6 December 2018

How to beat back botnets

By ERIC GELLER

BAD BOTNET, BAD — The botnet scourge is worse than ever, according to the International Anti-Botnet Guide out today from the Council to Secure the Digital Economy. The industry group said the rapid spread of internet of things devices — estimated to top 20 billion by 2020 — is giving digital criminals many more vectors to carry out digital assaults. As a result, according to the report, botnets are a significant driver of economic losses from cybercrime that are expected to reach into the trillions of dollars in the coming years.

But the guide isn’t meant to simply admire the ballooning problem of botnets, the most famous of which took down a large swath of the internet in October 2016. It’s intended to provide an antidote, according to CSDE, which will unveil its guide at an event today in Washington featuring Jeanette Manfra, assistant director for cybersecurity for the DHS Cybersecurity and Infrastructure Security Agency (it will be live streamed here). It outlines baseline practices — authentication and credential management — as well as more advanced solutions — privileged access management and monitoring the latest threat intelligence — that can begin to beat back botnets.


Several other guides for reducing the dangers from botnets have come before the CSDE report such as a major one in May from DHS and the Department of Commerce. Like the one out today, it advocates for more common-sense security precautions (generic passwords are bad) and better collaboration between industry and the government. Unfortunately, however, it seems the botnet problem will get worse before it gets better (see cyber predictions below) as cybercriminals are becoming savvier about using them to spread ransomware and automating social media disinformation campaigns.

HAPPY THURSDAY and welcome to Morning Cybersecurity! Are you a cyberwar veteran? Send your thoughts, feedback and especially tips to tstarks@politico.com, and be sure to follow @POLITICOPro and@MorningCybersec. Full team info below.

Election Day has come and gone, but the real work is just beginning. Head to Pro’s Midterms HQ to find out how election outcomes affect you and how to plan your next move. Read More.

FIRST ON PRO: WYDEN GIVES TWO THUMBS UP — Sen. Ron Wyden today thanked the leaders of the Senate Rules Committee for getting the chamber’s sergeant at arms to encrypt data stored on Senate computers. “I applaud these efforts as this new common sense cybersecurity policy will better protect sensitive Senate data from those who might wish to compromise it,” Wyden wrote to Rules Chairman Roy Blunt and ranking member Amy Klobuchar.

The move to secure Senate data, which Wyden this summer urged Blunt and Klobuchar to push for and was enacted last month, is “particularly important for laptops, which are more vulnerable to foreign government surveillance when Senate staff take them home or on work-related travel,” added Wyden, a leading congressional voice on privacy issues. The Oregon Democrat also highlighted his long advocacy for encryption technology, “which can help to secure our nation from advanced cyber threats.”

ENCRYPTION

SPEAKING OF WHICH — The debate over the growing use of encryption has been flying under the radar for months, but the Justice Department hasn’t given up the fight, and senior officials used a Tuesday press conference about a ransomware campaign to stump for a solution. The two Iranian men indicted for a digital extortion scheme against the cities of Atlanta and Newark, N.J., in addition to other government and corporate victims, relied on the Tor network and its encryption to mask their activities, Deputy Attorney General Rod Rosenstein pointed out.

“I want to make clear that we support the use of encryption to safeguard private information and to protect security for American citizens, businesses and government agencies,” he said. “But this case highlights one of the challenges that law enforcement faces as a result of encryption that is designed specifically to disrupt law enforcement.” Rosenstein, who dealt with several encryption cases as the U.S. attorney in Maryland, has been the Trump administration’s most consistent and vocal critic of the end-to-end encryption that prevents investigators from reading suspects’ communications.

GIVE US THE LOWDOWN — The House on Wednesday passed by voice vote a bill that would require the Commerce Department to study the internet of things marketplace and the regulatory environment surrounding IoT. The SMART IoT Act (H.R. 6032) would require “a survey of the internet-connected devices industry” that includes “the status of the industry-based mandatory or voluntary standards.” It would also require Commerce to produce a list of every federal agency with jurisdictions over IoT vendors and an inventory of their standards and guidelines. Commerce would then have to send Congress a report with “recommendations … for growth of the United States economy through the secure advancement of internet-connected devices.”

** A message from ManTech: With cyberattacks proliferating, organizations need real-time, dynamic cyber solutions to protect vital infrastructure and data from theft, compromise and destruction. Defense, Intelligence Community and federal civilian agencies look to ManTech for aggressive cyber solutions that stop criminal hackers, thwart nation-state attacks, and expose insider threats. Learn more at **

YEMENI CYBER WAR — The Yemeni civil war is spilling into the virtual landscape as Houthi rebels and the Hadi government fight to control internet access, according to a report by Recorded Future released Wednesday. Houthi rebels have taken control of Yemen’s main internet service provider — called YemenNet — and used the commercial product called Netsweeper to censor and surveil Yemeni citizens. The Houthi have also changed many Hadi government websites to reflect a Houthi-controlled country and are using Coinhive mining services to generate revenue from cryptocurrencies.

The Hadi government has set up a new ISP called AdenNet in response using funding from the United Arab Emirates and equipment from the Chinese company Huawei. China and UAE have supported the Hadi government in the past. A small percentage of Yemeni citizens and businesses use VPN’s, Tor, and routers with DNS recursion to circumvent censorship by both the Hadi government and Houthi rebels, the report said. Both groups have repeatedly shut down access to social media and other sites deemed objectionable.
PENTAGON

THE GREAT HAT DEBATE — The Senate Armed Services Cybersecurity subpanel met behind closed doors Wednesday to hear from former officials about the “dual-hat” leadership structure at U.S. Cyber Command and the NSA. The 90-minute classified session touched on “how things are working with regard to dual-hat, pros, cons, where we're at in the process ... . Basically, a where are we at right now?” Sen. Mike Rounds, the subcommittee’s chairman, told Martin.

Rounds said he is “agnostic” on splitting the roles. He said there is a “pretty good operating system” between the two organizations — noting Cyber Command has notched some “successes” in the last couple of months, a reference to reports that the entity targeted Russian hackers ahead of the midterms and warned them not to meddle on Election Day. Despite that, Cyber Command is “still very dependent on NSA” for manpower and other resources, according to Rounds. “The current process is that it will remain until such time as the metrics suggest that it could proceed to the next step. At this point we're not ready to do that yet,” he said.

PREDICTION BONANZA — Expect 2019 to be besieged with artificial intelligence gone wild and infected IoT devices affecting the physical world, according to Symantec’s report looking into 2019, released Wednesday. AI will play a big role in 2019, the report says, and both attackers and defenders will use it. Cybercriminals will also use AI techniques to probe networks and create sophisticated phishing and disinformation campaigns using deep fakes.

The adoption of 5G will expand the attack surface, the report says, especially as IoT devices increase in prevalence and use. Expect infected IoT devices to move beyond DDoS and begin to affect critical infrastructure and vehicles and to engage in illicit cryptomining. The software supply chain will also see an increase in risk as more vendors and third-party suppliers are expected to be attacked.

McAfee released its own 2019 predictions today claimingcybercriminals will collaborate more, creating new “synergistic threats.” They’ll also use AI to evade detection by automating their activities and making them harder to detect. Meanwhile, nation-states will increase social media campaigns to sway public opinion using bots, the report states.

On the policy side, The Chertoff Group predicts that while data security and privacy legislation will be hampered by an uninterested White House and divided Congress, states will pick up some of the slack by passing their own bills. Even though the Cybersecurity Information Sharing Act became law in 2015, large companies will continue to be reluctant to share information with competitors or the government, the report states.

OOPS — Our Revolution, which was launched by Sen. Bernie Sanders, lost nearly $250,000 to an email scam. Campaign Pro’s Scott Bland: “Our Revolution ‘was the victim of a Business E-Mail Compromise scam that took place in December 2016 but was not discovered until January 2017, resulting in the loss of approximately $242,000 via an electronic transfer of funds to an overseas account,’ the group disclosed in its tax forms covering the year 2017, which were filed earlier this month. … Our Revolution blamed ‘an international syndicate of cyber-thieves targeting nonprofit organizations globally’ for the incident, which robbed the group of about 7 percent of its total fundraising in 2016.”

RECENTLY ON PRO CYBERSECURITY — Election Assistance Commission nominees back paper ballots, but not mandates, at confirmation hearing … ACLU seeks to unseal court ruling on Facebook Messenger encryption ... Europeans are talking seriously about cyber ... And Senate Republicans prevented the move to protect Robert Mueller's investigation.

No comments: