offensive cybersecurity – Page 2

Here’s what John Bolton had to say about cybersecurity policy in his new book

Posted on June 22, 2020 by Shannon Vavra

In his new book, former national security adviser John Bolton says that squabbling amongst Trump administration officials hobbled the White House’s efforts to issue new policies that shaped the U.S. government’s offensive and defense cyber-operations. The book, “The Room Where It Happened: A White House Memoir,” which CyberScoop obtained, provides an insider’s view of the U.S. government’s largely secretive approach to revamping cyber policy in the last two years. Aside from cyber-operations, Bolton paints President Donald Trump as preoccupied and angered by cybersecurity-related issues, as well as all too willing to use hacking to prop up his political goals in negotiations with China and Ukraine. “We needed to do two things: first, we needed a Trump Administration cyber strategy, and second, we needed to scrap the Obama-era [offensive cyber-operations] rules and replace them with a more agile, expeditious decision-making structure,” Bolton writes of his time negotiating new policies with national security and intelligence officials in 2018. […]

The post Here’s what John Bolton had to say about cybersecurity policy in his new book appeared first on CyberScoop.

Continue reading Here’s what John Bolton had to say about cybersecurity policy in his new book→

Senators want Cyber Command and CISA to do more to deter coronavirus-focused hackers

Posted on April 21, 2020 by Shannon Vavra

A bipartisan group of senators sent a letter to both the Department of Defense and Department of Homeland Security on Monday urging them to take more action to defend the U.S. healthcare sector against hackers that have been exploiting the coronavirus pandemic. The senators warned that if Gen. Paul Nakasone, the commander of U.S. Cyber Command, and Christopher Krebs, Director of Cybersecurity and Infrastructure Security Agency (CISA), don’t take more action to deter hackers, they will continue to pummel the U.S. healthcare sector will continue to get pummeled with coronavirus hacking campaigns. “Unless we take forceful action to deny our adversaries success and deter them from further exploiting this crisis, we will be inviting further aggression from them and others,” Sens. Richard Blumenthal, D-Conn.; Tom Cotton, R-Ark.; Mark Warner, D-Va.; David Perdue, R-Ga.; and Edward Markey, D-Mass. write. “The cybersecurity threat to our stretched and stressed medical and public health systems should […]

The post Senators want Cyber Command and CISA to do more to deter coronavirus-focused hackers appeared first on CyberScoop.

Continue reading Senators want Cyber Command and CISA to do more to deter coronavirus-focused hackers→

In search of a B.S. filter for software bugs

Posted on April 15, 2020 by Sean Lyngaas

An organization can’t — and shouldn’t — care about each of the thousands of software vulnerabilities that are made public each year. A bug in a public-facing web browser probably won’t matter a lick for the control systems at an energy plant; an accounting firm can ignore a vulnerability in industrial computers it doesn’t use. Yet for some organizations, it’s an ongoing struggle to understand how a software bug might impact their business. On Wednesday, cybersecurity company Rapid7 took a stab at the issue by going public with a project that uses crowd-sourced feedback to rate vulnerabilities. The company invited security professionals of all stripes to use a web platform, known as Attacker Knowledge Base (KB), to assess the impact of a vulnerability to an organization, starting with a simple question: What could a malicious hacker do with the bug? The answers rate how easy it would be for a hacker to weaponize a vulnerability or what level of […]

The post In search of a B.S. filter for software bugs appeared first on CyberScoop.

Continue reading In search of a B.S. filter for software bugs→

Australian government says it is hacking criminals who are exploiting the pandemic

Posted on April 7, 2020 by Sean Lyngaas

As governments around the world consider their options for cracking down on scammers exploiting the coronavirus pandemic, Australia is touting a muscular approach in cyberspace. The Australian Signals Directorate (ASD) “has mobilized its offensive cyber capabilities to disrupt foreign cyber criminals responsible for a spate of malicious activities during COVID-19,” the Australian defense ministry said in a statement Tuesday. The ASD, the country’s lead agency for hacking operations, has “already successfully disrupted activities from foreign criminals by disabling their infrastructure and blocking their access to stolen information,” Australian Minister of Defense Linda Reynolds said. “Some of these cybercriminals have even posed as health officials in an attempt to exploit vulnerable Australians, by infecting their computers with malware and stealing their private information.” COVID-19-related scams and phishing attempts targeting people around the world have surged in recent weeks as criminals and spies prey on people’s health fears. In Australia, a consumer […]

The post Australian government says it is hacking criminals who are exploiting the pandemic appeared first on CyberScoop.

Continue reading Australian government says it is hacking criminals who are exploiting the pandemic→

Trump administration wants private sector to do more to counter foreign intelligence efforts

Posted on February 10, 2020 by Shannon Vavra

The Trump administration’s counterintelligence strategy, released Monday, aims for stronger collaboration between the intelligence community and the private sector on detecting and stopping foreign intelligence threats to U.S. entities. The plan, which President Donald Trump approved in early January, emphasizes a longstanding government argument that the private sector must do more to prevent foreign espionage. As state-sponsored hackers target more U.S. companies, corporate America should prioritize preparations to stifle similar attacks in the future, the director of the National Counterintelligence and Security Center, Bill Evanina, told reporters at a briefing Monday. “A hostile nation state attack on a private U.S. company … is a counterintelligence attack on our nation,” he said. The NCSC is part of the Office of the Director of National Intelligence. Earlier on Monday the Department of Justice announced charges against four members of the Chinese People’s Liberation Army for allegedly hacking into Equifax to steal information about roughly 147 million Americans. Prosecutors also alleged […]

The post Trump administration wants private sector to do more to counter foreign intelligence efforts appeared first on CyberScoop.

Continue reading Trump administration wants private sector to do more to counter foreign intelligence efforts→

How the Marine Corps thinks about beating adversaries in cyberspace

Posted on December 3, 2019 by Shannon Vavra

There are a whole host of products on the market purporting to be the best way to run defense against nation-state adversaries’ email spearphishing attempts — but there’s one part of defending against spearphishing in particular the U.S. Marine Corps Forces Cyberspace Command’s Chief Technology Officer endorses: context. For Renata Spinks, the goal is not to just make sure employees understand they should avoid clicking on what appear to be malicious links, but to make sure they understand the bigger picture of what they’re protecting, she said Tuesday. “Instead of just [test] phishing attempts, teach your employees why phishing attempts are so important and make it relatable,” Spinks said at the Fortinet Security Summit, produced by FedScoop and StateScoop. “Data is your most critical commodity, but people [are] the best asset you can have.” Spearphishing emails often seek to pilfer off passwords and credentials from victims who click on links or attachments that purport […]

The post How the Marine Corps thinks about beating adversaries in cyberspace appeared first on CyberScoop.

Continue reading How the Marine Corps thinks about beating adversaries in cyberspace→

Pentagon’s next cyber policy guru predicts more collective responses in cyberspace

Posted on November 21, 2019 by Shannon Vavra

State-sponsored cyberattacks against just one victim nation at a time could soon provoke a global response, if a growing number of officials around the world have their way. As the Pentagon has experimented with new authorities allowing U.S. Cyber Command to be more offensive in cyberspace, key officials have suggested there is a groundswell of support for multi-nation countermeasures in the digital age. Thomas Wingfield, the incoming deputy assistant secretary of Defense for cyber policy, told CyberScoop that alliances could be a more successful way to deter hackers and strike back when they infiltrate sensitive networks. “I think that’s a more effective way to solve the problem, and I think that is the general [direction] of international law,” said Wingfield, who is still employed at National Defense University. “But I would also say we’re not there yet and states are in the process of moving international law in that direction.” For months now, the U.S. […]

The post Pentagon’s next cyber policy guru predicts more collective responses in cyberspace appeared first on CyberScoop.

Continue reading Pentagon’s next cyber policy guru predicts more collective responses in cyberspace→

Sen. Warner says hacking, disinformation are the future of war, and urges the U.S. to keep up

Posted on September 18, 2019 by Shannon Vavra

Cyberwarfare and information operations now are the primary ways in which countries assert themselves on the world stage, Sen. Mark Warner said in a speech Tuesday, pointing to a new geopolitical reality in which traditional military strength may be less urgent. The Virginia Democrat portrayed hacking, social media manipulation, and other digital techniques as affordable options for smaller countries that don’t have the financial resources to invest in modern military hardware like tanks and fighter jets. U.S. leaders need to more urgently recognize this transition, he said, and prioritize processes and technology that stifle future attempts from adversaries to interfere in U.S. elections and markets. Warner, vice chairman of the Senate Intelligence Committee, for years has urged Congress to authorize more funding for cybersecurity. “I worry at times we may be spending too much time [and] resources on 20th century stuff when increasingly conflict in the 21st century will be cyber, will be misinformation, disinformation,” Warner […]

The post Sen. Warner says hacking, disinformation are the future of war, and urges the U.S. to keep up appeared first on CyberScoop.

Continue reading Sen. Warner says hacking, disinformation are the future of war, and urges the U.S. to keep up→

U.S. cyber-offensive against ISIS continues, and eyes are now on Afghanistan, general says

Posted on September 17, 2019 by Shannon Vavra

As loyalties among Afghanistan’s Islamic extremists continue to shift, the U.S. military may be poised to rely more heavily on offensive cyber capabilities to target one group in particular — the dispersed but still active membership of ISIS, according to one military cyber commander. Joint Task Force ARES, the outfit charged with running joint and coalition cyber-operations against ISIS, is working to uncover information about how the terrorist group continues to operate in Afghanistan, the deputy commander said Monday. “JTF-ARES is in or around where ISIS is operating,” Brig. Gen. Len Anderson said during a question and answer at an Atlantic Council event Monday. “We are trying to illuminate the network, trying to figure out how they’re communicating, what they’re using, where the money might be flowing, is there money.” Although the Islamic State’s physical caliphate has been crushed in Iraq and Syria, reporting from the Defense Intelligence Agency this year says the group still has a […]

The post U.S. cyber-offensive against ISIS continues, and eyes are now on Afghanistan, general says appeared first on CyberScoop.

Continue reading U.S. cyber-offensive against ISIS continues, and eyes are now on Afghanistan, general says→

NATO cyber-operations center will be leaning on its members for offensive hacks

Posted on August 30, 2019 by Shannon Vavra

The North Atlantic Treaty Organization’s cyber-operations command center in Belgium still has a ways to go before its offensive playbook is set in stone, a NATO cyber official involved in the matter told CyberScoop. The Cyberspace Operations Centre was established almost exactly one year ago, in Mons, Belgium to help member nations’ obtain real-time intelligence on and respond to cyberthreats from criminal or nation-state backed hackers. The alliance is still working on pooling member nations’ offensive cyber capabilities for those responses, Deputy Director of the Cyberspace Operations Centre Group Captain Neal Dewar told CyberScoop in an interview. The cyber operations center was created in part to fulfill the alliance’s 2016 decision that under NATO’s Article V, a cyberattack on one member nation may result in a group of members coming to its defense, just as if a physical attack had occurred. But because the alliance does not have its own […]

The post NATO cyber-operations center will be leaning on its members for offensive hacks appeared first on CyberScoop.

Continue reading NATO cyber-operations center will be leaning on its members for offensive hacks→