ITMG Insider Threat News – June 15, 2020

ITMGnews061520

Here’s What That Capital One Court Decision Means for Corporate Cybersecurity

Typically, hacked organizations are able to keep incident response reports private, and avoid costly suits, by shielding the details under attorney-client privilege. Not under a recent decision in a case tied to the Capital One breach. When a judge ruled last month that Capital One must provide outsiders with a third-party incident response report detailing the circumstances around the bank’s massive data breach, the cybersecurity world took notice. The surprise decision, in effect, determined that Capital One would need to provide the forensic details — warts and all — about the hack to attorneys representing a group of customers suing the bank. It’s the kind of report that, if made public, could highlight technical and procedural failures that made it possible for a single suspect to allegedly collect gigabytes of data about 100 million people from a bank with $28 billion in revenue.

Netwrix: Working from Home Prompts Latest Cybersecurity Trends

Insider cyber threats will become more pressing in the months ahead. Netwrix says organizations need to keep an eye on five cybersecurity trends in the second half of 2020 and beyond due in part to working from home. The massive shift to working from home in response to COVID-19 has led to an increase in cyberattacks. However, Netwrix experts don’t envision dramatic shifts in the cybersecurity threat landscape. Instead, they identify the following cybersecurity trends that have accelerated and will have the biggest impact on organizations: The insider threat will become even more pressing. Many organizations already plan to keep more of their staff working from home. IT teams will have to adapt to a larger remote workforce. That means a lack of control over a greater number of endpoints and network devices.

Attivo Networks Highlights CISOs Top Concerns Following Move to Remote Working

Combating threats and attacks from a wide variety of attack types and surfaces has become the number one priority for CISOs, according to new research from MIT Sloan in participation with Attivo Networks. The research titled The Cybersecurity Landscape: Challenges and How to Overcome Them, focused specifically on CISOs, CIOs and other security executives attitudes and responses during the COVID-19 pandemic, and shows that priorities have changed with the shift to remote working. With more people working from home, attacks that disrupt services or use credential theft are top concerns, along with the need to protect cloud architectures and critical access resources like Active Directory, the study finds. When asked about priorities to address in the next 12 months, more than 70% of the respondents chose detecting unknown and known attacks, detection across attack surfaces, and insider threats.

Senators Introduce Protecting American Intellectual Property Act

“We need to stop pulling punches and go after thieves and hackers,” says Senator Sasse. U.S. Senators Chris Van Hollen (D-MD) and Ben Sasse (R-NE) proposed bipartisan legislation mandating strong economic penalties on firms and individuals involved in stealing American intellectual property. In an interview with Reuters, Van Hollen said the Protecting American Intellectual Property Act is a “direct approach” to battling China’s use of illicit methods for obtaining technological advances made in the U.S. The Chinese government insists Washington has exaggerated the problem of intellectual property theft for political reasons. The U.S., however, says China fails to protect American intellectual property and often steals or forces the transfer of it. “For too long foreign companies – often enabled by foreign governments – have stolen U.S. technology, which harms the American economy and our national security. The U.S. cannot sit idly by as these companies cheat their way to success at the expense of American businesses and jobs,” said Senator Van Hollen.

UMC faces NT$100 million fine in espionage case against Micron

United Microelectronics Corp. (UMC), Taiwan’s second largest pure wafer foundry operator, has been ordered to pay a fine of NT$100 million (US$3.36 million) by a district court in Taichung City which found the company and three of its employees guilty in a trade secret theft case brought by U.S.-based memory chipmaker Micron Technology Inc. The Taichung District Court ruled on Friday that Ho Chien-ting and Wang Yung-ming, who used to work for Micron Taiwan before they went to UMC as engineers in November 2015 and March 2016, respectively, were accused of leaking Micron’s trade secrets to the Taiwanese contract chipmaker. Asked by Rong Le-tien, another UMC engineer, Wang and Ho used Micron’s business information, which they held, to roll out dynamic random access memory (DRAM) chips in a cooperation project with UMC’s Chinese partner Fujian Jinhua Integrated Circuit Co. in a bid to save expenses. Prosecutors launched a probe into the alleged industrial espionage in February 2017 and decided to charge UMC and the three UMC employees in September, citing violation of Taiwan’s Trade Secrets Act for sharing the information with Jinhua.

Espionage in the Defense Industry

Espionage in the defense industry starts out in many unexpected places and ways. For example, you might be interested to know that much of our military hardware originates abroad, despite our best efforts and desire to have American companies meet our national defense needs. While we try to make sure the contracted money stays in our shores, the companies themselves can almost outsource freely. Although U.S. companies with cleared facilities are controlled, sometimes, the devil is in the details.

Michigan Man to Be Sentenced in Moscow, Faces 18 Years in Labor Camp

After nearly 18 months in prison, Michigan’s Paul Whelan is expected to be sentenced Monday in Moscow as his espionage trial there concludes.  Prosecutors are seeking up to 18 years in a labor camp, which Whelan’s family and attorneys consider particularly harsh, Whelan’s twin brother David said.  Whelan, 50, of Novi has maintained his innocence. His attorneys pressed for acquittal. His family doesn’t really know what’s going to happen Monday, but they expect Whelan will be automatically convicted under Russia’s justice system, which involves no due process. A conviction in Russia, David said, means the defendant didn’t confess. Paul Whelan of Novi has been imprisoned since his arrest for alleged spying in Moscow on Dec. 28, 2018. Paul Whelan of Novi has been imprisoned since his arrest for alleged spying in Moscow on Dec. 28, 2018.  “I’m concerned and anxious for Paul. No one wants to be sentenced to 18 years, even if it’s for show. He is the one who will face going to a labor camp in 30 days,” David said. “But I really am very hopeful that finally that’s out of the way.”

The Next Great Pandemic Worry: Fraud by Employees

A thought crossed the mind of attorney John Schmidt Jr. recently as he took a break from his caseload and wandered through the empty streets of downtown Buffalo. “We’re in a completely different landscape,” he said. “There are so many people telecommuting and working from home unsupervised.” Schmidt, a partner at Phillips Lytle LLP, has handled workplace fraud cases for 25 years. Relaxed supervision, or a lack thereof, seems ripe for workers to veer off track, particularly in less-than-certain economic times and amid furloughs where tasks typically performed by others now fall on their shoulders. He fears the next great headache to confront businesses as a result of Covid-19 could be right under their noses. “The opportunity for fraud, I think, rises exponentially, even among the most trustworthy employees,” he said. “In a lot of the cases we handle, the victim – the business owner – is shocked that the crook was who it ended up being.

Report: Decades of Lax Oversight Allow Chinese Telecoms to Conduct Espionage in U.S.

Congressional investigation finds Chinese telecoms have been spying with impunity. Chinese state-owned telecommunications firms are operating with little U.S. oversight and using their access in America to conduct espionage operations on behalf of the Communist Party, putting the personal information of millions of Americans at risk, according to a new congressional report. Multiple Chinese telecom firms have operated in the United States with “little-to-no oversight” from government agencies for the past 20 years, the Senate’s Permanent Subcommittee on Investigations disclosed on Tuesday in a new report. These companies are permitted near-total penetration of American communications networks and have used this access to collect data on millions of Americans, including military members and those working in sensitive government posts.

Phishing Attacks Traced to Indian Commercial Espionage Firm

Citizen Lab, a think tank based at the Munk School of Global Affairs at the University of Toronto that investigates surveillance software and tracks spyware and phishing campaigns against human rights activists, dissidents, journalists and others, says it’s been tracking this attack campaign for several years. On Tuesday, Citizen Lab researchers published what they say is the first of multiple, planned reports into the activities of “Dark Basin.” That’s their name for a criminal, “hack for hire” operation that hit thousands of targets in recent years with phishing attacks designed to give attackers’ remote access to targets’ systems, cloud-based email accounts and more. Alleged targets ranged from government officials and climate-change activists to financial services and pharmaceutical firms.

Why traditional network perimeter security no longer protects

The global pandemic has forced a seismic shift in how and where work gets done, and for now it’s unclear when workers will be able to return to the office. According to a recent Gartner survey, 317 CFOs and finance leaders don’t think that it will be anytime soon. 74 percent also expect teleworking to outlive the pandemic and plan to move at least 5 percent of their previously on-site workforce to permanently remote positions after the pandemic ends.While VPNs are relatively quick and less expensive to implement than a network architecture reboot, VPNs are not a panacea. The encrypted VPN communications and data tunnel still adhere to the basic premise that there is a protected perimeter a remote user needs to tunnel through to gain local access privileges to enterprise resources. VPNs also don’t prevent lateral movement or eliminate insider threats.

Employee Agreement Review

A good way to test the adequacy of your current employee agreement is to consider how effective it will be if faced with these common problems: What happens if your employee assigns an invention to someone else? An employee agreement should include both a current assignment of future inventions as well as a promise to assign future inventions. This way, if the assignment does not work, you can enforce the promise. What happens if your employee is unable to (or refuses to) execute an assignment in the future? Often times, you can use the employee agreement, but it would be handy if the employee gave someone at the company a power of attorney to execute documents on behalf of the employee. What happens if your employee is unable to (or refuses to) execute an patent declaration in the future? U.S. Patent laws now address for this contingency, allowing a co-inventor of the company to sign for the inventor, but it would be nice to have the inventor affirmation that the company may do so.

Canada Spy Agency Warned of ‘Shock Waves’ From Arrest of Huawei Founder’s Daughter

Canada’s intelligence agency warned that arresting the daughter of billionaire Huawei founder Ren Zheng would set off global “shock waves” and seriously affect ties with China, just before her detention in Vancouver on a U.S. extradition request, new court documents show. Released on Friday, the documents show the involvement of the Canadian Security Intelligence Service (CSIS) in the December 2018 arrest of Meng Wanzhou, which soured diplomatic ties between Ottawa and Beijing.

Discover more from ITMG

Subscribe now to keep reading and get access to the full archive.

Continue reading