Russian spies, North Korean spies, Swedish DDoSers and some stupid things people said and did.
Another week and more news of hacks, cyber attacks and politicians that don’t understand encryption trying to regulate encryption. In short, it’s been another run-of-the-mill week as far as the cyber security community is concerned.
After taking a week off, your weekly cyber security news roundup is back. Remember, these aren’t necessarily the top stories, per se. They’re the most interesting. In our opinion. Which we realize is very subjective. At any rate, we have news about Kaspersky, North Korean hacking, Swedish DDoS and Rod Rosenstein’s misguided comments from Tuesday.
Russians May Have Used Kaspersky to Spy
Kaspersky, one of the largest cyber security companies in the world, has been in the news a lot lately. Aspersions were cast about the firm’s trustworthiness as a result of its location in Russia and its cozy relationship with Russia’s government. Recently a US congresswoman has proposed the government rid itself of any Kaspersky software. And then on Tuesday a bombshell report came out that Russians may have weaponized Kaspersky software to spy on US assets. As Matthew Green writes at Slate, this is why we need strong encryption.
US Attorney General calls for Weak Encryption
Instead of using the Kaspersky news as further evidence to bolster the case FOR encryption. On the same day, Attorney General Rod Rosenstein called for “responsible” (read: breakable) encryption. Rosenstein has a very narrow use case in mind when he calls for weakening encryption in toto. Because the US government can’t break encryption on a messenger service to read the messages of potential terrorists they want a more breakable civilian version of encryption deployed everywhere. It’s the type of argument that we’re all dumber for having heard. And it’s coming from the US government.
Equifax hacked… again!
Speaking of stupid, Equifax continues to suffer embarrassing press as a result of issued with its cyber security. This time, hackers were able to compromise a third-party vendor and distribute malware on Equifax’s website. Equifax was quick to distance itself from the incident, claiming that it had no control over the third-party vendor’s security, but this is still more bad press for the company. Most people won’t read past the headlines. Once again Equifax is in the news for the wrong reasons.
[Source: Market Watch]
North Korean theft of 235 GB shows country’s digital sophistication
Interesting story on Vox about how North Korean hackers managed to infiltrate the South Korean Defense Integrated Data Center and steal 235 GBs of classified information about the US and South Korean Military. This included plans to assassinate North Korean leader Kim Jong Un, and a planned response for a possible North Korean invasion. Despite our constant focus on North Korean as a rogue nuclear state, it has developed into a cyberpower. It employs sophisticated malware and espionage tactics. It’s a formidable enemy. We would be wise to focus on our digital security because North Korea’s biggest provocations could come there.
DDoS Takes down Swedish Transport Agencies
The websites of a pair of Swedish Transport Agencies recently came under attack. Hackers DDoSed the sites, causing some trains to be delayed on one of the days. All in all, the attacks don’t amount to much in this instance, but they serve to illustrate a larger point. Critical infrastructure is vulnerable. And as more and more devices and machines come online, there are going to be more and more attack vectors to exploit. It’s time to get serious about shoring up IoT defenses as well as bulking up our security implementations around critical infrastructure.
[Source: Hack Read]
Here’s what we Hashed Out this week
- US AG issues ignorant call for “responsible” encryption (opinion)
- The most effective phishing emails create a sense of urgency
- 70% of US Employees don’t know basic cyber security best practices
- Artificial intelligence and Cyber Security: An Introduction (part 1)