{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


linkedin facebook twitter instagram
We hear from cybersecurity researchers, the NSA and FireEye's chief executive about the SolarWinds breach. Also in the news: websites impersonating big drug companies and Zoom's potential legal troubles. This is CyberScoop for Monday, Dec. 21, 2020.

Cozy Bear puts the 'P' in 'advanced persistent threat'

The hacking group suspected of being behind the SolarWinds breach is well-known for its stealth and stubbornness, according to cybersecurity experts. Cozy Bear, also known as APT29, is linked to Russia's SVR intelligence agency and has had a hand in some of the most well-known cyber-espionage campaigns, including prior attacks on U.S. government agencies. Its modus operandi suggests there may be more to come, if APT 29 is indeed the culprit. Shannon Vavra and Tim Starks track the outfit.

A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.

NSA warns of expanded SolarWinds fallout

The NSA issued an alert last week about an ongoing Russian state-sponsored hacking campaign that could be exacerbated by the SolarWinds breach. The agency warned defense contractors and Pentagon IT staff that the SolarWinds Orion compromise could be used in concert with a previously identified Russian state-sponsored hacking effort to access contractors’ data. The NSA did not claim that Russian hackers, who have been exploiting a flaw in a VMware product to access data, are involved in the SolarWinds compromise. Shannon has more.

Kevin Mandia: A 'totally unique' incident

“This was not a drive-by shooting on the information highway. This was a sniper round from somebody a mile away from your house,” FireEye CEO Kevin Mandia said Sunday about the SolarWinds breach. “This was special operations. And it was going to take special operations to detect this breach.” Mandia, appearing on CBS's "Face the Nation," said the attack was “totally unique” and “utterly clandestine," and bore all the hallmarks of a nation-state operation — but he stopped short of attributing it to any one country. Joe Warminsky has more.

NSA-Cybercom split back on the table

Officials at the Department of Defense have floated a proposal that could sever the "dual hat" relationship between the National Security Agency and Cyber Command, according to a U.S. official. Critics of the current organization — in which one person is in charge of both agencies — say it can introduce bureaucratic red tape and that it pits espionage and military priorities against one another. Proponents of the dual-hatting, however, say it is a powerful partnership. It's an old debate, but the renewed interest comes as the U.S. government is currently working not only to respond to the SolarWinds breach, but also the needs of a new presidential administration. Shannon explains.

Breaking down Fancy Bear’s lack of fanciness

While APT29/Cozy Bear has been getting much of the attention this month, cybersecurity analysts are continuing to track another Russia-linked hacking group — the infamous Fancy Bear, or APT28. It appears that sometimes the “advanced” in "APT" can be misleading: Advanced hacking groups needn’t use advanced tools. Fancy Bear, linked to Russia's GRU military spy agency, might be the best example it, researchers say. The group's “crudeness,” as one analyst put it, goes beyond the recent alleged hack of Norway's parliament. Trend Micro discovered a months-long Fancy Bear operation against government organizations that used some of the same blunt digital instruments. Sean Lyngaas explains.

Scammers impersonate Moderna, Regeneron

COVID-19-related fraud continues to have an impact as Americans await delivery of a vaccine. The latest example came Friday, when U.S. officials revealed that scammers had been operating two websites that closely mimic drug companies Moderna and Regeneron, in an effort to collect users’ personal data and rip them off. Law enforcement seized the websites following a tip from Moderna’s security team. Sean has this one, too.

Zoom acknowledges federal probes

Videoconferencing company Zoom said Friday it is under scrutiny by U.S. prosecutors and regulators for its interactions with China's government as well as other security and privacy matters. The U.S. Attorney’s Office for the Eastern District of New York has issued a grand jury subpoena about interactions with foreign governments and political parties. Separately, the U.S. Attorney’s Office for the Northern District of California and the Securities and Exchange Commission issued subpoenas about Zoom's data encryption and other topics. Read Zoom's blog post.

Tweet Of The Day


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}