A D.C. healthcare breach, ransomware updates and China’s “most active” cyberthreat
Beijing’s skyline. N509FZ/Wikimedia Commons
Welcome to Changelog for 3/12/23, published by Synack! It’s me, Blake, and I’m excited about tonight’s season finale of The Last of Us — not to mention the bonus behind-the-scenes episode that will air afterward. While I await my fungus-zombie fix, here’s the week’s cyber news:
The payload
Ask any U.S. cyber analyst, and the four big nation-state threats are consistently Russia, China, North Korea and Iran. The most pressing threat among them has shifted over the years: China’s intellectual property theft and energy sector espionage in the early 2010s raised alarm bells, while North Korea’s fall 2014 hack of Sony Pictures put it on the radar as a top-tier risk to U.S. organizations. Russia’s NotPetya faux-ransomware attack in 2017 catapulted Moscow to the top of the list, causing some $10 billion in damage. As for Iran, well… maybe Iran has never taken the №1 slot, dam hacking be damned.
China is now the advanced, persistent threat du jour, according to the U.S. intelligence community’s latest annual threat assessment. The 39-page document released last week offers the American public the clearest unclassified view into the thinking of agencies like the CIA, NSA and FBI.
“China probably currently represents the broadest, most active, and persistent cyber espionage threat to U.S. Government and private-sector networks,” the intel assessment concludes, adding that Beijing “almost certainly is capable of launching cyber attacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines, and rail systems.”
Would China ever launch such a damaging cyberattack on U.S. targets? If the country invades Taiwan, the answer could very well be yes. Overt military conflict in the South China Sea could usher in a wave of no-holds-barred cyberattacks on Beijing’s adversaries. But don’t just take it from me.
“If Beijing feared that a major conflict with the United States were imminent, it almost certainly would consider undertaking aggressive cyber operations against U.S. homeland critical infrastructure and military assets worldwide,” the Annual Threat Assessment says.
The week, compiled
Members of Congress (and their staff) got a nasty surprise last week when news broke of a sprawling breach of the DC Health Link insurance marketplace.
Social security numbers, home addresses and some health insurance data were evidently stolen by an unknown attacker. The House of Representatives’ Chief Administrative Officer urged affected individuals to freeze their credit. (If I had a nickel every time I’ve been urged to freeze my credit…)
The FBI is investigating the incident, and DC Health Link is likely to face pressure to share more details about how the breach occurred and who may have been responsible.
Some staffers aren’t distraught: One Senate worker shrugged it off by telling CNN China “got all my data already in the OPM hack” in 2015. Touché.
Here’s what else made waves recently:
Dark Reading: The Transportation Security Administration is taking “emergency action” to shore up aviation cybersecurity, requiring covered airlines to prepare a plan outlining how they’ll improve “cybersecurity resilience.”
ISMG: The sudden collapse of Silicon Valley Bank could put pressure on cybersecurity startups left scrambling to make payroll. (The real test will likely come Wednesday — payday for many companies.)
The Hacker News: A group of researchers has discovered a critical flaw in an implementation of a U.S. government-preferred encryption algorithm meant to defend against future quantum computing capabilities.
CNBC: The White House has thrown its weight behind a bill that would empower the Biden administration to ban TikTok in the U.S. over security concerns stemming from the social media giant’s Chinese ownership. In typical D.C. fashion, the bill has a cutesy acronym: The RESTRICT Act (short for “Restricting the Emergence of Security Threats that Risk Information and Communications Technology”).
A message from Synack
Insecure and unmanaged APIs can lead to multimillion-dollar security incidents, according to Gartner. Join Synack co-founder and CTO Mark Kuhr and Sabre application security principal Cris Rodriguez for a webinar to learn of a better way to pentest for APIs. They break down the top API vulnerabilities and share best practices for securing this critical part of organizations’ attack surfaces. Learn more and view the webinar on demand here.
Flash memory
Speaking of cyberthreats posed by China, ten years ago, Mandiant (now part of Google Cloud) unveiled its landmark APT 1 report that put Beijing on blast for building an extensive cyberattack infrastructure that it wielded against Western targets.
“It is time to acknowledge the threat is originating from China, and we wanted to do our part to arm and prepare security professionals to combat the threat effectively,” Mandiant said at the time, paving the way for many more cases of private-sector cyber attribution.
The company was able to trace malicious activity from the Chinese People Liberation Army’s Unit 61398 back to a particular building in Shanghai’s Pudong district (pictured above).
Even if it hardly put an end to Chinese cyber espionage, the report spurred important conversations about how to hold nation-states accountable for bad behavior in cyberspace.
Local files
The Daily Beast: Russia is orchestrating an “intense” disinformation campaign against Moldova (which borders Ukraine) in an apparent bid to foment unrest and undermine the government there.
Bleeping Computer: FBI and the Cybersecurity and Infrastructure Security Agency are warning of an uptick in cyberattacks by the Royal ransomware gang. The agencies are encouraging affected organizations to report Royal incidents to their local FBI field office. The ransomware group, which has ties to the pro-Russia Conti cybercriminal gang, is known for targeting the healthcare, communications and education sectors.
Off-script
On Valentine’s Day 2046, Earth could have a date with an Olympic-swimming-pool-sized asteroid, according to NASA.
OK, the odds of Asteroid 2023 DW actually colliding with the planet are still quite slim — about 1 in 560, as the BBC reported.
So you may not need to change your 2046 Valentine’s Day plans just yet.
That’s it for now — please send tips and feedback to bsobczak@synack.com. Until next week!