US-EU privacy agreement. China's favorite CVEs. Election security. Trends in social engineering. Notes on the hybrid war.


At a glance.

  • US Executive Order implements US-EU data-sharing privacy safeguards.
  • Top CVEs exploited by China.
  • Election security and credit risk.
  • COVID-19-themed social engineering.
  • Criminals turn to malicious HTML file attachments.
  • Killnet and US state government sites.
  • Evading sanctions with cryptocurrency. US cyber ambassador on deterrence and the state of Russia's hybrid war.

US Executive Order implements US-EU data-sharing privacy safeguards.

An Executive Order signed this morning by US President Biden moves the US and the EU closer to agreement on data privacy standards. It specifies the safeguards the US undertakes to put in place pursuant to the agreement reached with the European Union in March of this year. The Executive Order specifically addresses European concerns about US signals intelligence and other intelligence activities.

Top CVEs exploited by China.

The US National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI) have issued a joint advisory on the top vulnerabilities being targeted by Chinese state-sponsored threat actors. These include CVE-2021-44228 in Apache Log4j, CVE-2019-11510 in Pulse Connect Secure, CVE-2021-22205 affecting GitLab, CVE-2022-26134 in Atlassian Confluence Server and Data Center, and CVE-2021-26855 in Microsoft Exchange Server. For more details, and industry comment, see CyberWire Pro.

Election security and credit risk.

Moody’s Investors Service released a report detailing election risks as they relate to cyber risk. The service discusses how local governments are more exposed to credit risks as there is a shift from core services to election security, and calls on state and federal funding to mitigate risk. See CyberWire Pro for more on Moody's conclusions.

COVID-19-themed social engineering.

Proofpoint has released research detailing how threat actors took advantage of the COVID-19 pandemic for personal gain. The report highlights how threat actors are creatures of opportunity, acting when a threat is of relevance to their audience. In this case, threat actors could cast a wide net, as COVID-19 was relevant to the entire world. It was noted that the pandemic also provided a good background for any type of cybercrime. The pandemic was also a big change in both personal and business-related matters, so social engineering tactics were found to target both. For more information, see CyberWire Pro.

Criminals turn to malicious HTML file attachments.

Researchers at Trustwave SpiderLabs have observed a rise in malicious HTML attachments in phishing emails over the past month. Most of these attachments open a phishing page that impersonates a login portal to steal users’ credentials. The researchers note that some of these files will plug the user’s email address into the login field of the phishing page, to trick the user into thinking they had previously logged in. Attackers are also using HTML smuggling to avoid being detected by email security filters. For more information, see CyberWire Pro.

Killnet and US state government sites.

CyberScoop has an update on how US states, particularly Colorado, Kentucky, and Mississippi, are recovering from the DDoS attacks that took some sites offline briefly this Wednesday. The incidents seem for the most part to have been quickly contained, but that hasn't inhibited Killnet, in an Ozymandian mood, from calling its action “USA Offline.” Some of the group's website defacements have displayed the Statue of Liberty in front of a mushroom cloud, the scene emblazoned with the motto "F*ck NATO." It's low-grade vandalism. Low-grade, dadaesque heckling can in principle have some effect (contrast, for example, the doge memes of the North Atlantic Fella Organization) but Killnet's stuff in all candor doesn't seem to be in the Fellas' league.

Evading sanctions with cryptocurrency.

Cryptocurrencies are well-adapted to serve as vehicles for remittances, and, while there's nothing inherently criminal or nefarious about them, they have been used by criminals for both money laundering and carrying out illicit transactions. Russians interested in evading sanctions have also turned to alt-coin, Wired reports this morning, with Russian paramilitary support groups (like Save Donbas and REAR) turning to crypto exchanges to take in funds. Most of the exchanges being used are "high-risk" Russian operations, but some exchanges in China and India are also serving as transfer mechanisms. The intake is not, by defense budget standards, large, amounting only to some $4 million.

US cyber ambassador on deterrence and the state of Russia's hybrid war.

Ambassador-at-Large for Cyberspace and Digital Policy Nate Fick, the first official to hold the new US State Department post, was sworn in on October 4th. Yesterday he addressed journalists on, among other matters, the current state of Russian cyber operations in the war against Ukraine. He advocated extending deterrence across the cyber domain, and is encouraged by what the NATO unity he sees in this respect. Deterrence seems, he thinks, to have inhibited Russian cyberattacks outside Ukraine. "We haven’t seen yet a ton of lateral escalation using cyber means outside Ukraine by the Russians," he said, adding, "I think that there is a robust deterrence framework that’s part of the NATO Alliance, and I would attribute that, at least in part, for why there haven’t been widespread Russian cyber attacks outside Ukraine."

The CyberWire's continuing coverage of the unfolding crisis in Ukraine may be found here.

Read the Full Article
Get updates to your inbox
Our latest tips, insights, and news
DoControl - SaaS data access control - Linkedin logoDoControl - SaaS data access control - Twitter logo
Get updates to your inbox
Our latest tips, insights, and news