Monday, February 8, 2021

Digital ID bill to make a comeback — Iranian cyber campaigns uncovered — Reported U.S. phishing attacks rose in 2020

Presented by Tiktok: Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.
Feb 08, 2021 View in browser
 
POLITICO's Weekly Cybersecurity newsletter logo

By Martin Matishak

Presented by Tiktok

With help from Eric Geller

Editor's Note: Weekly Cybersecurity is a weekly version of POLITICO Pro's daily Cybersecurity policy newsletter, Morning Cybersecurity. POLITICO Pro is a policy intelligence platform that combines the news you need with tools you can use to take action on the day's biggest stories. Act on the news with POLITICO Pro.

Quick Fix

— Sponsors of legislation to overhaul how the government handles personal digital identification plan to make a new push.

— A pair of new reports detail some of Iran's malicious online activity, including Tehran's surveillance campaign on its own citizens and a nasty family of malware.

— U.S. organizations on average report experiencing successful phishing attacks far more than others around the globe, according to a new survey,

HAPPY MONDAY and welcome to Morning Cybersecurity! Send your thoughts, feedback and especially tips to mmatishak@politico.com and be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.

 

A message from Tiktok:

TikTok is a place for everyone, from Gen Z to grandparents. This Safer Internet Day, we're focusing on our tools to support parents. That includes our Family Pairing features, which let parents and guardians manage their family's content and privacy settings. Visit our Safety Center to learn more.

 

SHOW ME SOME I.D. — A bipartisan pair of House lawmakers is planning to revive a bill in the coming weeks that would revamp the government's approach to personal digital identification for U.S. citizens. The legislation — dubbed the "Improving Digital Identity Act" — was introduced last year but expired at the end of the 116th Congress without being acted on. Now, the measure's main boosters — Reps. Bill Foster (D-Ill.) and John Katko (R-N.Y.) — intend to reintroduce it in the next four to eight weeks.

"The whole issue of having a secure digital identity for citizens who want it is something that we expect movement on this year, there's just a number of political and technological forces that are converging to force the issue," Foster told your MC author. Those include the implementation of the Real ID enforcement deadline in October and the rise in telehealth services due to the Covid-19 pandemic. "There's just a long list of government uses once you have this ID" that would make the federal government "a leader instead of a laggard," said Foster, a member of the House Financial Services Committee. He said those uses could range from electronic health records to voter identification.

The original legislation called for creating a task force of federal, state and local governments charged with establishing a new standards-based, comprehensive approach to digital identity verification services. It also directed NIST to create a new framework of standards to guide government agencies when providing digital identity verification services and established a DHS grant program for states to upgrade systems used for driver's licenses and other credentials using the NIST guidelines.

The bill "largely focuses on the government part of the problem," according to Foster. And getting the federal government to come up with a new scheme "should be the easiest step" because a majority of Americans already go through electronic confirmation hoops for things like online banking and airport check-ins.

Foster said he was looking for a "strong partner" to introduce a Senate version of the bill, which might result in the measure being altered, but declined to offer names. Speaking at a webinar on Friday, Katko, the top Republican on the House Homeland Security Committee, predicted the legislation would pass the lower chamber and said that he's had "very good discussions" about the bill with Sen. Rob Portman , his Senate counterpart. A Portman spokesperson confirmed that the two had talked about the issue and that the retiring Ohio Republican would review the legislation. "My staff and I are building bridges, not burning them," Katko said. "Bipartisanship's not a dirty word … contrary to what you might see on the news."

 

TRACK THE FIRST 100 DAYS OF THE BIDEN ADMINISTRATION: President Biden's cabinet is getting confirmed, bringing change to agencies and departments across the Executive Branch. From the West Wing to Foggy Bottom, track the first 100 days of the Biden administration with Transition Playbook, our scoop-filled newsletter that chronicles the policies, people, and emerging power centers of the new administration. Subscribe today.

 
 


Iran

TEHRAN UNDER THE MICROSCOPE — Iranian hackers have been casting wide nets in multiple cyber intrusion campaigns, according to the security firm Check Point Software Technologies, which released reports about two operations this morning.

The company's first report analyzes a surveillance campaign against Iranian citizens by a Tehran-linked group tracked by researchers as APT-C-50 . Since 2017, the group that Check Point calls "Domestic Kitten" has targeted victims with its "FurBall" malware, which can steal text messages and call logs, track victims' locations and steal media from their devices, among other features. The group spreads the malware through SMS and Telegram messages. Its 10 distinct campaigns since 2017 have targeted more than 1,200 people and compromised more than 600, with most victims residing in Iran (251), the U.S. (25) and Pakistan (19).

The new report focuses on one of four active APT-C-50 campaigns, dubbed "Hass" in reference to the URL of the hackers' web server. "Hass" spoofs an application for a restaurant in Tehran. Check Point said that another active campaign, nicknamed "mmh," spoofs an app for Islamic State supporters.

Check Point's second report focuses on another Iranian group's "Infy" malware family, which has matured since its 2016 discovery. The report also reveals new second-stage malware, dubbed Tonnerre and Foudre (Thunder and Lightning), which emerged in the first half of 2020 with a new delivery mechanism: an infected document launches a behind-the-scenes process to download the malware as it's being closed. This latest phase of the "Infy" operation, which has its roots in operations as far back as 2007, had far fewer targets than the APT-C-50 activity, with most in Sweden (6), the Netherlands(4) and the U.S. (3).

Foudre is the primary malware, while Tonnerre offers expanded features. Check Point speculated that this reflected a desire to minimize the risk of the more capable Foudre being discovered. "It seems that following a long downtime, the Iranian cyber attackers were able to regroup, fix previous issues and dramatically reinforce their [operational security] activities as well as the technical proficiency and abilities of their tools," researchers wrote.

 

Advertisement Image

 
Report Watch

THE STATE OF THE PHISH IS STRONG — Seventy-four percent of U.S. organizations reported being the victim of a successful phishing attack last year, according to a survey by cybersecurity firm Proofpoint. That figure is 30 percent higher than the global average and a 14 percent increase from 2019, the company's annual State of the Phish report found. Another key takeaway from the survey is that 68 percent of U.S. organizations that fell victim to a ransomware attack paid up, despite expert advice not to.

On the brighter side, 80 percent of organizations reported that security awareness training activities resulted in reductions in phishing targets. The report makes a number of suggestions to better safeguard against attacks, including ways to avoid a "disengaged user base," creating benchmark data points to learn if your organization is headed in the right or wrong direction and exploring ways to associate training with other security initiatives.

 

A message from Tiktok:

TikTok is a place for everyone, from Gen Z to grandparents. This Safer Internet Day, we're focusing on our tools to support parents.

We equip families with a robust set of features and controls to create the TikTok experience that's right for them. Our Family Pairing tools let parents and guardians manage their family's content and privacy settings, such as search and message controls, and screen time management.

We encourage parents to take active roles in their teens' online experience, starting the conversation early about internet safety and privacy.

Visit our Safety Center to learn more about our features.

 
Ransomware

THE MORE YOU KNOW — The National Cyber Investigative Joint Task Force on Friday issued a new ransomware fact sheet designed to better educate the general public about the increasing digital scourge. The document, compiled by an interagency group of subject matter experts from more than 15 different federal agencies, offers a few real world examples of the damage caused by ransomware — particularly Ryuk, which was deployed in a wave of attacks last year that targeted hospitals. The fact sheet also provides tips for preventing an attack and information on who to contact in the event of a ransomware event.

In a statement, the FBI said that while ransomware attacks "impact any industry or organization , the federal government is particularly concerned about ransomware attacks on the networks of police and fire departments; state, local, tribal, and territorial governments; municipalities; hospitals; and other critical infrastructure." The attacks "can delay first responders in responding to emergencies or prevent a hospital from accessing lifesaving equipment. It is imperative these organization [sic] be prepared in the face of the ransomware threat," the agency said.

TWEET OF THE WEEKEND — One of the most interesting conversations to ever happen on Cyber Twitter.

 

THE UNOFFICIAL GUIDE TO OFFICIAL WASHINGTON: February is short month, but there is a lot in store. From the impeachment trial to the Covid relief package to intraparty squabbles, our new Playbook team is on the case. Rachael Bade, Eugene Daniels, Ryan Lizza and Tara Palmeri are canvassing every corner of Washington, bringing you the big stories and scoops you need to know – and the insider nuggets that you want to know – about the new power centers and players. "This town" has changed. And no one covers this town like Playbook. Subscribe to the unofficial guide to official Washington today .

 
 


Quick Bytes

The Election Assistance Commission is poised to approve its first new security standards in 15 years.

NYT: How the U.S. Lost to Hackers.

Hackers published patient information from two U.S. hospital chains in an apparent extortion attempt.

Former CISA chief Chris Krebs urged the U.S. government to take a more aggressive approach to ransomware attacks.

Signal provided a workaround for Iran's ban of the popular messaging app.

Dutch police helped the FBI in disrupting Emotet.

The Pentagon doesn't plan to slow down the rollout of the Cybersecurity Maturity Model Certification program.

That's all for today.

Stay in touch with the whole team: Eric Geller (egeller@politico.com, @ericgeller); Bob King (bking@politico.com, @bkingdc); Martin Matishak (mmatishak@politico.com, @martinmatishak); and Heidi Vogt (hvogt@politico.com, @heidivogt).

 

Follow us on Twitter

Heidi Vogt @HeidiVogt

Eric Geller @ericgeller

Martin Matishak @martinmatishak

 

Follow us

Follow us on Facebook Follow us on Twitter Follow us on Instagram Listen on Apple Podcast
 

To change your alert settings, please log in at https://www.politico.com/_login?base=https%3A%2F%2Fwww.politico.com/settings

This email was sent to edwardlorilla1986.paxforex@blogger.com by: POLITICO, LLC 1000 Wilson Blvd. Arlington, VA, 22209, USA

Please click here and follow the steps to unsubscribe.

No comments:

Post a Comment

7 Best Stocks for the Next 30 Days

Free from Zacks Investment Research  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌...