Cyber Weekly Roundup – December 8, 2017

Written December 8th, 2017

Post Tags: cyber weekly roundup

By Colby Proffitt and Donnie Corliss

1.) Andromeda botnet dismantled in international cyber operation (December 4, 2017)


Summary: The FBI, in close cooperation with the Luneburg Central Criminal Investigation Inspectorate in Germany, Europol’s European Cybercrime Centre (EC3), the Joint Cybercrime Action Task Force (J-CAT), Eurojust and private-sector partners, dismantled one of the longest running malware families in existence called Andromeda (also known as Gamarue).

Why it matters: In a sea of attacks, leaks, and compromises, it’s nice to hear some good cyber news. This article highlights the significant levels of time and effort required to stop Andromeda, but it’s also a testament to the benefits of international and interagency collaboration and cooperation, often necessary in cyber warfare.

2.) The Government’s Struggle to Hire Young Tech Talent is Worse Than You Thought (December 1, 2017)


Summary: In the federal IT workforce, the number of employees age 60 or older is more than quadruple the number of specialists under the age of 30, according to a Nextgov analysis.

Why it matters: Although this study isn’t exclusive to the federal cyber profession, it does provide some insight into the not-so-new cyber skills challenge. Hiring for tech positions is an uphill battle, but hiring for cyber-specific positions, and finding individuals with both the skills and certifications, as well as the years of hands-on experience is even more of a challenge. As this article points out, the cards are stacked against the federal government. Signing bonuses and student loan repayment options are nice incentives, but the government can’t pay as much as industry, and the hiring process can take much longer. The good news is, the government realizes the need to hire more millennials and is taking steps to increase their pipeline and address the IT age gap – from more hiring fairs and incentives, to a potential Cyber National Guard.

3.) Over 400 Popular Sites Record Your Every Keystroke and Mouse Movement (November 22, 2017)


Summary: Researchers from Princeton University’s Centre for Information Technology Policy (CITCP) analyzed the Alexa top 50,000 websites in the world and found that 482 sites, many of which are high profile, are using a new web-tracking techniques to track every move of the users.

Why it matters: Although ‘session replay’ is designed to gather data regarding user engagement to help developers improve the end user experience, it’s concerning for end users not only because their activity is no longer private, but even the information entered in online forms can be collected before the user submits the completed form. Ultimately, any information collected through session replay and sent to third parties for analysis is at risk of being compromised. According to the study, anything collected cannot “reasonably be expected to be kept anonymous.”

For end users who use any of the sites that employ session replay, be aware that everything you type is being recorded. It can be easy to glance over user agreements and quickly agree to privacy statements, but it’s important to read them and understand the agreement before acknowledging.

4.) The quest for seamless, secure identity and access management (December 4, 2017)


Summary: Agencies have made significant progress in moving beyond simple username and password constructions, but the work is far from done. Challenges include educating senior managers, convincing a wary public and finding ways to securely share the burden of identity-proofing.

Why it matters: The challenge of identity management is making it effective, without making it so cumbersome that it negatively impacts the end users’ ability to complete their tasks and the overall mission of the agency or organization. Users nowadays are accustomed to being able to use applications and devices for personal use, without much thought about security – mostly because security is baked into the user experience on mobile devices and many applications. The challenge the federal government faces is providing that same frictionless, secure experience for their end users.

5.) House Subcommittee on Space Audits Cybersecurity Protocols (November 7, 2017)


Summary: U.S. Congressman Brian Babin, R-Texas, Chairman of the House Subcommittee on Space, said his group is working on legislation with the U.S. Department of Defense (DOD) to conduct a new cybersecurity defense audit of U.S. government space and defense agencies as part of a larger commercial space enterprise bill. While he could not name the specific legislation, Rep. Babin hinted that the cybersecurity audit could end up being part of the American Space Commerce Free Enterprise Act of 2017, which was introduced this past June by his fellow Congressman Rep. Lamar Smith, R-Texas.

Why it matters: Satellites represent another possible target for an attack on US critical infrastructure. With attacks on the rise, it’s critical that the government take action to incorporate protection at every level – from critical infrastructure on the ground, to software running on satellites in space. Federal contractors, especially those in the defense industry are also targeted by nation-states, with the goal of not only disrupting operations, but also stealing defense secrets and close the technological gap between the US and foreign nation-states.

6.) Update to Cybersecurity Framework (December 5, 2017)


Summary: NIST published the second draft of the proposed update to the Framework for Improving Critical Infrastructure Cybersecurity. This second draft update aims to clarify, refine, and enhance the Cybersecurity Framework, amplifying its value and making it easier to use. This latest draft reflects comments received to date, including those from a public review process launched in January 2017 and a workshop in May 2017.

Why it matters: The NIST CSF provides a policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber attacks, and provides a high level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes. The CSF is considered best practice and it will be interesting to see how this latest draft takes shape after public comments. The finalized version is anticipated in Spring 2018.