Category Archives: Cyber War

Warnings of Ransomware Affecting Elections

Posted on by

According to an intelligence report issued by the Department of Homeland Security, one of the top 2020 election security concerns is ransomware. A report entitled “Cybercriminals and Criminal Hackers Capable of Disrupting Election Infrastructure”, echos concerns CISA head Chris Krebs articulate at the Black Hat security conference in early August.

Department of Homeland Security fears 'ransomware' attacks ... source

The FBI and Department of Homeland Security have issued advisories to local governments, including recommendations for preventing attacks.
“From the standpoint of confidence in the system, I think it is much easier to disrupt a network and prevent it from operating than it is to change votes,” Adam Hickey, a Justice Department deputy assistant attorney general, said in an interview.

US officials state that election interference will not be tolerated. They are proactively working with social media companies, among other groups, to help safeguard the elections.

In addition, the US Department of State’s “Rewards for Justice” program is offering a 10M to anyone who can provide information about foreign interference. The Department of State has reached out to targeted individuals in Iran soliciting information.

US officials are interested in identifying individuals who aim to disrupt campaigns, meddle with election infrastructure, and who pose threats to election officials. This is the third major “Rewards for Justice” initiative this year. More here.

***

“We’re seeing state and local entities targeted with ransomware on a near daily basis,” said Geoff Hale, a top election security official with Homeland Security’s Cybersecurity and Infrastructure Security Agency.

Steps taken to improve security of voter registration systems after the 2016 election could help governments fend off election-related ransomware attacks. They’ve also acted to ensure they can recover quickly in the event of an attack.

Colorado, for example, stores redundant versions of its voter registration data at two separate secure locations so officials can easily shift operations. Backups are regular so the system can be quickly rebuilt if needed.

Even so, ransomware is an added concern for local election officials already confronting staffing and budget constraints while preparing for a shift from in-person voting to absentee balloting because of the pandemic.

In West Virginia, state officials are more concerned about the cyberthreat confronting its 55 county election offices than a direct attack on the statewide voter registration system. One click from a county employee falling victim to a spearphishing attack could grant a hacker access to the county network and eventually to election systems.

“I’m more worried that those people who are working extra hours and working more days, the temporary staff that may be brought in to help process the paperwork, that all this may create a certain malaise or fatigue when they are using tools like email,” said David Tackett, chief information officer for the secretary of state.

In states that rely heavily on in-person voting and use electronic systems to check in voters, a well-timed attack particularly during early voting could prevent officials from immediately verifying a voter’s eligibility, making paper backups critical.

For states conducting elections entirely by mail, including Colorado, an attack near Election Day may have little effect on voting because ballots are sent early to all voters, with few votes cast in-person. But it could disrupt vote-tallying, forcing officials to process ballots by hand.

In many states, local officials will face an influx of new ballot requests. That means they’ll need constant access to voter data as they handle these requests. An attack could cause major disruptions.

Hickey said he was unaware of ransomware attacks directly targeting election infrastructure. But local election offices are often connected to larger county networks and not properly insulated or protected.

A criminal targeting a county or state “may not even know what parts of the network they got into,” Hickey said. But as the malware creeps along and spreads, “what gets bricked is the entire network — and that includes but is not limited to election infrastructure.”

Even if election infrastructure isn’t directly targeted, there would likely be immediate assumptions it was, said Ron Bushar of the FireEye cybersecurity company.

A February advisory issued by the FBI and obtained by The Associated Press recommends local governments separate election-related systems from county and state systems to ensure they aren’t affected in an unrelated attack.

Russian ‘Dukes’ Overtly Hack Vaccine Trial Data

Posted on by

Primer: Will this cause an Article 5 response?

In response to malicious activity targeting COVID-19 research and vaccine development in the United States, United Kingdom (UK), and Canada, the Cybersecurity and Infrastructure Security Agency (CISA), UK’s National Cyber Security Centre (NCSC), Canada’s Communications Security Establishment (CSE), and the National Security Agency (NSA) released a Joint Cybersecurity Advisory to expose the threat. A malicious cyber actor is using a variety of tools and techniques to target organizations involved in COVID-19 research and vaccine development.

Tools include SOREFANG, WELLMESS, and WELLMAIL malware.

CISA encourages users and administrators to review the Joint Cybersecurity Advisory and the following Malware Analysis Reports for more information and to apply the mitigations provided.

LONDON (AP) — Britain, the United States and Canada accused Russia on Thursday of trying to steal information from researchers seeking a COVID-19 vaccine.

The three nations alleged that hacking group APT29, also known as Cozy Bear and said to be part of the Russian intelligence service, is attacking academic and pharmaceutical research institutions involved in coronavirus vaccine development.

UK, US, Canada accuse Russia of hacking virus vaccine ... source

Britain’s National Cybersecurity Centre made the announcement, which was coordinated with authorities in the U.S. and Canada.

“It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic,″ Foreign Secretary Dominic Raab said in a statement. “While others pursue their selfish interests with reckless behaviour, the U.K. and its allies are getting on with the hard work of finding a vaccine and protecting global health.″

The persistent and ongoing attacks are seen by intelligence officials as an effort to steal intellectual property, rather than to disrupt research. The campaign of “malicious activity″ is ongoing and includes attacks “”predominantly against government, diplomatic, think-tank, healthcare and energy targets,″ the National Cybersecurity Centre said in a statement.

It was unclear whether any information actually was stolen but the center says individuals’ confidential information is not believed to have been compromised. The Russian Foreign Ministry did not immediately respond to a request for comment.

Cozy Bear, also known as the “dukes,″ has been identified by Washington as one of two Russian government-linked hacking groups that broke into the Democratic National Committee computer network and stole emails ahead of the 2016 presidential election. The other group is usually called Fancy Bear.

The director of operations for the British cybersecurity center, Paul Chichester, urged “organizations to familiarize themselves with the advice we have published to help defend their networks.”

The statement did not say whether Russian President Vladimir Putin knew about the vaccine research hacking, but British officials believe such intelligence would be highly prized.

A 16-page advisory made public by Britain, the U.S. and Canada on Thursday accuses Cozy Bear of using custom malicious software to target a number of organizations globally. The malware, called WellMess and WellMail, has not previously been associated with the hacking group, the advisory said.

“In recent attacks targeting COVID-19 vaccine research and development, the group conducted basic vulnerability scanning against specific external IP addresses owned by the organizations. The group then deployed public exploits against the vulnerable services identified,” the advisory said.

The U.S. Department of Homeland Security’s cybersecurity agency warned in April that cybercriminals and other groups were targeting COVID-19 research, noting at the time that the increase in people teleworking because of the pandemic had created potential avenues for hackers to exploit.

Vulnerable targets include health care agencies, pharmaceutical companies, academia, medical research organizations, and local governments, security officials have said.

The global reach and international supply chains of these organizations also make them vulnerable, the U.S. Cybersecurity and Infrastructure Security Agency said in an alert published in conjunction with its counterparts in Britain.

CISA said it and the British cyberseucity agency have detected the threat groups scanning the external websites of targeted companies and looking for vulnerabilities in unpatched software. It did not name any of the targeted companies.

U.S. authorities have for months leveled similar accusations against China. FBI Director Chris Wray said last week, “At this very moment, China is working to compromise American health care organizations, pharmaceutical companies, and academic institutions conducting essential COVID-19 research.”

Google Sent Users 40,000 Warnings

Posted on by

Primer questions: Did other tech companies do the same and if so, how many? What does Congress know and where are they with a real cyber policy?

Google’s threat analysis group, which counters targeted and government-backed hacking against the company and its users, sent account holders almost 40,000 warnings in 2019, with government officials, journalists, dissidents, and geopolitical rivals being the most targeted, team members said on Thursday.

The number of warnings declined almost 25 percent from 2018, in part because of new protections designed to curb cyberattacks on Google properties. Attackers have responded by reducing the frequency of their hack attempts and being more deliberate. The group saw an increase in phishing attacks that impersonated news outlets and journalists. In many of these cases, attackers sought to spread disinformation by attempting to seed false stories with other reporters. Other times, attackers sent several benign messages in hopes of building a rapport with a journalist or foreign policy expert. The attackers, who most frequently came from Iran and North Korea, would later follow up with an email that included a malicious attachment.

Color-coded Mercator projection of the world.

“Government-backed attackers regularly target foreign policy experts for their research, access to the organizations they work with, and connection to fellow researchers or policymakers for subsequent attacks,” Toni Gidwani, a security engineering manager in the threat analysis group, wrote in a post.

Top targets

Countries with residents that collectively received more than 1,000 warnings included the United States, India, Pakistan, Japan, and South Korea. Thursday’s post came eight months after Microsoft said it had warned 10,000 customers of nation-sponsored attacks over the 12 previous months. The software maker said it saw “extensive” activity from five specific groups sponsored by Iran, North Korea, and Russia.

Thursday’s post also tracked targeted attacks carried out by Sandworm, believed to be an attack group working on behalf of the Russian Federation. Sandworm has been responsible for some of the world’s most severe attacks, including hacks on Ukrainian power facilities that left the country without electricity in 2015 and 2016, NATO and the governments of Ukraine and Poland in 2014, and according to Wired journalist Andy Greenberg, the NotPetya malware that created worldwide outages, some that lasted weeks.

The following graph shows Sandworm’s targeting of various industries and countries from 2017 to 2019. While the targeting of most of the industries or countries was sporadic, Ukraine was on the receiving end of attacks throughout the entire three-year period:

Sandworm’s targeting efforts (mostly by sector) over the last three years.
Enlarge / Sandworm’s targeting efforts (mostly by sector) over the last three years.
Google

Tracking zero-days

In 2019, the Google group discovered zero-day vulnerabilities affecting Android, iOS, Windows, Chrome, and Internet Explorer. A single attack group was responsible for exploiting five of the unpatched security flaws. The attacks were used against Google, Google account holders, and users of other platforms.

“Finding this many zeroday exploits from the same actor in a relatively short time frame is rare,” Gidwani wrote.

The exploits came from legitimate websites that had been hacked, links to malicious websites, and attachments embedded in spear-phishing emails. Most of the targets were in North Korea or were against individuals working on North Korea-related issues.

The group’s policy is to privately inform developers of the affected software and give them seven days to release a fix or publish an advisory. If the companies don’t meet that deadline, Google releases its own advisory.

One observation that Google users should note: of all the phishing attacks the company has seen in the past few years, none has resulted in a takeover of accounts protected by the account protection program, which among other things makes multifactor authentication mandatory. Once people have two physical security keys from Yubi or another manufacturer, enrolling in the program takes less than five minutes.

IBM’s Watson Leading the Super Computer Charge on COVID-19

Posted on by

Most missed the Trump White House announcement that on March 11th, the leaders of several tech companies met with the Trump team to discuss ways that super computers can process and speed up solutions for eradicating COVID-19 with treatment discoveries. On tap for the meeting, Facebook, Alphabet, Amazon, Twitter, Apple and Microsoft. The White House Chief Technology Officer, Michael Kratsios also enlisted the help of NASA, IBM, Oak Ridge National Laboratory, US Department of Energy, Argonne National Lab, Sandia National Laboratory, Lawrence Livermore National Lab, Los Alamos National Laboratory, The National Science Foundation, Massachusetts Institute of Technology, Rensselaer Polytechnic Institute and several others.

The COVID-19 High Performance Computing Consortium will bring significant computing power, 16 systems with over 330 petaflops, 775,000 CPU cores, and 34,000 GPUs to help researchers understand COVID-19 potential treatments and cures. “These high-performance computing systems allow researchers to run very large numbers of calculations in epidemiology, bioinformatics, and molecular modeling,” Dario Gil, director of IBM Research said in the announcement. “These experiments would take years to complete if worked by hand, or months if handled on slower, traditional computing platforms.”

“Since the start of COVID-19 pandemic we have been working closely with governments in the US and worldwide to find all available options to put our technology and expertise to work to help organizations be resilient and adapt to the consequences of the pandemic, and to accelerate the process of discovery and enable the scientific and medical community to develop treatments and ultimately a cure,” Gil said.

Powerful supercomputer and training program, IBM’s Summit, previously enabled researchers at the Oak Ridge National Laboratory and the University of Tennessee to screen nearly 8,000 compounds to uncover, which are most likely to bind to the main “spike” of the coronavirus, making it unable to reproduce and infect other cells.

The organizations were able to recommend 77 promising small-molecule drug compounds that could be experimentally tested.  IBM will continue to work with different partners to evaluate proposals and provide access to supercomputing capacity to tackle to global pandemic.

“I am proud to be working with my IBM colleagues and the extended scientific community to help kick-start this effort. What began just two days ago with one conversation with the White House Office of Science and Technology Policy has solidified quickly into an unprecedented effort that can make a real difference,” Gil stressed.

***

The Oak Ridge National Laboratory in Tennessee (one member of the consortium) is using its supercomputers to look for compounds already on the market that might foil the virus.

Oak Ridge’s approach involves what’s called computational structure-based drug discovery. Basically, that means they use a computer to calculate how drugs might work against germs like viruses.

Why Hoarding Of Hydroxychloroquine Needs To Stop

“We could get these calculations done in one day on the supercomputer, whereas a normal computer, it would take a month,” says Jeremy Smith, director of the Center for Molecular biophysics at Oak Ridge.

To run the calculations, you need to know the physical properties of the proteins a virus makes — what they’re made of and what their shape is.

One key viral protein of the coronavirus is called the spike protein. Information about what it looks like came out in mid-January, so Smith asked people in his lab if they wanted to start looking through databases of existing drugs that would block it.

***

Summit, IBM’s supercomputer equipped with the “brain of AI,” ran thousands of simulations to analyze which drug compounds might effectively stop the virus from infecting host cells.
The supercomputer identified 77 of them. It’s a promising step toward creating the most effective treatment.
Researchers at Oak Ridge National Laboratory published their findings in the journal ChemRxiv.

Summit was built to solve the world’s problems

Summit was commissioned by the US Department of Energy in 2014 for the purpose it’s serving now — solving the world’s problems.
It’s got the power of 200 petaflops, which means it has the computing speed of 200 quadrillion calculations per second, aka: It’s 1 million times more powerful than the fastest laptop.Summit, the world's most powerful supercomputer, modeled how different drug compounds might prevent the coronavirus from spreading to other cells.

Summit, the world’s most powerful supercomputer, modeled how different drug compounds might prevent the coronavirus from spreading to other cells.
At its station in Oak Ridge National Laboratory in Tennessee, Summit has identified patterns in cellular systems that precede Alzheimer’s, analyzed genes that contribute to traits like opioid addiction and predicted extreme weather based on climate simulations.

How Summit fights coronavirus

Viruses infect host cells by injecting them with a “spike” of genetic material. Summit’s job is to find drug compounds that could bind to that spike and potentially stop the spread.
Here's a list of articles explaining the coronavirus pandemic

Here’s a list of articles explaining the coronavirus pandemic
Oak Ridge researcher Micholas Smith created a model of the coronavirus spike based on research published in January. With Summit, he simulated how the atoms and particles in the viral protein would react to different compounds.
The supercomputer ran simulations of over 8,000 compounds that could bind to the spike protein of the virus, which could limit its ability to spread to host cells. Summit identified 77 of them and ranked them based on how likely they were to bind to the spike.

What’s next

The team will run the simulations on Summit again, using a more accurate model of the coronavirus’ spike that was published this month.Why these volunteers chose to participate in a coronavirus vaccine trial

More here.
Hat tip to the Trump White House

 

Govt Report on Prevention of Nationwide Cyber Catastrophe

Posted on by

A good first step for sure, however there needs to be a government-wide decision on cyber attacks being an act of war and how to respond.

***

The Cyberspace Solarium Commission’s proposes a strategy of layered cyber deterrence. Our report consists of over 80 recommendations to implement the strategy. These recommendations are organized into 6 pillars:
  1. Reform the U.S. Government’s Structure and Organization for Cyberspace.
  2. Strengthen Norms and Non-Military Tools.
  3. Promote National Resilience.
  4. Reshape the Cyber Ecosystem.
  5. Operationalize Cybersecurity Collaboration with the Private Sector.
  6. Preserve and Employ the Military Instrument of National Power.

Click here to download the full report.

A much-anticipated government report aimed at defending the nation against cyber threats in the years to come opens with a bleak preview of what could happen if critical systems were brought down.

“The water in the Potomac still has that red tint from where the treatment plants upstream were hacked, their automated systems tricked into flushing out the wrong mix of chemicals,” the Cyberspace Solarium Commission wrote in the opening lines of its report.

“By comparison, the water in the Lincoln Memorial Reflecting Pool has a purple glint to it. They’ve pumped out the floodwaters that covered Washington’s low-lying areas after the region’s reservoirs were hit in a cascade of sensor hacks,” it continues.

So begins the report two years in the making from a congressionally mandated commission made up of lawmakers and top Trump administration officials, pointing to the vulnerabilities involved with critical systems being hooked up to the internet.

The report, which includes more than 75 recommendations for how to prevent the cyber doomsday it spells out, and the commission that made it were both mandated by the 2019 National Defense Authorization Act (NDAA).

The commissioners, who include co-chairmen Sen. Angus King (I-Maine) and Rep. Mike Gallagher (R-Wis.), highlight a range of issues to address, but zero in on election security as “priority.”

“The American people still do not have the assurance that our election systems are secure from foreign manipulation,” King and Gallagher wrote in the report. “If we don’t get election security right, deterrence will fail and future generations will look back with longing and regret on the once powerful American Republic and wonder how we screwed the whole thing up.”

The focus on shoring up election security, and the agreed-upon recommendations for how to do this, sets the report apart from the approach to the subject on Capitol Hill, where it has been a major issue of contention between Republicans and Democrats since Russian interference in the 2016 presidential election.

Beyond election security, the commissioners call for overarching government reform to address cyber vulnerabilities. Chief among these is calling on the White House to issue an updated national strategy to address cyber threats and to establish a national cybersecurity director position to coordinate efforts.

In terms of congressional action, commissioners recommend that Congress create cybersecurity committees in both the House and Senate, establish a Bureau of Cybersecurity Statistics, and establish an assistant secretary position at the State Department to lead international efforts around cybersecurity.

“While cyberspace has transformed the American economy and society, the government has not kept up,” commissioners wrote in calling for reforms.

The commission also zeroed in on “imposing costs” to adversaries who attempt to attack the U.S. online. In order to do so, it recommended that the Department of Defense conduct vulnerability assessments of its weapons systems, including nuclear control systems, and that it make cybersecurity preparedness a necessity.

The Cybersecurity and Infrastructure Security Agency, the Department of Homeland Security’s cyber agency, would be empowered as the “lead agency” at the federal level.

The report’s recommendations were debated on and pinpointed by a group of high-ranking commissioners who also included FBI Director Christopher Wray, Deputy Secretary of Defense David Norquist, Transportation Security Administration Administrator David Pekoske, Sen. Ben Sasse (R-Neb.), and Rep. James Langevin (D-R.I.).

Langevin said in a statement on Wednesday that the report is intended to shore up the nation’s cyber “resiliency for years to come.”

“Our charge in drafting this report was to prevent a cyber event of significant national consequence, and we know that the short- and long-term recommendations we crafted will better position us to realize the promise of the Internet, while avoiding its perils,” Langevin said. “The sooner our recommendations are implemented, the better positioned the country will be to prevent and respond to incidents that can disrupt the American way of life.”

The report’s recommendations may soon have real-world consequences on Capitol Hill.

Rep. John Katko (R-N.Y.), the ranking member on the House Homeland Security Committee’s cyber panel, told The Hill this week that there “definitely will be some legislation” stemming from the report’s recommendations, and that hearings would likely be held.

Katko noted that he had talked with Senate Homeland Security Committee Chairman Ron Johnson (R-Wis.) about the Senate also taking action around the report.

“This report screams of the need for bipartisan action on this, and I hope that we can leave the politics out of it, and I hope we can attack these problems quickly and effectively,” Katko said.

Rep. Cedric Richmond (D-La.), the cyber subcommittee’s chairman, opened a hearing on Wednesday by praising the report’s recommendations and saying he looked forward to working to “codifying” the ideas alongside House Homeland Security Committee Chairman Bennie Thompson (D-Miss.).

Industry groups also reacted positively to the report’s recommendations. Tom Gann, the chief public policy officer of cybersecurity firm McAfee, told The Hill in a statement that he agreed with most of the report’s findings and hoped that they are “acted upon with speed.”

Protect Our Power, a nonprofit with the goal of protecting the electric grid, also praised the report.

“These are compelling recommendations, echoing issues we have highlighted for several years now, and action is long overdue,” Jim Cunningham, executive director of the group, said in a statement. “Without a reliable supply of electricity before, during and following a disabling cyberattack, none of our critical infrastructure can function.”

While there may be legislative action soon – and praise from industry groups – both Gallagher and King emphasized in the report that their main aim was for it to open the eyes of Americans to the dangers posed by cyberattacks on critical systems.

“The status quo is inviting attacks on America every second of every day,” the co-chairmen wrote. “We all want that to stop. So please do us, and your fellow Americans, a favor. Read this report and then demand that your government and the private sector act with speed and agility to secure our cyber future.”