Dec 12 2023

The Cyber War is Here

Category: Cyber War,Information Securitydisc7 @ 12:39 pm

What is Cyberwarfare:

Cyberwar refers to the use of digital technology, including computer systems, networks, and electronic communication, as a means to conduct warfare in the virtual realm. In a cyberwar, conflicting parties leverage cyber capabilities to carry out attacks and defenses in an attempt to achieve strategic, political, or military objectives. These attacks can target a wide range of digital assets, including computer systems, networks, and information systems.

Cyberwarfare encompasses various tactics, techniques, and procedures, such as hacking, malware deployment, denial-of-service attacks, and information warfare. The goals of cyberwarfare can range from disrupting or destroying critical infrastructure to stealing sensitive information, conducting espionage, or influencing public opinion.

Key characteristics of cyberwar include its asymmetric nature, where a smaller, technologically sophisticated actor may pose a significant threat to a larger, conventionally powerful entity. Attribution, or determining the origin of cyber attacks, can be challenging, adding complexity to the dynamics of cyberwarfare.

Governments, military organizations, and other entities invest in cybersecurity measures to defend against cyber threats and protect their critical assets from potential attacks in the digital domain. The landscape of cyberwarfare is continually evolving as technology advances and new vulnerabilities emerge.

The Cyber War is Here: U.S. and Global Infrastructure Under Attack: A CISO’s Perspective

“The Cyber War Is Here” simplifies the complex world of cybersecurity, cyber risk, and the crucial relationship between corporate boards and Chief Information Security Officers (CISOs). Written by a distinguished cybersecurity expert and USAF Veteran, it emphasizes the strategic importance of cybersecurity in modern business. Marc highlights the evolving role of CISOs, emphasizing their shift from IT guardians to strategic advisors to the board. The book explores successful board-CISO interactions and the consequences of misalignment, offering a clear blueprint for effective partnership. “The Cyber War Is Here” dives into the national and economic security implications of cyber threats, stressing the critical link between cybersecurity and national defense. The book argues that strengthening digital defenses and fostering public-private sector collaboration is essential for national resilience. Designed for a broad audience, from individuals to boards of directors, CISOs, business executives, and policymakers, this book serves as a call to action for proactive cyber governance. It illuminates the interconnectedness of individual organizational security and national security, providing both a catalog of risks and strategies and a roadmap for action in the global cyber conflict arena. “The Cyber War Is Here” is a call to action for all.

Cyber warfare

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: Cyber War, Cyber Warfare

Nov 25 2023

Stuxnet techniques used

Category: Cyber War,Digital cold war,Malwaredisc7 @ 2:55 pm

Stuxnet: The Revenge of Malware: How the Discovery of Malware from the Stuxnet Family Led to the U.S. Government Ban of Kaspersky Lab Anti-Virus Software

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: Stuxnet

Nov 17 2023

Why cyber war readiness is critical for democracies

Category: Cyber War,Digital cold war,Information Security,OT/ICSdisc7 @ 9:41 am

The skills employed, the hacktivists and other threat actors are not going anywhere. Right now, Russia might be overwhelmingly interested in Ukraine, but their aims and goals remain global.

“These skills will be turned in other directions and other targets in the future, they will be shared in threat actor groups online. This is the world you need to be preparing for right now,” he added.

His warning echoed a similar one by Viktor Zhora, Deputy Chairman and Chief Digital Transformation Officer at the State Service of Special Communication and Information Protection of Ukraine.

Russia’s attack force consists of “hackers in uniform”, cybercriminals and hacktivists congregating in various Telegram channels, but the nation is also working on engaging ever more younger people in their cyber offensive campaigns. They are seeking talented individuals in schools (and not just tech universities), selecting the most talented and training them, he shared.

“The Russians are in it for the long run,” Zhora warned during his IRISSCON talk, and called on countries that are – or expect to be – targeted by cyber aggressive nations to create a cyber coalition so they can prepare, share their experiences, and exchange information.

OT under attack

We can’t talk about the war in Ukraine and not mention cyber attacks aimed at disrupting operational technology (OT) used by companies that are part of the country’s critical infrastructure (CI).

In his talk, Ferguson briefly passed through the known attacks that hit CI entities with OT-specific malware, starting with Stuxnet in 2010 and ending with CosmicEnergy in 2023.

Some of the attacks are believed to be the work of the US and Israel (Stuxnet), cybercriminals (EKANS ransomware, 2020) or are still unattributed (the destructive 2014 attack against a steel plant in Germany). But the rest, he noted, are all believed to have been mounted by Russian state-backed attackers.

And, he says, they are getting better at it. Mirroring the development of attacks against IT systems, they have recently begun exploiting legitimate tools found in OT environments, so they don’t need to develop customized malware.

Many attackers are scanning for OT-specific protocols and probing OT devices, Ferguson noted. While their actual exploitation hinges on the skills of the attackers, some modes of attack (e.g., DDoS and phishing) are available to those who are less skilled, but eager. Hacktivists can target critical infrastructure that’s exposed on the internet as it’s easily discoverable via online tools.

Unfortunately, securing OT systems comes with a host of challenges: a complex infrastructure; an increasing number of endpoints; OT devices insecure by design (and generally not meant to be connected to the internet); rarely integrated OT and IT security teams, a lack of visibility into the OT infrastructure – to name just a few.

A new level of cyber conflict

Since the start of the war, Russian hackers have been trying to shut down electrical power in the country, have gone after government agencies, IT companies, telecoms, software development firms, media houses, editors, and media personalities, Zhora noted.

While the initial attacks were mostly geared towards destruction, Russian cyber attackers are now also trying to get their hands on information that can help them determine the effectiveness of their kinetic attacks, discover whether their spies have been flagged by the Ukrainian authorities, and see what evidence those authorities have gathered about war crimes.

Clever and subtle psy-ops online campaigns are, as well, a favorite tactic employed by the Russian state to manipulate enemies. And, since the advent of generative AI, it has became easier to mount them, Ferguson added.

All these things should be taken in consideration by governments when preparing for the future. Looking at the cyber component of the unfolding wars in Ukraine and Israel, they can see what future conflicts will look like.

Zhora says that Ukraine is becoming more and more confident of its capacity to counter future attacks, but that each democracy needs to ask themselves: Are we prepared for a global cyber war? “And they need to be honest with the answer,” he noted.

If they are not, they should immediately begin investing in cyber defense and intensifying cooperation, he added.

All the War They Want: Special Operations Techniques for Winning in Cyber Warfare, Business, and Life

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: OT/ICS critical infrastructure

Jun 28 2023

Tracking atrocities in Sudan: ‘The world has become significantly less anonymous for war criminals’

Category: Cyber War,Information Securitydisc7 @ 8:10 am

Since April, Sudan has been rocked by fighting between two factions of its army. At first, the violence was contained in the capital city, Khartoum, but in recent days fighting has flared up in western Darfur, ground zero for a genocide that started back in 2003 and left hundreds of thousands dead.

Arab militiamen, known as janjaweed, or “devils on horseback,” were able to kill so many in Darfur in such a short time because the area is so remote — there was no one to witness the atrocities or hold the perpetrators to account, so they continued apace.

That’s what makes this latest conflict so different: Technology is allowing third-party observers to document human rights abuses in near real time thanks to, among other things, low-orbit satellites.

Researchers like Nathaniel Raymond, the executive director of Yale’s Humanitarian Research Lab, have been using satellites not just to document the violence, but with the right on-the-ground intelligence, to predict attacks before they happen.

The team recently documented evidence of war crimes in Ukraine with a report that provided both photographic and other proof that Russia was behind the systematic relocation of thousands of children from Ukraine into Russia and Russian-controlled regions of Ukraine.

Now Raymond and the team are working with the U.S. State Department to document human rights abuses in Sudan. It is a bit of a homecoming for them — they pioneered the use of satellite analysis and open-source intelligence in Darfur more than a decade ago and now they are back with better tools and a focus on ending a crisis that is decades in the making.

This conversation has been edited for length and clarity.

Click Here: Let’s start at the beginning. Can you explain how you got into this work?

The Art of War

InfoSec tools | InfoSec services | InfoSec books

Tags: war criminals

Apr 19 2023

How to Prepare Infrastructure for a War and Enable a Company’s Security

Category: Cyber War,Information WarfareDISC @ 11:29 am

Mykola Srebniuk, Head Of Information Security, MacPaw
Vira Tkachenko, CTO, MacPaw

MacPaw has been operating in Kyiv since the start of a full-scale war in Ukraine. This session will outline how the organization prepare its infrastructure for the Russian invasion, how plans were implemented, and the company’s security and Business continuity were ensured. This session will be helpful for businesses in various cases of natural and cyber disasters, from hurricanes and typhoons to cyberattacks.

Cyber Wars gives you the dramatic inside stories of some of the world’s biggest cyber attacks. These are the game-changing hacks that make organisations around the world tremble and leaders stop and consider just how safe they really are. Charles Arthur provides a gripping account of why each hack happened, what techniques were used, what the consequences were and how they could have been prevented. 

Cyber attacks are some of the most frightening threats currently facing business leaders, and this book provides a deep insight into understanding how they work and how hackers think as well as giving invaluable advice on staying vigilant and avoiding the security mistakes and oversights that can lead to downfall. No organization is safe, but by understanding the context within which we now live and what the hacks of the future might look like, you can minimize the threat.  

Cyber Wars: Hacks That Shocked the Business World

Russia’s digital warriors adapt to support the war effort in Ukraine, Google threat researchers say

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: Cyber War, Prepare Infrastructure for a War

Aug 29 2022

NATO Investigates Dark Web Leak of Data Stolen from Missile Vendor

Category: Cyber Threats,Cyber War,Dark Web,Digital cold warDISC @ 1:23 pm

Documents allegedly belonging to an EU defense dealer include those relating to weapons used by Ukraine in its fight against Russia.

blue hacker hands over keyboard
Source: Andrey Khokhlov via Alamy Stock Photo

NATO is investigating the leak of data reportedly stolen from a European missile systems firm, which hackers have put up for sale on the Dark Web, according to a published report.

The leaked data includes blueprints of weapons used by Ukraine in its current war with Russia.

Integrated defense company MBDA Missile Systems, headquartered in France, has acknowledged that data from its systems is a part of the cache being sold by threat actors on hacker forums after what appears to be a ransomware attack.

Contradicting the cyberattackers’ claims in their ads, nothing up for grabs is classified information, MBDA said. It added that the data was acquired from a compromised external hard drive, not the company’s internal networks.

NATO, meanwhile, is “assessing claims relating to data allegedly stolen from MBDA,” a NATO official told Dark Reading on Monday.

“We have no indication that any NATO network has been compromised,” the official said.

Double Extortion

MBDA acknowledged in early August that it was “the subject of a blackmail attempt by a criminal group that falsely claims to have hacked the company’s information networks,” in a post on its website.

The company refused to pay the ransom and thus the data was leaked for sale online, according to the post.

Specifically, threat actors are selling 80GB of stolen data on both Russian- and English-language forums with a price tag of 15 bitcoins, which is about $297,279, according to a report from the BBC, which broke the news about the NATO investigation Friday. In fact, cybercriminals claim to already have sold data to at least one buyer.

NATO is investigating one of the firm’s suppliers as the possible source of the breach, according to the report. MBDA is a joint venture between three key shareholders: AirBus, BAE Systems, and Leonardo. Though the company operates out of Europe, it has subsidiaries worldwide, including MBDA Missile Systems in the United States.

The company is working with authorities in Italy, where the breach occurred.

MBDA reported $3.5 billion in revenue last year and counts NATO, the US military, and the UK Ministry of Defense among its customers.

Classified Info & Ukraine

Hackers claimed in their ad for the leaked data to have “classified information about employees of companies that took part in the development of closed military projects,” as well as “design documentation, drawings, presentations, video and photo materials, contract agreements, and correspondence with other companies,” according to the BBC.

Among the sample files in a 50-megabyte stash viewed by the BBC is a presentation appearing to provide blueprints of the Land Ceptor Common Anti-Air Modular Missile (CAMM), including the precise location of the electronic storage unit within it. One of these missiles was recently sent to Poland for use in the Ukraine conflict as part of the Sky Sabre system and is currently operational, according to the report.

This might provide a clue about the motive of threat actors; advanced persistent threats (APTs) aligned with Russia began hitting Ukraine with cyberattacks even before the Russian official invasion on Feb. 24.

After the conflict on the ground began, threat actors continued to throttle Ukraine with a cyberwar to support the Russian military efforts.

The sample data viewed by the BBC also included documents labelled “NATO CONFIDENTIAL,” “NATO RESTRICTED,” and “Unclassified Controlled Information,” according to the report. At least one stolen folder contains detailed drawings of MBDA equipment.

The criminals also sent by email documents to the BBC including two marked “NATO SECRET,” according to the report. The hackers did not confirm whether the material had come from a single source or more than one hacked source.

Nonetheless, MBDA insists that the verification processes that the company has executed so far “indicate that the data made available online are neither classified data nor sensitive.”



Cyber War

Tags: cyber threats, cyberwarfare, dark web

Aug 27 2022

77% of security leaders fear we’re in perpetual cyberwar from now on

Category: Cyber War,Information SecurityDISC @ 10:28 am
Rethinking Warfare Concepts in the Study of Cyberwar and Security

A survey of cybersecurity decision makers found 77 percent think the world is now in a perpetual state of cyberwarfare.

In addition, 82 percent believe geopolitics and cybersecurity are “intrinsically linked,” and two-thirds of polled organizations reported changing their security posture in response to the Russian invasion of Ukraine.

Of those asked, 64 percent believe they may have already been the target of a nation-state-directed cyberattack. Unfortunately, 63 percent of surveyed security leaders also believe that they’d never even know if a nation-state level actor pwned them.

The survey, organized by security shop Venafi, questioned 1,100 security leaders. Kevin Bocek, VP of security strategy and threat intelligence, said the results show cyberwarfare is here, and that it’s completely different to many would have imagined. “Any business can be damaged by nation-states,” he added.

According to Bocek, it’s been common knowledge for some time that government-backed advanced persistent threat (APT) crews are being used to further online geopolitical goals. Unlike conventional warfare, Bocek said, everyone is a target and there’s no military or government method for protecting everyone. 

Nor is there going to be much financial redress available. Earlier this week Lloyd’s of London announced it would no longer recompense policy holders for certain nation-state attacks.

Late on Friday, Facebook agreed in principle to settle a US lawsuit seeking damages for letting third parties, including Cambridge Analytica, access the private data of users. The terms of the settlement have yet to be finalized.

Googlers uncover Charming email scraping tool

Researchers at Google’s Threat Analysis Group (TAG) have detailed email-stealing malware believed to be from Iranian APT Charming Kitten.

The tool, which TAG has dubbed Hyperscrape, is designed to siphon information from Gmail, Yahoo! and Outlook accounts. Hyperscrape runs locally on the infected Windows machine, and is able to iterate through the contents of a targeted inbox and individually download messages. To hide its tracks, it can, among other things, delete emails alerting users to possible intrusions.

Not to be confused with Rocket Kitten, another APT believed to be backed by Iran, Charming Kitten has been hijacking accounts, deploying malware, and using “novel techniques to conduct espionage aligned with the interests of the Iranian government” for years, TAG said. 

In the case of Hyperscrape, it appears the tool is either rarely used, or still being worked on, as Google said it’s only seen fewer than two dozen instances of the software nasty, all located within Iran. 

The malware is limited in terms of its ability to operate, too: it has to be installed locally on a victim’s machine and has dependencies that, if moved from its folder, will break its functionality. Additionally, Hyperscrape “requires the victim’s account credentials to run using a valid, authenticated user session the attacker has hijacked, or credentials the attacker has already acquired,” Google said.

While its use may be rare and its design somewhat restrictive, Hyperscrape is still dangerous malware that Google said it has written about to raise awareness. “We hope doing so will improve understanding of tactics and techniques that will enhance threat hunting capabilities and lead to stronger protections across the industry,” Google security engineer Ajax Bash wrote. 

Security professionals can find the indicators of compromise data for Hyperscrape in Google’s report.

French agency may investigate Google – again

A French governmental agency that has twice fined Google over violations of data privacy regulations and the GDPR has been tipped off by the European Center for Digital Rights (NOYB) about another potential bad practice: dressing up adverts to look like normal email messages.

According to NOYB, Google makes ads appear in Gmail user’s inboxes that appear to be regular emails, which would be a direct violation of the EU’s ePrivacy directive, as folks may not have technically signed up or consented to see this stuff.

“When commercial emails are sent directly to users, they constitute direct marketing emails and are regulated under the ePrivacy directive,” NOYB said. 

Because Google “successfully filters most external spam messages in a separate spam folder,” NOYB claims, when unsolicited messages end up in a user’s inbox it gives the impression it was something they actually signed up for, when that’s not the case.

“EU law already makes it quite clear: the use of email, for the purpose of direct marketing, requires user consent,” NOYB said, referencing an EU Court of Justice press release [PDF] from 2021 that outlines rules surrounding inbox advertising.

“It is quite simple. Spam is a commercial email sent without consent. And it is illegal. Spam does not become legal just because it is generated by the email provider,” said NOYB lawyer Romain Robert.

France’s Data Protection Authority (CNIL) has ruled in opposition to Google’s past behavior before. In February, Google was found to be breaching GDPR regulations by transmitting data to the US. Google has also been fined by the French Competition Authority for not paying French publishers when using their content.

NOYB said in its complaint [PDF] to CNIL that, because it accuses Google of violating the ePrivacy directive and not GDPR, the watchdog has no need to cooperate with, or wait for, the actions of other national data privacy authorities to decide to fine or otherwise penalize the American web giant. 

Nobelium is back with a new post-compromise tool

Microsoft security researchers have described custom software being used by Nobelium, aka Cozy Bear aka the perpetrators of the SolarWinds attack, to maintain access to compromised Windows networks.

Dubbed MagicWeb by Redmond, this malicious Windows DLL, once installed by a high-privileged intruder on an Active Directory Federated Services (ADFS) server, can be used to ensure any user attempting to log in is accepted and authenticated. That’ll help attackers get back into a network if they somehow lose their initial access.

Microsoft noted that MagicWeb is similar to the FoggyWeb malware deployed in 2021, and added that “MagicWeb goes beyond the collection capabilities of FoggyWeb by facilitating covert access directly.” 

This isn’t a theoretical malware sample, either: Microsoft said it found a real-world example of MagicWeb in action during an incident response investigation. According to Microsoft, the attacker had admin access to the ADFS system, and replaced a legitimate DLL with the MagicWeb DLL, “causing malware to be loaded by ADFS instead of the legitimate binary.”

MagicWeb is a post-compromise malware that requires the attacker to already have privileged access to their target’s Windows systems. Microsoft recommends treating ADFS servers as top tier assets and protecting them just like one would a domain controller. 

Additionally, Microsoft recommends domain administrators enable Inventory Certificate Issuance policies in PKI environments, use verbose event logging, and look out for Event ID 501, which indicates a MagicWeb infection. 

Redmond said organizations can also avoid a MagicWeb infection by keeping an eye out for executable files located in the Global Assembly Cache (GAC) or ADFS directories that haven’t been signed by Microsoft, and adding AD FS and GAC directories to auditing scans. 

Anti-cheat software hijacked for killing AV

It turns out role-playing game Genshin Impact’s anti-cheat software can be, and is being, used by miscreants to kill antivirus on victims’ Windows computers before mass-deploying ransomware across a network.

TrendMicro said it spotted mhyprot2.sys, the kernel-mode anti-cheat driver used by Genshin, being used kinda like a rootkit by intruders to turn off end-point protection on machines. The software is designed to kill off unwanted processes, such as cheat programs.

You don’t have to have the game installed on your PC to be at risk, as ransomware slingers can drop a copy of the driver on victims’ computers and use it from there.

It has the privileges, code signing, and features needed by extortionists to make their roll out of ransomware a cinch, we’re told. TrendMicro recommends keeping a look out for unexpected installations of the mhyprot2 driver, which should show up in the Windows Event Log, among other steps detailed in the link above. ®

Tags: Cyber Warfare

Mar 08 2022

IOC Resource for Russia-Ukraine Conflict-Related Cyberattacks

Category: Cyber Attack,Cyber WarDISC @ 11:14 pm

IOC Resource for Russia-Ukraine Conflict-Related Cyberattacks – by Trend Micro

Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers

Tags: cyber attack, Ukraine Conflict-Related Cyberattacks

Mar 01 2022

CISA and FBI warn of potential data wiping attacks spillover

Category: Cyber War,data security,Digital cold warDISC @ 10:08 am

US CISA and the FBI warned US organizations that data wiping attacks targeting Ukraine entities could spill over to targets worldwide.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a joint cybersecurity advisory to warn US organizations of data wiping attacks targeting Ukraine that could hit targets worldwide.

The advisory warns of the potential effects of the two destructive malware, tracked as WhisperGate and HermeticWiper, on organizations worldwide.

The US agencies believe that further disruptive data wiping attacks could target organizations in Ukraine and may unintentionally spill over to organizations in other countries.

This joint Cybersecurity Advisory (CSA) provides information on the two wipers as well as indicators of compromise (IOCs) that could be used by defenders to detect and prevent infections. The advisory also provides recommended guidance and considerations for organizations to address as part of network architecture, security baseline, continuous monitoring, and incident response practices.

“Destructive malware can present a direct threat to an organization’s daily operations, impacting the availability of critical assets and data. Further disruptive cyberattacks against organizations in Ukraine are likely to occur and may unintentionally spill over to organizations in other countries.” reads the advisory. “Organizations should increase vigilance and evaluate their capabilities encompassing planning, preparation, detection, and response for such an event.”

Below is the list of actions recommended to the organizations:
• Set antivirus and antimalware programs to conduct regular scans.
• Enable strong spam filters to prevent phishing emails from reaching end users.
• Filter network traffic.
• Update software.
• Require multifactor authentication.

The advisory also includes recommendations for System and Application Hardening and Recovery and Reconstitution Planning along with Incident Response instructions.

Blackout Warfare: Attacking The U.S. Electric Power Grid A Revolution In Military Affairs 

Tags: Blackout Warfare, data wiping attacks

Jan 08 2022

One Book Reveals the Future of the Chinese-American Conflict

In great-power competition, force is the coin of the realm. The Great Nightfall: Why We Must Win the New Cold War explains how. 

Ambassador Middendorf delivers a seminal book for understanding military competition in an era of great-power competition. No one who is serious about the future security, prosperity and freedom of America should neglect this essential read.

Ambassador Bill Middendorf makes one unambiguous argument in his new book, The Great Nightfall: Why We Must Win the New Cold War. America won’t survive and thrive in an era of great-power competition without a strong, dominant military. There is one reason for that. China.  

The Great Nightfall lays out the threat posed by the Chinese Communist Party. It also makes a compelling argument for the kind of military the U.S. needs to match the dangers posed by Beijing. 

Middendorf has given a full lifetime of service to the nation, from his days at sea during World War II to diplomatic assignments and government posts. Among the latter, a turn as Secretary of the Navy. He was instrumental in designing the naval forces that completely outmatched the Soviets during the Cold War. Today, he remains America’s maritime Henry Kissinger, the nation’s preeminent thinker on naval modernization. 

In The Great Nightfall, Middendorf deconstructs great-power competition. Regardless of how many internet trolls, little green men, bank accounts and businesses a state controls, it’s not enough to make the state a great power. That requires real military power. 

Without the capacity to physically defend national interests, big states are fat banks waiting to be robbed. In contrast, nations that can defend themselves have a foundation on which to build sustainable diplomatic, economic and political policies. “The Cold War ended,” Middendorf argues in The Great Nightfall, “because we were the strongest military force in the world, backed by a unified NATO and strong allies in the Pacific.”  

In short, in great-power competition, force is the coin of the realm. The problem with contemporary competition, Middendorf notes, is that “[t]imes have changed.” China is on a path to challenge the United States for number one.  

One of the attributes the great-power competition shares with the Cold War is that our adversaries would prefer to “win without fighting.” In other words, they want to achieve victory without the debilitating costs and risks of direct military conflict. These opponents are predisposed to adopt indirect approaches to whittle-away at the strength and solidarity of the free world. That said, military competition plays an important role in their calculus, particularly for China. Chinese strategy envisions ultimately demonstrating sufficient military dominance that Beijing can intimidate other nations and bend them to its will. 

In some ways, the new era of great-power competition resembles a new type of arms race. And, as was the case during the Cold War, there are concerns that the competition could turn into armed confrontation. Indeed, The Great Nightfall maps out several scenarios—from North Korea to the South China Seas—where great powers could actually come to blows. 

The Great Nightfall, however, is fundamentally a book about how the United States can establish conventional and strategic deterrence in the modern world. “This book is not a call for war,” writes the author. “The best way to prepare for war is to be prepared to win it. We need to stop underfunding the military, especially in areas of research, non-conventional war, space, cyberwar, and artificial intelligence. War is changing, and we need to change with it. We cannot expect success fighting tomorrow’s conflicts with yesterday’s weapons.”  

Middendorf’s blueprint for protecting America in the twenty-first century stands out in two ways. First, he provides a detailed assessment of how to protect the U.S. capacity to build and sustain a modern military. Here, he addresses issues from research and development, to establishing secure, “clean” supply chains, to ship-building. Second, he delivers a comprehensive overview of future U.S. naval needs.

It is not just his naval service and stint as Secretary of the Navy that lead the ambassador to focus on seapower. Fundamentally, China’s potential as a global threat is rooted in its ability to project maritime power. And naval power, in the modern sense, is multidimensional, linking the ability to sail the seas with undersea warfare, air, space, and cyber operations. 

The outstanding contribution of The Great Nightfall is its extraordinarily deep evaluation of all aspects of naval power, covering the nature of the Chinese threats and the appropriate countermeasures. In the end, Middendorf delivers a seminal book for understanding military competition in an era of great-power competition. No one who is serious about the future security, prosperity and freedom of America should neglect this essential read.  

Tags: Chinese-American Conflict, New Cold War, The Great Nightfall

Oct 14 2021

Ex-DoD Security Chief: China is Winning—it’s ‘A Done Deal’

Category: Cyber War,Digital cold warDISC @ 9:43 am

The former chief software officer for the U.S. Air Force, Nicolas Chaillan, says the U.S. is falling far behind China in cybersecurity. In a no-holds-barred interview, he unloads his frustrations, built up over three years of inept bungling at the Pentagon.

He quit his job last month, in disgust. “We are setting up critical infrastructure to fail,” Chaillan warned. And now Defense Department officials will be bracing themselves for more criticism as he vows to testify to Congress.

Lauren Knausenberger now holds the poisoned chalice. In today’s SB Blogwatch, we plan to fail.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Fruit salad word salad.

Beijing Back Better

What’s the craic? Katrina Manson reports—“Chaillan speaks of ‘good reason to be angry’ as Beijing heads for ‘global dominance’”:

Kindergarten level”
In his first interview since leaving the post at the Department of Defense a week ago, Nicolas Chaillan told [me] the failure of the US to respond to Chinese cyber and other threats was putting his children’s future at risk. “We have no competing fighting chance against China in 15 to 20 years. Right now, it’s already a done deal; it is already over in my opinion,” he said.

Chaillan, 37, who spent three years on a Pentagon-wide effort to boost cyber security and as first chief software officer for the US Air Force, said Beijing is heading for global dominance because of its advances in artificial intelligence, machine learning and cyber capabilities. He argued these emerging technologies were far more critical to America’s future than hardware such as big-budget fifth-generation fighter jets such as the F-35.

Senior defence officials have acknowledged they “must do better” to attract, train and retain young cyber talent. … Chaillan announced his resignation in a blistering letter at the start of September, saying military officials were repeatedly put in charge of cyber initiatives for which they lacked experience, decrying Pentagon “laggards” and absence of funding.

Chaillan said he plans to testify to Congress about the Chinese cyber threat to US supremacy, including in classified briefings, over the coming weeks. … He added US cyber defences in some government departments were at “kindergarten level.”

Ex-DoD Security Chief: China is Winning—it’s ‘A Done Deal’

The New Art of War: China’s Deep Strategy Inside the United States 

Tags: China is Winning, cyberwarfare, New Art of War

May 04 2021


Category: Cyber War,Digital cold warDISC @ 9:20 am

America has a serious infrastructure problem.

America’s most urgent infrastructure vulnerability is largely invisible and unlikely to be fixed by the Biden administration’s $2 trillion American Jobs Plan.

I’m thinking about vulnerabilities that lurk in your garage (your car), your house (your computer), and even your pocket (your phone). Like those devices of yours, all connected to the Internet and so hackable, American businesses, hospitals, and public utilities can also be hijacked from a distance thanks to the software that helps run their systems. And don’t think that the American military and even cybersecurity agencies and firms aren’t seriously at risk, too.

Such vulnerabilities stem from bugs in the programs — and sometimes even the hardware — that run our increasingly wired society. Beware “zero-day” exploits — so named because you have zero days to fix them once they’re discovered — that can attract top-dollar investments from corporations, governments, and even black-market operators. Zero days allow backdoor access to iPhones, personal email programs, corporate personnel files, even the computers that run dams, voting systems, and nuclear power plants.

It’s as if all of America were now protected by nothing but a few old padlocks, the keys to which have been made available to anyone with enough money to buy them (or enough ingenuity to make a set for themselves). And as if that weren’t bad enough, it was America that inadvertently made these keys available to allies, adversaries, and potential blackmailers alike.

The recent SolarWinds hack of federal agencies, as well as companies like Microsoft, for which the Biden administration recently sanctioned Russia and expelled several of its embassy staff, is only the latest example of how other countries can hack basic American infrastructure. Such intrusions, which actually date back to the early 2000s, are often still little more than tests, ways of getting a sense of how easy it might be to break into that infrastructure in more serious ways later. Occasionally, however, the intruders do damage by vacuuming up data or wiping out systems, especially if the targets fail to pay cyber-ransoms. More insidiously, hackers can also plant “time bombs” capable of going off at some future moment.


The Coming Cyber War

Tags: Cyber-warfare, cybergeddon, cyberwar, cyberwarfare

Apr 19 2021

Alarming Cybersecurity Stats: What You Need To Know For 2021

Cyber Attack A01

The year 2020 broke all records when it came to data lost in breaches and sheer numbers of cyber-attacks on companies, government, and individuals. In addition, the sophistication of threats increased from the application of emerging technologies such as machine learning, artificial intelligence, and 5G,  and especially from greater tactical cooperation among hacker groups and state actors. The recent Solar Winds attack, among others,  highlighted both the threat and sophistication of those realities.

The following informational links are compiled from recent statistics pulled from a variety of articles and blogs. As we head deeper into 2021, it is worth exploring these statistics and their potential cybersecurity implications in our changing digital landscape.

To make the information more useable, I have broken down the cybersecurity statistics in several categories, including Top Resources for Cybersecurity Stats, The State of Cybersecurity Readiness, Types of Cyber-threats, The Economics of Cybersecurity, and Data at Risk.

There are many other categories of cybersecurity that do need a deeper dive, including perspectives on The Cloud, Internet of Things, Open Source, Deep Fakes, the lack of qualified Cyber workers, and stats on many other types of cyber-attacks. The resources below help cover those various categories.

Top Resources for Cybersecurity Stats:

If you are interested in seeing comprehensive and timely updates on cybersecurity statistics, I highly recommend you bookmark these aggregation sites:

 300+ Terrifying Cybercrime and Cybersecurity Statistics & Trends (2021 EDITION) 300+ Terrifying Cybercrime & Cybersecurity Statistics [2021 EDITION] (·        

The Best Cybersecurity Predictions For 2021 RoundupWhy Adam Grant’s Newest Book Should Be Required Reading For Your Company’s Current And Future LeadersIonQ Takes Quantum Computing Public With A $2 Billion Deal

134 Cybersecurity Statistics and Trends for 2021 134 Cybersecurity Statistics and Trends for 2021 | Varonis

 2019/2020 Cybersecurity Almanac: 100 Facts, Figures, Predictions and Statistics  (

Source: The State of Cybersecurity Readiness:

Cyber-Security Threats, Actors, and Dynamic Mitigation

Related article:

Top Cyber Security Statistics, Facts & Trends in 2022

👇 Please Follow our LI page…

DISC InfoSec

#InfoSecTools and #InfoSectraining



Tags: Cybersecurity Stats

Mar 26 2021

Hacking Weapons Systems

Category: Cyber Attack,Cyber War,Cyberweapons,HackingDISC @ 1:33 pm

The Cyberweapons Arms Race

Tags: cyberattack, cyberweapons, Hacking, infrastructure, military, national security policy, weapons

Mar 22 2021

FCC Boots Chinese Telecom Companies, Citing Security

he Federal Communications Commission’s (FCC) Public Safety and Homeland Security Bureau on March 12 identified five Chinese companies they said posed a threat to U.S. national security. These companies are: Huawei Technologies Co., ZTE Corp., Hytera Communications Corp., Hangzhou Hikvision Digital Technology Co. and Dahua Technology Co.

The declaration, according to the FCC, is in accordance with the requirements of the Secure and Trusted Communications Networks Act of 2019, which requires the FCC to “publish and maintain a list of communications equipment and services that pose an unacceptable risk to national security or the security and safety of U.S. persons.”

In June 2020, the FCC designated both ZTE and Huawei as national security threats. “… [B]ased on the overwhelming weight of evidence, the Bureau has designated Huawei and ZTE as national security risks to America’s communications networks—and to our 5G future,” said then-FCC chairman Ajit Pai. Pai continued, “Both companies have close ties to the Chinese Communist Party and China’s military apparatus, and both companies are broadly subject to Chinese law obligating them to cooperate with the country’s intelligence services.  The Bureau also took into account the findings and actions of congress, the executive branch, the intelligence community, our allies, and communications service providers in other countries. We cannot and will not allow the Chinese Communist Party to exploit network vulnerabilities and compromise our critical communications infrastructure. Today’s action will also protect the FCC’s Universal Service Fund—money that comes from fees paid by American consumers and businesses on their phone bills—from being used to underwrite these suppliers, which threaten our national security.”

ZTE’s petition for reconsideration in November 2020 was immediately rejected. Huawai also petitioned for reconsideration, and their appeal was rejected in December 2020, after a few weeks of deliberation.

FCC Boots Chinese Telecom Companies, Citing Security

Tags: Chinese Telecom

Mar 14 2021

India and China’s Conflict Goes Cyber

Category: Cyber WarDISC @ 3:36 pm


China’s RedEcho sent a clear signal to India that, while China may engage in fisticuffs along the line of control, they were willing to escalate the low-intensity conflict into the cyber domain targeting India’s infrastructure.

We talked with Recorded Future’s Insikt Group about the RedEcho activity to learn if neighboring nations, or those involved with the Chinese Belt and Road Initiative, were similarly engaged by RedEcho, and learned that the attacks have “been exclusively focused on Indian targets.” With the publication of the report on March 1, the Insikt Group noted that activity “gradually ceased and the last communication identified between the victim organizations and the RedEcho infrastructure was on March 2, 2021.”

The Insikt Group added that the RedEcho team “parked large amounts of their infrastructure, likely in response to the public reporting and incident response efforts.” They opined, “It remains to be seen how the group’s longer term M.O. will evolve following publication, but we believe it is likely that they will attempt to use other methods to attempt to maintain persistent access to the targeted organizations. This highlights the need for a full incident response effort for affected organizations to ensure the group does not maintain other means of network access.”

National Infrastructure

Cyberattacks against national infrastructure are neither unique nor new in a global context.

Dr. Christopher Ahlberg, CEO and co-founder, Recorded Future, tells us, “The impact of a cyberattack targeting the critical infrastructure of a country, whether for espionage or malicious activity, has the potential to be catastrophic with long-term repercussions. We have long seen cyber efforts from China aimed around strategic policies and initiatives, and this campaign from RedEcho is no exception. Accurate and actionable intelligence is vital for preempting such attacks and proactively disrupting adversaries both within an organization and across a nation.”

Chris Blask, global director, applied innovation at Unisys, said, “The findings about RedEcho are another indication that the trend towards using cyber means against national infrastructure for political ends continues to follow its multi-decade curve.”

“Nation-states should continue to develop processes, such as seen in the NERC CIP series of regulations, for lessons,” Blask said. “The timing of NERC CIP 13 last October requiring supply chain strategies for critical electrical operators, the SolarWinds attack, and the Feb. 24, 2021 executive order from U.S. president Joe Biden creating a 100-day window for federal departments to develop supply chain security strategies can be seen as an indication of areas for those working on national defense systems to focus.”

The U.S. focus on supply chain security, especially in the context of national security interests, is further evidenced by two separate projects worthy of approbation: the Digital Bill of Materials (DBoM) architecture and the Software Bill of Materials (SBoM) initiative led by the Department of Commerce.

India and China’s Conflict Goes Cyber

India steps up vigil for cyber attacks from China after apps ban - The  Economic Times

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race

Tags: Conflict Goes Cyber, India vs China

Feb 26 2021

Microsoft releases open-source CodeQL queries to assess Solorigate compromise

Microsoft announced the release of open-source CodeQL queries that it experts used during its investigation into the SolarWinds supply-chain attack

In early 2021, the US agencies FBI, CISA, ODNI, and the NSA released a joint statement that blames Russia for the SolarWinds supply chain attack.

The four agencies were part of the task force Cyber Unified Coordination Group (UCG) that was tasked for coordinating the investigation and remediation of the SolarWinds hack that had a significant impact on federal government networks.

The UCG said the attack was orchestrated by an Advanced Persistent Threat (APT) actor, likely Russian in origin.

According to the security experts, Russia-linked threat actors hacked into the SolarWinds in 2019 used the Sundrop malware to insert the Sunburst backdoor into the supply chain of the SolarWinds Orion monitoring product.

Microsoft, which was hit by the attack, published continuous updates on its investigation, and now released the source code of CodeQL queries, which were used by its experts to identify indicators of compromise (IoCs) associated with Solorigate.

“In this blog, we’ll share our journey in reviewing our codebases, highlighting one specific technique: the use of CodeQL queries to analyze our source code at scale and rule out the presence of the code-level indicators of compromise (IoCs) and coding patterns associated with Solorigate.” reads the blog post published by Microsoft. “We are open sourcing the CodeQL queries that we used in this investigation so that other organizations may perform a similar analysis. Note that the queries we cover in this blog simply serve to home in on source code that shares similarities with the source in the Solorigate implant, either in the syntactic elements (names, literals, etc.) or in functionality.”

Microsoft releases open-source CodeQL queries to assess Solorigate compromise

Tags: CodeQL, Solorigate compromise

Jan 29 2021

Including Hackers in NATO Wargames

Category: Cyber WarDISC @ 1:37 pm

Sep 01 2020

Is China the World’s Greatest Cyber Power?

Category: cyber security,Cyber WarDISC @ 11:32 pm

While the US, Russia, Israel, and several European nations all have sophisticated cyber capabilities, one threat intelligence firm argues that China’s aggressive approach to cyber operations has made it perhaps the world’s greatest cyber power.

Source: Is China the World’s Greatest Cyber Power?

Is China the World’s Greatest Cyber Power?

“The goal is simple: break down trust in democracies, disrupt election cycles or manipulate democratic election results, and gain economic advantage over adversaries to advance global position and power,” according to the report.

“Over the past decade, China has become increasingly forthright in its intentions, and this change has been observed in cyber operations as well,” the report states. “Researchers have observed stark differences in tactics, tone, and behavior from Chinese state-sponsored cyber, military, and political parties over the past several years.”

“When it comes to China, cyber is not a tactical weapon, it is a strategic means to an end,” Maor says. “And if you are wondering what that end is, it is not something secret — it is something that is published every five years.”

There’s A Crisis That Is Quietly Creating New Economic Superpowers…

Tags: Cyber capabilities, cyber military, cyber operations, Cyber Power, Cyber Super Power, Greatest Cyber Power

Jun 22 2020

Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies

Category: Cyber Spy,Cyber WarDISC @ 1:50 pm

Aerospace and military companies in the crosshairs of CyberSpies | CyberWar

ESET research uncovers attacks against several high-profile aerospace and military companies in Europe and the Middle East, with several hints suggesting a possible link to the Lazarus group.

Source: Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies | WeLiveSecurity

This blogpost above will shed light on how the attacks unfolded. The full research can be found in this white paper, Operation In(ter)ception: Targeted attacks against European aerospace and military companies.

Confessions of a cyber spy hunter | Eric Winsborrow | TEDxVancouver

Spyeye : Script To Generate Win32 .exe File To Take Screenshots

Download a Security Risk Assessment steps paper!

Download a vCISO template

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

Next Page »