Cyber Weekly Roundup – May 18, 2018

Written May 18th, 2018

Post Tags: Cyber, cyber news, cyber news roundup, cybersecurity, north korea, trump

By Colby Proffitt

1.) Theft of North Korean secrets may have pushed Kim Jong Un into talks (May 18, 2018)


Summary: The ultimate insider has made off with North Korea’s cyber intelligence, counterintelligence and nuclear secrets, causing people to think that’s why Kim Jong Un met with South Korea’s leader.

Why it matters: Although the warfront has evolved considerably over the last decade, with cyber taking center stage, this story is a reminder that humans are still behind the battle lines and behind the keyboard. And while it’s unclear what exactly ‘Mr. Kang’ knows about North Korea’s plans – it is clear that while it’s important to halt adversaries in their tracks in cyberspace, it’s most effective to apprehend them physically. While attribution – uncovering who is responsible for attacks – is a real problem in many cases, getting to the potential sources of intel behind future attacks is a sure way to avoid both the attribution challenge, and the attacks altogether.

2.) Watch Out Apple: North Korean Hackers Are Now Developing iPhone Spy Tools (May 18, 2018)


Summary: North Korea is believed to have developed a MDM (mobile device management) app. The spyware tool was located on a server believed to contain other hacking tools by North Korean hacking groups. The limitation of the malware requires an iPhone to be jailbroken before it could be installed. If installed – It could do major damage by remotely exposing user data.

Why it matters: This is a short read that unpacks a number of issues – is North Korea really willing to cooperate in cyberspace? How did North Korea access the supply chain? Is North Korea doing their own hacking, or are they outsourcing elsewhere? While this article doesn’t offer any concrete answers to those questions, it does highlight the overall timeline that many attacks follow – a lengthy one. Many of today’s advanced attacks occur rapidly, but only after months and in some cases years of planning, hacking, and lurking in the shadows before striking at the optimal moment. It’s a reminder to both organizations and individual users – nothing may have happened immediately after clicking a suspicious link, but chances are, your online activity is being monitored and your data is being harvested. One wrong click is all it takes.

3.) One Year After WannaCry, EternalBlue Exploit Is Bigger Than Ever (May 18, 2018)


Summary: The exploit at the heart of the biggest cyber-security incident in history is more popular than ever. Named EternalBlue, the exploit was stolen by a hacker group known as The Shadow from the US National Security Agency and is used to infect & prevent encryption. The fortunate benefit is that few malware authors know how to use it but its existence alone makes it a constant threat.

Why it matters: If you never understood why it’s important to patch your machine, this article offers some insight into why patches and updates are critical to stopping the spread of malware and ransomware. At the end of the day, any unpatched device is another medium to spread infection. So while all of your devices might be up to date, if your co-worker’s devices or your best friend’s devices aren’t, and you’re on the same network, you’re at risk. Guarding your own devices isn’t enough. It’s like being in the same room as someone with the flu – even if you wash your hands, you’re still at risk of getting sick.

4.) Hidden App Malware Found on Google Play (May 18, 2018)


Summary: 38 malicious applications were found in the Google Play Store disguised as games and education apps. These malicious apps hide their existence on victims’ devices by removing their icons from the home screen. They redirect victims to install another app on the Google Play Store that displays advertisements, and has minimal additional functionality. These malicious apps load several blog URLs in the background without the user’s knowledge.

Why it matters: End users are inundated with pop-ups – to the point that many simply swipe or tap to get past legitimate warnings and malicious pop-ups alike. This article is a reminder that not only is it important to read the fine print before accepting the terms, but also calls into question the due diligence of Google and other ‘app store’ providers. Many users simply assume that if an app is available from the store, it’s safe. App providers and re-sellers need to take on the responsibility of ensuring that apps are safe for end users.

5.) Trump eliminates national cyber-coordinator job, gives Bolton keys to the cybers (May 10, 2018)


Summary: White House Cybersecurity Coordinator Rob Joyce’s departure would leave some big shoes to fill. But President Donald Trump has decided that those shoes can easily be filled by NSC Director John Bolton all by himself. In an executive order, Trump eliminated the national cybersecurity coordinator position in a reorganization of the NSC, placing authority of all things cyber on Bolton and his NSC staffers.

Why it matters: Trump’s decision is a source of contention in the media – to the point that many are going so far as to say that it’s not just the American economy and critical infrastructure that are at risk – so are American lives. And that raises an interesting point – war as we have known it to date has had tangible, physical consequences – cities destroyed and loved ones lost. The cyber war, on the other hand, has had mostly economic impacts – bankruptcy and maligned reputations. As this articles points out, cyber is a big job – and it’s a big job at every level. What we can hope is that the right individuals will fill the roles required to keep America safe – both economically and physically.