By Colby Proffitt
1.) Careful what you wish for—change and continuity in China’s cyber threats (part 1) (April 5, 2018)
Summary: Although there’s been a discernible reduction in the magnitude of Chinese cyber intrusions in the past few years, the threat has been transformed, not diminished. While US diplomacy has helped reshape Chinese cyber activities during this period, the reorganization and professionalization of Chinese cyber forces constitute a greater long-term challenge.
Why it matters: Although the initial steps former President Obama took were viewed by some as forward progress, just as many would argue that the US can never assume that China – or most other foreign states – will sincerely honor any such agreements. There are a number of challenges when it comes to policy and nation to nation agreements – the challenge of attribution alone makes it easy for foreign states to deny attacks or place blame elsewhere, and it’s not uncommon for other malicious cyber groups to falsely claim credit for an attack. Cyber attacks have real consequences, but they are inherently difficult to attribute with 100% certainty. This article highlights some of the findings from recent investigations, including the Section 301 investigation, and it will be interesting to see what Part II of this series offers in the coming weeks.
2.) Why North Korean Cyberwarfare is Likely to Intensify (March 28, 2018)
Summary: Despite a parade of issues battling for headlines today, the impending negotiations between the United States and the Democratic People’s Republic of North Korea (DPRK) have been widely covered, with diplomacy experts weighing in across the globe. A recent article by CrowdStrike VP of Intelligence Adam Meyers titled, “Negotiations With North Korea May Have Cyber Consequences,” offers a view of the unprecedented negotiations from a different angle — one that examines the cyber consequences of these talks. The article appeared in the online magazine 38North, which is published by the Korean Institute of Johns Hopkins School of Advanced International Studies (SAIS).
Why it matters: In line with the article above about China, this article offers some insight into the potential repercussions of the sanctions placed on North Korea. While sanctions may limit physical attacks, they may also force North Korea to pursue cyberwarfare even more aggressively. This article outlines how an attack may unfold in the coming months, also suggesting, just as many have predicted, that an attack on US critical infrastructure is inevitable.
3.) Here comes the next round of encryption legislation (April 3, 2018)
Summary: Another Senate bill that intends to regulate encryption in private devices is in the works.
Why it matters: This is a very sticky issue and it’s unlikely that there will be any consensus on a path forward anytime soon. On the one hand, many in the cyber field would argue that encryption is one of the best things organizations and end users can use to keep their devices and data secured. On the other hand, encryption is a significant obstacle for law enforcement and investigators. While creating a “backdoor” for law enforcement might make sense, it raises the question of whether or not the benefits would outweigh the risks. Undoubtedly, if such a “backdoor” is created via legislation, it will be yet another attack vector hackers will seek to leverage.
4.) DHS says unauthorized Stingrays could be in D.C. area (April 4, 2018)
Summary: The Department of Homeland Security has acknowledged the presence of what appear to be unauthorized mobile surveillance devices in the Washington, D.C. area and elsewhere in the United States that could be exploited by foreign spies to track and intercept phone calls.
Why it matters: An International Mobile Subscriber Identity (IMSI) catcher is a telephone eavesdropping device used for intercepting mobile phone traffic and tracking location data of mobile phone users. They look like cell phone towers, and apparently, there are a number of them in the DC area. These catchers are yet another sign of the complex and ever-increasing manner in which cyber adversaries are seeking to steal data and collect intel for malicious intent. What’s scary is that DHS has not come forward with a capability to detect the devices. Until the towers are shut down, or 5G capabilities are widespread, users should consider turning their phones off when not in use, or be cognizant of the fact their phone calls and activity may be monitored.
5.) Atlanta takes down water department website two weeks after cyber attack (April 5, 2018)
Summary: Atlanta took down its water department website indefinitely on Thursday, two weeks after a ransomware cyber attack tore through the city’s computer systems in one of the most disruptive hacks ever to strike a U.S. local government.
Why it matters: Following up on last week’s roundup, Atlanta takes steps towards recovery, but disruption continues, with some departments still offline until further notice. It will be interesting to see if the city decides to pay the ransom, or if they can recover sufficiently without regaining the stolen data. Others should take heed from this attack and take every precaution possible.