At a glance.
- Facebook, Twitter CEOs to testify before US Senate committees.
- CISA describes new DPRK cyberespionage effort.
Big Tech to testify (again, and again.)
Messrs. Zuckerberg and Dorsey, who are facing accusations of censorship disguised as misinformation mitigation, are set to testify before the Senate Commerce Committee today alongside Pichai, SeekingAlpha reports. Twitter plans to fight for Section 230 as “the Internet’s most important law for free speech and safety,” while Facebook has signaled a meeker approach with openness to change and a desire for Congressional guidance. Zuckerberg says “Congress should update the law,” although it’s played an important historical role in the platforms’ development and protection of speech. (And TechDirt denounces him as a sellout and a trimmer.) Dorsey thinks revisions might “collapse how we communicate on the Internet,” worrying without irony that “only a small number of giant and well-funded technology companies” would survive and “all voices” might not be heard. Forbes claims the irony lies in Republicans undermining legislation that shields conservative spin, and predicts the hearing will devolve into political theater.
Mid next month the Twitter and Facebook CEOs will testify before the Senate Judiciary Committee about their “censorship and suppression of New York Post articles” and “handling of the 2020 election,” according to a Judiciary announcement.
Hidden Cobra revealed: CISA tells Korea experts to look out.
A CISA, FBI, and US Cyber Command alert directed at businesses details with unusual candor the known tactics, techniques, and procedures (TTPs) of North Korean intelligence gathering group Kimsuky, a division of Hidden Cobra that’s been in play since 2012. Kimsuky’s favored methods are spearphishing, social engineering, and watering hole attacks, and its primary marks are Washington, Tokyo, and Seoul. The APT group targets think tanks and subject matter experts with the goal of obtaining information about plans impacting the Korean Peninsula, particularly as they relate to defense, sanctions, or nuclear policy. Cryptocurrency companies are also being attacked. Parties fitting these criteria should beef up their security and stand guard. The advisory specifically recommends setting up multi-factor authentication, security awareness training, and spearphishing defenses. Documented spearphishing attempts have used security alerts, the coronavirus, and proposed interviews as bait.
Katie Nickels, director of intelligence at threat detection and response specialists Red Canary, finds it significant that the US Intelligence Community is sharing this level of detail about the activities of a threat actor:
“My hope is that by the U.S. government continuing to share this level of detail in reporting, public-private relations will improve over time and contribute to better security on both sides.
"Historically, the U.S. government has received a lot of criticism from the cybersecurity community about their reporting. Many times, governments are not able to share details of activity because of sensitive sources and methods they used to acquire the information. However, many researchers have criticized the government for not sharing actionable context and information about cyber threats. For example, DHS’s Automated Indicator Sharing (AIS) program has been widely criticized and was recently the subject of an Office of the Inspector General (OIG) report
"In a departure from that history, the report released today by DHS, FBI, and CYBERCOM contains many details about cyber threats that defenders could action. It provides both behavior-based details as well as indicators of compromise from both the endpoint and network perspectives, which would allow defenders with various collections and visibility to identify these threats.
"Additionally, this report links to the research of other community members, including MITRE ATT&CK, Palo Alto Unit 42, and Securelist. I also credit some of the recent DHS changes to the CISA Director, Chris Krebs, who is active in the cybersecurity community and has been particularly visible on topics of election security. This report is just the latest in a series of recent reports with similar levels of detail.”
Erich Kron, security awareness advocate at KnowBe4, sees the warning as offering some perspective on the sophistication and seriousness of current cybercriminal threats. That Kimsuky is government-run shouldn't mislead you: it's interested in financial gain as well as espionage:
“This is another example of the seriousness of the modern cybercrime world and the resources behind them. With billions of dollars at stake every year and with warfare expanding to the digital realm in such a large way, it is no surprise that nation-states are involved. The days of thick manila envelopes full of papers, traditional dossiers on people or stealthy microfilm cameras whisking away our information are gone. Now, it is all a bunch of ones and zeros in easily searched databases.
"Given the success of social media attacks, it is also no surprise that email phishing is the top choice of attack vectors. To defend against these attacks, organizations must stay up to date on the current phishing trends and educate their employees on how to spot and report these types of attacks.”