Friday Five: Insider Threats, Compliance Woes, Fighting Espionage, & More
In this week's Friday Five, learn how internal threat actors are finding success, the U.S. and allies are fighting foreign espionage campaigns, a new bill could fortify the U.S. cybersecurity workforce, and more.
PRIVILEGE ELEVATION EXPLOITS USED IN OVER 50% OF INSIDER ATTACKS BY BILL TOULAS
A recent report indicates a surge in insider threats, with 55% leveraging privilege escalation exploits and 45% introducing risks through tool misuse. The study, based on data from January 2021 to April 2023, emphasizes that insider attacks are increasingly common and costly, and are said to often arise due to financial incentives, spite, or conflicts with supervisors. The average cost of these incidents is $648,000 for malicious and $485,000 for non-malicious activities. Common privilege escalation vulnerabilities that were observed in the report, like CVE-2017-0213 and CVE-2022-0847, play a critical role in enabling rogue insiders to gain administrative access, emphasizing the significance of effective cybersecurity measures.
20 FEDERAL AGENCIES MISS DEADLINE FOR IMPLEMENTING CYBER INCIDENT TRACKING REQUIREMENTS, WATCHDOG SAYS BY EDWARD GRAHAM
A recent Government Accountability Office (GAO) performance audit reveals that 20 federal agencies missed the August 2023 deadline set by the Biden administration for implementing advanced cyber event logging requirements, and furthermore, most failed to meet even basic incident tracking standards. President Biden's May 2021 cybersecurity executive order mandated agencies to establish logging requirements, and a subsequent Office of Management and Budget memo set a tiered maturity model, with tier 3 compliance due by August 2023. Only three agencies — the Small Business Administration, National Science Foundation, and Department of Agriculture — met this deadline. The GAO cited staff shortages, technical challenges, and limited threat information sharing as key obstacles. The report made 20 recommendations to improve cybersecurity practices.
HOUSE BILL LOOKS TO SHORE UP FEDERAL CYBER WORKFORCE BY ALEXANDRA KELLEY
The Federal Cybersecurity Workforce Expansion Act, introduced by House lawmakers Mike Gallagher and Chrissy Houlahan, aims to address the shortage of skilled cybersecurity workers by establishing two programs: a cybersecurity apprenticeship program at the Cybersecurity and Infrastructure Security Agency (CISA) and a Department of Veterans Affairs pilot program offering cybersecurity training to veterans. The legislation, with a companion measure introduced in the Senate, targets the growing cyber threat and workforce shortage. It also aligns with the Biden administration's tech policies, emphasizing partnerships with private sector entities and collaborating with local, state, and tribal communities to enhance job opportunities for veterans in cybersecurity.
US INDICTS ALLEGED RUSSIAN HACKERS FOR YEARS-LONG CYBER ESPIONAGE CAMPAIGN AGAINST WESTERN COUNTRIES BY CARLY PAGE
The U.S. Department of Justice indicted Ruslan Aleksandrovich Peretyatko and Andrey Stanislavovich Korinets, linked to Russia's Federal Security Service (FSB), for a cyber espionage campaign targeting U.S. government officials from October 2016 to October 2022. Operating as the "Callisto Group," they allegedly spear-phished U.S. government agency employees, including at the Department of Defense and Department of Energy. The indictment claims they also targeted U.K. military, government officials, researchers, and journalists. The Callisto Group, known for espionage against NATO countries, conducted a hack-and-leak operation in May 2022, attributed by Google to the group, involving stolen emails and documents from high-profile Brexit proponents. The UK government also announced sanctions against Peretyatko and Korinets for interference attempts.
U.S. GOVERNMENT SANCTIONS PROLIFIC NORTH KOREAN CYBER ESPIONAGE UNIT BY AJ VICENS
The U.S. Treasury Department sanctioned North Korea's cyber espionage unit, Kimsuky (also known as APT43, Emerald Sleet, Velvet Chollima, TA406, Black Banshee), affiliated with the Reconnaissance General Bureau (RGB), Pyongyang's primary intelligence service. Active since 2012, Kimsuky supports North Korea's nuclear program, engages in espionage with the regime's backing, and is also implicated in financially motivated cybercrime. Despite exposure, the group persists, utilizing social engineering to target individuals and organizations, including government, research centers, think tanks, academic institutions, and media. Having previously sanctioned the RGB in 2010 and 2015, the new U.S. sanctions aim to disrupt the group's operations.