Tuesday, 20 July 2021 6:23 AM [ Last Update: Tuesday, 20 July 2021 9:46 AM ]
Chinese Foreign Ministry spokesman Zhao Lijian hit back at Washington on Tuesday, calling the US the “world champion” of cyber-attacks.
“The US has mustered its allies to carry out unreasonable criticisms against China on the issue of cybersecurity,” he said. “This move is fabricated out of nothing.”
In a coordinated move, Washington and several allies in Europe and Asia publicly accused Beijing of hacking the Microsoft Exchange Server software in March. Microsoft Exchange is an email platform used by corporations around the world.
Senior US officials claimed that hackers tied to China’s Ministry of State Security carried out the unusually indiscriminate hacking. Secretary of State Antony Blinken said on Monday that Washington and “countries around the world” are holding China “accountable for its pattern of irresponsible, disruptive, and destabilizing behavior in cyberspace, which poses a major threat to our economic and national security.”
Japanese government spokesperson Katsunobu Kato followed suit on Tuesday, saying that Japanese companies had been targeted by a hacking group called APT40. He alleged that “the Chinese government is highly likely” behind the attack.
Earlier, China’s diplomatic missions around the world reacted to the charges.
The Chinese Embassy in New Zealand’s capital, Wellington, said the accusations were “totally groundless and irresponsible” and a “malicious smear.”
“Given the virtual nature of cyberspace, one must have clear evidence when investigating and identifying cyber-related incidents,” said the embassy.
The Chinese mission in Canberra said Australia was “parroting” US rhetoric. It also described the US as “the world champion of malicious cyber-attacks.”
The United Kingdom (UK) and European Union (EU) also joined the others in accusing China of carrying out hacking attacks, which they alleged to have targeted an estimated hundreds of thousands of mostly small businesses and organizations.
The Chinese Embassy in Norway also reacted to the allegations made by Oslo, saying that Beijing was a staunch defender of cyber security and was resolutely opposed to any form of cyberattacks.
“It is reasonable to question and doubt whether this is a collusively political manipulation,” it said, demanding that Oslo provide evidence for the claims. The embassy said that Beijing was “willing to cooperate with all relevant parties, based on facts and evidence, to jointly combat illegal activities in cyber space.”
The US-led global campaign against China is an apparent move to open a new front in cyber offensive following years of blaming Russia for cyberattacks against American organizations. Moscow time and again denied involvement.
#AceSecurityReport – July.06: But because Kaseya provides software to managed service providers, firms which themselves provide outsourced IT services to other companies, the number of victims may be much greater.
For hundreds, perhaps thousands, of IT teams around the world this ransomware attack is a horrendous headache that is still growing.But the way the cyber-security world has pulled together to reduce the impact of the attack has been incredible. Cyber-defenders, both private and public sector, have been issuing alerts while experts work out how best to untangle the web of victims.
There could have been far more victims if it wasn’t for a busy and stressful weekend of work: However, we now know that the secret digital doorway in the Kaseya system that let in the REvil hackers was known about before the attack.Researchers from the Dutch Institute for Vulnerability Disclosure found the problem and were helping Kaseya plug the hole long before the hackers found it.It was a case of the good hackers racing to stop the bad hackers from getting in and, as Victor Gevers from the institute puts it: “Unfortunately, we were beaten by REvil in the final sprint.”This case shows how skilled, persistent and determined these criminals are, and that in spite of all the efforts of the cyber-security world, we are losing the race against ransomware. “
#AceSecurityDesk reported that ……..DarkSide ransomware group, responsible for shutting down the Colonial Oil Pipeline.“Following the money remains one of the most basic, yet powerful tools we have”, said Deputy Attorney General Lisa O. Monaco.Tom Robinson, founder and chief scientist of the firm Elliptic, which analyses bitcoin payments, told the BBC it had observed REvil continuing to negotiate with individual customers for smaller ransoms of about $200,000, despite the $70m request to unlock everything. He said REvil preferred to use Monero, but it would be difficult to purchase $70m of the currency for practical and regulatory reasons.But he said: “More and more ransomware operators are asking for Monero.”
The scale and sophistication of this global crime is rare, if not unprecedented,” Prof Ciaran Martin, founder of the National Cyber Security Centre, told Radio 4’s Today programme.Most of REvil’s members are believed to be based in Russia or countries that were formerly part of the Soviet Union.Prof Martin criticised Russia for providing a safe environment for ransomware hackers, but said that the West was making it too easy for these gangs to be paid and “unsurprisingly they are coming back for more”.Getty ImagesTraceable BitcoinExperts have expressed surprise at the group’s demand that the ransom should be paid in Bitcoin, as opposed to harder-to-trace cryptocurrencies such as Monero.
On Twitter, Prof Martin called REvil’s decision to demand payment in Bitcoin, “weird”.Earlier this month the US Justice Department announced it had traced and seized millions of dollars worth of bitcoin paid to the
#AceNewsReport – July.03: Huntress Labs said the hack targeted Florida-based IT company Kaseya before spreading through corporate networks that use its software.
#AceSecurityDesk says that acording to the BBC a number of US companies have been hit by a ‘colossal’ cyber-attack and according to the US Cybersecurity and Infrastructure Agency, a federal agency, said in a statement that it was taking action to address the attack and its source ….
Kaseya said in a statement on its own website that it was investigating a “potential attack”.
Huntress Labs said it believed the Russia-linked REvil ransomware gang was responsible.
The cyber-breach emerged on Friday afternoon as companies across the US were clocking off for the long Independence Day weekend.
Another supply-chain attack nightmareThe two big things that are keeping cyber-security professionals up at night lately are ransomware attacks and supply chain attacks. This latest incident combines both nightmares into one big Independence Holiday weekend-ruining event for hundreds of US IT teams.
Ransomware is the scourge of the internet. Multiple organised criminal gangs are constantly attempting to gain access to computer networks to hold them hostage. The rate of attack is relentless but it can take a lot of time and effort on the criminals part to successfully hijack one victim’s computer system.In this latest incident the hackers showed that by going after the software supplier of multiple organisations they can pop dozens, perhaps hundreds of victims in one go. We’ve seen horrendous supply chain attacks in the past but this one has the potential to be the biggest incident involving ransomware yet.It shows that ransomware gangs are thinking creatively about how to have the most impact possible and command the biggest ransom possible.Kaseya said one of its applications that runs corporate servers, desktop computers and network devices might have been compromised in the attack.The company said it was urging customers that use its VSA tool to immediately shut down their servers.
Kaseya said in its statement that a “small number” of companies had been affected, though Huntress Labs said the number was greater than 200.It is not clear what specific companies have been affected and a Kaseya representative contacted by the BBC declined to give details.Kaseya’s website says it has a presence in over 10 countries and more than 10,000 customers.Technology explained: what is ransomware?”This is a colossal and devastating supply chain attack,” Huntress Labs’ senior security researcher John Hammond said in an email to Reuters news agency.At a summit in Geneva last month, US President Joe Biden said he told Russian President Vladimir Putin he had a responsibility to rein in such cyber-attacks.Mr Biden said he gave Mr Putin a list of 16 critical infrastructure sectors, from energy to water, that should not be subject to hacking.REvil – also known as Sodinokibi – is one of the most prolific and profitable cyber-criminal groups in the world.The gang was blamed by the FBI for a hack in May that paralysed operations at JBS – the world’s largest meat supplier.
#AceNewsReport – May.19: Sometimes when you exclaim the sky is unprotected, they mentally label you as Chicken Little and ignore your alarms. Or sometimes they might believe your warnings yet quietly follow the group inertia that’s the cornerstone of groupthink:
WASHINGTON: ‘Cybersecurity Experts Push President Biden To Protect GPS Satellites And The Connected Car: And then a watershed event or three occurs: cybersecurity attacks against SolarWinds SWI , Microsoft Exchange and the Colonial Pipeline’
And those who spoke-up look like geniuses in bittersweet fashion akin to the mortgage doubters from The Big Short.
I have worked in the auto industry for over 27 years for both OEMs and Tier 1s. Now I’m a Principal Consultant at Kugler Maag Cie helping companies improve their product development.
Such is the tale of Lisa Donnan, an internationally recognized expert in cybersecurity and operating partner at Option3 Ventures, and Julian Gresser, the former advisor to the U.S. State Department and World Bank and co-founder of The Balance Group. They have vigorously waved the Caution Flag regarding an insecure, trusted, non-critical infrastructure (satellites) communicating to a trusting non-critical infrastructure (vehicles) that could disrupt a vast network of highways, bridges and tunnels that are recognized as critical infrastructure.
But before jumping to the ending, let’s look back at how we collectively got here, the dangerous implications, and the meat still left on the bone towards a safer tomorrow.
The Days of Naiveté
Almost fifty years ago (1973), the Global Positioning Satellite (GPS) project was begun by The United States Department of Defense with the first satellite launched into space five years later (1978). Originally GPS was designated as military system, but the tragedy of Korean Air Lines flight 007 in 1983 inspired the U.S. government to make GPS satellites available for civilian usage with intentionally degraded accuracy, thus enabling the first handheld navigation device by Magellan (1989). By 1995, all twenty-four (24) satellites in the GPS constellation were declared Full Operational Capability (FOC) and General Motors GM+0.1%began installing Guidestar as the first embedded navigational system outside of Japan. Five years later (2000), the U.S. government ends Selective Availability and enables greater use within vehicles, phones and handheld devices.
Simultaneously, another technology was beginning to take root: the Controller Area Network (CAN). This serial bus system was introduced in 1986, and was designed to handle small, unencrypted, un-authenticated messages between modules or systems within the cars, trains and ships. Production quickly ramped up in the late 90’s and in the year 2000 alone more than 100 million CAN devices were sold. Although other network technologies would eventually be invented (e.g., FlexRay, MOST), CAN retained the throne due to chip availability, lower piece cost and the high switchover costs of changing all carryover modules.
And although automotive would experience its first cybersecurity hacks a few years later, the vast majority of visible attacks on the overall system were “white hat” attackers (a.k.a. researchers or ‘good guys’) and, therein, did not truly raise the alarm.
The community has begun to awaken to the threat. “The automotive industry is frankly behind when it comes to cybersecurity, mitigation, management and even building cybersecurity from the get-go rather than as a bolt-on,” says Donnan. “Car-owners know little-to-nothing about the threat. And the amount of software is growing exponentially. Automotive has to take lessons and best practices from other industries that have already had to address the very-extended threat landscape when it comes to cybersecurity.” Yes, new regulations (e.g., UNECE) shall require ongoing operations by manufacturers including the monitoring, protecting and updating of vehicles’ software long after it drives off the dealers’ lots. Certifications that enforce these regulations essentially require manufacturers’ Cybersecurity and Functional Safety Engineers to forensically investigate potential hacks and their supplanted software. But even here, the newest standards (e.g., ISO/SAE 21434) suggest that the boundary of consideration for the Threat Analysis and Risk Assessment (TARA) is the vehicle’s physical exterior, thereby making satellite signals out of scope.
“We are so reliant upon GPS,” states Donnan, “and the reality is our adversaries know that. Frankly, there are not a lot of countermeasures. They’re working on it, but still are not there.”
So in the end, the satellite system could get hacked and start communicating that certain roadways are blocked by construction or traffic and force gridlock within critical throughways such as tunnels or bridges. “There are some striking omissions in President Biden’s National Infrastructure Plan,” says Gresser. “Why are satellites not considered an essential sector in critical national infrastructure? Also, transportation is recognized as an essential sector. But, then cybersecurity risks of connected cars somehow got excluded. Policy makers need to view these complex issues from a whole systems perspective. A coherent infrastructure plan must connect the dots with a keen understanding of how a deep cybersecurity attack on one sector can rapidly cascade to many others. These failings reflect a deep national vulnerability, including from Space, that the Biden Administration must urgently address.” Maybe the hope is that hacks won’t happen, though.
But they will.
Arguably the worst outcome of the last week was the realization that Colonial Pipeline paid nearly $5M in ransom to the hackers and now confirmed a third element to our Cyber-Pandemic: financial motive. Already the accelerated digitization of businesses during Covid-19 significantly increased Interpol-measured cybersecurity opportunities(by upwards of 59%) and larger unemployment created additional idle hands, but the large pay day will likely inspire additional hackers in the coming months.
As possibly said best by Jennifer Granholm, the Secretary of Energy, last Thursday in an interview by Axios, “These hacks are not going to stop. Because everything is now smart technology and using the cloud, we are vulnerable everywhere. And so every private sector entity – whether you are an energy business or not – has to be thinking about how you protect your system; your [operations]. So that, I think, is a big lesson for the private sector, and it’s a big lesson the government to think about. What should we be doing inside the government itself to prevent hacks and attacks on us …?”
Still Work To Do
Per an Op-Ed in Newsweek on May 6th, Donnan and Gresser pressed President Biden to 1) designate “space” as a critical infrastructure and 2) sign an Executive Order to effect a 180 Day Pause on the Federal Communications Commission (FCC) launch-approvals for new satellites under the uninsured Satellite Experiment.
On May 12th, President Biden did, in fact, sign an Executive Order on Cybersecurity requiring an investigation, public comment and action on Federal Information Systems that “… include systems that process data (information technology (IT)) and those that run the vital machinery that ensures our safety (operational technology (OT))” within 60, 90 and 120 days respectively. “In the end, the trust we place in our digital infrastructure should be proportional to how trustworthy and transparent that infrastructure is, and to the consequences we will incur if that trust is misplaced.”
The Order does not pause satellite launches. It does not recognize any new genres of existing assets as critical to national security (e.g., satellites, commercial fleets). It does not require a deadline for containment actions. It says that by September, we will take a first, concrete step towards protection.
In the meantime, the automotive sector moves forward with autonomy, and yesterday (May 17th) another U.S. satellite was propelled into space.
“Just because we can do something technically due to versatility and genius,” says Gresser, “doesn’t mean we should rush ahead and do it unwisely without considering the risks; a ‘ready, fire, aim’ approach. How do we develop a framework that allows us to develop a pathway that maximizes the benefits and mitigates the risks?”
A great question. Let’s hope groupthink doesn’t squelch it.
#AceNewsReport – Dec.11: As of December 2020, the FBI, CISA, and MS-ISAC continue to receive reports from K-12 educational institutions about the disruption of distance learning efforts by cyber actors,” the alert reads. “Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year,” it added: But of all the attacks plaguing the K-12 sector (kindergarten through twelfth-grade schools), ransomware has been a particularly aggressive threat this year, CISA and the FBI said:
CISA has observed continuing ransomware attacks across the country and around the world: See CISA’s Awareness Briefings on Combating Ransomware, Joint Ransomware Statement, and CISA Insights – Ransomware Outbreak. Below, please find resources on CISA’s newly redesigned ransomware information page to better connect you with helpful resources and tools you and your organization need to guard against the ransomware threat.
Looking to learn more about this growing cyber threat? With industry best practices and individualized checklists, the NEW Ransomware Guide is a great place to start. The guide, released in September 2020, represents a joint effort between CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The joint Ransomware Guide is a customer-centered, one-stop resource with best practices and ways to prevent, protect and/or respond to a ransomware attack.
In addition to reviewing the Ransomware Guide, we invite you to click on resources below to find additional Ransomware-related information. These resources are designed to help individuals and organizations prevent attacks that can severely impact business processes and leave organizations without the data they need to operate and deliver mission-critical services.
According to MS-ISAC data, the percentage of reported ransomware incidents against K-12 schools increased at the beginning of the 2020 school year,” the two agencies said. “In August and September, 57% of ransomware incidents reported to the MS-ISAC involved K-12 schools, compared to 28% of all reported ransomware incidents from January through July,” they said:
#AceNewsServices – WASHINGTON:Dec.19 – President Obama on Thursday signed five cyber-security bills into law, after an unexpected spate of legislative activity on the issue.
Though we need to go back to Tuesday Feb.12 2013 when President Obama signed an executive order on cybersecurity — an order that aims to increase cyber defenses of our nation’s critical infrastructure, improve information sharing about cyberthreats between the public and private sectors, and establish a framework of cybersecurity best practices.
But it wasn’t quite ready back then, and the White House worked on crafting the order for the last several months, The Hill reported.
Theses five bills won’t satisfy the strongest backers of tough cyber protections, but they should help many government officials beef up their networks and were cheered by supporters when they rushed through Congress in the final days of its 2014 session.
The bills largely direct various arms of government to deal in a more forceful way with cyber issues, but should also clarify current operations. The Cybersecurity Enhancement Act, for instance, allows the Commerce Department to write voluntary standards to protect critical infrastructure and tells the White House’s Office of Science and Technology Policy to develop a federal cyber research plan.
Most of the bills are aimed at the Department of Homeland Security (DHS). The National Cybersecurity Protection Act establishes in law the department’s national cybersecurity center, while the Federal Information Security Modernization Act updates 12-year-old federal information security laws.
The Cybersecurity Workforce Assessment Act directs the DHS to build out a new strategy to recruit and hang onto the best and brightest workers in the field, and the Border Patrol Agent Pay Reform Act allows the department to exempt some cyber staffers from normal government hiring rules.