"Evil mobile emulator farm." Unlawful intercept? SVR cyberespionage campaign looks worse. Notes on the near future.

Dateline

50% of U.S. tech execs say state-sponsored cyber warfare their biggest threat: CNBC survey (CNBC) A new CNBC survey found that most tech execs believe state-sponsored cyber attacks are the biggest threat to their company and should be Biden's top priority.

Big tech versus regulation - the start of an interesting decade (Computing) An almighty battle is brewing over control and sovereignty of citizens' data

Cybercriminals aim to cash in on Internet-shopping frenzy during pandemic (Arab News) With more people than ever choosing to do their holiday shopping online because of the coronavirus pandemic, cybersecurity experts warn that criminals are also out in force in the digital marketplace and advise shoppers to be particularly careful.

Covid-19 has created new jobs — for scammers preying on the unemployed (Washington Post) FTC and state law enforcement agencies are cracking down on employment, multi-level marketing, work-at-home and investment scams that cost consumers at least $150 million so far this year

Two Cybersecurity Threats Retailers Should Watch Out for During the 2020 Holiday Season (Infosecurity Magazine) Unless a retailer understands how these attacks work and how to preve them, it will affect sales.

Fake delivery notices imitating Amazon, UPS, FedEx surge during biggest online shopping season ever (CNBC) As online shopping sees its biggest season ever, hackers are sending fake delivery notices impersonating Amazon, UPS and FedEx, with scams up 72% from last year

Cyber Attacks, Threats, and Vulnerabilities

What we know – and still don’t – about the worst-ever US government cyber-attack (the Guardian) Nearly a week after federal agencies were targeted, investigators are still unclear on what information may have been stolen

The SolarWinds cyberattack: The hack, the victims, and what we know (BleepingComputer) Since the SolarWinds supply chain attack was disclosed last Sunday, there has been a whirlwind of news, technical details, and analysis released about the hack. Because the amount of information that was released in such a short time is definitely overwhelming, we have published this as a roundup of this week's SolarWinds news.

Russia has allegedly hit the US with an unprecedented malware attack: Here's what you need to know (CNET) Blamed on Russia, the hack infiltrated federal agencies, including homeland security and nuclear programs. Microsoft and other companies are victims too.

[Updated 12.19.20] Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations (CISA) This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 8 framework. See the ATT&CK for Enterprise version 8 for all referenced threat actor tactics and techniques.

Second hacking team was targeting SolarWinds at time of big breach (Reuters) A second hacking group, different from the suspected Russian team now associated with the major SolarWinds data breach, also targeted the company's products earlier this year, according to a security research blog by Microsoft.

Hackers last year conducted a 'dry run' of SolarWinds breach (Yahoo) Hackers who breached federal agency networks through software made by SolarWinds appear to have conducted a test run of their broad espionage campaign last year, sources with knowledge of the operation said.

Early signs of a US government hack emerged months ago but were inconclusive (CBS58) US officials monitoring for cyber threats to the nation's critical infrastructure became aware several months ago of suspicious activity ...

Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers (Microsoft Security) We, along with the security industry and our partners, continue to investigate the extent of the Solorigate attack. While investigations are underway, we want to provide the defender community with intelligence to understand the scope, impact, remediation guidance, and product detections and protections we have built in as a result. While the full extent of…

How to Understand the Russia Hack Fallout (Wired) Not all SolarWinds victims are created equal.

'Powerful tradecraft': How foreign cyberspies compromised America (The Japan Times) Officials and researchers believe at least half a dozen U.S. agencies have been infiltrated and thousands of firms hit with malware in what may be one of the biggest hacks ever uncovered.

Suspected Russian cyber-attack growing in scale, Microsoft warns (the Guardian) Government agencies around world among targets in SolarWinds ‘espionage-based’ hack

US cyber-attack: Around 50 firms 'genuinely impacted' by massive breach (BBC News) The expert whose company uncovered the hack also backs US officials' view that Russia was behind it.

At Least 200 Victims Identified in Suspected Russian Hacking (Bloomberg) Number expected to increase as investigations continue. Trump downplays severity of attack, suggests China involved.

At Least 200 Organizations Were Actively Intruded On In SolarWinds Hack: Bloomberg (Yahoo) Bloomberg reported this afternoon that some 200 organizations have been identified as victims in the huge suspected Russian cyberattack that came to light on Monday.What Happened: The hack took advantage of a backdoor in network software made by SolarWinds Corp (NYSE: SWI). to hit government agencies and companies, including the U.S. Commerce and Treasury departments.

Cisco Latest Victim of Russian Cyber-Attack Using Solar Winds (vizaca) It was clear from the start of an online attack by suspected Russian-led terrorists targeting large U.S. government offices will be bad.

Cisco Latest Victim of Russian Cyber-Attack Using SolarWinds (Bloomberg) Corrupted software found in a few labs, worker devices. No known impact to Cisco offers or products, company says.

Hackers' broad attack sets cyber experts worldwide scrambling to defend networks (Reuters) Suspected Russian hackers who broke into U.S. government agencies also spied on less high-profile organizations, including groups in Britain, a U.S. internet provider and a county government in Arizona, according to web records and a security source.

'Deeply damaging and dangerous:' List of victims of the Russian-linked SolarWinds hack keeps widening (Fnancial Post) The reality of just how sprawling — and potentially damaging — the breach might become is coming into focus

SolarWinds cyber attack is ‘grave risk’ to global security (ComputerWeekly) More victims of the SolarWinds Orion Sunburst cyber attack are being identified as the massive scale of the Russia-linked cyber espionage campaign becomes more clear.

SolarWinds hackers broke into U.S. cable firm and Arizona county, web records show (Reuters) Suspected Russian hackers accessed the systems of a U.S. internet provider and a county government in Arizona as part of a sprawling cyber-espionage campaign disclosed this week, according to an analysis of publicly-available web records.

Massive cyberattack grows beyond US, heightening fears (Live Mint) Microsoft said late Thursday that it had notified more than 40 customers hit by the malware which security experts say came from hackers linked to the Russian government and which could allow attackers unfettered network access

Continuous Eruption: Further Analysis of the SolarWinds Supply Chain Incident (DomainTools) Based on additional information released by multiple parties as well as independent DomainTools analysis, this blog adds to and updates the scope and learnings.

NSA warns defense contractors of potential SolarWinds fallout (CyberScoop) In a Thursday alert, the NSA drew a tentative link between an ongoing Russian state-sponsored hacking campaign and the SolarWinds breach.

NSA warns of federated login abuse for local-to-cloud attacks (ZDNet) The US National Security Agency describes two techniques abused in recent attacks for escalating attacks from local networks to cloud infrastructure.

Microsoft has discovered yet more SolarWinds malware (TechRadar) The SolarWinds fallout continues as Microsoft reveals more

Security experts are 'freaking out' about how foreign hackers carried out the 'most pristine espionage effort' in modern history right under the US's nose (Yahoo) "This could just be the tip of the iceberg," said a former NSA analyst. "No one had a solution to preventing an attack like this and here we are."

SolarWinds Hack a 'Gamechanger' for Cyber Security: Wedbush (TheStreet) 'The attack highlights a massive TAM [total addressable market] for cyber security,' says Wedbush analyst Daniel Ives.

SolarWinds Orion Supply Chain Attack (Radware) FireEye published their analysis of what turned out to be a global intrusion campaign, a supply chain attack "trojanizing" SolarWinds Orion software updates performed by an advanced and sophisticated threat actor and that distributes a backdoor dubbed SUNBURST.

The FireEye Hack: Insights Into Stolen Red Team Tools (Radware) On December 1st, FireEye CEO Kevin Mandia announced that the company was hacked by what they believe was a sophisticated threat actor, one whose discipline, operational security and techniques lead them to believe it was a state-sponsored adversary.

How Russian spy games moved online: Massive breach shows how espionage is carried out in the 21st century (USA TODAY) The suspected Russian cyber infiltration of the U.S. government and private companies was 21st century espionage, cybersecurity researchers say.

FireEye Security Breach Blamed on Nation-State Hackers From a Country With “Top-Tier Offensive Capabilities” (CPO) Cybersecurity firm FireEye, which is trusted by large corporations and U.S. federal government agencies, was hacked by a highly sophisticated threat actor, who made off with its hacking tools.

Banks on Alert After Sweep Finds No Evidence of Major Hack (Bloomberg) Industry group says none of its members report being targeted. ‘Wake-up call’ for finance firms growing reliant on the cloud.

When Fancy Bear isn’t so Fancy: APT group’s ‘crude’ methods continue to work (CyberScoop) While the cybersecurity industry marvels at the sophistication of the suspected Russian hackers who breached contractor SolarWinds and multiple federal agencies, another set of alleged Russian operatives continues to succeed with far less advanced techniques in their espionage campaigns.

CVE-2020-25860 - Significant vulnerability discovered in RAUC embedded firmware update framework (VDOO) Vdoo’s security research teams are constantly researching leading embedded devices and their supply chain. As part of this research, we discovered CVE-2020-25860, a potentially critical vulnerability with CVSSv3 8.8 score in RAUC, an open-source framework for firmware updates.

Leaked Documents Show How China’s Army of Paid Internet Trolls Helped Censor the Coronavirus (ProPublica) As the coronavirus spread in China, the government stage-managed what appeared on the domestic internet to make the virus look less severe and the authorities more capable, according to thousands of leaked directives and other files.

“Evil mobile emulator farms” used to steal millions from US and EU banks (Ars Technica) Scale of operation is unlike anything researchers had seen before.

A Massive Fraud Operation Stole Millions From Online Bank Accounts (Wired) The crooks used emulators to mimic the phones of more than 16,000 customers whose mobile bank accounts had been compromised.

NSO spyware used iMessage bug to spy on journalists’ iPhones (TechCrunch) Citizen Lab said Saudi Arabia and the United Arab Emirates were likely behind the attacks.

State actors hacked iPhones of dozens of Al Jazeera journalists using Israeli spyware (Computing) The spyware exploited an iMessage vulnerability in iOS

Dozens of Al Jazeera journalists allegedly hacked using Israeli firm's spyware (the Guardian) Citizen Lab researchers say cyber-attack using NSO Group software likely ordered by Saudia Arabia and UAE

The Great iPwn: Journalists Hacked with Suspected NSO Group iMessage 'Zero-Click' Exploit (The Citizen Lab) Government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The journalists were hacked by four Pegasus operators, including one operator MONARCHY that we attribute to Saudi Arabia, and one operator SNEAKY KESTREL that we attribute to the United Arab Emirates.

Microsoft president slams NSO over rising cyberattacks (Globes) Brad Smith: NSO represents the increasing confluence between sophisticated private-sector technology and nation-state attackers.

TA505’s modified loader means new attack campaign could be coming (Intel 471) TA505's Get2 Loader has sprung back into operation, possibly signaling that the group is ready for a new round of malicious activity.

China 'using Caribbean networks to spy on US&' - report (Telecompaper) China has allegedly used mobile phone networks in the Caribbean to conduct mass surveillance of US mobile phone subscribers, according to a mobile network security expert cited by The Guardian. Mobile security analyst Gary Miller, founder of cyberthreat research and media firm Exigent Media, said signals data shows that China is using state-controlled mobile phone operator China Unicom to direct signalling messages to US subscribers, usually while they are travelling abroad. According to Miller, tens of thousands of US mobile users were affected by the alleged attacks emanating from China

Revealed: China suspected of spying on Americans via Caribbean phone networks (the Guardian) Security expert claims Chinese surveillance may have affected tens of thousands of Americans

Irony Alert: What if China taps open RAN to breach networks? (FierceWireless) It would be ironic if countries worked so hard to expunge all Huawei and ZTE gear from their networks, only to have China gain a backdoor to these same networks via open source.

Bouncy Castle Bug Puts Bcrypt Passwords at Risk (Infosecurity Magazine) Bouncy Castle Bug Puts Bcrypt Passwords at Risk. Authentication bypass flaw found in popular Java crypto library

Dark web vendors are selling shady coronavirus 'vaccines' for $300, and there's been an uptick in listings since the FDA authorized Pfizer's shot (Business Insider) Researchers at Check Point did not verify whether the dark-web vaccines were fake, but details in ads suggested the items were not genuine.

E-banking scams take new guise (Bangkok Post) The Royal Thai Police is intensifying its hunt for Thai and foreign criminals who run scam call centres that send fake SMS messages to trick victims into replying with their bank account details.

“Is it you in the video?” – don’t fall for this Messenger scam (Naked Security) If a friend asks “is it you in the video”, don’t be in hurry to find out!

Cyberpunk 2077 Headaches Grow: New Spyware Found in Fake Android Download (Threatpost) Threat actors impersonate Google Play store in scam as Sony pulls the game off the PlayStation store due to myriad performance issues.

Is Fortnite Safe for Kids? (Hacked) If you're worried about the dangers of your child's favourite game, this article will expose the problems with Fortnite: Battle Royale.

Database containing personal information of over 270,000 Ledger customers released on RaidForums (The Block) A database containing the personal information of over 270,000 Ledger customers has been published on RaidForums, a marketplace for buying, selling, and

Ledger users threaten legal action after hacker dumps personal data (Cointelegraph) A hacker made the physical addresses and personal information of potentially thousands of Ledger wallet users public today, prompting many to question how the company will handle such a breach.

Treck TCP/IP Stack (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely Vendor: Treck Inc. Equipment: TCP/IP Vulnerability: Heap-based Buffer Overflow, Out-of-bounds Read, Out-of-bounds Write The Treck TCP/IP stack may be known by other names such as Kasago TCP/IP, ELMIC, Net+ OS, Quadnet, GHNET v2, Kwiknet, or AMX.

Cyber Trends

Cybersecurity threatscape: Q3 2020 (Positive Technologies) The number of attacks grew by 2.7 percent in Q3 compared to Q2, and by 54 percent compared to Q3 2019. Explosive growth in attacks, seen earlier this year during the start of the COVID-19 pandemic, has begun to slow. But quarter-over-quarter growth in the number of incidents continues.

Mårten Mickos, CEO at HackerOne: Attitudes towards the ethical hacking community are changing – about time too (TechRound) No-one could have predicted the path 2020 took and the subsequent acceleration in digital transformation for businesses. This year we...

Bugcrowd Report Shows Marked Increase in Crowdsourced Security (Security Boulevard) A recent survey from Bugcrowd shows a marked increase in crowdsourced vulnerability assessments in response to the COVID-19 pandemic.

Marketplace

The Institute for Security and Technology (IST) Launches Multi-Sector Ransomware Task Force (RTF) (Institute for Security and Technology (IST)) The Institute for Security and Technology (IST) — in partnership with a broad coalition of experts in industry, government, law enforcement, nonprofits, cybersecurity insurance, and international organizations — is today launching a new Ransomware Task Force (RTF) to tackle this increasingly prevalent and destructive type of cybercrime.

BlueHalo, an Arlington Capital Partners Portfolio Company, Announces the Acquisitions of Base2 Engineering and Fortego in Cyber and SIGINT Portfolio Expansion (BusinessWire) Arlington Capital Partners (“Arlington”) today announced that its portfolio company, BlueHalo (the “Company”), a leading provider of advanced engineer

Russian Hackers Thrust Texas Company SolarWinds Into the Spotlight (Texas Monthly) The Austin firm whose software has become nearly ubiquitous in the networks of the federal government and Fortune 500 companies reportedly left its clients vulnerable.

PDI Acquires Cybera and ControlScan Managed Security Services, Expanding into Cloud Security (BusinessWire) The acquisition complements PDI’s industry-focused cloud product strategy and delivers a fully managed, cloud-based network security solution.

FireEye, CrowdStrike, and Other Security Stocks Rally on SolarWinds Hack (Barron's) SolarWinds has said that close to 18,000 customers were left vulnerable in the incident that has affected a range of U.S. government agencies as well as commercial clients.

FireEye, Crowdstrike enjoy record days as SolarWinds hack leads to soaring security stocks (MarketWatch) Security-software stocks soared Friday, as investors bet that the fallout from one of the most devastating hacks in U.S. history will lead to increased...

Palo Alto Networks Jumps as Company Details Failed Cyberattack on Its Network (Stansberry Research) One network security company successfully blocked the "SolarStorm" cyberattack...

KnowBe4 is not a SolarWinds Orion Customer (KnowBe4) KnowBe4 is not a SolarWinds Orion Customer

Why IBM Is Buying Expertus Technologies (Pulse 2.0) IBM (NYSE: IBM) recently announced that it is buying Montreal-based fintech company Expertus Technologies. These are the details.

MicroStrategy just raised $650M — and it's investing it all in Bitcoin (Washington Business Journal) The company's CEO has become increasingly vocal about the cyrptocurrency in recent months.

MicroStrategy Bitcoin buy a groundbreaking approach to corporate treasury (Brave New Coin) In the world of software for corporations, Business Intelligence systems rival spreadsheets in terms of their vanilla, non-controversial status. So why is one of the world’s biggest makers of BI solutions buying bitcoin as fast as it can be mined? The answer could be that MicroStrategy’s founder Michael Saylor can read the writing on the wall.

PerimeterX Protects Over $12 Billion in E-commerce Revenue During Cyber 5, Processes Record Numbers of Requests (PerimeterX) During Cyber 5 holiday shopping period, PerimeterX protected over $12 billion in e-commerce revenue and processed a record numbers of requests.

Redspin, a Division of CynergisTek, Announces Approval to Perform Work for 300,000 Suppliers to the Defense Industrial Base Significantly Expanding Addressable Market (BusinessWire) Redspin, a division of CynergisTek is one of only a handful of organizations accepted into the CMMC C3PAO and RPO programs.

UKHO awards £30m contract to Leidos Innovations for ARDS project (Government Computing) The UK Home Office (UKHO) has awarded a £30m contract to Leidos Innovations for providing managed service for its Agile Data Retention and Disclosure Service (ARDS) project.

Facebook’s Laughable Campaign Against Apple Is Really Against Users and Small Businesses (Electronic Frontier Foundation) Facebook has recently launched a campaign touting itself as the protector of small businesses. This is a laughable attempt from Facebook to distract you from its poor track record of anticompetitive behavior and privacy issues as it tries to derail pro-privacy changes from Apple that are bad for...

Shadowserver Partnership Interview (Avast) Avast CISO Jaya Baloo and Richard Perlotto, Director and Founder of The Shadowserver Foundation explain why cybersecurity partnerships help defenders fight off attempts to spread malware.

Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity (PR Newswire) Trend Micro Incorporated (TYO: 4704; TSE: 4704), the leader in cloud security, today announced the winners of its global Capture the Flag (CTF)...

As NSS Labs’ door closes another opens for community driven standards and testing - VanillaPlus - The global voice of Telecoms IT (VanillaPlus) NSS Labs, a product security testing company, recently ceased operations. This comes just a year after the company was quietly acquired by private equity f

John Kelly, ‘Father’ Of Watson Computer, Retires From IBM (CRN) IBM veteran John Kelly III, 'father' of the Watson computer, is retiring from the company.

MobileIron CEO, CFO, other execs won't join Ivanti upon acquisition (Silicon Valley Business Journal) A new layoff notice shows that 75 Mountain View-based MobileIron employees — including the company's CEO, CFO and other executives — won't be joining Ivanti upon its acquisition of MobileIron.

Deep Instinct appoints Ryan Shopp as chief marketing officer (Help Net Security) Deep Instinct announced that Ryan Shopp has been named to the newly created position of chief marketing officer.

Former FBI Supervisory Special Agent, John Caruthers Joins EVOTEK's Cybersecurity team (PR Newswire) EVOTEK (www.evotek.com), the nation's premier enabler of secure digital business, announced that it has hired former FBI Supervisory Special...

Products, Services, and Solutions

Rapid7 Partners with SCADAfence to Provide Deep Visibility into Operational Technology Assets in Hybrid Environments (Global Banking & Finance) Rapid7, Inc. (NASDAQ: RPD), a leading provider of security analytics and automation, today announced a partnership with SCADAfence, a market leader in industrial cybersecurity, to provide security and Operational Technology (OT) teams broader and deeper visibility into traditional IT and IoT/OT devices co-located in manufacturing and critical infrastructure environments. This […]

Elcomsoft Doubles Password Recovery Speeds with NVIDIA Ampere, Breaks Jetico BestCrypt Containers (PR Newswire) ElcomSoft Co. Ltd. updates Elcomsoft Forensic Disk Decryptor, Advanced Office Password Recovery and Elcomsoft Distributed Password Recovery...

Cofense Unveils Automated Phishing Detection and Response Capability (BusinessWire) The addition of an Auto Quarantine feature in Cofense Vision identifies and automatically removes malicious emails from recipients’ inboxes.

StrikeForce Unveils SafeVchat Delivering First Fully Secure Video Conferencing Platform (GlobeNewswire) Built by US Cybersecurity Experts, New Service Safeguards Against Data & Privacy Vulnerabilities in all Existing Video Conferencing Platforms

INKY’s Mobile iPhish Catches Are Giving IT Analysts Something to Talk About (INKY) Users are three times more likely to fall prey to phishing scams on mobile, than they are on desktops1 and yet most email security solutions can’t protect you. Learn what you need to do to stay safe.

Technologies, Techniques, and Standards

How to fix the vulnerabilities targeted in the FireEye hack (Vulcan Cyber) Foreign hackers have been using multiple, layered software vulnerabilities to hack into “government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East,” as described in this FireEye blog post. This Vulcan Cyber blog post explains how to fix the vulnerabilities targeted by the red team tools used in this FireEye hack.

Cyber-security lessons from the SolarWinds hack (Compliance Week) The lessons from the massive SolarWinds hack on where vulnerabilities still lurk in the third-party vendor supply chain cannot be grasped soon enough.

Overcoming Healthcare’s Cybersecurity Challenges (Infosecurity Magazine) Six recommendations for improving cybersecurity in healthcare

Everything You Need to Know About DREAD Threat Modeling (EC-Council Official Blog) Learn what DREAD threat modeling is all about. Know the techniques and the methodologies with threat intelligence training and become a cybersecurity expert, today!

Why Do Companies Need to Provide Cyber Range Training to Employees? (Analytics Insight) While companies today may not have specialized cybersecurity skills nor funding for security training, cyber range training can help meet these requirements and help people be aware of ways to tackle cyber threats and cyberattacks.

Design and Innovation

IBM makes strides towards 'Holy Grail of data encryption' (TechRadar) IBM is now offering fully homomorphic encryption

Academia

AT&T, Purdue Establish 5G Testbed (Telecompetitor) The 5G testbed will be in Indiana and will use A&T's 5G network and mobile edge computing to explore applications such as

Cybersecurity Students Secure Spot in National Competition (CSUF News) After spending nine hours attempting to hack into a fictional water and power plant, a team of Cal State Fullerton cybersecurity students successfully cyberattacked the system to qualify for a spot in January’s National Collegiate Penetration Testing Competition.

Legislation, Policy and Regulation

Putin congratulates Russia’s intel service after U.S. hit with massive cyberattack (The Washington Times) Russian President Vladimir Putin on Sunday publicly commended his country’s SVR foreign intelligence service for its work protecting Moscow’s interests. Many American officials and security experts believe the same Russian spy agency is responsible for a massive cyberattack on the U.S., the full extent of which is still being determined.

Intelligence failure (New York Times via the Star Tribune) Russian hackers went undetected by U.S. cybersecurity defenses for months

Pompeo: Russia 'pretty clearly' behind massive SolarWinds cyberattack (MPR News) The secretary of state became the highest-ranking Trump administration official to blame Russia for the vast hack that hit at least half a dozen federal agencies.

Pompeo blames Russia for ‘significant’ cyber attack on US government agencies, companies (France 24) Russia was "pretty clearly" behind a devastating cyber attack on several US government agencies that also hit targets worldwide, Secretary of State Mike Pompeo said.

Trump, contradicting Pompeo, downplays gravity of massive cyberattack against U.S. government, as well as Russia’s role (Washington Post) Russia is behind the massive, ongoing cyber spy campaign against the federal government and private sector, Secretary of State Mike Pompeo said Friday — the first Trump administration official to publicly blame Moscow for the computer hacks.

Trump Contradicts Pompeo Over Russia’s Role in Hack (New York Times) Hours after the secretary of state said that Moscow was behind the vast cybersecurity breach, the president suggested it might have been China and downplayed the severity of the attack.

Trump downplays Russian-linked cyberattack on U.S. (Axios) He contradicted Secretary of State Mike Pompeo and others who say Russia was behind the attack.

US, NZ attempts to fend-off SolarWinds cyberattack at risk - because of weird Trump fixation (New Zealand Herald) President pitted against own party in his final days.

Mitt Romney blasts Trump for his silence over massive Russian hack (The Salt Lake Tribune) Sen. Mitt Romney says a cyber hack was the equivalent of repeatedly allowing Russian bombers to fly undetected over America, and is criticizing President Donald Trump for not protesting and punishing Russia.

'They potentially have the capacity to cripple us': Romney raises alarm about cyberattack tied to Russia (USA TODAY) Republican Sen. Mitt Romney warned that suspected Russian hackers "acted with impunity” because they did not expect any major U.S. countermeasures.

How the Russian hacking group Cozy Bear, suspected in the SolarWinds breach, plays the long game (CyberScoop) Security experts have a lurking concern that if history is any guide, the hackers reportedly behind the SolarWinds breach aren’t done yet.

Five Russian hacks that transformed US cyber-security (BBC News) Russia denies it is behind the latest cyber-attack on the US, but it would not be the first time.

Computer Hack Blamed on Russia Tests Limits of U.S. Response (Wall Street Journal) Despite its size, a computer hack blamed on Russia that hit six cabinet-level agencies could leave President Trump and the incoming Biden administration struggling to find the right response, former U.S. cybersecurity officials and experts said.

Suspected Russian hack: Was it an epic cyber attack or spy operation? (NBC News) “This is really just a very successful espionage operation,” said one former Pentagon cyber official. “It’s the kind of thing we would love to carry out.”

Lawmakers ask whether massive hack amounted to act of war (TheHill) Lawmakers are raising questions about whether the attack on the federal government widely attributed to Russia constitutes an act of war.

Russia's Hack Wasn't Cyberwar. That Complicates US Strategy (Wired) To evaluate whether cybersecurity tactics are working, you need to first establish what the SolarWinds hack really was.

Why we should consider Russia’s hacking an act of war (New York Daily News) The recent massive data breaches of SolarWinds software and, by extension, multiple U.S. agencies — including the Departments of Homeland Security, Treasury and Commerce — have been reliably linked to the Russian intelligence agency known as the SVR, which has one of the most advanced cyberwarfare capabilities in the world.

SolarWinds attack is not 'espionage as usual,' Microsoft president says (CyberScoop) The breach of SolarWinds software that allowed widespread espionage on U.S. government agencies and other organizations worldwide is more than just a shocking use of digital spycraft,

Intel chairman Rubio says ‘America must retaliate’ after massive cyber hack (Miami Herald) Florida Republican Sen. Marco Rubio, who leads the Senate Intelligence Committee, vowed that the U.S. will retaliate for a massive, ongoing cyberattack that has compromised private companies and government agencies — including the Energy Department’s National Nuclear Security Administration.

Russian hack puts a spotlight on Sasse's cyber warfare planning push (Kearney Hub) U.S. Sen. Ben Sasse says America needs a "playbook," a broad framework of how to respond defensively and offensively to growing threats in cyberspace.

U.S. needs to respond quickly to massive cyber-attack, Utah law prof. says (KJZZ) Federal investigators are still trying to figure out the scope of a massive cyber-attack that intruded into the U. S. government and other computer systems. Caption: Jeremy Harris reports. (Video: KUTV) Experts believe Russia, and possibly other foreign actors, are responsible for the breach, though the Cybersecurity and Infrastructure Security Agency (CISA) has not confirmed that.

The SolarWinds Breach Is a Failure of U.S. Cyber Strategy (Lawfare) The breach underscores the importance of integrating defend forward into a broader national cybersecurity strategy.

Biden's options for Russian hacking punishment: sanctions, cyber retaliation (Reuters) President-elect Joe Biden's team will consider several options to punish Russia for its suspected role in the unprecedented hacking of U.S. government agencies and companies once he takes office, from new financial sanctions to cyberattacks on Russian infrastructure, people...

Russia’s Hacking Frenzy Is a Reckoning (Wired) Despite years of warning, the US still has no good answer for the sort of “supply chain” attack that let Russia run wild.

Citing mega hack, lawmakers urge Trump to sign defense bill full of cyber protections (C4ISRNET) Pointing to the huge hack of U.S. government agencies disclosed this week, lawmakers of both parties are calling on President Donald Trump to sign the sweeping national defense policy bill because it contains a host of cybersecurity provisions.

Congress barrels toward veto clash with Trump (TheHill) Congress is preparing for a clash with President Trump over a mammoth defense bill that could result in the first veto override of his presidency, just a month before he leaves office.

Washington Needs a Cybersecurity Overhaul (Foreign Policy) When they enter office, Biden and Harris must make up for lost ground.

Widespread Russian Cyberattack Reveals America’s Soft Underbelly (Forbes) Collecting information about one’s adversaries and competitors is the lifeblood of a nation state. Paradoxically, the hack underlines the danger that the U.S. is making it easier for our adversaries to do so due to our current path to network anything and everything.

Cyber-attack is brutal reminder of the Russia problem facing Joe Biden (the Guardian) Analysis: new president must find a way to contain such hyper-aggressive behaviour from Moscow

Biden-Harris Team Briefed On Cyber Breaches To Government Networks (Nevada Public Radio) President-elect Joe Biden says his transition team has been briefed on the massive cyber intrusions recently identified by the U.S. government.

Rebecca Grant: Cyberattacks against US will intensify — Biden must bolster ability to defend and strike back (Fox News) The recently discovered massive cyberattack on U.S. government and industry computer networks by a foreign adversary isn’t the first nor will it be the last such hostile action. The incoming Biden administration will need to be able to deal with increasingly sophisticated attacks.

National Cyber Force: defending the cyber domain (Army Technology) The UK is creating a National Cyber Force drawing its personnel from the Ministry of Defence and security services including GCHQ and MI6. Harry Lye explores the role defence will play in the future of cyber operations.

Trump Officials Deliver Plan to Split Up Cyber Command, NSA (Defense One) An end to the “dual hat” arrangement has been debated for years — but the timing raises questions. The plan requires Milley's certification to move ahead.

Trump administration looks to split NSA and U.S. Cyber Command (C4ISRNET) The move would be another example of the president trying to influence defense policy before Inauguration Day.

Trump administration looks to split NSA and U.S. Cyber Command (Air Force Times) The move would be another example of the president trying to influence defense policy before Inauguration Day.

Congress, experts worry about potential spy agency reorganization amid hack response (Reuters) A senior lawmaker is concerned the Pentagon is pushing to split the National Security Agency, America's premier signals intelligence organization, from U.S. Cyber Command, the top cyberwarfare unit, in the last weeks of the Trump administration as the government responds...

Pentagon plan on cyber split draws strong Hill criticism (Spectrum News) The Pentagon is proposing to split up two of the nation's main military cybersecurity organizations

US and Taiwan warn over ‘low’ Huawei Marine bid for Pacific islands’ submarine Internet cable (Data Center Dynamics) Claiming the price could be too good to be true

China Is Gnawing at Democracy’s Roots Worldwide (Foreign Policy) The Communist Party is putting ideological battles first.

Chinese Communist Party’s espionage activities: Need for strengthening intelligence mechanism to deal with the worst-case scenarios (Times of India Blog) A leaked database of about 2 million Chinese Communist Party (CCP) members containing their personal details including their party positions, date of birth and national identity etc working in global companies across the world reveals...

China Used Stolen Data to Expose CIA Operatives in Africa and Europe (Foreign Policy) The discovery of U.S. spy networks in China fueled a decadelong global war over data between Beijing and Washington.

Sweden to resume 5G auctions despite Huawei legal challenge (Reuters) Swedish telecoms regulator PTS will resume 5G spectrum auctions on Jan. 19, it said on Friday, after winning court approval to proceed even though China's Huawei is taking legal action over its exclusion from 5G networks.

U.S. lawmakers back $1.9 billion to replace telecom equipment from China's Huawei, ZTE - sources (Reuters) U.S. lawmakers will back $1.9 billion to fund a program to remove telecom network equipment that the U.S. government says poses national security risks as part of a $900 billion COVID-19 relief bill, two sources briefed on the matter said on Sunday.

Commerce Adds China’s SMIC to the Entity List, Restricting Access to Key Enabling U.S. Technology (U.S. Department of Commerce) The Bureau of Industry and Security (BIS) in the Department of Commerce (Commerce) added Semiconductor Manufacturing International Corporation (SMIC) of China to the Entity List. BIS is taking this action to protect U.S.

Statement from Secretary Ross on The Department's 77 Additions to the Entity List for Human Rights Abuses, Militarization of the South China Sea and U.S. Trade Secret Theft (U.S. Department of Commerce) Today, the Commerce Department added 77 entities to the Entity List for actions deemed contrary to the national security or foreign policy interest of the United States. These include entities in China that enable hu

U.S. blacklists dozens of Chinese firms including SMIC, DJI (Reuters) The United States added dozens of Chinese companies, including the country's top chipmaker SMIC and Chinese drone manufacturer SZ DJI Technology Co Ltd, to a trade blacklist on Friday as U.S. President Donald Trump's administration ratchets up tensions with China in his...

UPDATED: DJI placed on US Dept of Commerce Entity list; issues response (DroneDJ) DJI has been added to the US government's "Entity List." It's a move that will have negative implications for the drone giant.

The Anti-Money Laundering Act of 2020 may be a Game-Changer for Compliance Professionals (JD Supra) On December 2, 2020, the ‘‘William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021’’ was passed by the U.S. House of...

Microsoft President Blames Israeli Company for Rash of Cyberattacks, Wants Biden to Intervene (Jewish Press) "The Biden/Harris administration should weigh in with a similar view," Smith wrote.

Litigation, Investigation, and Enforcement

Dutch Program Aims to Deter Young Hackers Before They Commit Crimes (Wall Street Journal) The Dutch National Police have developed a new program to divert young hackers before they commit crimes by informing them of hacking laws and alternative ways to use their skills.

SolarWinds Hack: Lawmakers Demand Answers (Data Breach Today) Lawmakers are pressing government agencies for answers following disclosures this week about an advanced persistent threat group's massive hacking campaign

Former US cybersecurity chief Chris Krebs warned not to 'conflate' voting system security with SolarWinds hack despite Trump's claim (Business Insider) Chris Krebs' warning came after President Donald Trump tweeted there could have been a hit on "our ridiculous voting machines during the election."

Former US cybersecurity chief Chris Krebs says officials are still tracking 'scope' of the SolarWinds hack (Business Insider) Chris Krebs, the former head of CISA, told CNN the scale of the breach is likely "more broad" than the hack on IT company SolarWinds.

‘It Happened On My Watch’: Chris Krebs Says Russia Exploited Outdated Systems For Cyberattack (Forbes) Cybersecurity experts say Russia used ‘utterly clandestine’ and ‘never-before-seen’ capabilities for its U.S. hack.

Ex-Zoom China Employee Faces U.S. Dissident Censoring Charge (Bloomberg) Worker accused of disrupting Tiananmen Square commemorations. Zoom says it fired Xinjiang Jin after internal investigation.

Huawei exec's lawyers open new front in extradition trial (CNA) Canada would violate international law by extraditing a Huawei executive to the United States, her lawyers argue in new documents cited by the ...

Huawei documents reveal China's grievance (The Sydney Morning Herald) The confidential Chinese trade document threatens to throw Australia's dispute with China back into the spotlight.

DOJ case against Google likely won't go to trial until late 2023, judge says (CNBC) The judge set September 12, 2023 as a tentative date to start the trial.

Cybersecurity Regulation And Litigation: The 800 Pound Gorilla In The Boardroom (Forbes) After all, it was only 18 years ago when the Sarbanes-Oxley Act was passed into law which forced corporate boards to put financial experts into the boardroom for the first time.

McCarthy gets FBI briefing on Swalwell: 'He should not be on Intel' committee (Fox News) GOP House Leader Kevin McCarthy said Friday that an FBI briefing on Rep. Eric Swalwell's contact with an alleged Chinese spy made clear one thing: The California Democrat should not have access to the nation's secrets.

Cybersecurity analyst behind Antrim County audit expects disclosure that will 'drastically change the playing field' (Washington Examiner) The cybersecurity analyst who wrote the "forensic audit" of Dominion Voting Systems equipment in Antrim County, Michigan, predicted significant information will emerge in the coming days that could disrupt the results of the 2020 election.

Fed. Circ. Upholds Finjan Virus Software Patent Again (Law360) The Federal Circuit has affirmed for a second time that a Finjan Inc. patent for computer virus protection technology is valid, rejecting the latest efforts by Palo Alto Networks Inc. to overturn the company's win at the Patent Trial and Appeal Board.

Convicted identity thief working at Massachusetts unemployment office scammed benefits, feds say (Boston Herald) A woman who worked for the Massachusetts Department of Unemployment Assistance after getting out of prison for identity theft got right back to her old tricks, the feds say, claiming she used her p…

"Evil mobile emulator farm." Unlawful intercept? SVR cyberespionage campaign looks worse. Notes on the near future.

Tech executives see nation-state operations as a major threat.

Governments expected to increase regulation of companies in the interest of data protection.

Online threats emerging during the holidays are unlikely to fade in early January.

Bogus delivery notices are bad; bogus job offers are worse.