“It looks like any other Election Day, even any other Tuesday,” a senior CISA official said yesterday, as the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) executed a long-prepared national effort to secure the vote. CISA has for some time expressed the view that public engagement through the media and directly online make an important contribution to cybersecurity. Through Election Day CISA held a series of six online media briefings, the first at 9:30 AM Eastern time, the last at 11:30 PM Eastern time, providing updates on election security. The good news, repeated throughout the day, is that no major cybersecurity threats surfaced during the voting. Our summary of CISA's briefings may be found here.
Election security, deterrence by denial, and hunting forward. Data breach and ransomware updates. More on cyberstalking.
Senior officials at the US Cybersecurity and Infrastructure Security Agency (CISA) yesterday tentatively attributed the relative lack of foreign adversaries' action against US elections to "deterrence by denial," but they also credited US Cyber Command's "hunt forward" operations with having made a significant contribution to election security. The Washington Post quotes the Cyber Command head and Director NSA, General Paul Nakasone, as confirming that his organizations took unspecified action against Iranian actors after the threatening email campaign that tried to fly a false Proud Boys flag was determined to emanate from Tehran. CNN reports that "hunt forward" operations extended to Russia and China as well.
The Maze gang may have taken down its shingle, but the members of its affiliate network haven't been slow to adopt another ransomware strain. ZDNet says they're migrating to the ransomware-as-a-service option Egregor, itself a spinoff of Sekhmet. According to Devdiscourse, CERT-India has published an alert warning organizations in that country to expect a rise in Egregor infestations.
Data from the criminal data clearing house Cit0day, itself taken down in mid-September, has, ZDNet writes, leaked online, exposing some 26,000 hacked databases.
Two more former eBayers, both executives, were indicted yesterday on fifteen counts related to the alleged stalking, witness tampering, and destruction, alteration and falsification of records during the harassment of the EcommerceBytes mom-and-pop newsletter. James Baugh, formerly eBay's senior director of safety and security, and David Harville, formerly eBay's director of global resiliency, were two former executives named, the Silicon Valley Business Journal reports.
Today's issue includes events affecting China, the European Union, India, Indonesia, Iran, Japan, Poland, Romania, Russia, Thailand, and the United States.
Mandiant’s Sandra Joyce, Executive Vice President and Head of Global Intelligence will give a Threat Intelligence Briefing on November 19th. The briefing, hosted by Nextgov will address the state of the ransomware landscape, advanced persistent threat (APT) activity and the latest tactics, techniques and procedures (TTPs) used by adversarial groups. Immediately following the briefing, Dr. George Duchak, Chief Information Officer, Defense Logistics Agency will address risk management and defending against today’s threats from a government CIO’s perspective.
Tune in to hear government and industry leaders discuss what’s at stake for government agencies, from critical infrastructure to risk management.