Cyber News Roundup: Cyber war unleashes offensive attack on Russian trolls

Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

U.S. hackers. Russian trolls. Cyber take down. It sounds like the makings of a blockbuster movie. Rather, it’s the latest in international cyber warfare. The U.S. military has retaliated against Russia, the first attempt at an “all-out information war,” according to an Engadget article. U.S. Cyber Command took Russia’s notorious Internet Research Agency offline on 2018 midterm election day last November. The U.S. Cyber Command is part of the Pentagon’s Integrated Cyber Center that will help the United States and its allies plan responses to cyberattacks.

This attack is the first offensive operation seeking to stamp out election interference attempts, according to news reported by The Washington Post. “The strike on the Internet Research Agency in St. Petersburg was part of the first offensive cyber-campaign against Russia designed to thwart attempts to interfere with a U.S. election,” officials said. In her article, U.S. Cyber Command operation disrupted Internet access of Russian troll factory on day of 2018 midterms, Ellen Nakashima writes that this operation marks the first muscle-flexing by U.S. Cyber Command, with intelligence from the National Security Agency, under new authorities granted by President Trump an Congress last year to bolster offensive capabilities.

There are two sides to this cyber fence: “This operation was nothing more than a signal to the Russians that what you did was not acceptable and we’ll take action and use some element on the spectrum of force to counter that,” says Sergio Caltagirone, a former technical lead at the NSA.”You start small to get the message across: If you do this, we will do something. If they do it again, you ratchet up the pain a little more,” according to a Wired article.

While others believe that a mere internet takedown in response to a highly aggressive campaign to swing a US presidential election could be seen within the Kremlin as the opposite of a demonstration of strength. Rob Knake, former White House cybersecurity advisor says, “Our response to a very hostile act is we’re going to cause connectivity problems? That’s not a terribly strong signal. If you shut off the internet for all of Russia, that’s a signal. Isolating one building I don’t think is much of one.”

Closer to home: A major data breach would likely shut down half of SMBs permanently

More than half of cybersecurity executives at small and medium-sized businesses (SMBs), or 58%, fear a major data breach more than a flood, fire, transit strikes, or even a physical break-in of their office, according to a new survey, Cyberthreat Index for Business Survey, reports TechRepublic. The survey finds that nearly half of respondents say a major data breach would likely shut down their business permanently. And what’s concerning is that SMBs are most worried that these attacks would most likely come from disgruntled ex-employees.

HelpNet Security offers these cybersecurity tips for SMBs:

  • Always educate. Security awareness training can’t be a tick-box activity for SMBs. It needs to be continual so cybersecurity stays top-of-mind and user error is minimized.
  • Take a layered approach. SMBs need to leverage both next-generation endpoint protection and network protection to ensure they are covering the gaps that cybercriminals and hackers deploy to compromise businesses.
  • Know the signs. Phishing s a favorite technique amongst attackers. Make sure employees are confident in identifying the different types of attack. Security awareness training that incorporates phishing simulations, ensures that people, processes, and technology are all harnessed effectively together to stop cybercriminals.
  • Assess your risk profile. Every business has different risk factors. If you don’t have the expertise, get an independent security audit or your MSP to help assess your security posture. Work to develop a plan for adequate ongoing risk mitigation. Look at your GDPR exposure and follow guidelines to ensure the appropriate mitigation criteria are met.
  • Plan for the worst. Create a data breach response plan that identifies specific security experts to call and a communications response plan to notify customers, staff and the public. Have a backup and recovery strategy.

RSA Conference 2019 is Next Week!

Whether your cybersecurity posture is offensive or defensive—or both—there will be a barrage of news, innovations, solutions, and luminaries at RSA Conference 2019, the leading security conference taking place March 4-8, 2019 in San Francisco. Key themes this year will be AI and machine learning, cryptocurrency, Internet of Things, and incident response.

Many Cyber Oregon sponsors have a presence at RSA:

  • AWS South Expo: 1227
  • CrowdStrike South Expo: 1435
  • Comcast North Expo: 4320
  • Eclypsium North Expo: 6173 (Intel’s booth). Congratulations to Eclypsium! Eclypsium is a finalist for RSA Conference 2019 Innovation Sandbox Contest and part of the RSA Early Stage Expo, Booth 46
  • Fortinet North Expo: 5869
  • McAfee North Expo: 5745
  • PacStar Charlie Kawasaki, CTO of PacStar, will be onsite reporting for Cyber Oregon.
  • Palo Alto Networks North Expo: 6069
  • PKI Solutions Mark Cooper, known as The PKI Guy, will be onsite reporting for Cyber Oregon.
  • RFPIO North Expo: 4428
  • Splunk North Expo: N6169
  • Symantec North Expo: 5645
  • Zscaler South Expo: 1055

Cyber Oregon will recap the highlights from RSA next week —stay tuned.

Cyber Oregon sponsor blog of interest