Here’s a quick survey of recent cyber news:
***
Adam Meyers, Crowdstrike’s Director of Intelligence, wrote an interesting post for Crowdstrike on Clever Kitten, the newest adversary group. Crowdstrike previously looked at Anchor Panda and Numbered Panda as well.
According to Meyers, Clever Kitten is a group affiliated with Iran that “primarily targets global companies with strategic importance to countries that are contrary to Iranian interests.”
This line has to be an almost direct reference to a certain critic of Mandiant’s report:
This week we want to make sure that we draw attention to the fact that there are adversaries active in computer network exploitation besides those with a nexus to China.
***
Via The White House Blog, Peter Welsch wrote on the White House’s National Day of Civic Hacking:
On the first weekend in June, civic activists, technology experts, and entrepreneurs around the country will gather together for the National Day of Civic Hacking. By combining their expertise with new technologies and publicly released data, participants hope to build tools that help others in their own neighborhoods and across the United States.
. . .
participants will focus on producing full, production ready apps and visualization tools that will be featured on the We the People website and made available under an open source license.
***
Look, nobody likes paying for HBO, but sometimes we all need to suck it up and do it for the great content.
Max Eddy reports for PCMags SecurityWatch on how Game of Thrones torrents are delivering malware. Here’s the required Winter is Coming/Ned Stark meme:
I feel like there’s a Stannis/Onion Knight/smuggling/torrent joke to be made, but I’m missing it.
***
This one is kinda bizarre, but the ACLU’s Michelle Richardson seems to believe that CISPA could grant companies immunity for hackback. I really don’t think that’s the case.
***
The Hill’s Brendan Sasso wrote on how the White House “came out against a new law restricting government purchases of Chinese technology systems.”
Along similar lines, Chris Welch reports for The Verge that the Silicon Valley also opposes the China cyber-espionage provision.
***
Andy Greenberg had an interesting article for Forbes on a new strategy for stopping hackers: let them in and then lie to them. Greenberg described the idea:
Instead of trying to purge a Red Team of hackers from a Blue Team’s network they were defending, [two researchers] let the attackers linger inside, watched them, and fed them confusing misinformation. The result: despite the Blue Team’s network being deeply compromised by the Red Team’s hackers, Blue managed to trick Red into making the wrong moves and losing the game.
Here’s a video of the researcher’s presentation, titled “Active Cyber Defense With Denial and Deception.”
***
While I’m talking videos, Paul Rosenzweig wrote for Lawfare on his new video course entitled Thinking about Cybersecurity: From Cyber Crime to Cyber Warfare.
***
Didn’t have time to read this one, but I understand that Thomas Darnstaedt, Marcel Rosenbach, and Gregor Peter Schmitz wrote a very good article for SpiegelOnline on the dangerous new rules for cyberwar.
***
Leave a Reply