Friday Report: Iran Stands Out Again, Russia Maintains an Even Strain, and Election Security Still a Mess

By Cynthia Brumfield,

Welcome to Metacurity’s Friday Report where we stop to take stock of the big themes of the week in infosec news.

One interesting development is that Iran as a threat actor stood out in ways that it hasn’t very much lately, perhaps not surprising given the fears that Iran would become more aggressive in the wake of Donald Trump’s cancellation of the nuclear deal. First, Facebook, with the assistance of cybersecurity firm FireEye, removed 652 fake accounts, pages, and groups that were trying to sow misinformation with most of those accounts, pages and groups originating primarily from Iran (but also Russia). Twitter joined the action too, suspending 284 accounts for engaging in coordinated information manipulation, with many of the accounts originating from Iran.

Google, also working with FireEye, followed its fellow tech titans by deleting 39 YouTube channels, six Blogger accounts, and 13 Google+ accounts linked to the Iranian state broadcaster, IRIB, the Islamic Republic of Iran Broadcasting. The week ended with news that Iranian government-linked hackers that are likely part of the so-called Cobalt Dickens group have been targeting universities and academic institutions around the world to steal unpublished research and obtain intellectual property.T

Russia, however, continued to dominate the news despite’s Iran’s resurgence, with the week starting off with the news that Senator Bill Nelson’s claim that Russia threat actors are inside some Florida county voting systems might actually be backed up by classified information.

The real interesting news about Russian hackers came a few days later when Microsoft announced that it discovered Russia’s Fancy Bear, also known as APT 28 or Strontium, an arm of the GRU military intelligence unit, has targeted conservative American think tanks that have broken with President Trump or are seeking continued sanctions against Moscow, exposing oligarchs or pressing for human rights.

In making this announcement, Microsoft also revealed that it has taken down six malicious websites targeting American politics that had been maintained by Fancy Bear after obtaining a court order that allowed it to do so. Finally, on the Russian front, the U.S. Treasury Department announced it imposed sanctions on two Russians, one Russian company and one Slovakian firm for what it said were their actions to help another Russian company avoid sanctions targeting Russia’s malicious cyber-related activities.

The insecurity of U.S. election and voting systems revealed in the wake of Russia’s interference in the 2016 presidential election won’t be fixed anytime soon if the news coming out this week is any indication. First, the Secure Elections Act, legislation that contained a host of provisions to shore up the nation’s voting infrastructure and which seemed like it was headed for sure-fire passage, got mysteriously derailed when it was pulled from a vote. Later in the week, however, it became clear that the White House killed the bill because, it said, DHS can handle things without new legislation.

The real gloomy message about election security came from former Facebook CSO Alex Stamos, who penned a lengthy piece that outright said it’s too late to protect the 2018 midterm elections. Stamos, did, however, spell out a number of steps that can be taken to protect voting infrastructure in time for the 2020 elections.

Finally, not all the election security news was bad this week — one-third, or around $115.5 million, of the $380 million the federal Election Assistance Commission (EAC) is distributing to states this year will go to shoring up the cybersecurity of voting systems.

That’s it for this week. We leave you with our favorite tweet of the week, one that shows a dude who we think is quite likely an infosec rockstar, or at the least a whiz at digital systems.

Be safe and be sane out there. Or throw caution to the wind and go crazy. Either way, have a great weekend.