Cynthia Brumfield / Metacurity  
Friday Report: Russia, Russia, Russia and Let’s Not Forget Iran and China

By Cynthia Brumfield,

Welcome to Metacurity’s Friday Report where we pull together the big picture themes emerging from the week’s top infosec news stories.

This week, Russia, China, and Iran emerged as the biggest themes, with Russia, as usual, dominating all other cybersecurity news stories. First, NSA and Cyber Command confirmed earlier reports that they’re fighting Russian cyber threats facing the 2018 midterm elections through what they call the “Russia Small Group,” kind of hanging out there on their own with no presidential directives.

Then, as it has on several occasions over the past year, the Department of Homeland Security warned that hackers working for a Russian state-sponsored group known as Dragonfly or Energetic Bear gained access to the networks of U.S. electric utilities and penetrated far enough into the networks to come into contact with industrial control systems that operate the power grid. (And the usual debate cropped on infosec Twitter over whether Russia could have caused a blackout in so doing…the answer seems to be, only in isolated circumstances.)

Up-against-the-ropes Facebook, for its part, promised to do something to fight Russian operatives and others who use deceptive tactics and false information to manipulate public opinion during the 2018 midterms elections, saying they plan to use a “range of techniques” including artificial intelligence to fight back against any disinformation campaigns. (It probably didn’t ease Facebook’s woes any when a March memo written by outgoing Chief Security Officer Alex Stamos emerged this week calling some of the social media giant’s features “creepy.”)

Russia, along with China and Iran, is one of the most hostile foreign actors to engage in economic espionage the National Counterintelligence and Security Center (NCSC) said in a warning this week.

But the real bombshell Russia news came from a Daily Beast investigation which found that Russia’s GRU intelligence agency through its infamous Fancy Bear hacking group targeted Missouri Democratic Senator Claire McCaskill as she began her 2018 re-election campaign in earnest, making her the first identified target of the Kremlin’s 2018 election interference.  Watch this space for more revelations on which other midterm campaigns get revealed as the target of Russian hackers.

Not to be left out of this week’s news cycle, Iran, along with Russia and China, was flagged as a rising foe by the German government, which warned the number of cyber attacks with a likely origin in Iran has been rising since 2014, with a sharp increase last year.

At the start of the week, U.S. officials raised their own Iran fears while speaking at the Aspen Security Summit where the officials said Iran is making preparations that would support cyberattacks against thousands of electric grids, water plants, and healthcare and technology companies in the U.S., Germany, the U.K. and other countries in Europe and the Middle East following the U.S. withdrawal from the nuclear deal.

Although China didn’t generate as many bad headlines, the country is eyed as one of the most the likely culprits behind the massive breach of SingHealth, Singapore’s health service, which occurred earlier this month. Whatever the case may be, Singapore disconnected SingHealth and other computers in the public healthcare clusters from the Internet to make sure it didn’t happen again.

A lot more happened this week, so check out our homepage or search day-by-day using our calendar function at the top of the page.

With that, we leave you with a very relevant seminal moment in cybersecurity that took place exactly two years ago today:

Be safe and be sane out there!