Monday Brief for 19 July 2021

Tech Terms

Advanced Persistent Threat (APT) — An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception).

Administration rolls out new ransomware efforts

What’s New: The Biden administration has a new website, a new task force, and $10 million focused on blunting the growing ransomware scourge.

Why This Matters: The White House wants Americans to believe it’s serious about taking on ransomware.

Key Points:

• Hosted by CISA, stopransomware.gov offers public resources for building resilience against and countering ransomware attacks.

• The State Department’s Rewards for Justice program oversees the new $10 million account that will pay for information that identifies foreign state-backed hackers targeting U.S. critical infrastructure.

• Banks, tech companies, and Treasury’s Financial Crimes Enforcement Network are also teaming up to tackle the challenge of cryptocurrencies and money-laundering, the preferred methods of payment for ransomware groups.

What I’m Thinking: I’ve said a lot about ransomware over the last several weeks, so I’ll save you some time by not repeating myself. Bottom Line: these efforts are welcome, but not sufficient. The fundamental challenge remains making these attacks too costly to conduct against the United States and its allies. That’s the outcome we’re looking for. Everything else is just churn.

SolarWinds attackers compromised iPhones

What’s New: Security researchers at Google and Microsoft say the Russian state hackers behind the SolarWinds attack also exploited an iOS zero-day (or “0-day”) vulnerability, according to Wired.

Why This Matters: The operation targeted Western European government officials in an effort to steal their Web authentication credentials.

Key Points:

• Google researchers published a blog post last week, saying a “likely Russian government-backed actor” exploited a previously unknown iOS vulnerability to compromise government officials who were using LinkedIn.

• Google says the hackers exploited the zero-day to take control of a USAID’s Constant Contact marketing account and to send infected emails from the agency’s email address.

• The same operatives behind the SolarWinds attack appear to be responsible for the LinkedIn operation, and Google’s research suggests this new attack is also related to activity disclosed by Microsoft in May.

• Shane Huntley, head of Google’s Threat Analysis Group, confirmed the LinkedIn and Constant Contact attacks were connected.

“These are two different campaigns, but based on our visibility, we consider the actors behind the WebKit 0-day and the USAID campaign to be the same group of actors,” Huntley wrote. “It is important to note that everyone draws actor boundaries differently. In this particular case, we are aligned with the US and UK government’s assessment of APT 29.”

What I’m Thinking: Hackers working for Russia’s Foreign Intelligence Service (SVR) are legit. They’ve successfully popped governments, think tanks, non-profits, universities, and other targets around the world — including the U.S., France, Germany, South Korea, and Uzbekistan. While reports about APT 29 (aka, “Cozy Bear”) are becoming more frequent, it’s important to remember that it is very likely that their most significant operations remain undetected.

Hubble telescope is back online

What’s New: NASA says that, after more than a month of work, a software problem with the Hubble Space Telescope is fixed.

Why This Matters: The 31-year-old bus-sized observatory has snapped more than 1 million pictures and collected troves of space data.

Key Points:

• The telescope had been offline since June with NASA engineers remotely working to transition Hubble from its original hardware and software to an onboard backup system.

• More than just amazing pictures, the telescope has collected data that NASA says has been used in more than 18,000 scientific papers on “the accelerating expansion of the universe, the evolution of galaxies and, studies of planets beyond our solar system.”

“I think there’s a very credible case that the Hubble Space Telescope is the most scientifically productive instrument ever made,” said Paul Hertz, director of NASA’s astrophysics division. “The output of peer-reviewed published papers from Hubble certainly exceeds any of its competitors in any field of science.”

What I’m Thinking: Hubble is awesome and we’re fortunate to have it back in action. Click here to see NASA’s gallery of images (the one below is one of my favorites). “The heavens declare the glory of God, and the sky above proclaims his handiwork. (Ps. 19.1)

Let’s Get Visual

Nerd Humor

Quick Clicks

• The US needs to get back in the business of making chips.

• This is how aliens might search for human life.

• Whatever happened to IBM’s Watson?

• Tech workers swore off the Bay Area. Now they’re coming back.

• Doctors tap into brain to help a paralyzed man speak.

That’s it for this Monday Brief. Thanks for reading, and if you think someone else would like this newsletter, please share it with your friends and followers. Have a great week!