Pete Recommends Weekly highlights on cyber security issues, March 6, 2022

Subject: Facebook, Instagram and Twitter limit ads over Russia’s invasion of Ukraine
Source: NPR via WHYY
https://whyy.org/npr_story_post/facebook-instagram-and-twitter-limit-ads-over-russias-invasion-of-ukraine/

Updated February 27, 2022: Facebook is blocking Russian state media from running ads on its platform anywhere in the world. The move comes after Russia said it would limit access to the giant social network in the country. Nathaniel Gleicher, head of security policy at Facebook, tweeted: “We are now prohibiting Russian state media from running ads or monetizing on our platform anywhere in the world.”Twitter, which banned advertising from state-controlled media in 2019, said on Friday that it was temporarily pausing all ads in Ukraine and Russia “to ensure critical public safety information is elevated and ads don’t detract from it. ”Meta, Facebook’s parent company, says the decision to bar Russian state media from making money on that platform as well as on Instagram comes in response to the invasion of Ukraine.”

Subject: How to make software supply chains resilient to cyber attacks
Source: VentureBeat
https://venturebeat.com/2022/02/27/how-to-make-software-supply-chains-resilient-to-cyber-attacks/

Consuming the unknown is exactly what IT departments do every day. They install software and updates on critical systems without knowing what’s inside or what it does. They trust their suppliers, but the thing that software suppliers don’t tell IT departments is they can’t be sure of all their upstream suppliers. Protecting all of the parts of a software supply chain, including those outside of IT’s control, is nearly impossible. Unfortunately, bad actors are taking full advantage of this large “attack surface” and scoring big wins in cyber breaches.

Quite obviously, attackers have figured out it’s far easier to hack software that people willingly install on thousands of systems than to hack each system individually. Software supply chain attacks increased by 300% from 2020 to 2021, according to an Argon Security report. This problem isn’t going away.

How could this happen?

There are two ways hackers attack software supply chains: They compromise software build tools or they compromise third-party components
A lot of focus has been placed on securing the source code repositories of build tools. Google’s proposed SLSA (Supply Chain Levels for Software Artifacts) framework allows organizations to benchmark how well they have “locked down” these systems.

Even if companies control their own build environments, the use of third-party components creates massive blind spots in software. Gone are the days when companies wrote a complete software package from scratch.

Subject: Elon Musk activates Starlink to help keep Ukraine’s internet up
Source: ZDNet
https://www.zdnet.com/article/elon-musk-activates-starlink-to-help-keep-ukraines-internet-up/#ftag=RSSbaffb68

Russia’s invasion of Ukraine is targeting its internet as well along with its military and civilians. Help is on the way.With Russia’s invasion of Ukraine, Ukraine’s internet was sent staggering. Georgia Tech’s Internet Outage Detection and Analysis (IODA) project, which monitors the internet, reported serious outages in Ukraine starting late on February 23. In response to this and other internet attacks, Mykhailo Fedorov, Ukraine’s Vice Prime Minister and Minister of Digital Transformation, forlornly asked for help from SpaceX and Tesla billionaire Elon Musk. “We ask you to provide Ukraine with Starlink stations.” Musk’s response? “Starlink service is now active in Ukraine. More terminals en route.”…

Filed: https://www.zdnet.com/topic/networking/

Topics: Security | Cloud | Internet of Things | Data Centers

Subject: Fact checking the Russian attack on Ukraine
Source: Mashable via beSpacific
https://www.bespacific.com/fact-checking-the-russian-attack-on-ukraine/

Mashable: “Even if you think you’re following reports from reputable sources, it’s still important to do your due diligence and fact check it yourself. Here are some pointers on how to do that…

Note – this article includes: Live Blogs, TV stations and several dozen Twitter accounts (by journalists, public figures, and Open-source intelligence (OSINT). If you can listen to and/or read foreign media posts, you will gain additional valuable insight into this escalating war.

Subject: Using mobile networks for cyber attacks as part of a warfare strategy
Source: Help Net Security
https://www.helpnetsecurity.com/2022/02/14/weaponized-mobile-network/

AdaptiveMobile Security published a research which highlights how vulnerabilities in mobile network infrastructure could be weaponized in offensive military operations.

“Malicious mobile network signalling attacks must be recognized as a state-level cyber threat to individual nations as well as to collective security, and an integral component of hybrid warfare”, says Cathal McDaid, CTO, AdaptiveMobile Security.

More about:
Subject: How much damage could a Russian cyberattack do in the US?
Source: GCN
https://gcn.com/cybersecurity/2022/02/how-much-damage-could-russian-cyberattack-do-us/362518/

U.S. intelligence analysts have determined that Moscow would consider a cyberattack against the U.S. as the Ukraine crisis grows.As a scholar of Russian cyber operations, I know the Kremlin has the capacity to damage critical U.S. infrastructure systems.

Federal officials have been bracing for this. In January 2022 the U.S. Cybersecurity and Infrastructure Security Agency issued an alert that outlined the Russian cyberattack threat, with technical details of sophisticated Russian-led hacking from recent years. That included a complicated digital break-in that targeted the U.S. energy industry and gained access to the control rooms of U.S. electric utilities. According to Homeland Security officials, the hackers “could have thrown switches” and knocked out power to the public – but did not.

Topics:

Subject: Ukraine Pushes to Unplug Russia From the Internet
Source: Rolling Stone
https://www.bespacific.com/ukraine-pushes-to-unplug-russia-from-the-internet/

Rolling Stone: “Ukrainian officials are asking a key organization responsible for the operation of the Internet to disconnect all Russian sites from the global computer network-of-networks, Rolling Stone has learned. It’s the latest attempt to turn Russia into a pariah state in retaliation for its the Kremlin’s invasion of Ukraine. Experts call it a massive — and ill-advised — step. According to an email reviewed by Rolling Stone, Ukraine’s request to the Internet Corporation for Assigned Names and Numbers (ICANN) seeks to revoke domains issued in Russia and shut down primary Domain Name System (DNS) servers in the country — a move that would effectively bar access to Russian internet sites, with the potential of knocking the entire country offline…”Rolling Stone tags:

In This Article: cybersecurity, Russia, Ukraine
Subject: Senate passes major cybersecurity legislation to force reporting of cyberattacks and ransomware
Source: CNNPolitics
https://www.cnn.com/2022/03/02/politics/senate-passes-major-cybersecurity-legislation/index.html

(CNN) The Senate on Tuesday passed major cybersecurity legation, moving one step closer toward forcing critical infrastructure companies to report cyberattacks and ransomware payments.
The passage comes as federal officials have repeatedly warned of the potential for Russian cyberattacks against the United States amid the escalating conflict in Ukraine.
The legislation, which still has to pass in the House, would require critical infrastructure owners and civilian federal agencies to report to the Cybersecurity and Infrastructure Security Agency within
72 hours if they experience a substantial cyberattack.
It would also require critical infrastructure companies to report ransomware payments to the federal government within 24 hours.
“To see that risk-based approach written into law … is really quite powerful,” he said.
Subject: Russia’s Cyber Tactics Are Prompting the FCC to Address Internet Routing Security
Source: Nextgov
https://www.nextgov.com/cybersecurity/2022/03/russias-cyber-tactics-are-prompting-fcc-address-internet-routing-security/362616/

Standards exist for network operators to implement, but there is no rule forcing them to do so.The Federal Communications Commission cited Russia’s aggression against Ukraine in announcing its unanimous approval of a notice of inquiry for secure use of the Border Gateway Protocol, the internet’s routing system.

“Last week, the Department of Homeland Security warned U.S. organizations at all levels that they could face cyber threats stemming from the Russia-Ukraine conflict,” reads a Monday press release from the FCC. “This notice will begin an inquiry into the vulnerabilities of the internet’s global routing system. The inquiry will also examine the impact of these vulnerabilities on the transmission of data through email, e-commerce, bank transactions, interconnected Voice-over Internet Protocol and 911 calls—and how best to address these challenges.”

Used in conjunction with a botnet—an army of devices that is under remote control after being infected with malware—BGP can be manipulated to execute distributed denial of service attacks like those recently experienced in Ukraine. The U.S. has attributed those DDoS attacks to Russia. The FCC’s notice explains how adversaries can also exploit vulnerabilities in BGP to redirect traffic and steal data. The agency referenced reports in 2017 of traffic to and from major U.S. tech and financial-sector companies suspiciously taking an out-of-the-way path through telecommunications companies in Russia.

“Notwithstanding this work, available information suggests that the voluntary adoption and deployment of such measures has been such that many of the independently managed networks that comprise the Internet remain vulnerable because they have not taken advantage of these measures,” the FCC wrote.

The commission is also seeking comments on its authority to regulate secure internet routing, not just through wireline and wireless ISPs, but also “Internet Exchange Providers, interconnected VoIP providers, operators of content delivery networks, cloud service providers and other enterprise and organizational stakeholders.”

Topics:

Subject: Cybersecurity: Internet Architecture is Considered Resilient, but Federal Agencies Continue to Address Risks
Source: U.S. GAO
https://www.gao.gov/products/gao-22-104560

Fast Facts – The internet is a vast system of interconnected networks used by billions of people. Its architecture—the backbone of the internet—is owned and governed by organizations around the world. No one organization is responsible for its policy, operation, or security.

Generally, internet architecture is considered resilient, in part because of its decentralized nature. But reports we reviewed and subject matter experts have identified risks to key internet operations.

Many federal agencies are involved in addressing these risks, taking actions such as disseminating threat information and participating in global internet governance groups.

Full Report (47 pages)

Subject: Russian Invasion Highlights Growing Importance of Open Source Intelligence
Source: Nextgov
https://www.nextgov.com/emerging-tech/2022/03/russian-invasion-highlights-growing-importance-open-source-intelligence/362749/

The Russian invasion of Ukraine demonstrates the practice’s real-time value.

Open source intelligence, or OSINT, is defined by the Center for Strategic and International Studies as “intelligence collected from publicly available or available-for-purchase information, obtained for addressing a specific intelligence requirement and processed to derive new insights.”

In January—weeks before Putin launched the invasion—CSIS released a report on the potential of OSINT, when combined with artificial intelligence and machine learning, to provide “fast, attributable, relevant reporting from anywhere, including austere field environments and [analysts’] homes.”

“High-level [intelligence community] policymakers have publicly stated the necessity of embracing open-source intelligence as a core analytic discipline,” the report stated. “[T]he intelligence community should stop ‘recreating the internet in a classified environment’ … and instead accept a small amount of risk to run applications on an unclassified cloud, taking advantage of increasingly sophisticated and automated cloud security and obfuscation capabilities.”

The author of the report, Emily Harding, deputy director and senior fellow of CSIS’ International Security Program, said the IC’s risk equation is part of the obstacle to committing to using OSINT.

“The IC lives in risk all the time, so they minimize it wherever they can,” Harding said. “That turns into restrictions and regulations.” She said the belief within the IC has been that if you don’t need to ask questions in the open, don’t, because it lets hostile parties know what they are interested in.

“Part of [the challenge] is culture, risk taking, the process of acquisition, but a lot of it just comes down to trust—building trust with OSINT providers, understanding the heritage of the information and having confidence in the data and analysis from those providers.

There is a convergence of three technology areas happening right now that impels the OSINT discussion, she said. “First is the data, the variety of data that’s out there now, open and unclassified … Second is the advanced analytic and machine learning tools that allow us to bring those datasets together and draw out insights on activities, patterns of behavior, etc. Third is the cloud, which allows you to bring all the data together, and apply the analytics, and deliver a product to users across the globe.”

In the meantime, every person following the Russian invasion of Ukraine is seeing the value of OSINT, as well as the risk—Google Maps has turned off its live traffic data in Ukraine for the safety of the people there.

Topics:

Subject: NIST wants help with guide for restoring industrial control systems after cyberattacks
Source: FedScoop
https://www.fedscoop.com/nist-manufacturing-industrial-control-systems/

The National Institute of Standards and Technology is developing a Cybersecurity Practice Guide with steps for recovering equipment and restoring operations after cyberattacks on industrial control systems in manufacturing environments.The agency’s National Cybersecurity Center of Excellence (NCCoE) and Communications Technology Laboratory (CTL) want to show how to use commercial-off-the-shelf (COTS) technologies for cyber event reporting, log review, event analysis, incident handling and response, and eradication and recovery in a work cell mirroring the typical manufacturing process.

NIST says it wants industry feedback “to help refine the project scope.” The comment period opened this week and will close on April 14.

Recent cyberattacks have seen hackers use business systems and IT networks to access industrial control systems (ICS), which often require tailored cyber solutions because they rely on different types of hardware and software than office or household IT. The White House has highlighted ICS security as part of its push to protect U.S. manufacturing, utility companies and the supply chain for goods and services.

Filed: https://www.fedscoop.com/category/cyber/

LinkedIn
Posted in: Cybercrime, Cybersecurity, Open Source, Social Media