November 20, 2017
Hackers Targeting Three Sectors – North Korea and The United States
Since last year, North Korean hackers have been targeting businesses in the financial services, aerospace and telecommunications sectors by exploiting a remote administration tool, or RAT. According to the alert, the FBI and DHS identified internet protocol addresses and other indictors of compromise associated with the RAT, commonly known as FALLCHILL, used by the North Korean government. Federal authorities have labeled North Korean government malicious cyber activities as Hidden Cobra. "The FBI has high confidence that Hidden Cobra actors are using the IP addresses to maintain a presence on victims' networks and to further network exploitation," the alert says. FALLCHILL uses fake transport layer security communications, encoding the data with RC4 encryption using a specific key. The malware collects basic systems information and transmits that data to command-and-control servers. The alert provides network signatures and host-based rules that can be used to detect malicious activity associated with North Korean hackers. "Although created using a comprehensive vetting process, the possibility of false positives always remains," the alert cautions. "These signatures and rules should be used to supplement analysis and should not be used as a sole source of attributing this activity to Hidden Cobra actors."
Army Acknowledges Failures to Report Crime Data to FBI – Texas, United States
The Army's top general said Wednesday his service has failed in a "significant amount" of cases to alert the FBI to soldiers' criminal history. The statement by Gen. Mark Milley, the Army chief of staff, was the most concrete indication that the problem is not confined to the Air Force. That military branch acknowledged last week that it had failed to tell the FBI about the assault conviction of Devin P. Kelley, a former airman who killed 26 people in a Texas church on Nov. 5. That failure made it possible for Kelley to acquire weapons that federal law prohibited him from buying or possessing after his 2012 conviction. "There are gaps and failures on our part to report in to the FBI," Milley said in an exchange with reporters at the Pentagon. "We have a significant amount of omissions," he added. "It clearly tells us that we need to tighten up." Milley was not specific about the kinds or number of cases that have not been reported to the FBI as required. At one point he said the Army's problem is "not too bad," but he also said, "the percentage is too high" and it needs to be addressed.
U.S. Customs Plans to Update CTPAT Best Practices, Minimum-Security Requirements, and Compliance Certification – United States
The Customs Trade Partnership Against Terrorism, better known as CTPAT, has a new logo, a red, white, and blue globe made of interlocking puzzle pieces. It has new spelling, with no hyphen in its name or acronym anymore, and a new tag line: "Your Supply Chain's Strongest Link." But that's not all that's new with the cargo-security program, according to Liz Schmelzinger, director of CTPAT programs in U.S. Customs and Border Protection's (CBP's) Office of Field Operations. CTPAT, established in 2001 to prevent terrorists from carrying out attacks on the United States via international transportation networks, is a voluntary public-private program with 11,000-plus members, including importers, exporters, surface carriers (ocean, highway, and rail), customs brokers, marine terminal operators, freight consolidators, and other entities that have a stake in cross-border cargo security. To be accepted as "CTPAT Partners," members work with CBP to identify security gaps and implement specific security measures and best practices; they must then undergo periodic audits to verify compliance. Partners are considered low-risk and are eligible for such benefits as fewer CBP cargo examinations and priority treatment at border crossings. Schmelzinger outlined some recent developments and future plans at the 16th Annual Northeast Cargo Symposium held by the Coalition of New England Companies for Trade (CONECT) in Providence, R.I., earlier this month. She has asked her team to revamp CTPAT's best practices recommendations, shifting from a catalog of specific actions to a framework that could be adapted to companies of all sizes. About 30 percent of CTPAT members are small and medium-size companies with 70 employees or less, she said, noting that what would be achievable and affordable for a large company may not be for a smaller firm. "The notion of scalability will be critical to the best practices framework," she said. The new framework, which is still in development, will include five elements:
- Senior management support, including the participating organization's culture and management philosophy regarding security and compliance
- Innovative application of technology, as appropriate for the company's size and resources
- Documented processes, including consistency and continuity over time
- Checks, balances, and auditing, including such areas as accountability and testing
- Evidence of implementation; that is, proof that plans have been put into practice and are being maintained
FOR MORE INFORMATION:
To sign up for the complete daily G4S Corporate Risk Services Intelligence Bulletin, please subscribe.