Cyber Weekly Roundup – July 6, 2018

Weekly Roundup

Cyber Weekly Roundup – July 6, 2018

By Colby Proffitt

1.) You Should Be ‘Significantly Concerned’ There’s No White House Cyber Coordinator, Policy Experts Say (June 29, 2018)

https://www.nextgov.com/cybersecurity/2018/06/you-should-be-significantly-concerned-theres-no-white-house-cyber-coordinator-policy-experts-say/149411/

Summary: The removal of the cybersecurity coordinator position has cybersecurity policy experts significantly concerned. Many cybersecurity experts believe the vacancy is a step backwards and prevents our government from responding to major cyber events effectively.

Why it matters: The U.S.’s cyber stance continues to shift, and the lack of a coordinator doesn’t mark a shift in the right direction. While many in Washington favor cyber diplomacy, it’s also important to realize that diplomacy doesn’t always have the desired effect – and even when it does, it takes time. Given the speed of cyber today, time is a luxury. The U.S. has historically made it a point to lead by example, but when our adversaries disregard international terms and agreements, it may be time that our leadership consider alternative, strategic means to re-establish itself as a dominant power.

2.) ‘Underground’ May Be the U.S. Military’s Next Warfighting Domain (June 26, 2018)

https://www.defenseone.com/technology/2018/06/underground-may-be-us-militarys-next-warfighting-domain/149296/

Summary: The U.S. military is considering adding the underground as a new warfighting domain to the U.S. military doctrine.

Why it matters: Most people think of computers and bank accounts being hacked when they think of cyber defense – it’s not always easy to see the physical impact of cyber attacks. However, cyber attacks are likely going to have an increasingly physical effect. President Trump recently directed the creation of a space force as the sixth branch of the U.S. military, and at the recent Defense One Tech Summit, DIA Director Lt. General Robert Ashley, called attention to the subterranean as another domain that will need to be defended from a cyber standpoint. There is real potential for malicious actors to lever cyber capabilities to not just take control of satellites and metro rails, but cause serious disruption and even the loss of life.

3.) US gives China’s ZTE some breathing room (July 4, 2018)

https://money.cnn.com/2018/07/03/news/companies/zte-us-ban-waiver/index.html

Summary: The Trump administration is allowing Chinese telecommunications equipment maker ZTE to temporarily restart some business activities.

Why it matters: Chinese phone companies continue to make headlines; this week, ZTE got a bit of a break from the U.S. after it agreed to certain terms and was allowed to continue some of its contracts. The government ban on Huawei, however, still remains in effect. It will be interesting to see if the results of the ongoing investigation against Huawei result in further bans or sanctions against the company.

4.) Cruel pranksters made NYC internet kiosks play ice cream truck tunes (July 3, 2018)

https://www.engadget.com/2018/07/03/linknyc-ice-cream-music-prank/

Summary: In the midst of a heatwave, a prankster targeted internet kiosks in NYC to play ice cream truck music. The music lured New Yorkers looking for a cold treat on a hot day.

Why it matters: Although the Wi-Fi booths weren’t technically hacked, this is still a good reminder to be careful when using public Wi-Fi. In this case, creativity and boredom were likely the primary drivers behind the prank. However, when boredom is replaced with necessity, a prank can turn into a real hack with serious consequences.

5.) Thermanator Attack Steals Passwords by Reading Thermal Residue on Keyboards (July 4, 2018)

https://www.bleepingcomputer.com/news/security/thermanator-attack-steals-passwords-by-reading-thermal-residue-on-keyboards/

Summary: A person’s fingers leave thermal residue on keyboard keys that a malicious observer could record and later determine the text a user has entered on the keyboard, according to a recently published research paper by three scientists from the University of California, Irvine (UCI).

Why it matters: The methods of attack never cease to amaze. In the event an attacker can’t gain access to a user’s data through a phishing attempt, or using a keystroke logger, now they can use a thermal camera. However, this form of attack requires a fair amount of planning and also carries significant risk since the attacker has to place a physical camera close enough to the user to capture the thermal image. However, placing a camera in the right position can prove worthwhile for the patient attacker. This new method marks yet another reason that passwords can no longer be relied on as an effective means to account security.