IEEE Cipher --- Items from security-related news (E158)

  • Regional Cyber Hacking, Who Pays?
    Cyber Mercenary Hackers

    Publisher: Reuters
    Date: October 7, 2020
    By: Raphael Satter, Christopher Bing

    Researchers at Blackberry have put together digital evidence that reveals the scope of hacking-for-hire in the Middle East. It appears that one company has kept tabs on a variety of targets associated with Middle East politics. Tying the diverse clues together and tracing them back to one hacking source took a lot of work. Apps in the Apple and Google stores were associated with the hacked accounts. Those apps have since been removed. While the hacking firm itself, known as Bahamut, is interesting because it has covered such a range of activity, one cannot help but wonder who the customers are. Governments, potential insurgents, financial interests, blackmailers? Until Bahamut itself is hacked, we probably won't know.

  • Botnets Cause Pre-election Jitters
    Court orders seizure of ransomware botnet controls as U.S. election nears

    Publisher: Reuters
    Date: October 12, 2020
    By: Joseph Menn

    According to Microsoft, there are more than a million computers infected with Trickbot, a piece of malware that is used as a vector for installing yet more malware, particularly ransomware. Some state and local government computers in the US could be affected, and the upcoming election caused some serious concern about the potential for hacking of voter registration information or the display of election results. As a protective measure, Microsoft used copyright law to get legal permission to disrupt the command and control software in Trickbot. Symantec said that although the unwitting US sites might have been disabled, Trickbot is widespread throughout the world, and it might reinfect the US. [Ed. Although this story was widely reported during October, I did not find any follow-up stories related to Trickbot and election security.]

  • Cyber Attacks Rattle Government Officials Before Election
    Exclusive: National Guard called in to thwart cyberattack in Louisiana weeks before election

    Publisher: Reuters
    Date: October 23, 2020
    By: Christopher Bing

    Prior to the election, any unusual computer activity and government computers was cause for alarm. So when some government offices in Louisiana found malware on their computers, their requests for helpful were met with immediate attention. Somehow the Louisiana National Guard had resources to help. The state government noted that ransomware would be ineffective in destroying voter information because all essential data is held in copies by that state computers. Reportedly the suspect software was a remote access Trojan with some ties in its history to North Korea. The attack on the Louisiana computers might have been unrelated to the election, but with the election looming, no one wanted to take any chances.

  • Pandemic Fills Hospitals, Malware Diverts Patients
    Several hospitals targeted in new wave of ransomware attacks

    Publisher: CNN
    Date: October 29, 2020
    By: Vivian Salama, Alex Marquardt, Lauren Mascarenhas and Zachary Cohen


    As if the pandemic were not bad enough, malware manages to make it worse. The healthcare industry is frequently the target of extortion, but when a hospital is unable to function due to malware, patients needing care may be the ones who suffer most.

    "We are experiencing the most significant cyber security threat we've ever seen in the United States," Charles Carmakal, SVP and CTO of Mandiant, said. "An Eastern European financially motivated threat actor, is deliberately targeting and disrupting U.S. hospitals, forcing them to divert patients to other healthcare providers. Patients may experience prolonged wait time to receive critical care."

    Chris Krebs, director of CISA in the DHS, warned health care and public health individuals to have their "shields up! Assume Ryuk is inside the house. Executives - be ready to activate business continuity and disaster recovery plans. IT sec teams - patch, MFA, check logs, make sure you have a good backup point." Ryuk is the crypto-ransomware used to target the Microsoft Windows systems of hospitals. Without external backups, there is no way to recover without payment.

  • Christopher Krebs, Truth to Power
    Top US cybersecurity official reportedly says he expects to be fired
    Christopher Krebs leads the agency that secures voting technology, which has been pushing back on misinformation about the election
    Publisher: The Guardian
    Date: Nov. 12, 2020
    By: Guardian staff and agency

    Chris Krebs, head of the Critical Infrastructure Security Agency in the Department of Homeland Security, who in late October issue warnings to hospitals about malware attacks, seems to have an obsession with truth. CISA had an election information center that worked hard to keep the public up-to-date about information and misinformation regarding the US presidential election. In the aftermath of the voter turnout, he gave his assessment of election security, finding that the 2020 election was the most secure one yet. Being as his statement directly contradicted the US President's online comments, he assumed his job was on the line, and let that be known. Krebs earned a great deal of respect for his role protecting elections.

  • ... and Out
    Firing Christopher Krebs Crosses a Line - Even for Trump
    The president dismissed the widely respected cybersecurity agency director Tuesday night for pushing back against election disinformation.
    Publisher: Wired
    Date: 11.17.2020
    By: Garrett M. Graff

    Some days after Krebs announced that he expected to be fired, he indeed was dismissed from his post. A sad footnote to the waning days of the retributive Trump administration.