Daily Cyber Digest

Share this post
Belgium warns against Huawei | New cyberthreat from Iran | Password-spraying of US power grid linked to Iran
aspiicpc.substack.com

Belgium warns against Huawei | New cyberthreat from Iran | Password-spraying of US power grid linked to Iran

ASPI Cyber Policy
Jan 9, 2020
Comment
Share
Produced by the ASPI International Cyber Policy CentreSenetas.com

Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.

  • Belgium’s security services have classed the Chinese-led rollout of 5G networks at the second-highest security level, saying limits should be placed on technologies coming from “unreliable” operators. Brussels Times

  • Saudi authorities detected a new destructive cyberattack suspected of coming from Iran on Dec. 29, the same day the U.S. military struck targets controlled by Iranian-backed proxies. Yahoo News

  • Iranian linked state-sanctioned hackers have been carrying out a broad campaign of so-called password-spraying attacks, which guess a set of common passwords for hundreds or even thousands of different accounts, targeting US electric utilities as well as oil and gas firms. Wired

Australia

Ending secrecy key to filling the void on cybersecurity
Australian Financial Review
Anthony Bergin
Two key new national security leadership positions provide an opportunity to develop a partnership between business and government to safeguard Australia. Today, corporate security is national security.

China

Latest 'Intrusion Truth' data dump peels back layers on Chinese front companies
Cyber Scoop
@jeffstone500
The anonymous group known in the cybersecurity world for publishing detailed blog posts about suspected nation-state hackers released new information Thursday alleging that Chinese technology companies are recruiting attackers working on Beijing’s behalf.

  • Read Intrusion Truth’s blog-post here.

Twitter avatar for @intrusion_truthIntrusion Truth @intrusion_truth
The Hainan Xiandun Technology Development Company on a tropical Chinese island looks suspiciously like an APT front company. Because it is. Along with many similar companies in the same city. #apt #hainan #hainanxiandun #mss
intrusiontruth.wordpress.com/2020/01/09/wha…
Image

January 9th 2020

93 Retweets121 Likes

Exploring China’s Orwellian Digital Silk Road
The National Interest
@JohnHemmings2
By acting as network architects and administrators, Beijing will be privy to data streams in real-time across a large portion of the world, enabling them to develop influence and power across a number of different matrixes.

China Steps Up Its Information War in Taiwan
Foreign Affairs
@RushDoshi
The Chinese government has undertaken a vast information influence campaign designed to support its favored candidates and sow distrust in Taiwan’s democracy. China’s efforts go far beyond spreading disinformation and stale state propaganda.

USA

Iranian Hackers Have Been ‘Password-Spraying’ the US Grid
Wired
@a_greenberg
Iranian linked state-sanctioned hackers have been carrying out a broad campaign of so-called password-spraying attacks, which guess a set of common passwords for hundreds or even thousands of different accounts, targeting US electric utilities as well as oil and gas firms. According to a new report.

America’s Future Lies in Technical Alliances
Georgetown University
@flaggster73
This next century calls on us to dream a new American strategy – one that embraces R&D as a fundamental enabler, blends leadership with alliances, collaboration with competition and establishes a strategy embracing the full power of America’s innovation ecosystem.

U.S Funds Program With Free Android Phones For The Poor — But With Permanent Chinese Malware
Forbes
@iblametom
For years, low-income households have been able to get cheap cell service and even free smartphones via the U.S. government-funded Lifeline Assistance program. But according to security researchers, there’s a catch: the Android phones come with preinstalled Chinese malware, which effectively opens up a backdoor onto the device and endangers their private data.

This Secretive Surveillance Company Is Selling Cops Cameras Hidden in Gravestones
Motherboard
@josephfcox
A surveillance vendor that works with U.S. government agencies, such as the FBI, DEA, and ICE, is marketing spying capabilities to local police departments, including cameras that are hidden inside a tombstone, a baby car seat, and a vacuum cleaner.

Excerpt from a Special Services Group brochure, shared by Motherboard, advertising a HD, 360 degree surveilence camera hidden in a car baby seat.

San Diego’s massive, 7-year experiment with facial recognition technology appears to be a flop
Fast Company
@djpangburn
Since 2012, the city’s law enforcement agencies have compiled over 65,000 face scans and tried to match them against a massive mugshot database. But it’s almost completely unclear how effective the initiative was, with one spokesperson saying they’re unaware of a single arrest or prosecution that stemmed from the program.

Facebook sticking with policies on politicians' lies and voter targeting
Politico
@Ali_Lev @ZachMontellaro
Facebook is standing by its policies that allow politicians to lie to voters, while targeting their ads at narrow subsets of the public — decisions with vast implications for the more than $1 billion in online campaign messaging expected in this year’s elections.

US lawmaker seeks ban on sharing intelligence with countries that use Huawei’s 5G networks
Reuters
U.S. Senator Tom Cotton on Wednesday introduced a bill that would prevent the United States from sharing intelligence with countries that allow Chinese telecoms giant Huawei Technologies to operate 5G network technology within their borders.

North Asia

North Korean hackers getting more careful, targeted in financial hacks
Cyber Scoop
@shanvav
North Korean hackers have for years been using different tactics to run cyber-enabled financial heists, most recently using front companies to compromise cryptocurrency-related businesses.

South Asia

Democracies Can Become Digital Dictators
Wired
Internet shutdowns in India prove it's not just authoritarians who repress online.

Strong Encryption Is Central to Good Security – India’s Proposed Intermediary Rules Puts It at Risk
Internet Society
@Ryan_ISOC
Security and encryption experts from around the world are calling on the Indian Ministry of Electronics and Information Technology (MeiTy) to reconsider proposed amendments to intermediary liability rules that could weaken security and limit the use of strong encryption on the Internet.

Europe

Belgian security services call to restrict 5G technology
Brussels Times
@Ev_McCullough
Belgium’s security services have classed the Chinese-led rollout of 5G networks at the second-highest security level, saying limits should be placed on technologies coming from “unreliable” operators. “Our security services recommend protection level 4… limiting the use of parts of 5G technology that come from unreliable suppliers,” said Telecom Minister Philippe De Backer said in parliament. While the security services did not name names as to whom such restrictions would be imposed on, Chinese multinationals Huawei and ZTE are the leading providers of 5G technology.

Middle East

New Iranian data wiper malware hits Bapco, Bahrain's national oil company
ZDNet
@campuscodi
Iranian state-sponsored hackers have deployed a new strain of data-wiping malware on the network of Bapco, Bahrain's national oil company, ZDNet has learned from multiple sources. The incident took place on December 29.

Saudis warn of new destructive cyberattack that experts tie to Iran
Yahoo News
@jennamc_laugh
Saudi authorities detected a new destructive cyberattack suspected of coming from Iran on Dec. 29, the same day the U.S. military struck targets controlled by Iranian-backed proxies in retaliation for a rocket attack that killed an American contractor the previous Friday.

A Pro-Iran Instagram Campaign Targeted The Trump Family After Soleimani’s Funeral
Buzzfeed News
@janelytv @jsvine
The same day Gen. Qassem Soleimani’s funeral procession filled the streets of Ahvaz, Iran, thousands of pro-Iran Instagram accounts worked in coordination to tag the US president’s family in image posts ranging from the Iranian flag to a beheaded Donald Trump.

Podcast - The other Iranian threat: cyberwarfare
Reset Podcast
@a_greenberg
How much should we worry about Iranian hackers?

Iranian Hacker Panic
Motherboard
@BMakuch
Iranian hackers are a threat, but is it being overblown?

Misc

Twitter avatar for @M_Miho_JPNMihoko Matsubara @M_Miho_JPN
"2019 Global Cyber Risk Perception Survey" by @MarshGlobal & @Microsoft revealed that 79% of respondents have made cybersecurity their top-tier priority, whereas they are quite unsure as to how best to address the issue.
Do companies take cybersecurity seriously enough? | WeLiveSecurityMany companies are ranking cybersecurity as a top 5 priority but their actions do not measure up to that claim, a survey finds.welivesecurity.com

January 9th 2020

  • Read the survey Mihoko refers to here.

TikTok Wants to Stay Politics-Free. That Could Be Tough in 2020.
Wall Street Journal
@georgia_wells @emilyglazer
Advisers from both major parties now say they are looking at ways to use Tik Tok as a platform for reaching young voters. That puts TikTok in a tough position. The company last year banned political ads.

Facebook Is Running Anti-Vax Ads, Despite Its Ban On Vaccine Misinformation
Buzzfeed News
@carolineha_
Despite its own rules prohibiting vaccine misinformation in ads, Facebook is hosting ads for an online pamphlet that falsely claims that the life-saving vaccine is unsafe. A Facebook spokesperson told BuzzFeed News that the ads represented “no violation” of its policies.

Research

North American Electric Cyber Threat Perspective
Dragos
As adversaries and their sponsors invest more effort and money into obtaining effects-focused capabilities, the risk of a disruptive or destructive attack on the electric sector significantly increases. This report provides a snapshot of the threat landscape as of January 2020.

Share Daily Cyber Digest

CommentComment
ShareShare

Create your profile

0 subscriptions will be displayed on your profile (edit)

Skip for now

Only paid subscribers can comment on this post

Already a paid subscriber? Sign in

Check your email

For your security, we need to re-authenticate you.

Click the link we sent to , or click here to sign in.

TopNewCommunity

No posts

Ready for more?

© 2022 ASPI Cyber Policy
Privacy ∙ Terms ∙ Collection notice
Publish on Substack Get the app
Substack is the home for great writing