Monday, September 23, 2024

What the frick is Flax?

Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.
Sep 23, 2024 View in browser
 
POLITICO's Weekly Cybersecurity newsletter logo

By Joseph Gedeon

With help from John Sakellariadis and Eric Bazail-Eimil

Driving the day

— Uncovering China’s massive IoT botnet not only shows a shift of tactics and scale but represents a wake-up call about current detection capabilities.

HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! I’ve been hearing a lot of rumblings about the Renaissance Faire happening around the way. It might be time for me to dust off my sword.

Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Find me on X at @JGedeon1 or email me at jgedeon@politico.com. You can also follow @POLITICOPro and @MorningCybersec on X. Full team contact info is below.

Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.

Today's Agenda

U.S. Army Cyber Command Lt. Gen. Maria Barrett and former Deputy National Cyber Director Camille Stewart Gloster are headed to American University for a discussion on international cyber law. 9 a.m.

Deputy Commerce Secretary Don Graves is talking about the department’s efforts on quantum and national security threats at the Center for Strategic and International Studies. 10 a.m.

White House National Cyber Director Harry Coker, Oracle vice president for intelligence and homeland security Jennifer Beatley and CISA branch chief Ashley Pearce are joining the 2024 Cybersecurity Innovation Forum to discuss new approaches and curbing challenges with the cyber workforce. 12:30 p.m.

On the Hill

COLOSSAL SPYING  — Just when we thought we had Volt Typhoon's number, a new player entered the game. Meet Flax Typhoon, a massive Chinese IoT botnet, and it's been lurking in the shadows for years.

"From our perspective, the bigger story is the expansiveness and ridiculous amount of resources that went into building this," Michael Horka, Senior Information Security Engineer at Black Lotus Labs told us at LABScon in Arizona.

— What makes it so special: Flax Typhoon has been operating under the radar for four years. Over time, this massive botnet has been quietly growing, targeting the U.S., Taiwan, and to a lesser extent, Southeast Asia.

The recent disruption of the Raptor Train botnet — linked to Flax Typhoon — showed that at its peak in June 2023, it commanded over 60,000 devices, with an estimated total of 260,000 compromised devices over its four-year reign. But it’s the long-term operation going undetected that’s causing some freak-outs.

— Something else went under the radar: Last week’s Justice Department statement said the company behind the botnet's creation — Beijing-based Integrity Technology Group. Horka notes that while this firm built the botnet, it appears they weren't the ones pulling the strings.

— For those keeping score: Microsoft first reported on Flax Typhoon about a year ago. Their analysis showed a China-based nation-state group targeting dozens of Taiwanese organizations, likely for espionage purposes.

The group's modus operandi? Gaining and maintaining long-term access to networks with minimal malware use, instead relying on built-in OS tools and seemingly innocuous software.

— A couple questions we have: The botnet's approach shows an evolution in tactics designed to evade traditional detection methods. And it leveraged an astounding array of vulnerabilities — about two dozen different exploits targeting various IoT and router devices. That’s otherwise known as a security nightmare.

So what does that mean for current cyber measures, especially in critical infrastructure and the government? And how many more are out there?

"How do you fix a problem like that?" Horka said. “There’s not a good solution.”

Ransomware

IT’S THAT TIME — Ransomware is in the air, but probably for a good reason. This week the White House is gearing up to host the annual Counter Ransomware Initiative later this week — and they are welcoming 18 new countries to the fold.

— What’s new: According to White House deputy national security adviser for cyber and emerging tech, Anne Neuberger, new member countries include Vietnam, Argentina, Morocco, the Philippines, Moldova and Denmark, pushing the total count to 69.

— What’s happening: Watch for two days of discussions, starting with an updated threat briefing and then policy and operations coordination on dealing with disruptions. Capacity building sessions this year will include blockchain analysis and digital forensics, Neuberger tells MC.

On the Hill

VERY DIFFERENT, BUT SAME — Rep. Jim Himes (D-Conn.), ranking member on the House Intelligence Committee, isn't drawing many parallels between the booby-trapped pagers in Lebanon and Syria and concerns about Chinese-made products in U.S. supply chains. But there still are some interconnected security threats.

"This operation that was pulled off with the pagers is probably at the very cutting edge of the very best intelligence services abilities," Himes told your MC host. “But you don't need to break into a warehouse and distract guards and all that sort of thing if you're making cranes or drones in a Chinese facility."

— Ripple effect: Himes noted that while most supply chains are protected against theft, they may not be prepared for more sophisticated threats. Now the attacks that’s led to dozens of people killed and thousands injured could prompt a global supply chain security reassessment.

“Most supply chain elements — warehouses, factories — are protected against theft but most of them don't take the next several steps,” he said. “Which would be to secure a facility against a very dedicated intelligence service."

— Shameless plug: I had some questions about the explosions with POLITICO’s Lara Priluck.

Industry Intel

QUANTUM LEAP — The U.S. government is ramping up efforts to prepare for the looming threat of quantum computing, which could render current encryption methods obsolete. But a new technical report from the Foundation for Defense of Democracies warns that if industry leaders don’t follow pace their encryption methods will soon turn obsolete.

— What comes first: Private sector organizations are being encouraged to develop their own "quantum readiness roadmaps." Key steps, according to the FDD, include:

1. Designating a "quantum champion" to lead preparation efforts.

2. Inventorying all encryption usage.

3. Assessing risks and prioritizing systems for upgrade.

4. Understanding mitigation options.

5. Developing a transition plan.

6. Regularly reviewing and updating said plan.

— The gov is taking a serious look: The report details how recent actions across Washington, from NIST’s post-quantum cryptography standards in August, federal agencies racing to inventory their cryptographic systems and Washington considering the National Quantum Initiative Reauthorization Act, which could send over $100 million annually for quantum tech advancements.

That also includes the White House mandating all federal systems transition to new, quantum-resistant encryption standards by 2035.

The International Scene

SPYWARE PACT — Four more nations on Sunday formally signed on to a U.S.-led pledge to use spyware technology responsibly and take measures to prevent the malicious use of the tech just ahead of the U.N. General Assembly.

— The new guys: Austria, Estonia, Lithuania and the Netherlands have signed on to the Joint Statement on Efforts to Counter the Proliferation and Misuse of Commercial Spyware, bringing the total number of participating countries to 21. This expansion signals growing international alarm over the unchecked spread and abuse of surveillance tech.

The coalition, which started with just 11 members in March 2023, has nearly doubled in size.

— What to know: Top White House and State Department officials led the spyware meeting during the UNGA sidelines on Sunday, according to a White House statement.

The pledge endorses establishing government surveillance guardrails, preventing malicious exports and sharing intelligence on spyware proliferation. And now the U.S. is flexing a $3 million funding commitment aimed to boost civil society advocacy and help governments come up with anti-spyware regulations.

— All in order: The move is part of a larger U.S. effort to crack down on spyware misuse. It follows President Joe Biden's executive order last year limiting federal use of certain spyware technologies and recent visa restrictions on individuals suspected of misusing such tools.

Last week, the State Department announced its taking other steps to impose visa restrictions for individuals who had been involved in the making and selling of commercial spyware.

— What happens next: The Commerce Department is poised to take additional actions against spyware vendors this fall.

QUAD’S UNDER THE SEA — Biden’s Quad summit in Delaware spent a lot of time discussing China and China-related threats to security in the Indo-Pacific. But the leaders of Australia, India, Japan and the U.S. also gave some attention to undersea cable construction.

In the summit joint statement, the leaders pledged they would “continue to support and strengthen quality undersea cable networks in the Indo-Pacific.” And three of the members committed to taking specific actions to help smaller countries in the region.

Australia committed to offering “workshops and policy and regulatory assistance,” while Japan will help build an underwater cable in Nauru and Kiribati. Meanwhile, the U.S said it would push to secure an additional $3.4 million to fund and expand training programs.

Tweet of the Day

Abandon all hope, ye who don’t use MFA, as Dante Alighieri would probably say.

Source: https://x.com/kmcnam1/status/1837760908770382242

X

Quick Bytes

LEARNING THE ROPES? — Check out this cyber glossary from TechCrunch’s Lorenzo Franceschi-Bicchierai and Zack Whittaker.

ON THE LOOKOUT — The Marko Polo gang has launched a massive infostealer malware campaign targeting various demographics and platforms, utilizing multiple distribution methods to spread 50 different malware payloads, resulting in potential financial losses for thousands of victims. BleepingComputer’s Bill Toulas has the details.

LISTEN TO THIS — Artificial Intelligence: Critical Infrastructure or too early to tell? (“Advancing Cyber”)

 

Follow us on Twitter

Heidi Vogt @HeidiVogt

Maggie Miller @magmill95

John Sakellariadis @johnnysaks130

Joseph Gedeon @JGedeon1

 

Follow us

Follow us on Facebook Follow us on Twitter Follow us on Instagram Listen on Apple Podcast
 

To change your alert settings, please log in at https://login.politico.com/?redirect=https%3A%2F%2Fwww.politico.com/settings

This email was sent to edwardlorilla1986.paxforex@blogger.com by: POLITICO, LLC 1000 Wilson Blvd. Arlington, VA, 22209, USA

Unsubscribe | Privacy Policy | Terms of Service

No comments:

Post a Comment

If you have $5, this explosive new investment could change your life

The Oxford Club Special Opportunities  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌...