With help from Eric Geller, Martin Matishak and Laurens Cerulus
Editors Note: Morning Cybersecurity is a free version of POLITICO Pro Cybersecuritys morning newsletter, which is delivered to our subscribers each morning at 6 a.m. The POLITICO Pro platform combines the news you need with tools you can use to take action on the days biggest stories. Act on the news with POLITICO Pro.
Coronavirus-themed cyberattacks show no sign of slowing, as federal agencies and companies explore whos vulnerable and whos responsible.
MC exclusive: An examination of cyber-related sanctions and indictments showed disparities across U.S. administrations and nations.
The NSA and an Australian spy agency warned about a kind of attack thats on the rise.
A message from Global Strategy Group:
What do Americans expect from corporate leaders as they respond to COVID-19? Who do they trust most? How and whether companies respond will have a lasting impact on their reputationand their bottom line. Download the full report here.
HAPPY THURSDAY and welcome to Morning Cybersecurity! Russian Doll was great but your MC host isnt sure what to make of this. Send your thoughts, feedback and especially tips to [emailprotected]. Be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
POLITICO Pro is here to help you navigate these unprecedented times. Check out our new Covid-19 Coverage Roundup, which provides a daily summary of top Covid-19 news coverage from across all 16 federal policy verticals as well as premium content, such as DataPoint graphics. Please sign up at our settings page to receive this unique roundup sent directly to your inbox every weekday afternoon.
Sign up for POLITICO Nightly: Coronavirus Special Edition, your daily update on how the illness is affecting politics, markets, public health and more.
EVER-EXPANDING Months into the Covid-19 crisis, were still learning more each day about the scope and innovation in coronavirus-themed attacks via the government agencies and tech companies fighting off the hackers.
IBM on pace and vulnerabilities: IBM says it has seen a 6,000 percent increase in Covid-19 spam from mid-March to mid-April. It also released a study today that suggests small-business owners and consumers could be the most vulnerable to scams where cyber criminals masquerade as the government. More than a third of those polled by IBM and Morning Consult said they expect emails from the IRS, despite years of the IRS and others warning that the agency wouldnt email anyone about their tax filings; over half said they would click on links or attachments in emails about stimulus checks. And just 14 percent of small-business owners said they felt very knowledgeable about relief loans. Palo Alto Networks also provided some figures on coronavirus-related scams Wednesday.
DOJ on takedowns, Google on nation-state hacking: DOJ said Wednesday that law enforcement, cybersecurity companies and website operators have taken down hundreds of domains that were using the coronavirus crisis for fraud. Not coincidentally, some of the ones identified by the FBI mimicked the IRS relief payment portal. And, according to Google, federal employees have been targets themselves of coronavirus-themed phishing campaigns orchestrated by hackers backed by other nations; in total, more than a dozen such hacking groups have launched attacks that use Covid-19.
FireEye on Vietnam: Hackers linked to the Vietnamese government have been spear-phishing Chinese government agencies in an apparent effort to understand Beijings handling of the coronavirus pandemic, FireEye researchers said Wednesday. The malicious emails went to China's Ministry of Emergency Management and the municipal government in Wuhan, where the virus first emerged, according to FireEye, which attributed the activity to the Vietnam-linked group APT32. While targeting of East Asia is consistent with the activity weve previously reported on APT32, the researchers wrote, this incident, and other publicly reported intrusions, are part of a global increase in cyber espionage related to the crisis, carried out by states desperately seeking solutions and nonpublic information.
The spear-phishing campaign, which seems to have begun in early January, uses virus-related lures to entice victims into opening the infected attachments, which then deploy the Metaljack malware payload. FireEye spotted the same malware and command-and-control server in a phishing campaign in December likely targeting Southeast Asian countries.
The first malicious email that FireEye caught was dated Jan. 6, one week before Thailand reported the first infection outside China. Vietnam was [very] quick to respond to early reports of the disease, Reuters reporter Jack Stubbs pointed out. Maybe now we have an idea why. Vietnam has reported fewer than 300 coronavirus cases and no deaths.
FIRST IN MC: CYBER SANCTIONS AND INDICTMENTS The Trump administration in its first term has been far more aggressive in issuing cyber-related sanctions and indictments against China, Iran, North Korea and Russia than the Obama administration in its second term, according to an analysis and infographic out today from the Foundation for Defense of Democracies. President Donald Trump has issued 106 indictments and 110 sanctions, compared to 28 and five, respectively, from President Barack Obama from 2013 to 2016, the think tank found.
Across both administrations, the number of sanctions and indictments are applied inconsistently across nations. While North Korea is behind larger and more destructive attacks than Iran, North Korea has endured six total indictments and sanctions to Irans 30, the analysis and infographic concluded. Authors Trevor Logan and Pavak Patel explained that might be because North Korean hackers are more closely affiliated with their governments, whereas Iranian hackers arent exclusively loyal and therefore easier to name.
China more often faces indictments than sanctions. Logan and Patel wrote that may indicate that the United States is reluctant to issue sanctions against malicious Chinese actors due to the fear of escalation or economic retaliation against American companies. In contrast, the relative weakness of the Iranian, North Korean, and Russian economies means that Washington can act more freely without fear of blowback.
MALWARE IN A HALF SHELL The NSA and its Australian counterpart on Wednesday issued guidelines for detecting and defending against so-called shell malware, a tactic hackers are increasingly using in their operations. Web shells provide attackers with persistent access to a compromised network using communication channels disguised to blend in with legitimate traffic, the notice from NSA and the Australian Signals Directorate explained. The intelligence organizations suggested a defense-in-depth approach using multiple detection capabilities as the best way to both uncover and prevent the malware from wreaking havoc on systems, as well as tips on how to recover from such an attack. A critical focus once a web shell is discovered should be on how far the attacker penetrated within the network.
A message from Global Strategy Group:
New research from Global Strategy Group reveals the opportunities and risks facing corporate leaders as they respond to COVID-19.
A majority of Americans expect the private sector to play a major role, and people trust corporate leadership more than the White House.
But CEOs need to buck the existing perception that they are too focused on their bottom line and not enough on their employees.
Americans trust corporations in this moment and corporations can and must deliver. Companies will be defined later by what they do now, and the reputational costs could be high.
Download the full report today.
WHOS ZOOMING WHO Zoom announced stronger encryption and an array of additional security measures for version 5.0 of the video conferencing platform it rolled out on Wednesday. From our network to our feature set to our user experience, everything is being put through rigorous scrutiny, said Oded Gal, chief product officer of the company.
CZECHS TO WORLD: STOP ATTACKING HOSPITALS From our friends at POLITICO Europes Cyber Insights: The Czech Republic wants all countries around the world to pledge not to launch cyberattacks on hospitals and medical facilities. Thats according to its written feedback on a draft report on international norms for cybersecurity from the U.N.s Open-ended Working Group.
The rising number of cyberattacks on medical facilities worldwide reinforce the need for coordinated global action to protect [the] public health care sector from malicious ICT activities, the Czech proposal reads. Specifically, it wants the OEWG to endorse the idea to add medical services and medical facilities to a list of things that states are barred from attacking, as laid out in the U.N.s landmark 2015 deal on cyber norms.
Czech hospitals have been the targets of cyberattacks in the past month, and last week its government warned of more attacks, prompting the U.S. to threaten hackers with consequences.
Russias feedback for the draft said the application of international humanitarian law should be applied only in the context of a military conflict while currently the ICTs [information and communications technologies] do not fit the definition of a weapon. Moscow also slammed the mention of political attribution of cyberattacks, adding the report artificially exaggerated the importance of having NGOs and civil rights groups engage with the U.N. OEWG.
Member states feedback on the OEWGs draft report can be found here. Heres security researcher Lukasz Olejniks Twitter thread analyzing the papers.
TWEET OF THE DAY Only sharing this because of the good dog.
Alston & Bird announced a Women in Cyber network co-directed by partners Kim Peretti, co-leader of Alston & Birds cybersecurity preparedness and response team, and Amy Mushahwar, member of the firms privacy and data security and cybersecurity preparedness and response teams. Associates Emily Poole and Alysa Austin will support them.
The networks advisory board includes Jeannie McCarver, senior vice president for cybersecurity at U.S. Bank; Tracey Scraba, chief privacy officer at CVS Health; and Jennifer Martin, global cybersecurity counsel at Verizon Media.
Motherboard: Researchers revealed some iPhone zero day exploits.
ZDNet: Security researcher identifies new APT group mentioned in 2017 Shadow Brokers leak.
NBC News: The leaked data on employees of the World Health Organization and others was likely from previous breaches.
Kaspersky released a survey on corporate security and employee privacy.
The Voting Village's Jake Braun and Synack's Mark Kuhr talked election security.
Good news about the number of ransomware attacks on governments, health care providers and educational organizations in the first quarter, via Emsisoft.
Thats all for today.
Stay in touch with the whole team: Eric Geller ([emailprotected], @ericgeller); Bob King ([emailprotected], @bkingdc); Martin Matishak ([emailprotected], @martinmatishak); and Tim Starks ([emailprotected], @timstarks).
Read more:
The reach of cyberattacks related to Covid-19 - Politico
- WikiLeaks' Julian Assange: NSA critics got lucky because agency had no PR strategy - April 26th, 2014 [April 26th, 2014]
- National Speakers Association New Jersey Chapter NSA - April 26th, 2014 [April 26th, 2014]
- National Security Agency - Wikipedia, the free encyclopedia - April 26th, 2014 [April 26th, 2014]
- NSA - Satu Hari Di Bulan Juni (TULUS) (COVER) - Video - April 26th, 2014 [April 26th, 2014]
- Hong Kong: Protesters blow whistles for NSA whistle blower - Video - April 26th, 2014 [April 26th, 2014]
- An Inside Look at the NSA With Whistleblower William Binney (Part 2 of 2) - Video - April 26th, 2014 [April 26th, 2014]
- UK: China will offer fig leaves to US exposed by NSA leaker - Assange - Video - April 26th, 2014 [April 26th, 2014]
- NSA ~ (Autodidactism) Whistleblowing - Video - April 27th, 2014 [April 27th, 2014]
- Dropping #NSA Knowledge Like a Clumsy Librarian - Video - April 27th, 2014 [April 27th, 2014]
- Full Show: Disband The NSA or; Corruption in the Capitol FO SHIZZLE {aTV002} - Video - April 27th, 2014 [April 27th, 2014]
- NSA DOCUMENTARY SIX YEARS BEFORE SNOWDEN - Video - April 27th, 2014 [April 27th, 2014]
- ShmooCon 2014: The NSA: Capabilities and Countermeasures - Video - April 27th, 2014 [April 27th, 2014]
- NSA Knew Of Heartbleed Bug, Refused To Protect Americans - Video - April 27th, 2014 [April 27th, 2014]
- Former NSA Head To Become Columnist For Conservative Paper To Discuss Intelligence - Video - April 27th, 2014 [April 27th, 2014]
- An Inside Look at the NSA With Whistleblower William Binney (Part 1 of 2) - Video - April 27th, 2014 [April 27th, 2014]
- Keynote Address by Shri Shivshankar Menon, NSA at International Seminar on Kautilya - Video - April 27th, 2014 [April 27th, 2014]
- NSA Wiretapping: A 4th Amendment Violation?: Blake Norvell at TEDxSMU - Video - April 27th, 2014 [April 27th, 2014]
- Hang with Rand: Email Privacy, NSA Spying, and Defending Our Civil Liberties - Video - April 27th, 2014 [April 27th, 2014]
- NSA Surveillance and What To Do About It - Bruce Schneier - Video - April 27th, 2014 [April 27th, 2014]
- READER SUBMITTED: NSA CT April 2014 Meeting - April 28th, 2014 [April 28th, 2014]
- MVI 1847 Obama's NSA Denies FOIA About MH 370! - Video - April 28th, 2014 [April 28th, 2014]
- George Galloway's Sputnik: Ewen MacAskill on Guardian / Edward Snowden NSA leaks (26Apr14) - Video - April 28th, 2014 [April 28th, 2014]
- CIA & NSA DIRECTED ENERGY WEAPON ATTACK ON WHISTLE BLOWER - Video - April 28th, 2014 [April 28th, 2014]
- Book TV - 2014 San Antonio Book Festival: Panel on the NSA, Big Brother, and Democracy - Video - April 28th, 2014 [April 28th, 2014]
- NSA Throwdown: John Oliver v. 60 Minutes - April 29th, 2014 [April 29th, 2014]
- NSA will sit on security vulnerabilities because of terrorism - April 29th, 2014 [April 29th, 2014]
- New water records show NSA Utah Data Center likely behind schedule - April 29th, 2014 [April 29th, 2014]
- MVI 1871 NSA Might Be OnTo Me! - Video - April 29th, 2014 [April 29th, 2014]
- ZyXEL NSA 325 v2 Hands On - Deutsch / German notebooksbilliger.de - Video - April 29th, 2014 [April 29th, 2014]
- German opposition says US should destroy Merkel's NSA file - Video - April 29th, 2014 [April 29th, 2014]
- Germany: NSA spying "unacceptable" says SPD - Video - April 29th, 2014 [April 29th, 2014]
- NSA Surveillance 2 - Video - April 29th, 2014 [April 29th, 2014]
- NSA Surveillance Panel 1 - Video - April 29th, 2014 [April 29th, 2014]
- Chalk Talk How Snowden Breached NSA Security - Video - April 29th, 2014 [April 29th, 2014]
- NSA reveals some cyber security flaws are left secret - April 30th, 2014 [April 30th, 2014]
- NSA data center uses less water than expected - April 30th, 2014 [April 30th, 2014]
- April 2014 Breaking News Do you use Google or Yahoo? NSA Intercepts Google And Yahoo Traffic - Video - April 30th, 2014 [April 30th, 2014]
- Supreme Court could weigh in on NSA case, justice says - May 1st, 2014 [May 1st, 2014]
- New NSA chief: Agency has lost trust - May 1st, 2014 [May 1st, 2014]
- NSA on Heartbleed: 'We're not legally allowed to lie to you' - May 1st, 2014 [May 1st, 2014]
- What's The NSA Doing Now? Training More Cyberwarriors - May 1st, 2014 [May 1st, 2014]
- Anonymous NSA - Video - May 1st, 2014 [May 1st, 2014]
- Cutting off H2O to the NSA - Video - May 1st, 2014 [May 1st, 2014]
- Brazil: Greenwald slams US media, shares tips to avoid NSA - Video - May 1st, 2014 [May 1st, 2014]
- NSA IS TRYINGG 2 KILL ME FAMS - Video - May 1st, 2014 [May 1st, 2014]
- What was more popular on Twitter, NSA, NRA or NBA..today? - Video - May 1st, 2014 [May 1st, 2014]
- CIS111: NSA Uncovered - Video - May 1st, 2014 [May 1st, 2014]
- Views from the Street on NSA Activities and Liberty (6/6) - Video - May 1st, 2014 [May 1st, 2014]
- Views from the Street on NSA Activities and Liberty (4/6) - Video - May 1st, 2014 [May 1st, 2014]
- Views from the Street on NSA Activities and Liberty (3/6) - Video - May 1st, 2014 [May 1st, 2014]
- Views from the Street on NSA Activities and Liberty (2/6) - Video - May 1st, 2014 [May 1st, 2014]
- Views from the Street on NSA Activities and Liberty (1/6) - Video - May 1st, 2014 [May 1st, 2014]
- Germany: NSA may have accidentally outed secret base - Video - May 1st, 2014 [May 1st, 2014]
- ZyXEL NSA 325 v2 Installations-Wizard - Deutsch / German notebooksbilliger.de - Video - May 1st, 2014 [May 1st, 2014]
- Tech firms to increase alerts about police requests for data -- report - May 2nd, 2014 [May 2nd, 2014]
- German Chancellor Angela Merkel visits US, after the NSA eavesdropping scandal - Video - May 2nd, 2014 [May 2nd, 2014]
- NSA spies on more US citizens than Russians Snowden - May 3rd, 2014 [May 3rd, 2014]
- THE NEXT NSA?Police under scrutiny for using spying technology - May 3rd, 2014 [May 3rd, 2014]
- Ukraine and NSA will test Merkel - Video - May 3rd, 2014 [May 3rd, 2014]
- The Latest Attacks On NSA Whistleblower Edward Snowden - Kevin Gosztola Discusses - Video - May 3rd, 2014 [May 3rd, 2014]
- Still Report #246 - NSA Classifies MH370 Material - Video - May 4th, 2014 [May 4th, 2014]
- Code Talker Induction into NSA Hall of Honor - Video - May 4th, 2014 [May 4th, 2014]
- NSA ( National Security Agency ) refusal to release documents on UFO's - Video - May 4th, 2014 [May 4th, 2014]
- Obama & NSA Refuse FOIA Request on Malaysia Flight deemed classified - Video - May 4th, 2014 [May 4th, 2014]
- Kafkawinstons World`s Channel Terminated NSA is replacing Channel`s with Sockpuppet Channel`s - Video - May 4th, 2014 [May 4th, 2014]
- NSA Volunteer Justin Hall at the NSA Comedy Tour February 2014 - Video - May 4th, 2014 [May 4th, 2014]
- Barack Obama on NSA Surveillance I'd Be Concerned Too If I Wasn't in Government - Video - May 4th, 2014 [May 4th, 2014]
- GBPPR Vision #26: Overview of the NSA's TAWDRYYARD Radar Retro-Reflector - Video - May 4th, 2014 [May 4th, 2014]
- NSA proof phone Case - Video - May 5th, 2014 [May 5th, 2014]
- 2014 NSA 2014 Million Dollar Publisher's Lab - Video - May 5th, 2014 [May 5th, 2014]
- Gen. Michael Hayden - the Former Director of NSA and the CIA - Video - May 5th, 2014 [May 5th, 2014]
- REVEALED: Here's The Solution To That Encoded NSA Puzzle Tweet - May 5th, 2014 [May 5th, 2014]
- Michael Hayden's Unwitting Case Against Secret Surveillance - May 5th, 2014 [May 5th, 2014]
- NSA's Encrypted Tweet: We're Hiring Code Breakers - May 5th, 2014 [May 5th, 2014]
- Russ Tice: Life as a NSA Whistleblower - Video - May 5th, 2014 [May 5th, 2014]
- What Is Going on at NSA These Days - Video - May 5th, 2014 [May 5th, 2014]
- What is the Role of the NSA? AFF Dallas Debates - Video - May 5th, 2014 [May 5th, 2014]
- Edward Snowden said CIA , and NSA had 52. 6 Billion for black budget - Video - May 5th, 2014 [May 5th, 2014]
- NSA looks to appeal to young cryptographers through coded ads - May 6th, 2014 [May 6th, 2014]
- Code Cracked: Mysterious NSA Tweet Is Decrypted in Seconds - May 6th, 2014 [May 6th, 2014]