Read more

You can find the new Substack here

See you there..

Read more

Operationally this week multiple developers had their Steam accounts compromised and the games backdoored resulting in Valve introducing mandatory SMS MFA in response. Then we had the rather large router compromise (see below).

In the high-level this week:

• Secure-by-Design - we’ve gone big here - no turning back!

• New Commander of the UK’s National Cyber Force appointed - Air Vice-Marshal Tim Neal-Hopes OBE has been appointed

• UN cybercrime treaty: A menace in the making - article covering the below.

  • UN Cybercrime Treaty Talks End Without Consensus on Scope And Deep Divides About Surveillance Powers - It became apparent that many nations, including Russia, Eritrea, Burundi, Sierra Leone, Zimbabwe, Ghana, Korea, and others, were vying to expand the proposed treaty's surveillance scope to cover practically any offense imaginable where a computer wa…

Read more

Operationally this week was the disclosure of the massive Distributed Denial of Service due a property of the HTTP2 protocol which was discovered and used in the wild against numerous large platforms.

In the high-level this week:

• Cyber resilience of the UK's critical national infrastructure - UK Parliament - call for evidence in the UK

• Record $7 billion in crypto laundered through cross-chain services - Cross-chain crime refers to the swapping of cryptoassets between different tokens or blockchains – often in rapid succession and with no legitimate business purpose

• Is it legal to pay ransomware where you are? - an open source project

• The emergence of non-personal data markets - The data economy in the transport and mobility sector is one of the five fastest growing and is expected to expand to nearly €25 billion annually by 2025. Data includes …

Read more

Operationally this week you will see some crunchy vulnerabilities had exploits released. One of these raised a question around vendor language in relation to the SaaS services - namely you are not vulnerable not that you weren’t vulnerable. This then raised the second order question when these type of vulnerabilities land do we need clearer communication around if as the customer we were vulnerable, when, what the IoCs were and if we have access to logs which allow us to confirm if exploitation happened in our context or not.

In the high-level this week:

• UK and US host international dialogue to advance cyber support for groups that strengthen democracy - Agency heads from nine countries share insights and approaches to help improve collective cyber resilience of global democracy.

• NPC Headliner Luncheon: Gen. Paul Nakasone - technology is adv…

Read more

Operationally this week you will see there are material levels of reporting on nation state activity.

In the high-level this week:

• Data-driven cyber: empowering government security with focused insights from data - How 'small but actionable' insights can improve behaviours and decision making.

• The US cybersecurity posture under Biden - from the European Parliament Think Tank - The Biden administration inherited considerable cybersecurity challenges. According to a 2021 US Government Accountability Office (GAO) report, previous governmentsfailed to implement many of the GAO's 2018 recommendations to take 10 critical actions in response to 4 major cybersecurity challenges

  • The Biden Administration’s Implementation Plan for the National Cybersecurity Strategy - a summary and analysis - “it should not be assumed that just because the implementatio…

Read more

Operationally this week you will see there was a lot of nation state focused reporting, outside of that the amount of commercial mobile capability both on show and burnt is material…

In the high-level this week:

• NSA plans new ‘innovation pipeline’ to focus on China - David Frederick, the NSA’s assistant deputy director for China, said the new program will be called “Red Ventures.” .. The National Security Agency’s China directorate will soon launch an “innovation pipeline” focused on the competition with China and solving the NSA’s most pressing challenges.

• DOD Releases 2023 Cyber Strategy Summary - "This strategy draws on lessons learned from years of conducting cyber operations and our close observation of how cyber has been used in the Russia-Ukraine war,"

  • Pentagon says cyberattacks are part of China’s armory for conflict with US

  • Pentagon v…

Read more

Operationally this week nothing overly standout.

In the high-level this week:

• The UK’s NCSC CEO and Information Commissioner sign Memorandum of Understanding - credit with the ICO if you tell the NCSC you had a breach.

  • Related Ransomware attacks hit record level in UK, according to neglected official data

• “Building Resilience”: U.S. returns from second defensive Hunt Operation in Lithuania - CNMF has deployed 50 times and conducted hunt operations on over 75 networks in more than 23 countries.

• As China steps up cybersecurity enforcement, smaller businesses are feeling the heat - Last month, police in the city of Zhenjiang, in the eastern province of Jiangsu, carried out security sweeps at local businesses, issuing warnings to those that offered Wi-fi without requiring real-name registration, local media reported on Monday.

• CISA Releases its Op…

Read more

Operationally this week you will see some of the exploitation is rather sophisticated (and not in the we have been hacked by a sophisticated threat actor sense). Outside of that it is business as usual although defensive tradecraft on show in some places is great..

In the high-level this week:

• KBS is a South Korean public broadcast service segment on Cyber and North Korean activity - you can use auto translated closed captions to understand.

• UK sanctions members of Russian cybercrime gang - love that we (the UK) have started to financially sanction along with the US cyber actors.

• Japan imposes financial sanctions on North Korea - includes crypto asset addresses used to direct/collect hacked funds.

• 'Blatant and malicious': Telstra-owned Digicel Pacific used by spies-for-hire, cyber security analysis shows - enabled various offensive operations i…

Read more

Operationally this week you will see the volume of reporting on all fronts feels busy. The points I would note are the mobile / embedded focus of some of the capability.

In the high-level this week:

• Federal Cybersecurity Vulnerability Reduction Act of 2023 - proposed legislation in the Unites States requiring vulnerability disclosure by all Federal contractors

• U.S. conducts first Hunt Forward Operation in Lithuania - For three months, the U.S. cyber operators hunted for malicious cyber activity on key Lithuanian national defense systems and Ministry of Foreign Affairs’ networks alongside its allies.

• Qakbot Malware Disrupted in International Cyber Takedown - The Qakbot malicious code is being deleted from victim computers, preventing it from doing any more harm. The Department also announced the seizure of more than $8.6 million in cryptocurren…

Read more

Operationally this week the Chinese reporting is of note including the use of signed code in a supply chain attack against South East Asian targets.

In the high-level this week:

• Exposed: the Chinese spy using LinkedIn to hunt UK secrets - believed to have initially focused on defence contractors, civil servants and targets in sensitive business areas. He has since switched to targeting think tanks and academics who are still considered vulnerable and do not always realise the value of the information they possess.

• First discovery of 'spy chip' in Chinese weather equipment - The National Intelligence Service recently discovered a backdoor that allows wireless eavesdropping or hacking in the weather observation equipment of public institutions in Korea.

• UK’s National Cyber Security Center has launched its research problem book along with a suppo…

Read more

Operationally this week nothing overly of note, the usual cyber cha cha cha continues. Well that and what seems to be an uptick in criminal CNI targeting as evidenced by the reporting contained within.

In the high-level this week:

• A Front Row View of the NSA: Reflections from General Paul M. Nakasone (video also available) - “I think the first thing I would say on SolarWinds is when you’re doing an intelligence operation, you never want to get caught. And they got caught. And so I think that should be perhaps the story that goes with SolarWinds”

• White House orders federal agencies to shore up cybersecurity, warns of potential exposure - “Multiple federal departments and agencies have, as of the end of June, “failed to fully comply” with critical security practices prescribed by the executive order, “leaving the U.S. Government exposed to mal…

Read more

Operationally this week nothing overly of note, the usual cyber conga lines moves on and on..

In the high-level this week:

• Biden-Harris Administration Launches Artificial Intelligence Cyber Challenge to Protect America’s Critical Software

  • the above announces DARPA’s AI Cyber Challenge (AIxCC)

• Biden-Harris Administration Launches New Efforts to Strengthen America’s K-12 Schools’ Cybersecurity - up to $200 million over three years to strengthen cyber defenses in K-12 schools and libraries in tandem with other federal agencies that have deep expertise in cybersecurity.

• DHS Announces Additional $374.9 Million in Funding to Boost State, Local Cybersecurity - a first-of-its-kind cybersecurity grant program specifically for state, local, and territorial (SLT) governments across the country to help them strengthen their cyber resilience

• MOVEit hack s…

Read more

Operationally this week nothing overly of note just the usual tempo of activity.

In the high-level this week:

• The UK has published its National Risk Register 2023 - lots of cyber discussed.

• CISA Released its Cybersecurity Strategic Plan - has three enduring goals

  • Address Immediate Threats

  • Harden the Terrain

  • Drive Security at Scale

• US Senate passes annual defense bill, teeing up showdown with House - directs the Defense Department to ask the National Academy of Public Administration to assess establishing a seventh, cyber-specific military service.

• FACT SHEET: Biden-Harris Administration Announces National Cyber Workforce and Education Strategy, Unleashing America’s Cyber Talent - a first-of-its-kind comprehensive approach aimed at addressing both  immediate and long-term cyber workforce needs

  • Cyber security skills in the UK labour market 2023 - …

Read more

Operationally this week the understand and implications of the Exchange online compromise continues. Details such as the U.S. Ambassador to China Hacked in China-Linked Spying Operation came to light, then we had the letter from Ron Wyden to CISA. Beyond that we have the MobileIron vulnerability which was used to attack the Norwegian Government - 12 ministries thus far. This is in addition to the Citrix exploitation (see below). Finally, VirusTotal apologized for leaking some customer information.

In the high-level this week:

• FACT SHEET: Biden-Harris Administration Secures Voluntary Commitments from Leading Artificial Intelligence Companies to Manage the Risks Posed by AI - The companies commit to internal and external security testing of their AI systems before their release. This testing, which will be carried out in part by independent ex…

Read more

Operationally this week JumpCloud issued their incident writeup which has been potentially linked to North Korea and a whole rash of vulnerabilities we would prefer didn’t exist in Microsoft Office, Microsoft Outlook and more (see reporting below)..

In the high-level this week:

• Biden-⁠Harris Administration Announces Cybersecurity Labeling Program for Smart Devices to Protect American Consumers - “U.S. Cyber Trust Mark” is the latest in a series of actions President Biden and the Biden-Harris Administration have taken to protect hard-working families.

• Fact Sheet: Office of the National Cyber Director Requests Public Comment on Harmonizing Cybersecurity Regulations - request for information (RFI) on cybersecurity regulatory harmonization and regulatory reciprocity. The  RFI builds on the commitment the Administration made in the National Cybers…

Read more

Operationally this week it has been about the fact that a Chinese APT managed to forge authentication tokens through acquired a Microsoft account (MSA) consumer signing key leading e-mail access (see reporting below). That and the rash of vulnerabilities in web based file sharing platforms continues and the fact a Chinese threat actor found a loophole in Microsoft Windows Kernel driver signing. Our thoughts are with MSRC this week..

In the high-level this week:

• FACT SHEET: Biden-⁠Harris Administration Publishes the National Cybersecurity Strategy Implementation Plan - The Department of State will publish an International Cyberspace and Digital Policy Strategy that incorporates bilateral and multilateral activities. State will also work to catalyze the development of staff knowledge and skills related to cyberspace and digital policy that can…

Read more

Operationally this week it has been about the Jumpcloud incident who released this note.

In the high-level this week:

• Cybercrime in Australia 2023 - Overall, 47 percent of respondents experienced at least one cybercrime in the 12 months prior to the survey—and nearly half of all victims reported experiencing more than one type of cybercrime. Thirty-four percent of respondents had experienced a data breach.

• Cybersecurity: Launching and Implementing the National Cybersecurity Strategy - from the US Government Accountability Office - This Snapshot covers the status of the National Cybersecurity Strategy. The strategy's goals and strategic objectives provide a good foundation, but the Administration needs to establish specific objectives and performance measures, resource requirements, and roles and responsibilities

• SEC Delays Enactment of Cyber R…

Read more

Operationally this week week nothing out of the ordinary except Wagner apparently taking down the DoZor satellite provider, which serves Russian state critical infrastructure facilities.. the ying/yang of cyber continues.

In the high-level this week:

• US Cyber Investment Priorities - the counter ransomware being the most interesting -

  • prioritize staff to investigate ransomware crimes and disrupt ransomware infrastructure and actors;

  • prioritize staff to combat the abuse of virtual currency to launder ransom payments; and

  • ensure participation in interagency task forces focused on cybercrime

• US fiscal 2024 National Defense Authorization Act (NDAA) - requires the Defense Department to study the viability of creating a separate, uniformed Cyber Force

• Australia names air force veteran as cybersecurity chief amid rise in data breaches - Air Marshal Da…

Read more

Operationally this week the usual constant contact of chaos but not anything overly standout other than Microsoft’s revelation of the DDoS attacks Azure experienced and the resulting impact in early June. That and fact there continues to be more MOVEit vulnerabilities - an exemplar of vuln surging in action..

In the high-level this week:

• UK to give Ukraine major boost to mount counteroffensive - Up to £25 million expansion to harden Ukraine’s cyber defences as Russia continues its callous attacks

• Justice Department Announces New National Security Cyber Section Within the National Security Division - This new section will allow NSD to increase the scale and speed of disruption campaigns and prosecutions of nation-state threat actors, state-sponsored cybercriminals, associated money launderers, and other cyber-enabled threats to national secur…

Read more