CyberWeekly: Iranian DNS Hijacking, Cyber-Attacks on Ukraine Elections, and a Cyber Training Program for Women
CyberWeekly Newsletter: Weekly Edition
Homeland Security Warns of Iran-Nexus DNS Hijacking
Iran-nexus threat actors seem to be maturing to a more serious threat. The DHS Cybersecurity and Infrastructure Security Agency (CISA)—just a couple months old—issued a directive on Jan 22nd warning of a DNS hijacking attack that affected “multiple executive branch” agencies by redirecting and intercepting Web and email traffic.
DEFINITION: DNS hijacking is a malicious exploit in which a hacker or other party redirects users through the use of a rogue DNS server or other strategy that changes the IP address to which an Internet user is redirected. DNS hijacking can leave users unaware of where they are going in terms of using specific servers during an Internet session. (Techopedia)
CISA was one of the organizations affect by the US government shutdown with 43% of employees furloughed, so one can only hope there wasn’t an unnecessary delay in publishing this directive as a result. Fortunately, CISA can now get back to work protecting American infrastructure… at least of the next 3 weeks.
I haven’t seen anything come out regarding the intelligence that led to this directive. That’s not overly surprising, but Congress will likely seek additional information in the coming weeks. There were already an outstanding concerns that America’s departure from the Iran nuclear deal would precipitate Iran-nexus cyber-attacks. It may be too early to absolutely attribute this DNS hijacking of US civilian government agencies to Iran. It is worth noting though that FireEye published threat research on Jan 9th about a global DNS hijacking campaign that—based on initial research—appeared to be Iranian sponsored. Seems like one helluva coincidence, right?
Cyber-Attacks Target Ukraine Elections
Ukraine continues to be a proving ground for hybrid warfare, as (presumably Russia-nexus) threat actors step up cyber-attacks against electoral servers and personal computers of election staff prior to Ukraine’s presidential election in March. What is hybrid warfare? It is loosely defined as a combination of conventional and cyber attacks. However, it can be challenging to adequately define it. The MCDC Countering Hybrid Warfare Project’s assessment is somewhat less than comforting:
“Our common understanding of hybrid warfare is underdeveloped and therefore hampers our ability to deter, mitigate and counter this threat.”
Conversely, some like Dr. Damien Van Puyveldeis of The University of Texas at El Paso openly question whether hybrid warfare even exists.
So is it important to keep any eye on the Russia-Ukraine war, which some would argue is simply a regional conflict between neighbors? Two reasons. First, it is evident that hybrid warfare’s cyber-attacks often target non-government, non-military information systems. That means that the private sector organizations needs to stay aware of the threat landscape as government sponsored APTs continue to engage with non-governmental entities.
Second, America's Civil War and South Africa’s Boer War could be viewed as regional conflicts too. However, they were also early examples of modern warfare. Leaders’ lack of interest in studying those conflicts arguably lead to increased devastation and destruction during World War I. After WWI modern warfare became the global standard. Keeping an eye on the Russia-Ukraine war will be helpful in preventing these new norms of hybrid warfare from sneaking up on us.
Cyber Insurance is Growing, But Will It Pay
Cyber risks are getting worse, rather than getting better. Cybersecurity Ventures predicts cybercrime damages will cost the world US$6 trillion annually by 2021, up from US$3 trillion in 2015. As part of risk management planning, organizations must identify cyber risks, then either mitigate or accept those risks. Cyber insurance is a relatively recent innovation to “intended to mitigate the loss from information security incidents.” The appeal of this tool seems quite understandable.
Therefore, it should be little surprise that the market for cyber insurance is growing like gangbusters.The reinsurance company Munich Re—they provide insurance for insurance companies—estimates that the market wrote US$4 billion of premiums in 2018. That number could grow to US$8-9 billion by 2020. A 50% year-over-year growth rate is pretty impressive in any industry.
The challenge is that there isn’t a lot of clarity about when cyber insurance should pay out. Remember NotPetya, which took the world by storm in 2017? By some accounts it caused over US$10 billion in losses. Well, Zurich Insurance Group decided that it was an act of war, thus declined to pay out on cyber insurance claims. As you can imagine those claimants were none too happy. Mondelez is suing Zurich Insurance Group for US$100 million in damages after its insurance claim was not paid.
Cyber insurance will probably develop into a mature industry, as I doubt it's going anywhere. For now it’s still the Wild West with limited rules. There are undoubtedly benefits to having a cyber insurance policy, but I wouldn’t expect filing claims to be as straightforward reporting a fender bender to your auto insurance company.
Solving Cyber Shortage with Diversity in the UK
The cyber security industry suffers from two big challenges. An absolute shortage of cyber security professionals and a relative lack of diversity (both gender and ethnic). In the United Kingdom, the Protection Group International (PGI) has developed a training program to help address both of these challenges. PGI’s free 10-to-12 week program is designed to equip selected female applicants with entry-level cybersecurity skills and to reduce the cost of hiring for employers.
The program design involves:
Targeting female candidates and their representative bodies, regardless of technical background.
Target more forward-thinking employers who are looking to hire cyber security professionals.
Online selection process gauging the aptitude of candidates for cyber security careers.
Further assessment and an interview, leading to an offer of employment by partner employers.
Candidate completion of a 10 to 12-week cyber security training programme, with options for some home learning and targeted child-care support available.
Subsequent deployment within employers as Information Security Specialists, Governance, Regulation and Compliance officers, SOC analysts and Penetration Testers.
Know any women in the UK, who would be interested in applying? Check out PGI’s site. The initiative is supported by the UK’s Cyber Skills Immediate Impact Fund of the Department of Culture, Media and Sport and by Hawker Chase, a specialist cyber recruitment consultant.
Cool Job of the Week
Dropbox — IT Manager, CyberSecurity Risk (Location: San Francisco, CA)
Veteran-Preferred Job of the Week
PricewaterhouseCoopers (PwC) — Cybersecurity & Privacy, Strategy-Risk Manager (Location: Flexible)
Hope you’ve enjoyed this week’s edition of the CyberWeekly Newsletter. Please share with a friend or colleague.
Click here to subscribe to the CyberWeekly Newsletter.
Stay vigilant,
Oritse J. Uku, Editor-in-Chief
Disclaimer: The opinions expressed in this newsletter are my own.