Also on today’s menu:
Third-Party Hack Targets Norton
Paying Ransomware Encourages More Attacks
Making It A Top Priority
The theft of trade secrets by other countries has always been attractive because it allows them to develop new technologies without the time and expense of initial research and development. China is among the top competitors seeking technological knowledge to keep its economy at the forefront of innovation.
Zheng Xiaoqing, a United States citizen who worked for General Electric Power, was sentenced to two years in prison earlier this month after an innocuous-looking sunset photograph turned out to contain hidden binary code that provided information from confidential files through a technique called steganography. A data file is hidden within the code of another data file. Authorities say Zheng utilized the method on several occasions to take sensitive files from GE related to the design and manufacture of gas and steam turbines. The information, considered to be worth millions of dollars, was sent to an accomplice in China.
Last November, Chinese national Xu Yanjun, alleged to be a career spy, was sentenced to 20 years in prison for plotting to steal trade secrets from several U.S. aviation and aerospace companies.
Last July, FBI Director Christopher Wray told business leaders and academics in London that China aimed to “ransack” the intellectual property of Western companies so it can speed up its own industrial development and eventually dominate key industries.
Third-Party Hack Targets Norton
NortonLifeLock, the company that provides cyber protection for business customers and consumers, has reported a third-party hack that compromised as many as 925,000 accounts, both active and inactive. The company sent notices to an estimated 6,540 customers whose accounts had confirmed hacks, as well as to state attorneys-general.
When contacted for more specific information about the data breach, Norton referred to an article about the problem that appeared in bleepingcomputer.com. Parent company Gen Digital said its own systems were not compromised, but it appeared to be a “credential stuffing attack” in which previously breached credentials are used to break into accounts on different sites and services that share the same passwords. An attacker may acquire the data through account compromises on other platforms and try to gain access to other businesses where the client is using the same username and password.
Norton learned that intruders had compromised accounts as far back as December 1. The company detected a large number of failed logins on December 12, alerting it to the problem.
Paying Ransomware Encourages More Attacks
Cyber criminals have used file-encrypting malware to attack universities, schools, and hospitals, making ransomware one of the major cybersecurity problems in recent years. The goal, of course, is to make money by demanding a ransom payment in exchange for a decryption key that supposedly will unlock the encrypted systems, but will not always do so. Ransom demands can reach millions of dollars.
While national governments, law enforcement agencies, and cybersecurity companies warn that victims should never pay the ransom because it only encourages further attacks, many do because they think it is the quickest way to retrieve their encrypted files. Not that crooks can be trusted to hold their word.
New Hampshire’s Executive Council approved a contract with the Atom Group of Portsmouth that, as part of the $210,000 agreement, will provide 200 hours of cybersecurity per year for four years, and 100 hours of cybersecurity testing and remediation. It also will pay cyber ransom in cryptocurrency if it can negotiate an agreement with the hackers. As I reported previously, the Atom Group’s own domain is vulnerable to cyber attack. The company has declined to respond to that report.
Making It A Top Priority
Unlike New Hampshire, which seems to be largely ignoring its vulnerabilities, New York state lawmakers have announced plans to help local governments, schools, and hospitals protect against cyber ransomware attacks, making it a top priority during the 2023 legislative session.
The Empire State has experienced a wave of such attacks, including the computer systems of a major Brooklyn hospital network, and Suffolk County government was disabled by hackers last year.
“This is a top item on my agenda for 2023,” said Steven Otis, chair of New York’s Assembly Science and Technology Committee.
New Mexico, too, is taking cybersecurity seriously. Keeping online information safe from hackers has been a hot topic in the legislature, and Democratic State Senate Majority Whip Michael Padilla announced plans to change how New Mexico manages cybersecurity. “We give them a budget; we give them some guardrails and programming into what we want this office to look like. Then we let the professionals take over,” said Padilla. “We can’t pretend like this doesn’t exist. It’s something we can’t tangibly see. … Immediately, we’re going to tamp down the cyberattacks that we’ve seen affect everybody.”
Support Our Efforts
Do you have a story to tell?
The News Café is a virtual meeting place where, each weekday, we discuss the news of the day: local, statewide, national, and international. Mondays are reserved for more personal observations which only paid subscribers will receive, while Tuesday through Friday will draw from news stories published by various sources.
The News Café relies on subscriptions, rather than on advertising and grants, for its support. That frees us to provide an independent focus on events and cultural issues without having to weigh whether it would upset advertisers or fit into grant guidelines. Our only obligation is to provide information we believe is useful to our readers.
Subscriptions to this newsletter are available for as little as $5 per month. Subscribers can share their knowledge, thoughts, and questions about any topic, and we may select some of those subjects for more in-depth analysis.
If you’re unable to pay but still want to receive all of the free public posts in your in-box, click the Subscribe button and select a free subscription.
Download the app to view or hear an audio version of the posts, and to join in a group chat.
Visit us at www.libertymedianh.org