Cyber Weekly Roundup – July 27, 2018

Weekly Roundup

Cyber Weekly Roundup – July 27, 2018

By Colby Proffitt

1.) China, Russia, Iran pose grave cyber espionage threat to US: Report (July 27, 2018)

https://economictimes.indiatimes.com/news/international/business/china-russia-iran-pose-grave-cyber-espionage-threat-to-us-report/articleshow/65162129.cms

Summary: The US has identified China, Russia and Iran as “aggressive” and “capable” collectors of its sensitive economic information, trade secrets and technologies, particularly in cyberspace.

Why it matters: For those attuned to the evolution of the cyber landscape, it comes as no surprise that China, Russia, and Iran are investing heavily in strategic cyber operations. What we don’t always hear in the media, however, are the motivating factors behind those investments and the resultant attacks and espionage. Every actor (both individual and nation-state) has its own motivating factors, and every cyber effort has its own unique purpose, but as this article points out, China and others are pursuing cyber as a tool for strategic economic development and geopolitical influence. This article highlights espionage and theft specifically – foreign efforts to understand what the U.S. possesses and to either take it away from us, or develop something superior. What has become clear as more stories like this are being released by major media outlets, is that while cyberwar may be similar to other physical wars of years past, it is unique with respect to duration. While there were long-term ramifications after every other war in history, there was a point in time when the war was considered ‘over’ – but today’s cyberwar may never truly cease.

2.) Russia, Accused of Faking News, Unfurls Its Own ‘Fake News’ Bill (July 22, 2018)

https://www.nytimes.com/2018/07/22/world/europe/russia-fake-news-law.html

Summary: Russia, which American intelligence agencies said spread its fair share of misinformation during the 2016 United States election, says it will crack down on “fake news” at home, with a proposed law that critics say could limit freedom of speech on the internet.

Why it matters: There’s some debate whether the intent of this new legislation is to limit malicious fake news inserted by foreign actors, or if Russia is just trying to quiet its dissenters. Either way, there’s a host of problems. For one, since the new law puts the onus (and fines) on the website – not the individual posting the comment – anyone with malicious intent (or just way too much time on their hands) could post as much ‘fake news’ on a particular platform as they like, at least until moderators block or freeze their account. The really ambitious, of course, could simply launch a host of bots to post the content for their, and once those accounts are blocked, simply create new ones. Such a fake news attack could test the abilities of moderators to keep up with posted content. As a failsafe, some platforms may disable real-time postings and require all posts to be reviewed prior to publication. Either way, keeping up with the volume is going to be a challenge. Who the first target will be and how they will react is yet to be seen, but with jail time and hefty fines up to $800K, it will be interesting to see how various websites and social platforms react to the new law, if enacted. Malaysia and several other countries have enacted similar legislation, with France being amount the countries considering similar measures currently. Given Trump’s previous declarations about fake news, one can’t help but wonder if a similar bill might develop in the U.S.

3.) NSA Hasn’t Implemented Post-Snowden Security Fixes, Audit Finds (July 26, 2018)

https://www.nextgov.com/cybersecurity/2018/07/nsa-hasnt-implemented-post-snowden-security-fixes-audit-finds/150067/

Summary: The nation’s cyber spy agency is suffering from substantial cyber vulnerabilities, according to a first-of-its-kind unclassified audit overview from the agency’s inspector general released Wednesday.

Why it matters: As this article points out, the NSA lacked policies, processes, procedures – general documentation to support daily operations. While documentation is important, it is increasingly difficult to keep up with documentation given the sheer speed of technology and cyber. That’s not to say that requirements for documentation should be done away with, but it may be time to reevaluate requirements – or leverage some of the new tech (i.e., automation) to allow NSA’s cyber sleuths to focus on more analytical and less administrative tasks. Some of the other deficiencies from the report, such as ‘noncompliant queries…in CT data using USP identifiers,’ however, will certainly raise some eyebrows. Overall, the NSA has implemented 85 of the 362 OIG recommendations. While there’s some information in the unclassified report, it will be interesting to see if additional information regarding the recommendations is released in the future.

4.) China Is Still Stealing America’s Business Secrets, U.S. Officials Say (July 27, 2018)

https://www.nextgov.com/cybersecurity/2018/07/china-still-stealing-americas-business-secrets-us-officials-say/150102/

Summary: The Chinese theft of U.S. intellectual property remains a “critical” threat, with perpetrators who have adapted to evade the strictures of a three-year-old ban on such hacking, according to a top-secret report intelligence officials sent j to Congress this week.

Why it matters: This article focuses on foreign (specifically, Chinese) espionage on the U.S., but it also reveals the latest trends in cyber. Increasingly, malicious actors are moving away from in-house, customized code and using less sophisticated, less expensive exploits. It’s cheaper, so they can buy more. And, because it’s cheaper, more people are using it, thereby making it harder to attribute the attack to any one actor. Of note, routine patching, considered by most a rudimentary cyber defense practice, is still lacking.

5.) From today, Google Chrome starts marking all non-HTTPS sites ‘Not Secure’ (July 24, 2018)

https://thehackernews.com/2018/07/google-chrome-not-secure.html

Summary: Starting today with the release of Chrome 68, Google Chrome prominently marks all non-HTTPS websites as ‘Not Secure’ in its years-long effort to make the web a more secure place for Internet users.

Why it matters: Various browsers have taken steps recently to provide a more secure browsing experience, and this addition from Chrome is a significant one. For the end user, it makes it more obvious that a site lacks encryption, and for the site owners, it motivates http owners to transition to https. It will be interesting to see the long-term implications, especially on smaller businesses. With digital SSL certificates ranging in price from $100/year to more than $1,000 a year, small businesses are going to have to weigh the benefits and risks of making the change. Added security may be an additional expense, but it will likely be worth the investment in the long-run.