October 10, 2017
Russia Warns it May Restrict U.S. Media Within Its Borders – Russia and The United States
The latest in a string of saber-rattling announcements between the U.S. and Russia saw Moscow claiming it was within its rights to restrict the operations of U.S. media. Russian officials have accused Washington of unfairly targeting the U.S. operations of RT, a Kremlin-funded broadcaster accused by some critics of interfering in domestic U.S. politics, according to a report from Reuters. “We have never used Russian law in relation to foreign correspondents as a lever of pressure, or censorship, or some kind of political influence, never,” Maria Zakharova, the Foreign Ministry’s spokeswoman said in an interview with Russia’s NTV broadcaster. “But this is a particular case.” She added, “Correspondingly, everything that Russian journalists and the RT station are subject to on U.S. soil, after we qualified it as restriction of their activities, we can apply similar measures to American journalists, American media here, on Russian territory.” Last month, U.S. lawmakers forced the company that runs the U.S. version of RT to register with the Justice Department as a foreign agent, saying the firm dealt in Russian propaganda.
Rise in Insider Threats Drives Shift to Training and Data-Level Security – United States
Data breaches continue to devastate organizations, and the threat from insiders — whether malicious or accidental — continues to grow as the value and volume of data expands at near breakneck speed. The latest research from Verizon showed that internal actors contributed to 25% of data breaches, and other research has shown insider threats to be on the rise, with more than half of cybersecurity professionals reporting growth in insider threats over last year, according to Crowd Research Partners' 2017 Threat Monitoring, Detection and Response report (registration required). None of this is surprising. Enterprises are accumulating ever-more data for business intelligence. They're sharing more data with partners, suppliers, customers, and cloud providers, and they're linking more data to more applications, mobile and otherwise. This activity is the lifeblood of a robust economy and expanding Internet of Things ecosystem, but it also creates more opportunities for increasingly sophisticated cyber attacks and security breaches. With an insider threat, the culprit is already inside the network. Securing the perimeter around the network — which has long been the focus for enterprise security — does not do the job against this kind of a threat, whether it is malicious or unintentional. Nor is focusing on securing the perimeter the best strategy against many external threats. That's because data-smart companies want to be able to safely give partners, suppliers, and customers access to their networks in order to increase business opportunities.
Stealthy Attack Could Hit 50% of Large Office 365 Customers – Global
A wide scale, yet stealthy attack against Office 365 (O365) accounts started in May and is still continuing. It is a low-key attack that tries to hide under the radar, and is delivered by a small botnet of 83 IP addresses across 63 networks. The majority of IP addresses are registered in China, but the attack activity also originates from 15 other countries, such as Russia, Brazil, the US and Malaysia. The attack was detected by Skyhigh Networks -- a cloud access security broker (CASB) -- and described in a blog post Thursday. The attack is not a traditional brute force attack against O365 accounts, but a slow and methodical attack that tries to avoid highlighting its activity. "First, it targets a very small proportion (typically <2%) of the O365 account base," writes Sandeep Chandana, principal data scientist at Skyhigh. "Second, it is devoid of any bursts in hacking activity, and averages only 3-5 attempts per account in order to try and fly under the radar of traditional defenses." "This campaign on Office 365 is particularly troubling due to its focus on system accounts that are essential for today's business automation, that typically do not require MFA and that traditionally have weak security oversight," explains Sekhar Sarukkai, chief scientist at Skyhigh. "Detection and protection from attacks on these 'weakest link' accounts require a cloud-native security approach for complete visibility and mitigation." Once an account is compromised, the attacker exfiltrates any data in the inbox and then creates a new inbox rule designed to hide and divert any incoming messages. From here the attacker can initiate harder to detect in-company phishing attempts and start to propagate infection across the network: "attack a weak-link with the potential for elevated exploits," writes Chandana. He adds, "Since this is a persistent attack that may go unnoticed, it is possible that the attackers may tailor the payload based on the organization they have infiltrated for a larger takeover over time." The accounts targeted are carefully chosen: system accounts rather than people accounts. Such accounts tend to have two important characteristics: they have high access privileges, and poor protection.
FOR MORE INFORMATION:
To sign up for the complete daily G4S Corporate Risk Services Intelligence Bulletin, as well as regular intelligence and risk updates and news, click here to subscribe!