Welcome to Metacurity’s Friday Report, where we highlight the big themes in infosec news for the week.
After weeks of (sometimes faux) China-related bad news, Russia emerged once again as the big bad wolf of the cybersecurity world, both in the U.S. and Europe. In the aftermath of a series of misdeeds, including the administration of nerve agents in the UK and foiled plans by the Russian secret service to launch a cyberattack on chemical weapons watchdog OPCW, European leaders kicked into gear.
First, Defense Minister Ank Bijleveld said The Netherlands is in the midst of a “cyber war” with Russia. Then the UK’s National Cyber Security Centre issued a scary report noting the UK was hit by more than 1,000 serious cyberattacks over the past two years, with more than 70% launched by hostile state hackers, citing Russia as a prime culprit, along with China and North Korea.
With Russia clearly top of mind, UK Prime minister Theresa May said she wants a tougher response to states found responsible for cyberattacks and urged EU leaders meeting in Brussels to create a new sanctions regime to crack down on those governments. The next day, European Union (EU) leaders did indeed agree to impose sanctions on the perpetrators of cyberattacks and said they will work on a new regime to tackle not only cybersecurity but also disinformation and data manipulation.
The biggest Russia-related news of all came on Friday (as, it seems, is customary these days), when the Justice Department charged a Russian woman, Elena Khusyaynova, for conspiring to commit fraud against the United States by interfering with the 2018 U.S. election, marking the first criminal case that accuses a foreign national of interfering in the upcoming midterms. Prosecutors said Khusyayanova managed the finances of “Project Lakhta,” an effort backed by Russian oligarch Yevgeniy Prigozhin, an associate of Russian President Vladimir Putin who is known as “Putin’s Chef,” which used various social media fake accounts to sew division and misinformation among the American electorate.
Not all the Russia news came from governments. Security firm ESET released a report stating that a successor of the BlackEnergy APT group, dubbed GreyEnergy, has infected three energy and transport companies in Ukraine and Poland with sophisticated new malware and may be planning destructive cyber attacks. Although ESET stopped short of attributing BlackEnergy to Russia, plenty of intel agencies pin the nefarious malware, which knocked out portions of Ukraine’s power grid in 2015, on the Kremlin.
Speaking of faux China news, after weeks of mounting doubt about the veracity of the Bloomberg Businessweek story about China implanting a spy chip into SuperMicro motherboards, the other big news of the week was the unprecedented personal denial by Apple CEO Tim Cook that the story was true. The report contended that the spy chips were in servers used by Apple. Cook took the even more astonishing step of demanding that Bloomberg Businessweek retract the story. This call for a retraction followed a letter by SuperMicro to the Senate denying the story and Director of National Intelligence Dan Coats saying he has seen no evidence of the story’s veracity.
A lot more happened during the week, so check out our home page, search for a particular day of the week or check out our Snacks page for a full scan of the news.
With that, we leave you with a cautionary tale that even information security is filled with Twitter trolls, so be careful who you follow:
Ok now, which one of you is running this Twitter botnet of fake infosec professionals? pic.twitter.com/q9PkF55JmD
— Mikko Hypponen (@mikko) October 19, 2018
Be safe and be sane out there. And when you get a chance, don’t forget to support Metacurity by becoming a patron. We’ve got a lot more good stuff in store in and really need your help! Thank you.