This month's briefing from our colleagues at the Multi State Information Sharing and Analysis Center includes news about Microsoft using a court order to take down six websites associated with the nation-state cyber threat actor, Fancy Bear; and a federal jury convicting a man for DDoS attacks against hospitals:
Hacker convicted for DDoS attacks against hospitals
The DOJ found Martin Gottesfeld guilty of conspiracy to damage protected computers and one count of damaging protected computers as part of #OpJustina. Gottesfeld conducted distributed denial of service (DDoS) attacks against U.S. hospitals in 2014 as part of #OpJustina, which revolved around a controversial decision to hold a minor as a ward of the state due to mental illnesses. After conducting the attacks, Gottesfeld and his wife fled the country. Authorities later located Gottesfeld on a Disney cruise ship and subsequently arrested him.
Microsoft details use of a court order to take down 'Fancy Bear' websites
In an August 20, 2018, blog post, Microsoft described their Digital Crimes Unit's (DCU) use of a court order to take down six websites associated with the nation-state cyber threat actor, Fancy Bear. The websites masqueraded as legitimate domains associated with the Hudson Institute, International Republican Institute, and the United States Senate in an attempt to harvest login credentials. Microsoft noted there was no evidence of successful targeting or compromises prior to the takedown. To address this and previous targeting, Microsoft announced the availability of AccountGuard as part of their Defending Democracy Program, which aims to provide organizational and personal email accounts with no-cost threat detection and notifications, security guidance and education, and early access to new security services. These services are provided to "candidates and campaign offices at the federal, state and local level, as well as think tanks and political organizations" via Microsoft Office 365.
Symantec researchers say Mirai is evolving, still threat to IoT devices
Researchers at Symantec found that criminals are using Aboriginal Linux to compile malware tailored to specific platforms. Aboriginal Linux is an open source tool that creates executables for different platforms, such as Android devices, cameras, routers, and more. Symantec noted that this makes Mirai highly portable and effective as Aboriginal Linux will help ensure that Mirai will work on a multitude of other platforms. Mirai traditionally only targeted routers, but with the new portability options will affect more systems. Symantec found active servers hosting Mirai variants for different platforms in July 2018.
Trend Micro report: Cryptocurrency mining more than doubles
Trend Micro released their 2018 Midyear Security Roundup that discussed activity they observed in the first half of 2018. They found that vulnerabilities in hardware complicated patching, specifically referencing Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753, CVE-2017-5715). Crypotjacking detections increased by 141% with 47 new variants, while ransomware only rose 3% in first half of 2018. Reported data breaches increased. Weaknesses in router security were still present, with malware such as Mirai (2016), Reaper (2017), and Multistage VPNFilter attack (2018) affecting systems. The use of fileless malware rose, which Trend Micro assessed was to avoid antimalware solutions. Finally, Business Email Compromise (BEC) losses exceeded the $9 billion projection with attempts continually rising and successful attacks totaling $12.5 billion.
Digital Guardian releases guide to state data breach laws
The Digital Guardian released the Definitive Guide to U.S. State Data Breach Laws that summarizes and gives details of various aspects of each state's laws regarding data breaches. Information includes references to laws, notification requirements for individuals and regulators, covered information, penalties, special data type statuses, and examples of data breaches that have previously occurred in each state.
DOD release report on military and security developments in China
The Department of Defense released their Military and Security Developments Involving the People's Republic of China report to Congress. The report discussed China's economic power, the vie for control of the South China Sea, and their use of cyber espionage to enhance their economic development.
Colorado developing digital highway for roadside devices
Colorado will develop a digital highway that will allow for roadside devices to communicate with Colorado's Traffic Management center and other connected vehicles. The digital highway will allow for multiple data points related to cars and traffic to be analyzed and therefore help with effective highway management.