Collaborate Disseminate
Complying with DoD’s new cybersecurity regulations requires hard data, the kind that pretty much requires automation to compile.
The post If You Don’t Hire Robots to Attack Your Networks, You’re Not Doing Security Right appeared first on AttackIQ.
The … Continue reading If You Don’t Hire Robots to Attack Your Networks, You’re Not Doing Security Right
There’s little that Russian hackers hate more than being seen as soft. So when U.S. military hackers saw a way to publicly portray them as bumbling and unthreatening in recent weeks, they seized the moment. It all began when Cyber Command, the U.S. Department of Defense’s offensive cyber arm, started working with a graphics company to illustrate foreign government hackers. The military realized it could punch up the reports it releases on foreign hacking operations by adding illustrations, and try to embarrass or infuriate the foreign hacking shops along the way, one U.S. official told CyberScoop. In one case, when Cyber Command started making plans to expose some state-sponsored espionage operations tied to Russia’s Federal Security Service (FSB), the country’s KGB successor, they turned to the graphics company to develop images that would goad the Russians, the official said. “Russia hates to be seen as cuddly or cozy so we want to tick them off,” said the official, who was not authorized […]
The post How the Pentagon is trolling Russian, Chinese hackers with cartoons appeared first on CyberScoop.
Continue reading How the Pentagon is trolling Russian, Chinese hackers with cartoons
The White House hopes to update U.S. government’s approach to its maritime cybersecurity strategy in coming months, according to two senior administration officials. The Trump administration’s priorities are to enhance and secure the United States’ ability to project power at sea and defend against adversarial cyberattacks, two senior administration officials told reporters during a call Tuesday. The plan involves re-examining the national approach to information sharing and better emphasizing the use of operational technologies in ports, according to one senior administration official. The two officials on the call declined to reveal any specific information about the administration’s plans, saying more information would soon become available. But hackers have long targeted shipping firms and the maritime supply chain to steal data involving the U.S. government or interrupt cargo operations. Hackers using a strain of ransomware known as Ryuk compromised computer networks at a maritime transportation facility last year, disrupting operations for 30 hours, according to the U.S. Coast Guard. Nation-state hackers also have […]
The post Trump officials hint at update for US maritime cybersecurity appeared first on CyberScoop.
Continue reading Trump officials hint at update for US maritime cybersecurity
A bipartisan group of senators sent a letter to both the Department of Defense and Department of Homeland Security on Monday urging them to take more action to defend the U.S. healthcare sector against hackers that have been exploiting the coronavirus pandemic. The senators warned that if Gen. Paul Nakasone, the commander of U.S. Cyber Command, and Christopher Krebs, Director of Cybersecurity and Infrastructure Security Agency (CISA), don’t take more action to deter hackers, they will continue to pummel the U.S. healthcare sector will continue to get pummeled with coronavirus hacking campaigns. “Unless we take forceful action to deny our adversaries success and deter them from further exploiting this crisis, we will be inviting further aggression from them and others,” Sens. Richard Blumenthal, D-Conn.; Tom Cotton, R-Ark.; Mark Warner, D-Va.; David Perdue, R-Ga.; and Edward Markey, D-Mass. write. “The cybersecurity threat to our stretched and stressed medical and public health systems should […]
The post Senators want Cyber Command and CISA to do more to deter coronavirus-focused hackers appeared first on CyberScoop.
The Trump administration’s counterintelligence strategy, released Monday, aims for stronger collaboration between the intelligence community and the private sector on detecting and stopping foreign intelligence threats to U.S. entities. The plan, which President Donald Trump approved in early January, emphasizes a longstanding government argument that the private sector must do more to prevent foreign espionage. As state-sponsored hackers target more U.S. companies, corporate America should prioritize preparations to stifle similar attacks in the future, the director of the National Counterintelligence and Security Center, Bill Evanina, told reporters at a briefing Monday. “A hostile nation state attack on a private U.S. company … is a counterintelligence attack on our nation,” he said. The NCSC is part of the Office of the Director of National Intelligence. Earlier on Monday the Department of Justice announced charges against four members of the Chinese People’s Liberation Army for allegedly hacking into Equifax to steal information about roughly 147 million Americans. Prosecutors also alleged […]
The post Trump administration wants private sector to do more to counter foreign intelligence efforts appeared first on CyberScoop.
There are a whole host of products on the market purporting to be the best way to run defense against nation-state adversaries’ email spearphishing attempts — but there’s one part of defending against spearphishing in particular the U.S. Marine Corps Forces Cyberspace Command’s Chief Technology Officer endorses: context. For Renata Spinks, the goal is not to just make sure employees understand they should avoid clicking on what appear to be malicious links, but to make sure they understand the bigger picture of what they’re protecting, she said Tuesday. “Instead of just [test] phishing attempts, teach your employees why phishing attempts are so important and make it relatable,” Spinks said at the Fortinet Security Summit, produced by FedScoop and StateScoop. “Data is your most critical commodity, but people [are] the best asset you can have.” Spearphishing emails often seek to pilfer off passwords and credentials from victims who click on links or attachments that purport […]
The post How the Marine Corps thinks about beating adversaries in cyberspace appeared first on CyberScoop.
Continue reading How the Marine Corps thinks about beating adversaries in cyberspace
State-sponsored cyberattacks against just one victim nation at a time could soon provoke a global response, if a growing number of officials around the world have their way. As the Pentagon has experimented with new authorities allowing U.S. Cyber Command to be more offensive in cyberspace, key officials have suggested there is a groundswell of support for multi-nation countermeasures in the digital age. Thomas Wingfield, the incoming deputy assistant secretary of Defense for cyber policy, told CyberScoop that alliances could be a more successful way to deter hackers and strike back when they infiltrate sensitive networks. “I think that’s a more effective way to solve the problem, and I think that is the general [direction] of international law,” said Wingfield, who is still employed at National Defense University. “But I would also say we’re not there yet and states are in the process of moving international law in that direction.” For months now, the U.S. […]
The post Pentagon’s next cyber policy guru predicts more collective responses in cyberspace appeared first on CyberScoop.
Continue reading Pentagon’s next cyber policy guru predicts more collective responses in cyberspace
U.S. Cyber Command was on the verge of again publicly calling out North Korean hackers for targeting the financial sector in late September, but ultimately backed off the plan by early October, multiple sources familiar with the decision tell CyberScoop. The announcement was to be part of a Cyber Command effort to publicly share malware samples on VirusTotal, a web platform dedicated to tracking malware. Led by Cyber Command’s Cyber National Mission Force, those postings are intended to call out adversary-linked hacking in the hopes that it will deter groups from similar efforts in the future. It wasn’t clear why the decision was made to refrain from publicly posting malware samples this time around, despite the fact that Cyber Command has done so numerous times in recent months. It didn’t appear to be an issue of accuracy — the Pentagon outfit still decided to share private advisories with threat intelligence companies and the financial sector. A […]
The post Why did Cyber Command back off its recent plans to call out North Korean hacking? appeared first on CyberScoop.
Continue reading Why did Cyber Command back off its recent plans to call out North Korean hacking?
As the U.S. National Security Agency incorporates machine learning and artificial intelligence into its defensive cyber operations, officials are weighing whether cyber operators will have confidence in the algorithms underpinning those emerging technologies. NSA operators want to say, “is my AI or ML system explainable?” Neal Ziring, NSA’s Technical Director for Capabilities, told CyberScoop Thursday. “Contexts where the AI is recommending an action is where that will be most important.” The intelligence agency still is exploring how machine learning, an automated method of data analysis, might be used to detect threats and protect new Internet of Things technology. Given the amount of information that agency employees need to sort through, machine learning could help prioritize tasks and decrease the amount of time employees spend on triage. The NSA aims to use machine learning and artificial intelligence, in which computers make their own decisions, to more efficiently stop threats, and eventually leverage those tools in offensive operations. But, if NSA workers don’t trust the […]
The post The NSA is experimenting with machine learning concepts its workforce will trust appeared first on CyberScoop.
Continue reading The NSA is experimenting with machine learning concepts its workforce will trust
U.S. Cyber Command is still working overseas with allies to try preventing election interference, Brig. Gen. Timothy Haugh, the commander of Cyber Command’s cyber national mission force said Tuesday. As part of the military’s operation to defend the U.S. midterm elections in 2018, an operation known internally in the Department of Defense as “Synthetic Theology,” Cyber Command deployed cyber warriors to Ukraine, North Macedonia, and Montenegro to help defend those countries’ networks, and to collect intelligence on adversaries. Cyber Command has since “redeployed” out of “some of those” countries, Haugh said during a reporters’ roundtable at the Integrated Cyber Center and Joint Operations Center in Fort Meade, Maryland. Haugh did not specify in which countries Cyber Command has ongoing operations right now in preparation for 2020, but said these kinds of partnership will continue to grow. “When we look to do partnerships overseas … we want to do that anywhere where […]
The post Cyber Command has redeployed overseas in effort to protect 2020 elections appeared first on CyberScoop.
Continue reading Cyber Command has redeployed overseas in effort to protect 2020 elections