Cryptologic Bytes Highlights

Cybersecurity News: Shadow Brokers & Kaspersky; Oracle Security Fixes; World Econonomic Forum Cites Cyber Risk; & More

Cybersecurity News Bytes for the Week Ending 19 January 2018

Shadow Brokers Likely Connected to Kaspersky

More signs are pointing to a likely connection between the Shadow Brokers, the group that claims to have stolen NSA cyber tools, and Russia-based Kaspersky Labs. U.S. cyber investigators have agreed with recent news reports that the NSA material leaked by Shadow Brokers almost certainly came via espionage conducted by Kaspersky’s anti-virus software deployed on U.S. computers. Kaspersky Labs continues to deny that it works with any government to conduct cyber espionage. Yahoo!Finance, 13 Jan 2018

Elections Not the Only Target of Russian Bots

A former FBI agent testified to a Congressional committee that Russian bots were also used to generate comments about the FCC’s rule change on net neutrality. Clint Watts testified that many of the 500,000 comments submitted to the FCC last summer in the public comment period before the FCC voted to eliminate regulations approved by the Obama administration to regulate internet service and content providers were generated by Russian bots. The goal was the create distrust of the process used by the FCC (and all Federal Government agencies proposing new or changed regulations), and was part of Russia’s overall information operations campaign to sow discontent among American citizens. FCW.com, 17 Jan 2018

Oracle Releases Security Fixes

Oracle issued its January list of Critical Patch Updates containing 238 security fixes for various Oracle products. This update includes patches for the processor vulnerabilities Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753, CVE-2017-5715). Oracle reports that some previously patched vulnerabilities continue to be exploited, and urges customers to apply Critical Patch Update fixes as soon as they are received. Oracle article

Humans Still a Major Cyber Vulnerability

A report by Kaspersky Labs found that almost 50% of data breaches in the past year were due to human error. Lack of cybersecurity awareness is a major problem, especially for small- and medium-sized businesses. Almost 90% of 8,000 employees surveyed by Kaspersky expressed inadequate knowledge of their company’s cybersecurity policies, and many thought cybersecurity to be a responsibility of the IT department. Executives, HR, and financial people are among the most at-risk employees. Security Intelligence, 17 Jan 2018

World Economic Forum Cites Increased Cyber Risk

The World Economic Forum (WEF) issued its 2018 Global Risks Report in advance of its annual forum in Davos, Switzerland from 23-26 January. Citing increased cyber risks and worsening global stability, the report expressed concern about increasing ransomware attacks, which accounted for 64% of all malicious email, and cyber attacks on critical infrastructure in what it referred to as a “war without rules.” The report also cited the increased dependency on cyber systems as a growing, worldwide risk factor. See the report; Read the Executive Summary of the Report