Game source code sold online? Bloomberg renews claims of Chinese hardware backdoors. ICS advisories, notes. Bogus valentines.

Special Section

News on the Oldsmar, Florida, water treatment incident

The FBI hasn't had anything to say about the progress of its investigation into the Oldsmar water system cybersabotage incident (and neither have the Secret Service and local law enforcement authorities), but yesterday the Bureau did tweet renewed encouragement to "remind you how important cybersafety is to protecting the American public and U.S. critical infrastructure."

The FBI encouraged its Twitter followers to read the Cybersecurity and Infrastructure Security Agency's latest Alert on the incident. CISA offers a good bit of sound and generally applicable advice on digital hygiene and best security practices. One part of the agency's alert, however, is specific to water utilities and how they should secure their cyber-physical systems. "Install independent cyber-physical safety systems," CISA writes, explaining that "These are systems that physically prevent dangerous conditions from occurring if the control system is compromised by a threat actor." Such safety system controls would include the "size of the chemical pump, size of the chemical reservoir, gearing on valves," and "pressure switches, etc."

Other water systems reassure users that they're safe.

The Dayton Daily News says that the City of Dayton, Ohio, whose water system supplies more than four-hundred-thousand people in the city and surrounding county, thinks it's unlikely to suffer the same kind of attack seen in Florida. Dayton decided eight years ago that its water control systems would not be connected to the Internet, and that it uses teams of security watchstanders as well as redundant safety systems to protect its utility from sabotage.

Florida's Port Charlotte Sun reports that water systems in the southwestern part of the state tell the newspaper that they're unlikely to go the way of Oldsmar. "That’s because remote access at treatment sites is either nonexistent or limited to select administrators, and not to outside vendors, as was suggested in the Oldsmar data breach, locals officials say."

Wisconsin's Department of Natural Resources has joined its Massachusetts counterpart in urging local water systems to upgrade their cybersecurity, Government Technology reports. Wisconsin has six-hundred-eleven local water utilities, and the Department of Natural Resources urges them all to at least install firewalls and use strong passwords. That this advice would seem necessary is not particularly reassuring. That the state of Wisconsin alone has more than six-hundred local water systems suggests the extent of the security challenge, and the very large number of potentially vulnerable attack surfaces.

Lessons for critical infrastructure.

Mieng Lim, VP of product management at Digital Defense, Inc., wrote that Oldsmar should provide a lesson for other infrastructure sectors:

“The incident at the Oldsmar, Florida water treatment plant is a reminder that our nation’s critical infrastructure is continually at risk; not only from nation-state attackers, but also from malicious actors with unknown motives and goals. Our dependency on critical infrastructure – power grids, utilities, water supplies, communications, financial services, emergency services, etc. – on a daily basis emphasizes the need to ensure the systems are defended against any adversary. Proactive security measures are crucial to safeguard critical infrastructure systems when perimeter defenses have been compromised or circumvented. We have to get back to the basics – re-evaluate and rebuild security protections from the ground up.”

But other incidents of cybersabotage also have lessons for water utilities. Domain Tools' Joe Slowik, blogging about Oldsmar, reviews four other high-profile attacks that successfully hit control systems: the Stuxnet attack on Iranian uranium-enrichment centrifuges, the GRU's disruption of local Ukrainian power distribution in late 2015, Russia's repeat performance against the grid around Kiev in 2016, that time with Industroyer/CRASHOVERRIDE wiping, and 2017's Triton/Trisis attack on a Saudi petrochemical facility. All of these were at least to some extent successful, which the Oldsmar cybersabotage attempt was not, and all of the earlier attacks were evasive, which Oldsmar also was not.

"Overall, these four examples of high-profile, technically complex ICS attack scenarios emphasize a critical barrier to adversary success: the ability to evade, influence, or outright deny operator visibility into and control over ICS environments," Slowik writes. "In all four examples, the attacks required some mechanism to hide from operators or deny their ability to correct or mitigate changes made to operating parameters." That wasn't the case in Oldsmar. The attempt there was neither complex nor obscure. Water utilities and others may not be so fortunate the next time around.

Identifying and managing cyber risk to control systems.

The three vulnerabilities most often mentioned in connection with the Oldsmar cybersabotage have been password-sharing (a matter of cyber hygiene), use of beyond-end-of-life software (a patching and updating issue), and the use of TeamViewer for remote access to control systems. Jeremy Turner, Head of Threat Intelligence at Coalition, wrote to point out that TeamViewer is far from the only software used for remote access, and that, moreover, it's not even one of the less secure tools employed for that purpose:

“TeamViewer is the lightning rod in this story, but the reality is that it is just one tool on the cyber criminal’s toolbelt. It is likely that a separate malware infection scraped the TeamViewer credentials, which the threat actor then used to remotely access the system via TeamViewer. But TeamViewer is still more secure than other cybersecurity weak spots like RDP, since it doesn't present itself as an easily detectable signal.... TeamViewer is not the only technology in this category that gets used this way, but it's part of an attacker method known as ‘living off the land.’”

Chris Hickman, chief security officer at digital identity security vendor Keyfactor, reminds us that, with the industrial IoT, it's at least as important to authenticate devices as it is to authenticate users. "If your only line of protection is user authentication, it will be compromised. It's not necessarily about who connects to the system, but what that user can access once they're inside," he wrote. "If the network could have authenticated the validity of the device connecting to the network, the connection would've failed because hackers rarely have possession of authorized devices."

Summary

By the CyberWire staff

Computing reports that someone—it's not clear who—has purchased the source code for the Witcher and Cyberpunk 2077 that criminals stole in the course of hacking CD Projekt Red.

Bloomberg has returned to a 2018 story about Chinese-inserted hardware backdoors on Supermicro chips, doubling down on its earlier claim that the IT hardware supply chain has been compromised by Chinese intelligence services. The story is for the most part sourced to former US law enforcement and intelligence personnel.

It's a strong claim, and will require strong evidence for corroboration. The 2018 round of this particular story petered out in an atmosphere of general disbelief, but Bloomberg never retracted its report, and has now returned to it. Initial reaction to yesterday's story seems to have been wait-and-see skepticism. Dragos's CEO Lee's tweet is representative: "the burden of proof is on the journalists." We shall see.

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued new ICS security advisories, one for the Wibu-Systems CodeMeter, a second for Rockwell Automation DriveTools SP and Drives AOP, and a third for TCP/IP stacks embedded in a range of vendors' products.

Sunday is of course Valentine's Day, and the usual romance scams are coming. "Verify your Valentine," warn the putti over at US CISA. The US Federal Trade Commission says that exploitation of the lonely and the lovelorn took a record monetary toll last year (the emotional toll is unquantifiable) and that this year will be no better. Whatever you do, don't send money.

Get your message out to leaders in cyber by sponsoring the CyberWire!

Notes.

Today's issue includes events affecting Australia, China, India, Pakistan, Russia, and the United States.

Get 40% off on CyberWire Pro.

We'll be taking a break Monday as we observe the US Federal holiday of Presidents Day. But, as is the American custom with respect to holidays, we're offering a Presidents Day sale: it's your chance to accelerate your cybersecurity awareness and education. For one week only, our Daily Briefing and Week That Was subscribers can enjoy 40% off on their first year of an annual CyberWire Pro subscription. That includes exclusive content, live event participation, and access to our extraordinary amount of archives, all within one clean platform. This offer expires on February 19th and is for new customers only. Visit the CyberWire Pro page, select Annual Subscription, and enter code YDHVORO22L during checkout.

In the clear: what it’s like working as a woman in the cleared community.

This special edition podcast highlights three women, Priyanka, Ashley and Lauren, who chose to focus their careers in cybersecurity for the mission-based organization Northrop Grumman. Kathleen Smith from ClearedJobs.Net joins us as our panel moderator. The CyberWire's Jennifer Eiben hosts the event. We are excited to share this look into the world of women in cybersecurity. Listen here!

Sponsored Events

Virtual Cyber Security Summits - Upcoming Events February 11 & March 18 (Virtual, February 11 - March 18, 2021) Senior Level Executives are invited to the upcoming Virtual Cyber Security Summits! Learn from Industry Experts from The U.S. DHS, DOJ, Verizon, ExtraHop, Darktrace & more as they discuss the latest security challenges & develop cyber security battle plans in today’s unprecedented times. You will receive CPE / CEU credits by attending. Register for the upcoming event in your region! Free to register with code: CyberWire21 at CyberSecuritySummit.com

The Healthcare Cyber Security Summit - February 18, 2021, 12pm EST (Virtual, February 18, 2021) HUB Security is thrilled to invite you to the next Healthcare Cyber Security Summit. Join the discussion on IoMT, phishing, AI and confidential computing in healthcare. Keynote speakers from Intel, GE, ICON, H-ISAC, FN Bulovka, MedCrypt and NetApp. Free registration.

Try Harder: Penetration Testing, Web App Security, and Exploit Development (Virtual, February 25, 2021) What does it mean to Try Harder? Join Offensive Security’s Chief Content and Strategy Officer, Jim O’Gorman, as he discusses how to be at the top of your game in penetration testing, web app security, and exploit development. Register today!

Selected Reading

Dateline

Compromise of U.S. Water Treatment Facility (CISA) On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment plant. The unidentified actors used the SCADA system’s software to increase the amount of sodium hydroxide, also known as lye, a caustic chemical, as part of the water treatment process. Water treatment plant personnel immediately noticed the change in dosing amounts and corrected the issue before the SCADA system’s software detected the manipulation and alarmed due to the unauthorized change.

Cybercriminals are interested in your SCADA systems (Intel 471) Within the last year, Intel 471 has seen financially-motivated actors attempt to sell access to SCADA systems tied to water treatment plants.

Visibility, Monitoring, and Critical Infrastructure Security (DomainTools) Joe Slowik provides an overview of the Oldsmar incident and delivers defensive countermeasures and attack surface reduction recommendations.

Local water authorities insist we're secure from system hackers (Sun Newspapers) You wouldn’t think twice about sipping cool water from the kitchen tap.

Dayton’s drinking water systems have layers of security to curb hacking, officials say (Dayton Daily News) A cyber attack like one recently attempted in Florida, where a hacker tried to add dangerous levels of chemicals to the drinking water is unlikely to happen in Dayton and some local municipalities because the operation of their treatment plants isn’t connected to the internet, city officials said.

Wisconsin Agency Issues Alert After Florida Water System Hack (Government Technology) The state’s Department of Natural Resources urged municipal water systems to take steps to secure their computerized control systems, after hackers accessed and made changes to a water treatment system in Florida.

Cyber Attacks, Threats, and Vulnerabilities

The Long Hack: How China Exploited a U.S. Tech Supplier (Bloomberg) For years, U.S. investigators found tampering in products made by Super Micro Computer Inc. The company says it was never told. Neither was the public.

Pro-India hacking group expands mobile malware arsenal (CyberScoop) A pro-India hacking operation has used two kinds of mobile surveillance malware to spy on hundreds of victims for years, new research shows.

U.N. experts point finger at North Korea for $281 million cyber theft, KuCoin likely victim (Reuters) A preliminary United Nations inquiry into the theft of $281 million worth of assets from a cryptocurrency exchange last September "strongly suggests" links to North Korea - with industry analysts pointing to Seychelles-based KuCoin as the victim of one of the largest reported...

Krebs: More 'destructive,' 'brazen' attacks possible from Russia (FCW) The former CISA director's warning came during one of the first congressional hearings that largely focused on the SolarWinds Orion breach.

Supply chain security is actually worse than we think (ZDNet) Most enterprises have no clue they're sitting ducks for average attackers of moderate skill, much less nation state-backed adversaries with unlimited resources.

Software supply chain attacks – everything you need to know (The Daily Swig) The SolarWinds breach brought a dangerous attack vector to the fore, but supply chain attacks are far from a new phenomenon

ECU Worldwide chief confirms IT systems are down after 'cyber incident' (The Loadstar) The chief executive of ECU Worldwide has confirmed the company’s systems have been affected by a “cyber incident”. In a note to customers, Tim Tudor wrote: “Our online systems have been temporarily unavailable due to a cyber incident. “As a precautionary measure we have taken our systems offline. This includes emails. “Our IT team, along with a top independent global IT vendor, are in the midst of completing the requisite processes to get ...

Hackers auction alleged stolen Cyberpunk 2077, Witcher source code (BleepingComputer) Threat actors are auctioning the alleged source code for CD Projekt Red games, including Witcher 3, Thronebreaker, and Cyberpunk 2077, that they state were stolen in a ransomware attack.

Cyberpunk 2077 and Witcher 3 source code reportedly sold by CD Projekt Red hackers (Computing) It is not clear who purchased the data, how much they paid for it or even the currency they used

Malware slingers step up efforts to target gamers on Discord (The Daily Swig) Persistence of malicious links and lack of ‘report abuse’ button faulted by security researchers

Multiple Embedded TCP/IP stacks (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Multiple Equipment: Nut/Net, CycloneTCP, NDKTCPIP, FNET, uIP-Contiki-OS, uC/TCP-IP, uIP-Contiki-NG, uIP, picoTCP-NG, picoTCP, MPLAB Net, Nucleus NET, Nucleus ReadyStart Vulnerabilities: Use of Insufficiently Random Values

Rockwell Automation DriveTools SP and Drives AOP (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 Vendor: Rockwell Automation Equipment: DriveTools SP and Drives AOP Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability may result in privilege escalation and total loss of device confidentiality, integrity, and availability.

Wibu-Systems CodeMeter (Update E) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Wibu-Systems AG Equipment: CodeMeter Vulnerabilities: Buffer Access with Incorrect Length Value, Inadequate Encryption Strength, Origin Validation Error, Improper Input Validation, Improper Verification of Cryptographic Signature, Improper Resource Shutdown or Release 2.

Romance Fraud Scams Are On The Rise (Tessian) Cybercriminals target and trick people on social media and email using social engineering scams, posing as romantic interests.

Romance scams take record dollars in 2020 (Federal Trade Commission) They say love hurts.

Verify Your Valentine (CISA) This Valentine’s Day, before you go looking for love in all the wrong chat rooms, CISA reminds users to be wary of internet romance scams. At first, cyber criminals promise the reward of romance after adopting an alias to appear as a potential partner. Once your heart is hooked on hope, they turn the tables. The scammer with the illusive identity will ask for money, making promises of phony matrimony, as they finagle funds from you as a fake fiancée. If you don’t know who you are doting on when you are dating, be cautious with your cash and keep it.

20 Years After the Love Bug Virus: Too Many Phish in the Sea (Vade Secure) 20 years after Love Bug infected 50 million computers, phishing has morphed into other variants that exploit user emotions.

How scammers targeted Colorado’s unemployment system -- and what the state is doing about it (The Colorado Sun) Like many victims of unemployment fraud, Duane Thomas only learned that someone had used his identity to file for jobless benefits when a strange 1099-G tax document arrived in his mailbox last month. He reported the mistake in an online form provided by the state Department of Labor and Employment. Within about three weeks, the […]

QIMR Berghofer Medical Research Institute, Singtel caught up in Accellion breach (iTnews) Working to establish files accessed.

No evidence personal info stolen in Sask Polytech cyber attack: school officials (Global News) School officials say although they haven't found a motive for the Oct. 30 malware attack, they don't believe any personal information was compromised.

Security Patches, Mitigations, and Software Updates

Gmail iOS App Has Out of Date Warning After 2 Months of No Updates as Google Delays Privacy Labels [Updated] (MacRumors) Though Google has promised to update its suite of apps with App Privacy labels to comply with App Store rules that Apple began enforcing in December,...

Apple's Keeping Google's Prying Eyes Out Of iOS 14 (Gizmodo) The move is part of Apple's latest privacy push.

Patch now to stop hackers blindly crashing your Windows computers (Naked Security) Patch early, patch often. In fact, patch now if you haven’t already. Here’s why.

Cyber Trends

Cyber Warfare: Report on 2020 Shows Triple-Digit Increases Across All Malware Types (Yahoo) A study reports on the hundreds of millions of attempted cyber-attacks that occurred in 2020 showing malware increased by 358% versus 2019.

Rising Security Concerns in the Telecom Industry (SecurityHQ) Protecting telecom infrastructure is far from easy. Threat actors will continue to exploit vulnerabilities.

Successful BEC attacks become 56% more costly (Help Net Security) BEC attacks that sought wire transfers from victim companies sought an average of $75,000, making them very successful, according to Agari.

Hybrid cloud is critical to meeting global business needs (NTT) NTT's 2021 Hybrid Cloud Report highlights the critical need for business agility, and how hybrid cloud has helped businesses achieve this. Read more

Marketplace

Funds advised by Apax to acquire Herjavec Group (PR Newswire) Funds advised by Apax Partners (the "Apax Funds") today announced the signing of a definitive agreement to acquire a majority stake of Herjavec...

Cyren Announces $13.8 Million Registered Direct Offering of Ordinary Shares (Yahoo) Cyren (NASDAQ:CYRN), a provider of email security and threat intelligence solutions, today announced that it has entered into securities purchase agreements with several institutional investors for the purchase and sale, in a registered direct offering, of 12,000,000 of its ordinary shares at a purchase price of $1.15 per share for gross proceeds of $13.

Program administrator adds cyber underwriters (Business Insurance) Specialty program administrator Dual North America Inc. said Thursday it had expanded its cyber liability underwriting unit, adding two senior cyber underwriters from Chubb Ltd. and Axa XL, a division of Axa SA.

Google partners brace for hit as search giant threatens Australia exit (ETCIO.com) Google said it would likely pull its core search function from Australia if the government pushes ahead with a plan to require it and Facebook to pay ..

Akamai CEO on Pivot From Web to Cloud Security (Yahoo) Tom Leighton, chief executive officer of Akamai Technologies Inc., says the time has come to bring all of the security products together in one group. He speaks on "Bloomberg Markets: The Close."

Akamai cuts 2 percent of workforce as part of reorganization around security business (Boston Globe) The Cambridge-based company reported on Tuesday that revenue from its security business topped $1 billion over the last year, growing over 25 percent from the year prior.

Microsoft’s $10-Billion Secret: 6 Fun Facts about its Security Business (Cloudwars) On the Jan. 27 earnings call, Satya Nadella casually mention that Microsoft’s security business did more than $10 billion in revenue in 2020.

Major Hospitals Form Company to Capitalize on Their Troves of Health Data (Wall Street Journal) A group of major hospital systems is launching a company to pull together and sell access to anonymized data on their millions of patients for uses including research and drug development.

Ivanti Announces Erik Randles as New SVP, Global Channels and Alliances (BusinessWire) Ivanti, Inc., the automation platform that makes every IT connection smarter and more secure, today announced the appointment of Erik Randles, the com

Coalfire Federal Names Stuart Itkin to Lead CMMC Assurance Practice (PR Newswire) Coalfire Federal, a leading cybersecurity services provider to the federal government and Defense Industrial Base (DIB), today announced the...

Bryan S. Ware Joins LookingGlass Advisory Board (Citybizlist) LookingGlass Cyber Solutions, a leader in operationalizing threat intelligence, announced the appointment today of Bryan S. Ware to its Advisory Board. Ware brings extensive government and business experience, with a particular focus on infrastructure security and policy.

Products, Services, and Solutions

Latest Release of Tripwire Configuration Manager Delivers Increased Protection (Tripwire) Service expands support across three major cloud service providers and offers storage configuration monitoring.

Demetics Protects AI-Based Medical Innovation with Intel SGX (Intel Newsroom) What’s New: Demetics Medical Technology Co. Ltd. is using Intel® Software Guard Extension (Intel® SGX) and Intel® oneAPI Math Kernel Library (oneMKL) to

BlackBerry Bolsters Embedded Software Portfolio with Release of QNX Hypervisor 2.2 (BlackBerry) BlackBerry today announced the release of QNX® Hypervisor 2.2, the latest edition of the company’s real-time embedded hypervisor product.

Cybersecurity and MSP Market Leaders Bring Their Expertise to CompTIA ISAO (Telecom Reseller) Executives from companies and organizations at the forefront of the cybersecurity and managed services technology markets have been named to the inaugural Executive Advisory Council (EAC) of the CompTIA Information Sharing and Analysis Organization (ISAO).

IDX Announces Cybersecurity Healthcheck for Organizations in Conjunction with No-Cost Data Breach Services Agreement (PR Newswire) Today IDX, the leading digital privacy platform and data breach services provider, announces its Cybersecurity Healthcheck, a complimentary...

Barracuda Networks launches new version of email threat scanner (Hindu Businessline) This would enable in detecting cyber attacks better

KnowBe4 Releases Comprehensive Guide to Fight Phishing and Social Engineering (PR Newswire) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced that it has released...

HALOCK And Spirion Partner To Solve Vexing Privacy Compliance Issue (PR Newswire) HALOCK, an information security professional services firm in the Chicago area, has partnered with an industry-leading data protection vendor,...

File Shredding Software by Jetico Saves Time with Intuitive Interface (BusinessWire) BCWipe version 7, Jetico’s file shredding software, now saves time with an intuitive and streamlined interface.

Syniverse and Minu Launch Verified SMS in Brazil (Valdosta Daily Times) Syniverse, the most connected company in the world, has launched, together with Minu, previously known as Minutrade, its first Verified short message service (SMS) project in Brazil. The collaboration between the two companies will allow Minu to send SMS messages with an additional layer of verification, which gives its customers more confidence in interacting with its brand through text Messages by Google.

Technologies, Techniques, and Standards

Is it Time to Update Your Cyber Insurance Strategy? (Security Boulevard) If anything, 2020 was about preparing for – well, everything. This includes cyberthreats, which have risen sharply in the pandemic era. In 2021, rethinking your cyber insurance strategy should be a top priority for CISOs and executive leadership.

Research and Development

NAVWAR looking for emerging cyber research and development (C4ISRNET) Naval Information Warfare Systems Command looks to industry to fill gaps in cyber warfare weapon systems.

Machines Are Inventing New Math We've Never Seen (Vice) Pushing the boundaries of math requires great minds to pose fascinating problems. What if a machine could do it? Now, scientists created one that can.

Legislation, Policy and Regulation

Microsoft president Brad Smith explains backing of Australia's proposed media laws (CRN Australia) Company president Brad Smith argues in favour of measures.

Microsoft: U.S. should consider Aussie law vexing Facebook, Google (Axios) "I would be the first to acknowledge that we recognize that this is an opportunity to combine good business with a good cause," Microsoft President Brad Smith told Axios.

Analysis | The Cybersecurity 202: Biden will sign an executive order to fuel the U.S. semiconductor industry (Washington Post) The proposed order comes amid a broader review of Trump's crackdown on Chinese technology.

U.S. chip industry calls on Biden administration to fund factories (Reuters) A group of U.S. chip companies on Thursday sent a letter to President Joe Biden urging him to provide "substantial funding for incentives for semiconductor manufacturing" as part of his economic recovery and infrastructure plans.

How the Biden administration can avoid another SolarWinds attack (C4ISRNET) We need better cybersecurity requirements in general for all government contractors and suppliers.

White House names leader for SolarWinds hack response after criticism (C4ISRNET) The Biden administration named a top National Security Council official as the leader following lawmakers' complaints of a disjointed response.

Experts Tell Lawmakers to Give CISA 'Operational' Federal Information Security Role (Nextgov.com) Former CISA director Chris Krebs said government contracts also need to change in order to facilitate cross-agency information sharing.

DHS agency should defend all federal computer networks, experts say (Roll Call) The Cybersecurity and Infrastructure Security Agency should have more clout and greater authority over all civilian agency computer networks, officials say.

Lawmakers concerned CISA lacks ‘centralized visibility’ to hunt agency cyber threats (Federal News Network) The Biden administration is touting a whole-of-government approach to cybersecurity that leading members of Congress has stressed for years.

Rep. Jim Langevin Lays Out Priorities as Chairman of New House Cyber Subcommittee (Executive Gov) Rep. Jim Langevin, D-R.I., will serve as chairman of the newly established panel within the House Ar

Katko calls for bipartisanship on cyber issues as threats intensify (TheHill) Rep. John Katko (R-N.Y.) says he is looking to shine a bipartisan spotlight on cybersecurity concerns as the newly appointed ranking member of the House Homeland Security Committee.

China Supply Chain, Backdoor Money ‘Huge Priority’ For Biden Pentagon (Breaking Defense) "What is clear is that this issue of technology competition is of increasing importance in the US / China relationship" SecDef advisor Ely Ratner said, and it is "a huge priority for the administration."

Huawei suppliers push to reverse Trump's last minute blows (Reuters) Semiconductor firms are seeking extra time to appeal last-minute Trump administration moves to block sales to Chinese telecoms company Huawei, hoping against the odds that the Biden administration will reverse course, five sources said.

Biden Admin. Looks To Pause WeChat, TikTok Shutdown Bids (Law360) The Biden administration is pausing federal efforts to remove the Chinese social media applications WeChat and TikTok from U.S. networks.

Will the FCC relent on Huawei ‘national security threat’ label? (Totaltelecom) Huawei is once again challenging the Federal Communication Commission (FCC)’s decision to designate them a threat to national security, after multiple failed appeals

How tweets poison a leader from the get-go (Federal News Network) OMB nominee Neera Tanden learns the hard way how being anti on social media can come back to bite.

Baltimore County Board Of Education Approves Contracts After Ransomware Cyber Attack (CBS Local Baltimore) The Baltimore County School Board has approved nearly $2 million in contracts in connection to the aftermath of the ransomware cyber attack in November 2020.

Litigation, Investigation, and Enforcement

US Coast Guard orders maritime facilities to report SolarWinds breaches (BleepingComputer) The U.S. Coast Guard (USCG) has ordered MTSA-regulated facilities and vessels using SolarWinds software for critical functions to report security breaches in case of suspicions of being affected by the SolarWinds supply-chain attack.

Huawei Says Feds Are Withholding Exculpatory Evidence (Law360) Huawei Technologies Co. Ltd. says federal prosecutors are withholding exculpatory evidence from the company in its case accusing the Chinese telecommunications giant of bank fraud and violating U.S. sanctions, as well as racketeering and trade secret theft charges.

WSJ News Exclusive | GameStop Mania Is Focus of Federal Probes Into Possible Manipulation (Wall Street Journal) The U.S. Justice Department has subpoenaed information from Robinhood Markets and others.

Meghan Markle Gets Privacy Win In Battle With Daily Mail (Law360) The Duchess of Sussex won her privacy and copyright case on Thursday against a British tabloid that published a letter she penned to her father, as a London court rejected the Daily Mail's claim that its coverage was in the public interest.

Facebook has doubled bullying and harassment takedowns since last year (The Verge) It attributes the change to AI improvements.

No Catch: Facebook Moved to Claim Domains Used For Employee Cybersecurity Training - Tech (LawStreetMedia) Law Street provides accessible, client-focused legal news designed to inform readers and connect lawyers with the legal needs in their field.

Man Pleads Guilty to Stealing Nude Photos of Dozens of Victims (US Department of Justice) A New York man pleaded guilty Monday to computer fraud and aggravated identity theft related to his hacking of online social media accounts and theft of nude images of dozens of female victims.

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Risk Series: Data Ethics & Emerging Trends (Virtual, February 17, 2021) Register today for The Risk Institute's next webinar on February 17th on Business Data Ethics Management. This webinar will feature Dennis Hirsch, Professor of Law and Faculty Director of the Program on Data and Governance and Aravind Chandrasekaran, Associate Dean of Executive Education at Fisher College of Business, as they discuss their recently completed research on this topic. Business data ethics management addresses the risks that corporate use of advanced analytics and AI can create. This makes it a form of risk management for the algorithmic economy. Be sure to join on February 17th for clear takeaways from our speakers.

upcoming Events

The Healthcare Cyber Security Summit - February 18, 2021, 12pm EST (Virtual, February 9 - 17, 2021) HUB Security is thrilled to invite you to the next Healthcare Cyber Security Summit. Join the discussion on IoMT, phishing, AI and confidential computing in healthcare. Keynote speakers from Intel, GE, ICON, H-ISAC, FN Bulovka, MedCrypt and NetApp. Free registration.

Women Unite Over CTF 3.0 (Virtual, February 13, 2021) Registration and sponsorship opportunities for “Women Unite Over CTF 3.0,” the popular Capture the Flag (CTF) for women and non-binary persons, is now open. On-going, live instruction helps beginners successfully complete their first CTF. Advanced infosec professionals can earn points through challenges on Point3 Security’s award-winning ESCALATE platform.

M3AAWG 51st General Meeting (Virtual, February 15 - 18, 2021) The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), the largest global industry association working against online exploitation, will host its 51st General Meeting from February 15-18, 2021. In M3AAWG's third virtual event, representatives from over 200 member companies, including Google, Verizon, Twitter, Comcast, AT&T and Microsoft, will discuss prominent cybersecurity issues and establish approaches to combat major threats. M3AAWG's 51st General Meeting will bring together industry experts and leaders from internet service providers, email service providers, social networking companies, software and hardware vendors to advance knowledge around evolving online abuse. Sessions explore timely topics, including NIST's new method to combat phishing, the adoption of TLS 1.3, fighting smishing in the UK, DDoS attack backtracking strategies and much more.

SoCal Cyber Cup Challenge (SCCC) (Virtual, February 15 - May 31, 2021) Now in its 12th year, the SoCal Cyber Cup Challenge (SCCC) is a cybersecurity competition for middle school, high school, and community college students in the Southern California region, started by NDIA San Diego. Supported by a Department of Defense grant, this year’s competition will include community college students and extensive training for competitors and their mentors. As part of the grant, faculty from Coastline College, Palomar College, and Riverside City College will be supporting the challenge by developing mentor training content and promoting the competition.

Battling the Infodemic: Covid-19 Mis- and Disinformation (Virtual, February 16, 2021) Please join Pitt Cyber for a timely conversation about how mis- and disinformation could jeopardize control of the pandemic. Disinformation and medical experts will discuss what’s happening, what to expect, and what we can do.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listens all over the world, companies trust the CyberWire to get the message out. Learn more.