Tag: APT

Episode 204: Josh Corman of CISA on securing the Vaccine Supply Chain

Posted on by BeAware4lways

Podcast: Play in new window | Download (Duration: 32:32 — 44.7MB) | Embed

Subscribe: Google Podcasts | Email |

In this episode of the podcast (#204) we’re joined by Josh Corman of CISA, the Cybersecurity and Infrastructure Security Agency, to talk about how that agency is working to secure the healthcare sector, in particular vaccine supply chains that have come under attack by nations like Russia, China and North Korea.

Incidents like the Solar Winds hack have focused our attention on the threat posed by nation states like Russia and China, as they look to steal sensitive government and private sector secrets. But in the vital healthcare sector, nation state actors are just one among many threats to the safety and security of networks, data, employees and patients.

Joshua Corman is the Chief Strategist for Healthcare and COVID on the CISA COVID Task Force.
Joshua Corman is the Chief Strategist for Healthcare and COVID on the CISA COVID Task Force.

In recent years, China has made a habit of targeting large health insurers and healthcare providers as it seeks to build what some have described as a “data lake” of U.S. residents that it can mine for intelligence. Criminal ransomware groups have released their malicious wares on the networks of hospitals, crippling their ability to deliver vital services to patients and – more recently – nation state actors like North Korea, China and Russia have gone phishing – with a “ph” – for information on cutting edge vaccine research related to COVID 19.

How is the U.S. government responding to this array of threats? In this episode of the podcast, we’re bringing you an exclusive interview with Josh Corman, the Chief Strategist for Healthcare and COVID for the COVID Task Force at CISA, Cybersecurity and Infrastructure Security Agency.

Cryptocurrency Exchanges, Students Targets of North Korea Hackers

In this interview, Josh and I talk about the scramble within CISA to secure a global vaccine supply chain in the midst of a global pandemic. Among other things, Josh talks about the work CISA has done in the last year to identify and shore up the cyber security of vital vaccine supply chain partners – from small biotech firms that produce discrete but vital components needed to produce vaccines to dry ice manufacturers whose product is needed to transport and store vaccines.

Episode 194: What Happened To All The Election Hacks?

To start off I asked Josh to talk about CISA’s unique role in securing vaccines and how the Federal Government’s newest agency works with other stake holders from the FBI to the FDA to address widespread cyber threats.

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloudStitcherRadio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

Episode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware!

Posted on by BeAware4lways

Podcast: Play in new window | Download (Duration: 40:58 — 56.3MB) | Embed

Subscribe: Google Podcasts | Email |

In this episode of the podcast (#197), sponsored by LastPass, former U.S. CISO General Greg Touhill joins us to talk about news of a vast hack of U.S. government networks, purportedly by actors affiliated with Russia. In our second segment, with online crime and fraud surging, Katie Petrillo of LastPass joins us to talk about how holiday shoppers can protect themselves – and their data – from cyber criminals.

Every day this week has brought new revelations about the hack of U.S. Government networks by sophisticated cyber adversaries believed to be working for the Government of Russia. And each revelation, it seems, is worse than the one before – about a purported compromise of US government networks by Russian government hackers. As of Thursday, the U.S. Cyber Security and Infrastructure Security Agency CISA was dispensing with niceties, warning that it had determined that the Russian hackers “poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations”

The incident recalls another from the not-distant past: the devastating compromise of the Government’s Office of Personnel Management in 2014- an attack attributed to adversaries from China that exposed the government’s personnel records – some of its most sensitive data – to a foreign power. 

Do Cities deserve Federal Disaster Aid after Cyber Attacks?

Now this attack, which is so big it is hard to know what to call it. Unlike the 2014 incident it isn’t limited to a single federal agency. In fact, it isn’t even limited to the federal government: state, local and tribal governments have likely been affected, in addition to hundreds or thousands of private firms including Microsoft, which acknowledged Thursday that it had found instances of the software compromised by the Russians, the SolarWinds Orion product, in its environment. 

Former Brigadier General Greg Touhill is the President of Federal Group at the firm AppGate.

How did we get it so wrong? According to our guest this week, the failures were everywhere. Calls for change following OPM fell on deaf ears in Congress. But the government also failed to properly assess new risks – such as software supply chain attacks – as it deployed new applications and computing models. 

U.S. sanctions Russian companies, individuals over cyber attacks

Greg Touhill, is the President of the Federal Group of secure infrastructure company AppGate. he currently serves as a faculty member of Carnegie Mellon University’s Heinz College. In a prior life, Greg was a Brigadier General Greg Touhill and  the first Federal Chief Information Security Officer of the United States government. 

U.S. Customs Data Breach Is Latest 3rd-Party Risk, Privacy Disaster

In this conversation, General Touhill and I talk about the hack of the US government that has come to light, which he calls a “five alarm fire.” We also discuss the failures of policy and practice that led up to it and what the government can do to set itself on a new path. The federal government has suffered “paralysis through analysis” as it wrestled with the need to change its approach to security from outdated notions of a “hardened perimeter” and keeping adversaries out. “We’ve got to change our approach,” Touhill said.

The malls may be mostly empty this holiday season, but the Amazon trucks come and go with a shocking regularity. In pandemic plagued America, e-commerce has quickly supplanted brick and mortar stores as the go-to for consumers wary of catching a potentially fatal virus. 

(*) Disclosure: This podcast was sponsored by LastPass, a LogMeIn brand. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloudStitcherRadio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

Episode 196: Building the Case Against Sandworm with Cisco Talos

Posted on by BeAware4lways

Podcast: Play in new window | Download (Duration: 38:59 — 53.5MB) | Embed

Subscribe: Google Podcasts | Email |

The Department of Justice in October announced charges against six men believed to work for the Russian GRU and linked to some of the most sinister cyber attacks of the last decade including the NotPetya malware and attacks on the government of Ukraine. In this podcast we talk to two men who helped build the DOJ’s case: Cisco’s Matt Olney, the Director of Talos Threat Intelligence and Interdiction and Craig Williams, the Talos Director of Outreach about the case against the Russian actors and what companies can do to defend themselves.

The news this week was that FireEye, one of the U.S.’s most prominent cyber security firms, had itself become a victim of a cyber crime. The likely suspects: state-sponsored hackers working on behalf of the Government of Russia.

Now, according to reports, Russian hacking groups may have access to FireEye’s custom “red team” tools for testing client’s defenses or identifying malicious activity. That’s a possible bounty for Russian state-sponsored crews like so-called “Cozy Bear,” or APT 29, which are already among the most feared cyber adversaries in the world.

But just because Russian hacking groups act often act with impunity doesn’t mean they’re invisible – or even unknowable. In fact, it was just a few weeks ago – on October 15 – that the U.S. Justice Department named six officers of Russia’s GRU in connection with a string of high profile hacks and cyber attacks including the NotPetya malware and attacks on the government of Ukraine and on the 2018 PyeongChang Winter Olympic games.

The men were believed to be part of state-sponsored hacking groups with names like “Sandworm Team,” “Telebots,” “Voodoo Bear,” and “Iron Viking,” according to a statement by the DOJ.

How did the U.S. Justice Department follow the tracks from those amorphous attacks to six, Russian men? Our guests this week were among those working behind the scenes to make sense of those attacks and help understand what happened and who was behind them.

Talos had a front row seat in a number of the incidents mentioned in the Department of Justice report, including the NotPetya outbreak , the attacks on Ukraine and the campaign against the 2018 olympics. Craig and Matt joined me in the Security Ledger studio to talk about the DOJ announcement and what goes into the project of identifying and charging foreign hacking groups. We also talk about what it takes to stop and even catch a Russian APT group, and what companies can do to protect themselves from the world’s most elite offensive hackers.

Episode 194: What Happened To All The Election Hacks?

Posted on by BeAware4lways

Podcast: Play in new window | Download (Duration: 33:24 — 45.9MB) | Embed

Subscribe: Android | Email | Google Podcasts |

Today marks two weeks since Election Day 2020 in the U.S., when tens of millions went to the polls on top of the tens of millions who had voted early or by mail in the weeks leading up to November 3.

The whole affair was expected to be a hot mess of suffrage, what with a closely divided public and access to the world’s most powerful office hung on the outcome of voting in a few, key districts sprinkled across a handful of states. Election attacks seemed a foregone conclusion.

Election Attack, Anyone?

Memories of the 2016 Presidential contest are still fresh in the minds of U.S. voters. During that contest, stealthy disinformation operations linked to Russia’s Internet Research Agency are believed to have swayed the vote in a few, key states, helping to hand the election to GOP upstart Donald Trump by a few thousands of votes spread across four states.

Listen: Russian Hacking and the Future of Cyber Conflict

Adam Meyers CrowdStrike
Adam Meyers is the Vice President of Threat intelligence at the firm Crowdstrike.

In 2020, with social media networks like Facebook more powerful than ever and the geopolitical fortunes of global powers like China and Russia hanging in the balance, it was a foregone conclusion that this year’s U.S. election would see one or more cyber incidents grab headlines and – just maybe- play a part in the final outcome.  

But two weeks and more than 140 million votes later, wild conspiracy theories about vote tampering are rampant in right wing media. But predictions of cyber attacks on the U.S. presidential election have fallen flat.

From Russia with…Indifference?

So what happened? Did Russia, China and Iran decide to sit this one our, or were planned attacks stopped in their tracks? And what about the expected plague of ransomware? Did budget and talent constrained local governments manage to do just enough right to keep cyber criminals and nation state actors at bay? 

Allan Liska is a Threat Intelligence Analyst at the firm Recorded Future,

To find out we invited two experts who have been following election security closely into the Security Ledger studios to talk.

Allan Liska is a Threat Intelligence Analyst at the firm Recorded Future, which has been monitoring the cyber underground for threats to elections systems.

Joining Allan is a frequent Security Ledger podcast guest: Adam Meyers the Senior Vice President of Threat Intelligence at the firm Crowdstrike back into the studio as well. Crowdstrike investigated the 2016 attack on the Hillary Clinton presidential campaign and closely monitors a wide range of cyber criminal and nation state groups that have been linked to attacks on campaigns and elections infrastructure. 

To start out I asked both guests – given the anticipation of hacks targeting the US election – what happened – or didn’t happen – in 2020. 

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloudStitcherRadio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

As Election Day Nears, Kremlin Leans on Hackers-for-Hire

Posted on by BeAware4lways
Keyboard to the internet

The DOJ indicted a Russian national for his role in “Project Lakhta,” a campaign to undermine the U.S. election…and mine some cryptocurrency along the way. It is the latest evidence of Russia’s willingness to use cyber criminals to conduct state-sponsored espionage.

A global pandemic, mass social unrest, economic crisis, and a divisive presidential election: there is no better time for Russia to be chumming the waters for political mayhem. And, if a newly released indictment is any indication, that’s exactly what experts say is happening.

With a little over fifty days until election day, the U.S. Department of Justice (DOJ) on Thursday charged Artem Mikhaylovich Lifshits, a Russian national, for his alleged role in a conspiracy to use the stolen identities of U.S. persons to open fraudulent accounts at banking and cryptocurrency exchanges.

Report: China, Like Russia, Uses Social Media to Sway U.S. Public Opinion

Lifshits was a part of “Project Lakhta,” a Russia-based campaign of political and electoral interference operations that dates to 2014. The project encompasses a range of activities including the Internet Research Agency (IRA), which gained notoriety for disinformation campaigns around the 2016 U.S. presidential election.

Project Lakhta Endures

According to the court document, Project Lakhta’s stated goal is to “disrupt the democratic process and spread distrust towards candidates for political office and the political system in genera disrupt the democratic process and spread distrust towards candidates for political office and the political system in general.”

Feds, Facebook Join Forces to Prevent Mid-Term Election Fraud

Lifshits worked as a manager of The Translator Department, which directed Project Lakhta’s influence operations – operations that are still ongoing, according to G. Zachary Terwilliger, U.S. Attorney for the Eastern District of Virginia.

“This case demonstrates that federal law enforcement will work aggressively to investigate and hold accountable cyber criminals located in Russia and other countries, which serve as safe-havens for this type of criminal activity,” Terwilliger said in a statement.

“Lifshits participated in this fraud in order to further Project Lakhta’s malign influence goals and for his own personal enrichment,” said Assistant Attorney General for National Security John C. Demers in a statement.

As Cybercrooks Specialize, More Snooping, Less Smash and Grab

Lifshits is just the latest Russian national indicted for crimes linked to foreign interference in U.S. domestic politics. Thirteen members of the Internet Research Agency were indicted in 2018 for influence campaigns as part of Robert Meuller’s probe into Russian activities in the 2016 election. Given Russia doesn’t extradite its citizens to the US, legal maneuvers do little to stamp out the work of hackers like Lifshits, a 27-year-old living in St. Petersburg, Russia.

Russia Taps Hackers-for-Hire

Lifshits’ mixture of financial fraud and political influence allegations are characteristic of Russian cyber operations, the authorities said.

“This case provides a clear illustration of how these malicious actors fund their covert foreign influence activities and Russia’s status as a safe-haven for cyber criminals who enrich themselves at others expense,” said Assistant AG Demers.

Earlier this year, Facebook identified Russian campaigns linked to cyber criminal groups in Nigeria and Ghana. Within Russia, robust black markets for info-ops exist in which operators are driven by financial incentives, according to research by firm Recorded Future.

The issue expands beyond Russia. Even beyond the “big-four” (Russia, China, Iran, North Korea), nations in the Middle East, Asia, and South America are showing evidence that hacker-for-hire groups are on the rise.

While attribution of these campaigns to electoral outcomes is difficult if not impossible, Project Lakhta’s work demands to be taken seriously. Microsoft warned last week that China and Iran are working to move the needle on elections as well.

Spotlight Podcast: Taking a Risk-Based Approach to Election Security

Posted on by BeAware4lways
Binary Check Ad Blocker Security News

Podcast: Play in new window | Download (Duration: 41:36 — 57.2MB) | Embed

Subscribe: Android | Email | Google Podcasts |

In this Spotlight Podcast, sponsored by RSA, we take on the question of securing the 2020 Presidential election. Given the magnitude of the problem, could taking a more risk-based approach to security pay off? We’re joined by two information security professionals: Rob Carey is the Vice President and General Manager of Global Public Sector Solutions at RSA. Also joining us: Sam Curry, the CSO of Cybereason.

With just over two months until the 2020 presidential election in the United States, campaigns are entering the final stretch as states and local governments prepare for the novel challenge of holding a national election amidst a global pandemic. 

As Election Threats Mount, Voting Machine Hacks are a Distraction

Lurking in the background: the specter of interference and manipulation of the election by targeted, disinformation campaigns like those Russia used during the 2016 campaign – or by outright attacks on election infrastructure. A report by the Senate Intelligence Committee warns that the Russian government is preparing to try to influence the 2020 vote, as well.

A Risk Eye on the Election Guy

Securing an election that takes place over weeks or even months across tens of thousands cities and towns – each using a different mix of technology and process – may be an impossible task. But that’s not necessarily what’s called for either.

Robert Carey RSA Security
Robert J. Carey is the  Vice President and GM of Global Public Sector Solutions at RSA.

Like large organizations who must contend with a myriad of threats, security experts say that elections officials would do well to adopt a risk-based approach to election security: focusing staff and resources in the communities and on the systems that are most critical to the outcome of the election. 

What does such an approach look like? To find out, we invited two, seasoned security professionals with deep experience in cyber threats targeting the public sector. 

Robert J. Carey is the  Vice President and GM of Global Public Sector Solutions at RSA.

Feds, Facebook Join Forces to Prevent Mid-Term Election Fraud

Rob retired from the Department of Defense in 2014 after over 31 years of distinguished public service after serving a 3½ years as DoD Principal Deputy Chief Information Officer.

Sam Curry, CISO Cybereason
Sam Curry is the CISO at Cybereason

Also with us is this week is Sam Curry, Chief Security Officer of the firm Cybereason. Sam has a long career in information security including work as CTO and CISO for Arbor Networks (NetScout)  CSO and SVP R&D at Microstrategy in addition to senior security roles at McAfee and CA. He spent seven years at RSA variously as CSO, CTO and SVP of Product and as Head of RSA Labs. 

Voting Machine Maker Defends Refusal of White-Hat Hacker Testing at DEF-CON

To start off our conversation: with a November election staring us in the face,  I asked Rob and Sam what they imagined the next few weeks would bring us in terms of election security. 

Like Last Time – But Worse

Both Rob and Sam said that the window has closed for major new voting security initiatives ahead of the 2020 vote. “This election…we’re rounding third base. Whatever we’ve done, we have to put the final touches on,” said Carey.

Like any other security program, election security needs baselines, said Curry. Elections officials need to “game out” various threat, hacking scenarios and contingencies. Election officials need to figure out how they would respond and how communications with the public will be handled in the event of a disruption, Curry said.

“The result we need is an election with integrity and the notion that the people have been heard. So let’s make that happen,” Curry said.

Spotlight Podcast: As Attacks Mount, ERP Security Still Lags

Carey said that – despite concerns – little progress had been made on election security. “The elections process has not really moved forward much. We had hanging chads and then we went to digital voting and then cyber came out and now we’re back to paper,” he said.

Going forward into the future, both agree that there is ample room for improvement in election security – whether that is through digital voting or more secure processes and technologies for in person voting. Carey said that the government does a good job securing classified networks and a similar level of seriousness needs to be brought to securing voting sessions.

“Is there something that enables a secure digital vote?” Carey said. “I’m pretty sure our classified networks are tight. I know we’re not in that space here, but I know we need that kind of confidence in that result to make this evidence of democracy stick,” he said.  

(*) Disclosure: This podcast and blog post were sponsored by RSA Security for more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloudStitcherRadio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.