Monday, February 22, 2021

Massive week for cybersecurity on the Hill — SCOOP: Obama vet fills key DHS role — Chinese hackers clone NSA cyber weapon

Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.
Feb 22, 2021 View in browser
 
POLITICO's Weekly Cybersecurity newsletter logo

By Martin Matishak

With help from Eric Geller

Editor's Note: Weekly Cybersecurity is a weekly version of POLITICO Pro's daily Cybersecurity policy newsletter, Morning Cybersecurity. POLITICO Pro is a policy intelligence platform that combines the news you need with tools you can use to take action on the day's biggest stories. Act on the news with POLITICO Pro.

Quick Fix

— It will be a busy week in Congress for cyber-related issues, with major hearings and the key mark up of legislation on the schedule.

— FIRST IN MC: Jake Braun, a co-founder of DEF CON Voting Machine Hacking Village, has started work in the DHS office that's responsible for the agency's IT systems.

— A Chinese hacking group was able to replicate and utilize an NSA hacking tool well before it leaked publicly, new research claims.

HAPPY MONDAY and welcome to Morning Cybersecurity! Send your thoughts, feedback and especially tips to mmatishak@politico.com and be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.

CYBER TAKES THE HILL — By the end of the week we may know more about the massive SolarWinds compromise, how the likely next director of the country's premier intelligence agency views digital security issues and the possible future of cybersecurity at the State Department in what will be a jam-packed couple of days on Capitol Hill.

The Senate Intelligence Committee on Tuesday will hold the first public congressional hearing on the SolarWinds hack. The panel previously received a closed-door briefing about the incident from the NSA, the FBI, CISA and ODNI, and held an informal session with FireEye CEO Kevin Mandia, whose company discovered the compromise.

Mandia will appear before the committee again tomorrow, along with Sudhakar Ramakrishna, the president and CEO of SolarWinds; Brad Smith, the president of Microsoft (the tech giant last week disclosed that the SolarWinds hackers explored the source code for company's cloud computing and email services); and George Kurtz, the president and CEO of Crowdstrike, which the U.S. Treasury Department reportedly hired to investigate the breach of dozens of email accounts of top agency officials. Last week, White House national security adviser Jake Sullivan said the Biden administration's response to the historic breach would come within "weeks."

The Intelligence committee will gavel in again on Wednesday to hold a confirmation hearing for William Burns to be the next director of the CIA. Across his 33-year career in U.S. foreign policy, Burns held senior roles at the State Department under multiple administrations, most recently as former President Barack Obama's deputy secretary of State. He also served as under secretary of State for political affairs from 2008-2011 and U.S. ambassador to Russia from 2005-2008. Look for Burns to field questions about SolarWinds, Russian election interference and the malicious digital activities of countries like Iran, North Korea and China.

On Thursday, the House Foreign Affairs Committee will mark up the revived Cyber Diplomacy Act. The legislation would create a high-level Office of Cyber Issues at the State Department, headed by an official with the rank of ambassador. The House approved the measure by voice vote in the last Congress, but the Senate never took it up, so it expired. Democratic lawmakers were wary of the State Department creating a new cyber diplomacy bureau in the final days of the Trump administration. The Government Accountability Office and some former officials have raised concerns about the plan, arguing it fails to coordinate the full spectrum of digital issues.

Department of Homeland Security

FIRST IN MC: KEY DHS POST FILLED — Jake Braun, the executive director of the University of Chicago's Cyber Policy Initiative, has joined DHS as the senior advisor to the agency's Management Directorate, Eric reports. Braun previously served as the DHS liaison to the White House during the Obama administration. More recently, he co-founded the DEF CON Voting Machine Hacking Village — where hackers and researchers were able to get hands-on experience cracking into voting machines — and co-founded and served as the CEO of Cambridge Global Advisors, a national security consulting firm.

The DHS Management Directorate may not be as well known as CISA, it does have a diverse range of responsibilities, such as oversight of the agency's IT systems — the office of the DHS CIO resides within the organization — budget and the biometric identification services, according to a department fact sheet.

 

NEW - "THE RECAST" NEWSLETTER: Power dynamics are changing. "Influence" is changing. More people are demanding a seat at the table, insisting that all politics is personal and not all policy is equitable. "The Recast" is our new twice-weekly newsletter that breaks down how race and identity are recasting politics, policy and power in America. And POLITICO is recasting how we report on this crucial intersection, bringing you fresh insights, scoops, dispatches from across the country and new voices that challenge "business as usual." Don't miss out on this important new newsletter, SUBSCRIBE NOW. Thank you to our sponsor, Intel.

 
 
China

ORIGIN UNKNOWN — Chinese government operatives based one of their sophisticated hacking tools on an NSA weapon long before many of the agency's files leaked to the public, the security firm Check Point Software Technologies said in a report out today. The sophisticated attack tool — a zero-day exploit — which could have let hackers gain increased privileges on a victim computer and carry out more damaging activities, "was replicated based on an Equation Group exploit for the same vulnerability that the [Chinese group] was able to access," researchers wrote, using the security community's nickname for an NSA-linked team. "This means that an Equation Group exploit was eventually used by a Chinese-affiliated group, probably against American targets."

The exploit in question is part of a broader attack toolkit that has been traced as far back as 2013, Check Point said. China copied this particular exploit in 2014 and began using its version, known as "Jian," in 2015. Microsoft quietly patched the underlying vulnerability in May 2017, one month after still-unknown hackers leaked a treasure trove of NSA hacking tools, one of which helped power a devastating global malware outbreak.

The Chinese team that duplicated the NSA exploit is APT 31, also known as Zirconium. Google and Microsoft have both said that APT 31 tried to hack presidential campaign staffers and leading international affairs and foreign policy experts during the 2020 presidential election, including senior members of Joe Biden's campaign and a former Trump administration official.

Chinese hackers have copied NSA tools in the past, but seemingly only by capturing network traffic between victim machines and NSA servers that allowed them to reconstruct the files. In this case, however, Check Point believes that APT 31 obtained the NSA files directly, either during an NSA cyberattack on a server to which APT 31 had access or during the group's own cyberattack on an NSA server.

Report Roundup

NEW DATA ON PANDEMIC PHISHING, OTHER THREATS — Nearly 80 percent of cyberattacks in 2020 came from criminal groups, compared to roughly 20 percent that came from more sophisticated state-sponsored actors, CrowdStrike said in a report out this morning . That compares to a slightly less lopsided split in 2019, when 69 percent of attacks came from criminals and 31 percent came from nation-states. At the same time, CrowdStrike said, "the overall numbers of both targeted and [criminal] intrusions are significantly larger [in 2020] than in 2019."

The security firm's 2021 global threat report documented three types of targeted, nation-state cyber intrusions in 2020 that exploited the coronavirus pandemic. North Korean, Vietnamese and Chinese government hackers mentioned Covid-19 in their phishing lures; Russian, Iranian and North Korean operatives targeted health-care organizations; and Vietnamese and Iranian groups targeted government agencies responding to the pandemic.

Hospitals and other health-care companies have become top ransomware targets as they face new pressure from the pandemic , but CrowdStrike found that some ransomware operators targeted them more than others in 2020. Conti and Maze infections in the health-care sector dwarfed those of all other ransomware variants, according to the company's data. Netwalker, Revil and Ryuk made up the second tier.

FAKE IT TIL YOU MAKE IT — Corporations were increasingly worried about cyberattacks from nation-states even before the sprawling SolarWinds breach was uncovered, according to a survey out today from the Cybersecurity Tech Accord . The study — conducted with the Economist Intelligence Unit between November and December 2020— found that "nation-state incursions that steal, destroy or damage information, or that spy on or embarrass their targets, are a growing concern among policymakers and corporate executives alike, with more countries facing accusations of either conducting or sponsoring such attacks."

Specifically, the survey found that firms' confidence in their ability to handle nation-state threats "may be overstated" and that corporate concerns about digital attacks have expanded beyond financial worries to include the targeting of confidential company information. The coronavirus pandemic has also led to more opportunities for malicious actors to go after corporate targets in the vaccine race. However, there seems to be more of an appetite for the private and public sectors to work together to address what many experts see as an ad-hoc, company-to-company approach.

In Congress

SENATE COMMERCE REBOOT — The Senate Commerce Committee on Friday reorganized its subcommittee structure and announced new subpanel chairs. The Consumer Protection, Product Safety, and Data Security Subcommittee replaced the Security Subcommittee and will have jurisdiction over cybersecurity and data privacy.

The new panel will be helmed by Sen. Richard Blumenthal (D-Conn.) while Sen. Marsha Blackburn (Tenn.) will be the panel's top Republican. "The pandemic has posed dangerous new threats of consumer abuse—scams and con artists preying on fears and hopes," Blumenthal said in a statement, adding consumers "are increasingly vulnerable to Big Tech's egregious exploitation of user data."

 

JOIN US TUESDAY TO MEET THE FRESHMEN: The freshman class of the 117th Congress took office just three days before an armed mob stormed Capitol Hill and in the middle of a once per century pandemic, making its first month in office just a bit different from any previous class. Join POLITICO for "Red, Fresh and Blue," featuring live interviews with newly elected members of Congress from both sides of the aisle. Huddle newsletter author Olivia Beavers will moderate back-to-back live interviews with Rep. Michelle Steel (R-Calif.) and Rep. Carolyn Bourdeaux (D-Ga.). REGISTER HERE.

 
 
People on the Move

John Costello, who until last month served as deputy assistant secretary of commerce for intelligence and security, announced he is joining the Center for a New American Security as an adjunct senior fellow in the Technology and National Security Program.

TWEET OF THE WEEKEND — Not again!

Quick Bytes

Kroger said the personal information of some of its pharmacy and clinic customers may have been pilfered in a hack of a third-party vendor.

NATO and North Macedonia signed a memorandum of understanding on cyber defense.

A Nigerian Instagram star conspired with North Korean hackers to steal more than $1.3 billion from U.S. companies and banks.

The Pentagon expects to release its first request for proposals with new digital security requirements next month.

New questions are being raised about India's hacking ecosystem.

The head of CISA said the agency's new global initiative will help support the State Department.

That's all for today.

Stay in touch with the whole team: Eric Geller (egeller@politico.com, @ericgeller); Bob King (bking@politico.com, @bkingdc); Martin Matishak (mmatishak@politico.com, @martinmatishak); and Heidi Vogt (hvogt@politico.com, @heidivogt).

 

Follow us on Twitter

Heidi Vogt @HeidiVogt

Eric Geller @ericgeller

Martin Matishak @martinmatishak

 

Follow us

Follow us on Facebook Follow us on Twitter Follow us on Instagram Listen on Apple Podcast
 

To change your alert settings, please log in at https://www.politico.com/_login?base=https%3A%2F%2Fwww.politico.com/settings

This email was sent to edwardlorilla1986.paxforex@blogger.com by: POLITICO, LLC 1000 Wilson Blvd. Arlington, VA, 22209, USA

Please click here and follow the steps to unsubscribe.

No comments:

Post a Comment

Seasonal Affective Disorder

Seasonal affective disorder (SAD) is a type of depression with a recurring seasonal pattern ...