March was full of interesting developments on the cyber front, including quite a bit of movement and developments on the nation-state side. Read on to find out what we’ve been talking about around the proverbial water cooler.
Despite Microsoft Patch, US Government Warns of ‘Active Threat Still Developing’ From Open Back Doors
The Microsoft email software breach has affected over 20,000 US organizations, and the US government continues to urge businesses to take it seriously. The threat is still considered active and the government is still weighing its response, although they said it will be a “whole of government response”.
“The fact that the US Government is warning enterprises to be proactive in looking for any suspicious activity on their networks/assets is a clear indicator of the magnitude of the problem of cyberattacks today. We can not say it enough: Assume breach and deploy technologies that allow you to detect adversaries sooner, before they reach their objective.” — Fernando, Founder
Source: Reuters, March 7
NSA Releases Guidance on Zero Trust Security Model
The US government’s National Security Agency (NSA) has released the info sheet “Embracing a Zero Trust Security Model”, which provides information about, and recommendations for, implementing Zero Trust within networks. They define the Zero Trust security model as a “coordinated system management strategy that assumes breaches are inevitable or have already occurred” and encourage administrators and organizations to review the guidance on Embracing a Zero Trust Security Model as a way to secure sensitive data, systems, and services.
“Despite the fact the idea of zero trust has been around for a while, we are happy that the Zero Trust Security Model is getting the support and attention it deserves. We consider zero trust essential nowadays. Although we agree with the concept and the examples provided, however, we miss the mention of deception as the perfect tool for this approach. The bottom line is it offers certain capabilities that are not possible with any other technology.” — Member of the integration team
Source: CISA, February 26
Russian Man Admits Ransomware Plot Against Tesla In Nevada
A Russian actor offered $1 million to an employee of Tesla to help physically plant ransomware in the Tesla electric battery plant in Nevada. It would have crippled the factory and allowed themes to steal company secrets. Egor Igorevich Kriuchkov pleaded guilty Thursday in U.S. District Court in Reno, after acting on behalf of co-conspirators abroad. There has been no direct link to the Kremlin.
“This is a reminder for CISOs that internal threats are something they need to worry about. They should deploy technologies that allow for internal threats to be detected before they can harm the company.” – Fernando, Founder
Source: AP, March 19
Go Malware is Now Common, Having Been Adopted by Both APTs and E-crime Groups
There has been a sharp increase in the number of malware strains coded in the Go programming language. Since 2017, the use has increased by 2000%, showing that users have moved away from C and C++. The rise in popularity is due to its easy process for cross-platform compilation, the fact that it is difficult to analyze and reverse engineer, and the support offered for working with network packets.
“Go has been off of the radar of cybercriminals for many years but they are starting to see how useful it can be for creating hacking tools that are multiplatform. We foresee hacking groups increasing usage of Go in the future.” — Fernando, Founder
Source: ZDNet, February 26
British army to be cut to 72,500 troops by 2025
The British government announced a move towards drones and cyber warfare this month, saying they would reduce the size of the Army to 72,500 soldiers by 2025. This was accompanied by an announced increase in defense spending by £24 billion over the next four years. The move was announced as a way to shift from outdated capabilities and keep the UK’s defense competitive globally. The plan includes funding for electronic warfare and drones.
“I think this is important news because it shows that governments around the world are aware of how cyberwarfare is gaining importance in the current world. When there are budget restrictions (and budget is always limited), they consider that they should divert more and more resources to cyberwarfare.” — Fernando, Founder
Source: BBC, March 23