Cyber Week in Review: September 6, 2019
NSA Recognizes Need to Share More Information on Cyber Threats: Anne Neuberger, head of the National Security Agency’s new Cybersecurity Directorate, said that the NSA understands the need not only to share more information on nation-state cyber threats with the private sector but also needs to do it more quickly and efficiently. The private sector has long complained that when the NSA shares information on cyber threats, such as malicious domain names or IP addresses, it too late for the information to be useful. By providing corporate information security teams with better information on cyber threats, particularly hackers’ overall goals, how they achieve those goals with multiple pieces of software, and what specific technical infrastructure firms should monitor for threats, the Cybersecurity Directorate hopes to help private organizations better protect themselves.
China Launches Cyberattacks On Uighurs: Chinese APTs have launched a series of cyberattacks against the Uighurs over the past four years, according to a report from Volexity. Researchers found eleven websites commonly used by the Uighur community strategically compromised with malicious code that infected visitors’ Android and Apple devices and collected information like the unique identification number, phone number, location, CPU data, and username. The infected websites are blocked by the Great Firewall, suggesting that the hackers are specifically targeting members of the Uighur diaspora. Chinese APTs have also hacked into telecoms networks in Turkey, Kazakhstan, India, Thailand, and Malaysia to track Uighurs. In the past, Beijing has claimed Uighurs are traveling to join terrorist groups.
Twitter Disable Tweet via SMS Function After SIM Swapping Attack on CEO: Twitter temporarily disabled the ability for users to tweet via text messages this week after Twitter CEO Jack Dorsey’s phone was compromised in a SIM swapping attack, allowing hackers to post a string of messages from his account. SIM swapping attacks, when hackers gain control of a victim’s phone number, are increasingly common and difficult to protect against. Often times, hackers persuade mobile phone providers to switch the phone number to another device under their control, either by calling customer help lines and impersonating the victim or by bribing phone company employees. Once hackers gain control of the phone number, they can ask companies like Twitter or Google to send a login code via text message to the victim’s phone number, giving them access to the accounts. Twitter said it was working on improving its reliance on linked phone numbers for two-factor authentication.
State AGs Begin Big Tech Antitrust Probes: Several state attorney generals are launching separate anti-trust probes into Facebook and Google. On Friday, the New York attorney general announced that her office is organizing a bipartisan, multi-state anti-trust investigation of Facebook, examining if its practices endanger consumer data, limit consumer choices, or increase the price of advertising in the process. Similarly, another group of state attorney generals, led by Texas, are anticipated to launch a probe next Monday into the impact of Google on digital advertising markets, and the potential harm of the concentration of consumer information and ad choices in one company. These probes come amid increased pressure from regulators over privacy and competition concerns.
Big Tech Companies Meet with U.S. Officials on Election Security: Representatives of Facebook, Google, Twitter, and Microsoft met with government officials in Silicon Valley this week to discuss how to best secure the upcoming 2020 election and defend against foreign interference. The meeting was attended by security teams from the companies as well as members of the FBI, Office of the Director of National Intelligence, and the Department of Homeland Security. Nathaniel Gleicher, Facebook’s head of cybersecurity policy, explained “attendees talked about how industry and government could improve how we share information and coordinate our response to better detect and deter threats."