Cyber Week in Review: March 12, 2021

Russian Disinformation Campaign Seeks to Undermine Confidence in COVID-19 Vaccines 

According to U.S. officials, Russian intelligence agencies are spreading disinformation aimed at undermining public confidence in COVID-19 vaccines. The U.S. State Department’s Global Engagement Center (GEC) reportedly identified four foreign publications with links to Russian intelligence agencies that amplified disinformation regarding the vaccine’s efficacy, side effects, and development and approval process. Some experts suggest that Russia could be using the disinformation campaigns to promote the Sputnik V vaccine over the vaccines produced by Pfizer-BioNTech, Moderna, and other Western companies. Other cybersecurity experts have asked the government to provide more evidence on Russian intelligence agencies’ ties to the campaign. The Kremlin has denied any involvement. 

Government Accountability Office Finds Insufficient Cybersecurity Guidelines for Weapons Contractors 

In a report [PDF] released Thursday, the Government Accountability Office (GAO) found that the Department of Defense (DOD) failed to require contractors tasked with the department’s weapons development to maintain sufficient cybersecurity standards. The GAO found that contracts for three of five weapons programs did not include any cybersecurity requirements and had insufficient acceptance criteria and verification processes. Among the military branches surveyed, only the Air Force has defined and incorporated clear service-wide guidelines for cybersecurity. The GAO recommended that the Army, Navy, and Marine Corps tailor requirements and write clear verification criteria for selecting contractors to ensure the security of weapons development. 

Hackers Breach Security Startup and Access Thousands of Security Camera Feeds  

An international group of hackers breached the network of Verkada, a California-based security start-up, and accessed live feeds of nearly 150,000 surveillance cameras. Surveillance footage from more than twenty four thousand schools, hospitals, prisons, and companies, including Tesla, Cloudflare, and the Verkada offices, some of which had built-in facial recognition capabilities, were accessible to the hackers. The hackers said they unintentionally found the log-in details for a Verkada “Super Admin” account publicly exposed on the internet. A Verkada spokesperson said the company has closed the breach and launched an investigation into the incident.  

Chinese Threat Actor Targets Microsoft Exchange Email Servers in Large-Scale Intrusion 

In a blog post last week, Microsoft revealed that Chinese APT Hafnium used multiple zero-day exploits to attack on-premise versions of Microsoft Exchange. The vulnerabilities allowed hackers to access email accounts and download additional malware on victims’ networks. More than thirty thousand Microsoft customers in the United States and 250,000 customers globally are estimated to have been affected. Microsoft released multiple security updates in response to the breach. But this has not discouraged several threat actors from rushing to exploit “web shell” vulnerabilities the hackers left behind. The Biden administration is reportedly planning to establish a multi-agency task force to investigate the intrusion. 

FBI Warns of Increasing Use of Synthetic Content 

The FBI warned [PDF] that it expects malicious actors to increase their use of synthetic content for cyber and foreign influence operations in the next twelve to eighteen months. Synthetic content, digital content that is generated or manipulated by basic tools like Photoshop and advanced technologies like artificial intelligence (AI) and machine learning (ML), could be used to increase the efficacy of spear phishing and social engineering operations. The FBI highlighted findings that Chinese and Russian actors have used synthetic profile images derived from generative adversarial networks (GANs) in foreign influence campaigns. The alert follows a series of state and federal laws that aim to better understand the creation and spread of synthetic content and help victims respond.