Cyber Weekly Roundup – July 20, 2018

Written July 20th, 2018

Post Tags: Cyber, cyber news, cyber weekly roundup, cybersecurity, cybersecurity news, news, weekly cyber roundup, weekly roundup

By Colby Proffitt

1.) Waging cyber war without a rulebook


Summary: For years, security experts have warned of an impending cyber Pearl Harbor: an attack so big and bold that it cripples U.S. infrastructure and demands a military response.

Why it matters: This article touches on a lot of the challenges of sound cyber defense – from the attribution problem and thresholds for retaliation, to policy and all-encompassing national cyber strategy and doctrine. Many like to compare some of the problems the U.S. is facing today with the challenges faced during the Cold War. However, it’s not a perfect analogy. While we wanted our adversaries to know the depth and breadth of our weapons at that time – as a means of deterrence – today giving away the specifics of our cyber arsenal could render us defenseless. This article focuses on policy lines and points out that many question whether it’s a good idea to draw them in the first place. That matters because once a policy is put in place, we have to follow it. And if that policy results in cyber or kinetic action, an international precedent will have been set that cannot be undone.

2.) Hackers Used Malicious MDM Solution to Spy on ‘Highly Targeted’ iPhone Users


Summary: Security researchers have uncovered a “highly targeted” mobile malware campaign that has been operating since August 2015 and found spying on 13 selected iPhones in India.

Why it matters: This article serves as a reminder that hackers are tirelessly seeking new methods to infiltrate target devices and networks in search of personal data. Much to the frustration of end users, it’s really getting difficult to tell if an app is legitimate or not – many fake apps previously had typos, bad reviews, or such a small number of downloads that there were ample warning signs to users that the app might be malicious. Today, cyber criminals are finding clever ways to bypass the app screening process, they’re checking their spelling and grammar, writing false reviews, and in many cases, such as the fake WhatsApp, generating millions of downloads to add to their credibility. Caveat emptor, and research before downloading.

3.) New Gmail feature could open more users to phishing risks: Government officials


Summary: Google is rolling out a sweeping redesign of its popular Gmail service, but federal cybersecurity authorities warn that a key new feature on the system could make its 1.4 billion users more susceptible to dangerous phishing attacks that compromise users’ vital personal information.

Why it matters: What’s interesting about this story is that in the video clip, there’s no mention of any of the risks – only the benefits. Yet, DHS warns that while the redesign is supposed to make Gmail more secure, it actually introduces opportunities for phishing attempts. Much like the challenge of distinguishing real apps from fake ones (mentioned above), users may have to distinguish legitimate links and actions from malicious ones. On a positive note, DHS has reached out to Google and we can hope to see more positive collaboration like this between Washington and Silicon Valley moving forward, although we still have yet to see a response from Google regarding its partnership with Huawei.

4.) Mueller indicts 12 Russians for DNC hack, election interference


Summary: Deputy Attorney General Rod Rosenstein announced a bombshell set of indictments on July 13, pinning the blame on Russian intelligence operatives for a series of hacks directed against the Democratic National Committee, the Democratic Congressional Campaign Committee and the presidential campaign of Hillary Clinton.

Why it matters: This has been yet another interesting story to follow, and there’s a lot to unpack. On the one hand, the U.S. appears to have successfully identified those behind the election meddling. On the other hand, there’s really not much the U.S. can do to bring them to justice – Russia isn’t going to extradite any of the 12, especially since they worked for the Russian government. So, while the attribution problem in this case is at least partly solved, there may never be justice. On the bright side, as more information becomes publicly available, hopefully these 12 indictments will help the U.S. learn enough about the Russian operation and tactics to prevent future interference, and other countries can benefit from the shared knowledge as well. It will be interesting to see if a quid pro quo is reached between President Putin and President Trump – much like spies were exchanged during the Cold War, hackers may be exchanged during today’s cyber war.

5.) Facebook to Remove Misinformation That Leads to Violence


Summary: Facebook, facing growing criticism for posts that have incited violence in some countries, said Wednesday that it would begin removing misinformation that could lead to people being physically harmed.

Why it matters: Facebook seems to be in the news just as much as Russia lately. From mishandling user data to invading user privacy – the social media giant was more recently accused of inciting violence through misinformation shared on the platform. The company is up against a major challenge – moderating content across more than 2 billion users. But moderation means having rules, standards, some would even say morals, or at least the ability to connect a string of words with a positive or negative intent and outcome. But, ultimately, does moderating means introducing bias? That’s something that many look to IT to remove, especially with advances in AI, machine learning, and natural language processing. Many view bias as a bad thing, as evidenced by the faulty soap dispenser (ironically, the bias was identified by a Facebook employee), but might bias actually be needed in some cases? With more than 83 million face Facebook profiles creating bias and opinions daily, Facebook needs to make a decision on how it’s going to deal with the issue – concrete rules, not one rule with a list of exceptions.