Cyber Week in Review: January 10, 2020

Trump Administration Pressed Dutch Government to Cancel Sale of Chip Equipment to China

It has been revealed that the Trump administration mounted an extensive campaign to block the sale of Dutch chip manufacturing technology to China, with Secretary of State Mike Pompeo personally lobbying the government and White House officials sharing a classified intelligence report with the Netherlands prime minister. Previously unreported, the U.S. campaign began in 2018, after the Dutch government granted semiconductor equipment company ASML a license to sell its most advanced machine to China’s biggest maker of computer chips, Semiconductor Manufacturing International Corp. The United States’ efforts appear to have worked, as the shipment of ASML’s extreme ultraviolet lithography chip tool, or EUV, was delayed indefinitely in November 2019 by Dutch authorities. Currently, no Chinese companies are capable of manufacturing the most sophisticated computer chips, and the Chinese government has made it a national priority to advance its own domestic chipmaking industry. This effort has collided with the Trump administration’s efforts to block the flow of sensitive technology to China on national security grounds.

Congressional Commission Mulls New Private Sector Reporting Requirements

The Cyberspace Solarium Commission, a bipartisan group tasked last year with devising a strategy for defending the United States against cyberattacks, is almost ready to reveal its proposals to the world. According to the commission’s co-chairs, Senator Angus King (I-ME) and Representative Mike Gallagher (R-WI), the final report, expected to be released in the spring, may include new reporting requirements for the private sector. Specifically, the commission has considered recommending incentives for implementing a so-called “1:10:60” rule, which would encourage firms to detect an intrusion in one minute, have an analyst evaluate it in ten minutes, and remediate it within sixty minutes. According to CrowdStrike data, meeting this benchmark would expel most hackers before they’re able to penetrate deeper than their initial entry point. Aside from the 1:10:60 rule, the commission is also likely to recommend enhancing the role of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the re-appointment of a cyber coordinator in the White House. Representative Gallagher noted that while the final language of the report is still being developed, the federal government could improve its own internal reporting, perhaps by sending quarterly updates to Congress on intrusion and remediation times for government agencies.

DHS Warns of Cyberattacks Following Qasem Soleimani’s Killing

On Monday, the Department of Homeland Security (DHS) issued warnings and recommendations for U.S. companies and government agencies to secure their computer networks following the killing of Qasem Soleimani last week. The advisory by the department’s Cybersecurity and Infrastructure Security Agency (CISA) warned of the considerable capabilities that Iran has to retaliate in cyberspace, and urged organizations to consider whether they make an attractive target for Iran’s hackers. CISA also issued an advisory to security professionals that included a list of techniques associated with Iranian hacking groups and how to combat them. Retaliatory cyberattacks are high on the list of likely responses to Soleimani’s killing by a U.S. drone, and DHS is particularly concerned about Iran’s ability to conduct attacks that disrupt critical infrastructure in the United States. Iran has immediately opted to respond with a more visible and conventional retaliation in the form of missile strikes on bases housing U.S. service members in Iraq, and there has been some website defacement conducted by hackers sympathetic to Tehran. But, this absence of more disruptive attacks does not rule out a concerted cyber operation by Tehran in the long term.

Brazil to Reject U.S. Pressure on Huawei 5G Bid

Marcos Pontes, Brazil’s minister for science, technology, innovation, and communications, has stated that the country will not bend to pressure from the United States to block Huawei from bidding on a contract to build Brazil’s 5G network. Responsible for establishing the criteria for the latest generation of ultra-fast internet, Pontes says that no company will be banned from the bidding process and that the final decision would be based purely on merit. Brazil’s 5G auction, initially scheduled for March, has been delayed until the second half of 2020, and could be delayed until 2021. This is due to a technical problem arising from the proposed 5G network likely interfering with transmissions from the satellite dishes that currently relay TV signals in Brazil.

New Report Suggests Chinese Companies Are Recruiting Hackers for Beijing

The anonymous hacking group calling itself Intrusion Truth has released what it claims is evidence of Chinese technology companies based on the tropical island of Hainan recruiting hackers on Beijing’s behalf. The group came to this conclusion by tracking job postings seeking offensive cybersecurity skills by a number of companies whose addresses and phone numbers listed in the job postings overlap. The job postings were featured heavily on the career boards of many Chinese universities and sought some skills that would likely only be relevant to launching cyberattacks, such as developing Windows Trojan shellcode and PE encryption. Other security researchers suggested on Thursday that these companies are associated with APT40, a Chinese espionage group that FireEye says stole information from the U.S. Navy. During an assessment after the theft, it was discovered that one of the files used to administer the malware found on U.S. Navy computers included an IP address based in Hainan. While it has already been alleged that Chinese hackers have been contracted to work for their government, Intrusion Truth’s research potentially sheds light on the process through which Beijing recruits cyberattackers from outside of the government.