At a glance.
- CISA, US Cyber Command, continue detailed warnings describing foreign intelligence services' cyber tools.
- China's Personal Information Protection Law.
- US governors interested in cooperative use of state's National Guard cyber units.
New CISA tutelage on Moscow malware.
CISA and US Cyber Command continue their practice of issuing public warnings against malware used by hostile foreign intelligence services. Yesterday the US Cybersecurity and Infrastructure Security Agency published two Malware Analysis Reports. One concerns the PowerShell script ComRAT—a tool favored by Russian APT Venomous Bear—and the other describes the Zebrocy backdoor, which the agency said is “used by a sophisticated cyber actor.” Security Affairs reports the malware has been deployed against several embassies, parliaments, and foreign affairs ministries.
Venomous Bear, first identified in 2007, attacks governments and businesses in Europe, Asia, North America, South America, the Middle East, and one-time Soviet states. Zebrocy is a known weapon of Moscow-connected APT Fancy Bear, and has been seen in European and Asian assaults. CISA recommends the following security measures: updating software, deactivating sharing services, limiting employee permissions, approaching attachments and removable media with skepticism, maintaining strong passwords and firewalls, scrubbing unneeded applications, and cultivating situational awareness. US Cyber Command congratulated the FBI and CISA on their efforts in a Halloween-themed tweet.
Update on Beijing’s Personal Information Protection Law.
JD Supra says China’s long-promised Personal Information Protection Law, the first of its kind in the country, was distributed for feedback last week. The law deals with end-to-end management of residents’ data, and applies to both foreign and domestic operations. Permissible grounds for data processing are expanded beyond consent to cover contracts, legal obligations, emergencies, and media activities. Data protection officer (DPO) and localization requirements are limited, personal information impact assessment (PIIA) regulations are formalized, and noncompliance penalties are increased from 1 to 50 million Yuan. Entities can also be blacklisted for jeopardizing Chinese interests. The remaining provisions generally align with the 2017 China Cybersecurity Law and other national guidelines. JD Supra describes the law as “a critical step forward,” saying it will probably take effect in the next two years.
Governors advocate facilitating their National Guards' cyber units' ability to work across state lines.
StateScoop reports that the National Governors' Association have endorsed measures in the pending National Defense Authorization Act (NDAA) that would clarify and expand the role of the National Guard in meeting cyber defense missions at the state and national level. Two provisions in the NDAA were of particular interest. One would direct the Department of Defense to develop guidance on how the Guard ought to cooperate with civilian agencies that share a cybersecurity mission. Such agencies might include CISA, the FBI, ISACs, and state fusion centers. The other would authorize the Army and Air Force to develop pilot programs in which one state's Guard might offer remote assistance to another state's Guard.