Published on March 16th, 2021 📆 | 2256 Views ⚑
0Dealing with Holiday Bear, Hafnium (and those who followed Hafnium). FCC sanctions Chinese companies. Food production cybersecurity. US cyber strategy.
At a glance.
- NCSC advises all British organizations to patch Microsoft Exchange Server as soon as possible.
- US FCC puts five Chinese companies on sanctions list.
- Gaps in food production cybersecurity?
- Observations on US cyber strategy.
- Holiday Bear and Hafnium: different kettles of fish.
UK: patch Microsoft Exchange Server today.
Britainâs National Cyber Security Centre (NCSC) echoed calls in the US and EU for immediate installation of Microsoftâs Exchange Server patch and warned organizations to âbe alive to the threat of ransomware,â Insurance Journal reports. Roughly half of the UKâs approximately eight-thousand exposed servers have been patched.Â
When attribution matters: not only knowing who did it, but what you should do to them.
In a long essay published Friday by Lawfare, the Silverado Policy Accelerator's  Dmitri Alperovitch and Ian Ward draw some distinctions that they argue should inform any US response to the recent campaigns by Holiday Bear (thought by many to be Russia's SVR) and Hafnium (Microsoft's name for the responsible Chinese intelligence unit). In brief, Holiday Bear's compromise of the SolarWinds supply chain is recognizably a familiar espionage operation. That suggests it ought to be dealt with in the ways governments typically deal with blown spy operations: increase counterintelligence efforts, take steps to contain the damage, and perhaps indict responsible individuals (if you can find them) or sanction them in some other way (as one might declare an intelligence officer operating under diplomatic cover persona non grata).
The mess that Hafnium presided over with respect to Microsoft Exchange Server vulnerabilities, however, strikes them as a different matter. The Chinese actors were reckless in their operation and indiscriminate in their apparent release of the exploits to equally reckless criminal gangs. The webshells in particular left the victims open to any crook with the ability to use them, and that's a pretty low barrier to entry. That mass hacking campaign was irresponsible, and may merit appropriate punishment by the international community.
US FCC places five Chinese companies on sanctions list.
The Federal Communications Commission has embargoed video surveillance and telecommunications tech from five Chinese vendors, according to Bloomberg Law, citing âan unacceptable risk to the national security.â The move falls under the Secure and Trusted Communications Networks Act of 2019. South China Morning Post notes that the list includes Huawei and ZTE.Â
Protecting the peanuts and Pepsi: a cyber gap in food safety regulation?Â
Control Global says Americansâ âfood supply is neither cybersecure nor safe from control system cyber threatsâ since the President Obama-era Food Safety Modernization Act does not directly address cyber vulnerabilities. Incidents impacting electric grids, water utilities, and chemical plants are well-documented, and âthe same control systems from the same vendors with the same vulnerabilities are usedâ in food factories. Pandemic-inspired remote access applications and the Holiday Bear gambol further raise the stakes for crucial networks. Solutions Review points to the reported Molson Coors ransomware attack as one example of what can happen: namely, ongoing interference with the beverage companyâs manufacturing process.Â
Food Engineering reiterates that food and beverage sector industrial control systems (ICS) are not invulnerable to cyberattacks, highlighting an accelerating trend in control system vulnerability disclosures. Claroty VP Amir Preminger commented, âNation-state actors are clearly looking at many aspects of the network perimeter to exploit, and cybercriminals are also focusing specifically on ICS processes.â
Notes on US cyber strategy.Â
The Council on Foreign Relations describes the Biden Administrationâs cyber policy as characterized by commitments to democracy, defense, deterrence, diplomacy, and innovation. Democracy faces cyber challenges in the form of âelection interference, disinformation, cyberattacks, and digital authoritarianism.â China and Russia represent intensifying threats, and the US is struggling to keep pace with the âtechnological revolution.â While the specifics of President Bidenâs cyber policy have yet to crystalize, the Council believes the general trajectory is clear, and responds to âa fundamental debate about [the worldâs] future direction.â
Gloss