NSA: Cyberattacks Growing More Aggressive and Disruptive (Free Beacon, 11/16/17)
 Cyber attacks by foreign nations and criminals against both government and private sector networks are increasing in both sophistication and scale, a senior National Security Agency official said last week.  Jonathan L. Darby, deputy chief of NSA's cybersecurity operations group, said in a speech that recent cyberattacks against Ukraine's power grid, malware strikes in Saudi Arabia, the Equifax data breach, and global ransomware attacks are the latest examples of the kind of attacks that are growing more dangerous and that will increase in the future. "I expect the trend lines to continue.  We're going to continue to see attacks all around the world," Darby told a conference sponsored by the State Department's Overseas Security Advisory Council.  Despite the increased sophistication of attacks, "the tried and true method for how to get into networks is still very effective," Darby said.  One of the most effective methods is the use of spearphishing attacks involving fraudulent emails seemingly sent from known users that contain links used by hackers to gain access to target networks. More

​

IoT: China’s Insidious Surveillance Army (The Hill, 11/21/17)
 
The headline alone is terrifying: “Surveillance Cameras Made by China Are Hanging All Over the U.S.”  Scarier still, it’s true — the Chinese government owns a 42% stake in Hikvision, one of the world’s largest manufacturers of cameras and other video surveillance equipment.  Its products are used at public sites and private companies around the world, including multiple U.S. government facilities.  It’s easy to extrapolate some bleak scenarios based on this information: could the Chinese government be building “back doors” into Hikvision systems to facilitate state-sponsored snooping on sensitive American sites?  China is still the engine behind global tech hardware manufacturing, an industry which continues to boom as internet-connected devices become an increasingly common part of our daily lives.  The internet of Things is growing exponentially, including everything from the surveillance cameras Hikvision makes to your fitness tracker or smart thermostat.  These devices collect a wealth of information on the environment and users with which they interact, and communicate that data with various digital service providers.  By some estimates, there will be 200 billion connected devices by 2020, and 95% of those devices will be manufactured in China. More 

​

US-CERT: North Korean Hackers Targeting 3 Sectors (Gov’t Info Security, 11/15/17)
 Since last year, North Korean hackers have been targeting businesses in the financial services, aerospace, and telecommunications sectors by exploiting a remote administration tool, or RAT, according to an alert issued by the U.S. Computer Emergency Response Team, part of DHS.  According to the alert, the FBI and DHS identified internet protocol addresses and other indictors of compromise associated with the RAT, commonly known as FALLCHILL, used by the North Korean government. Federal authorities have labeled North Korean government malicious cyber activities as Hidden Cobra.  "The FBI has high confidence that Hidden Cobra actors are using the IP addresses to maintain a presence on victims' networks and to further network exploitation," the alert says.  While Hidden Cobra is not a widely known moniker, the group is believed to be the same one that’s responsible for some of the more notorious cyberattacks in recent years.  To help companies defend against FALLCHILL, the government is distributing the IP addresses to help toughen network defenses and reduce exposure to any North Korean government malicious cyber activity. More

​

Poor Cyber Security Habits: A Recipe for a Breach

What your employees don't know about cyber security could hurt you -- and your organization.  An analysis of 1200 data breaches within the U.S. Government found that 95% of the breaches could be traced to poor security habits and human error.  Despite this fact, security awareness training is still ignored by many organizations. If there's a common thread the experts all agree on, it’s that poor training and unaware employees lie at the root of many if not most security breaches. So, how do you make sure that your organization's critical information is protected? The first (and best) line of defense is employee awareness.  The more they understand—and care—about how their cyber behavior affects your company’s security posture, the better off the company will be.  NSI’s SECURITYsense awareness program gives your employees the tools and information they need to make security second nature. Find out how this valuable resource can help protect your hard-earned reputation and ensure that your employees are part of the solution and not part of the problem. To know more, click here https://www.nsi.org/securitysense/what-is-securitysense.shtml