhibited Killnet, in an Ozymandian mood, from calling its action “USA Offline.” Some of the group's website defacements have displayed the Statue of Liberty in front of a mushroom cloud, the scene emblazoned with the motto "F*ck NATO." It's low-grade vandalism. Low-grade, dadaesque heckling can in principle have some effect (contrast, for example, the doge memes of the North Atlantic Fella Organization) but Killnet's stuff in all candor doesn't seem to be in the Fellas' league.
Cryptocurrencies are well-adapted to serve as vehicles for remittances, and, while there's nothing inherently criminal or nefarious about them, they have been used by criminals for both money laundering and carrying out illicit transactions. Russians interested in evading sanctions have also turned to alt-coin, Wired reports this morning, with Russian paramilitary support groups (like Save Donbas and REAR) turning to crypto exchanges to take in funds. Most of the exchanges being used are "high-risk" Russian operations, but some exchanges in China and India are also serving as transfer mechanisms. The intake is not, by defense budget standards, large, amounting only to some $4 million.
Ambassador-at-Large for Cyberspace and Digital Policy Nate Fick, the first official to hold the new US State Department post, was sworn in on October 4th. Yesterday he addressed journalists on, among other matters, the current state of Russian cyber operations in the war against Ukraine. He advocated extending deterrence across the cyber domain, and is encouraged by what the NATO unity he sees in this respect. Deterrence seems, he thinks, to have inhibited Russian cyberattacks outside Ukraine. "We haven’t seen yet a ton of lateral escalation using cyber means outside Ukraine by the Russians," he said, adding, "I think that there is a robust deterrence framework that’s part of the NATO Alliance, and I would attribute that, at least in part, for why there haven’t been widespread Russian cyber attacks outside Ukraine."
The CyberWire's continuing coverage of the unfolding crisis in Ukraine may be found here.