Author: blogmirnet

The Federal Bureau of Investigation (FBI), the US Department of State, and the National Security Agency (NSA), together with the Republic of Korea’s National Intelligence Service (NIS), National Police Agency (NPA), and Ministry of Foreign Affairs (MOFA), have issued a Joint Cybersecurity Advisory to highlight the use of social engineering by Democratic People’s Republic of Korea (DPRK a.k.a. North Korea) state-sponsored cyber actors to enable computer network exploitation (CNE) globally against individuals employed by research centers and think tanks, academic institutions, and news media organizations. These North Korean cyber actors are known to conduct spearphishing campaigns posing as real journalists, academics, or other individuals with credible links to North Korean policy circles. The DPRK employs social engineering to collect intelligence on geopolitical events, foreign policy strategies, and diplomatic efforts affecting its interests by gaining illicit access to the private documents, research, and communications of their targets.

North Korea’s cyber program provides the regime with broad intelligence collection and espionage capabilities. The Governments of the United States and the Republic of Korea (ROK a.k.a. South Korea) have observed sustained information-gathering efforts originating from these North Korean cyber actors. North Korea’s primary military intelligence organization, the Reconnaissance General Bureau (RGB), which has been sanctioned by the United Nations Security Council, is primarily responsible for this network of actors and activities.

We assess the primary goals of the DPRK regime’s cyber program include maintaining consistent access to current intelligence about the United States, South Korea, and other countries of interest to impede any political, military, or economic threat to the regime’s security and stability.

Currently, the US and ROK Governments, and private sector cyber security companies, track a specific set of DPRK cyber actors conducting these large-scale social engineering campaigns as Kimsuky, Thallium, APT43, Velvet Chollima, and Black Banshee. Kimsuky is administratively subordinate to an element within North Korea’s RGB and has conducted broad cyber campaigns in support of RGB objectives since at least 2012. Kimsuky actors’ primary mission is to provide stolen data and valuable geopolitical insight to the North Korean regime.

Some targeted entities may discount the threat posed by these social engineering campaigns, either because they do not perceive their research and communications as sensitive in nature, or because they are not aware of how these efforts fuel the regime’s broader cyber espionage efforts. However, as outlined in this advisory, North Korea relies heavily on intelligence gained by compromising policy analysts. Further, successful compromises enable Kimsuky actors to craft more credible and effective spearphishing emails that can be leveraged against more sensitive, higher-value targets. The authoring agencies believe that raising awareness of some of these campaigns and employing basic cyber security practices may frustrate the effectiveness of Kimsuky spearphishing operations.

This Joint Cybersecurity Advisory provides detailed information on how Kimsuky actors operate; red flags to consider as you encounter common themes and campaigns; and general mitigation measures for entities worldwide to implement to better protect against Kimsuky’s CNE operations.

The goal of this project is to define and facilitate a reference architecture(s) for digital identities that protects privacy, is implemented in a secure way, enables equity, is widely adoptable, and easy to use. The concepts of cybersecurity, privacy, and adoptability are critically important to this overall effort and will be interweaved into the work of this project from the beginning.

The NCCoE intends to help accelerate the adoption of standards, investigate what “works” and “what does not” based upon current efforts being performed by various entities, and provide a forum/environment to discuss and resolve challenges in implementing ISO/IEC 18013-5 (attended) and ISO/IEC 18013-7 (over-the-internet) standards.

Next Steps

In the coming months, the NCCoE will publish a Federal Register Notice (FRN) based on the final project description. A notification will be distributed once this is available. If you have interest in participating in this project as a collaborator, you will have the opportunity to complete a Letter of Interest (LOI) where you can present your capabilities. Completed LOIs are considered on a first-come, first-served basis within each category of components or characteristics listed in the FRN, up to the number of participants in each category necessary to carry out the project.

If you have any questions, please reach out to the project team at [email protected].

To learn more about the project and to join the Community of Interest, visit the project page.

View Publication

The NCCoE has published for comment Draft NIST IR 8441, Cybersecurity Framework Profile for Hybrid Satellite Networks (HSN). 

The public comment period for this draft is now open until 11:59 p.m. ET on July 5, 2023.

1. View the publication. 
2. Visit the project page.
3. Email questions to [email protected].

All comments that are received will be reviewed and adjudicated to inform the final publication. 

Today at the annual NICE Conference & Expo, Rodney Petersen, the Director of NICE, announced a new Notice of Funding Opportunity (NOFO) from the National Institute of Standards and Technology (NIST).  Following a successful pilot program in 2016, NIST is again offering funding to establish Regional Alliances and Multistakeholder Partnerships to Stimulate (RAMPS) cybersecurity education and workforce development. As part of the Department of Commerce’s Principles for Highly Effective Workforce Investments and Good Jobs Principles, RAMPS will support the NIST-led NICE program.  Effective partnerships will focus on bringing together employers and educators to develop a skilled workforce to meet industry needs within a local or regional economy. NIST anticipates funding up to eighteen awards of up to $200,000 through cooperative agreements. Applicants must demonstrate through letters of commitment that at least one of each of the following types of organizations is committed to being part of the proposed regional alliance: institution of higher education or nonprofit training organization, and local employer or owner or operator of critical infrastructure. The deadline to apply is August 7, 2023, by 11:59pm Eastern Time.  A webinar for interested applicants will be held on June 13, 2023 at 1-2pm Eastern Time to provide general information regarding this funding opportunity, offer general guidance on preparing applications, and answer questions.  View this Funding Opportunity on Grants.gov

Grow your skills at Security Virtual Training Day: Defend Against Threats and Secure Cloud Environments from Microsoft Learn. At this free event, you’ll learn to perform advanced hunting, detections, and investigations, and remediate security alerts with Microsoft Defender and Microsoft Sentinel. Using automated extended detection and response (XDR) in Microsoft Defender and unified cloud-native security information and event management (SIEM) through Microsoft Sentinel, you’ll learn to confidently perform investigations and remediations to help defend against threats. You will have the opportunity to: Learn how to investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender. Use Microsoft Defender for Cloud to perform cloud security posture management and to help protect cloud workloads. Understand ways to help protect people and data against cyberthreats with Microsoft technologies. Join us at an upcoming two-part event: Thursday, July 6, 2023 | 10:00 AM – 12:45 PM | (GMT-05:00) Eastern Time (US & Canada) Friday, July 7, 2023 | 10:00 AM – 12:00 PM | (GMT-05:00) Eastern Time (US & Canada) Delivery Language: English Closed Captioning Language(s): English

REGISTER TODAY >

Read the e-book

As cloud computing continues its global expansion, security teams must adapt and find new ways to keep digital estates protected. That’s why it’s essential to build an identity and access management (IAM) strategy that can govern identities, manage permissions, and mitigate risks across any multicloud or hybrid environment. Learn more about a continuous, cloud-based approach to identity management. Read the e-book, Evolving Identity and Access Management for the Multicloud World, to: Understand how unmanaged permissions increase your risk of a breach.Discover the benefits of an integrated, scalable, cloud-native approach to identity management.See how the cloud infrastructure entitlement management (CIEM) lifecycle approach helps discover, remediate, and monitor risks continuously.Explore the capabilities of a decentralized identity solution.

Internal and external reporting of security vulnerabilities in software and information systems owned or utilized by the Federal Government is critical to mitigating risk, establishing a robust security posture, and maintaining transparency and trust with the public. Formalizing actions to accept, assess, and manage vulnerability disclosure reports can help reduce known security vulnerabilities and exposures.

NIST Special Publication (SP) 800-216, Recommendations for Federal Vulnerability Disclosure Guidelines, describes a flexible, unified framework for establishing policies and implementing procedures for reporting, assessing, and managing vulnerability disclosures for systems within the Federal Government. Per the Internet of Things Cybersecurity Improvement Act of 2020 (Public Law 116-207) and in alignment with ISO/IEC 29147 and ISO/IEC30111, these guidelines address:

• The establishment of a federal vulnerability disclosure framework, including the Federal Coordination Body (FCB) and Vulnerability Disclosure Program Offices (VDPOs)
• The receipt of information about potential security vulnerabilities in information systems owned or controlled by a government agency
• The dissemination of information about security vulnerability resolutions to government agencies and the public

NIST led this government-wide effort in coordination with other agencies, including the Office of Management and Budget (OMB), the Department of Defense (DoD), and the Department of Homeland Security (DHS). Please contact [email protected] with any questions.

Read More

The Benefits of Mobile Device Management The NCCoE Buzz: Mobile Security Edition is a recurring email on timely topics in mobile device cybersecurity and privacy from the National Cybersecurity Center of Excellence’s (NCCoE’s) Mobile Device Security project team. What is it? Mobile devices allow employees to conveniently do their work from home, at the office, or on the go. While this provides flexibility and convenience, it could expose an organization to potential threats. Managing mobile devices’ security and device health is vital to minimizing an organization’s risk posture. Mobile device management (MDM), sometimes included within a unified endpoint management (UEM) solution, is an enterprise tool that allows organizations to secure mobile devices that are used to access organizational resources. An employee’s personal or corporate-owned device can be enrolled into an MDM solution to apply enterprise configurations, manage enterprise applications, and enforce compliance with enterprise policies. How does it work? Mobile devices connect to the MDM solution via an application running on the device. Enterprise administrators use the MDM product to manage and enforce policies on connected devices. If a device is found out of compliance with a policy, an organization can enforce a compliance action. Another common use for an MDM solution is installing and managing applications on the device that will be used for work. For example, the MDM can install an email application that is pre-configured with the user’s work login. How does it address security and privacy concerns? The main goal behind using an MDM solution is to ensure that devices are in a more secure state before allowing access to corporate resources. These policies can specify certain privacy- and security-enhancing configurations, such as requiring a passcode to unlock the device or preventing data loss by restricting copy/paste/screenshot capabilities. In addition, privacy-preserving mechanisms are built into both the MDM and the devices themselves to limit unnecessary exposure of employees’ personal information. For example, when personal devices are used for work (i.e., bring your own device, or “BYOD”), the device has built-in mechanisms to ensure that personal and work data are completely separate, and that work applications cannot access any personal information on the device, such as pictures or SMS messages. What can you do? Download our SP 1800-21 and 1800-22 guides to learn more about mobile device management and other mobile device security and privacy capabilities, including how these solutions can strengthen the security and privacy of your enterprise environment.   The NCCoE Mobile Device Security Team NIST Cybersecurity and Privacy Program Questions/Comments about this notice: [email protected] NCCoE Website questions: [email protected]

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware Guide , as ransomware actors have accelerated their tactics and techniques since its initial release in 2020. The update incorporates lessons learned from the past two years and includes additional recommended actions, resources, and tools to maximize its relevancy and effectiveness and to further help reduce the prevalence and impacts of ransomware.

The #StopRansomware Guide serves as a one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks. The authoring organizations recommend that entities review this joint guide to prepare and protect their facilities, personnel, and customers from the impacts of ransomware and data exfiltration. For more information and to access the latest resources about how to stop ransomware, please visit  stopransomware.gov.

This joint guide was developed through the Joint Ransomware Task Force (JRTF), an interagency collaborative effort to reduce the prevalence and impact of ransomware attacks. JRTF was established by Congress in 2022 and is co-chaired by CISA and FBI. For additional information about the JRTF, please visit CISA’s newly launched Joint Ransomware Task Force webpage.

Synopsis

The Department of Commerce’s workforce development agenda is guided by a set of best practices and principles that values workforce investments. These workforce investments are employer-led to connect skilled workers to quality job opportunities, guided by multiple community partners such as educational institutions and economic development organizations, and lead to stackable, industry-recognized credentials. Cybersecurity workforce needs exist in every sector of the economy; therefore, cross-sector and community-supported partnerships must align with the skill needs of industries in the regional or local economy. This webinar will explore the foundations for creating multistakeholder, community-based partnerships that can lead to good jobs in cybersecurity.

Register here