Cyber Intelligence Weekly

Cyber Intelligence Weekly (September 8, 2024): Our Take on Three Things You Need to Know

By
Posted on Sep 08 / 2024

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe

Before we get started on this week’s CIW, I’d like to highlight an upcoming talk I will be giving at Fal.Con. If you are attending Fal.Con next week, please join us for a key session on Cyber Risk Management.

📅 Wednesday, Sept. 18 | 🕛 12:00 PM - 12:45 PM PDT

Don't miss this vital session as we discuss how to best navigate evolving risk in cybersecurity. Learn from me and other industry leaders on how to align security strategies with business goals and turn risk into opportunity!

Gain insights into enhancing your organization’s security posture and meet experts like @Eben Kaplan from @CrowdStrike and @Sean Kelly of @Highmark Health who will share cutting-edge strategies.

Learn more here: https://lnkd.in/eKXQAAWZ

Learn more here:

Away we go!

 

1.  Navy Officer Demoted for Installing Unauthorized Satellite Dish on Warship

A U.S. Navy chief petty officer has been demoted after secretly installing a Starlink satellite dish on the USS Manchester, allowing her and other senior officers to access the internet while the ship was deployed. The officer, Grisel Marrero, along with other leaders, used the dish to bypass the ship’s restricted internet access, enabling them to scroll social media, watch movies, and stay updated on news and sports, according to an investigation.

Marrero, formerly the command senior chief, helped arrange the purchase of the Starlink kit for $2,800 before the ship's deployment in April 2023. The network, nicknamed "Stinky," was used exclusively by Marrero and other chief petty officers, leaving the rank-and-file sailors without access. To keep the unauthorized system hidden, Marrero disguised the network by renaming it and intercepting reports about it, ultimately lying to her commanding officer.

The Navy launched an investigation and discovered the scheme. Marrero was convicted at a court-martial, where she pleaded guilty to dereliction of duty and providing false statements. She was demoted to the rank of chief petty officer and relieved of her position due to a loss of confidence in her leadership abilities. Navy officials emphasized the importance of senior leaders upholding high standards of responsibility and leadership.

This incident has drawn attention to the Navy’s strict internet protocols on active warships, designed to safeguard military operations and prevent cybersecurity threats. The case follows another recent controversy where the commander of the USS John McCain was relieved after being photographed using a rifle with a backward scope, sparking ridicule on social media.

 

2.  Russian GRU Officers Charged for Cyberattacks on Ukraine and NATO Countries

A grand jury in Maryland has charged five officers from the Russian military intelligence agency, GRU, and a civilian with cyberattacks targeting Ukraine and 26 NATO countries, including the U.S. The indictment, unsealed on September 5, 2024, alleges that these individuals were involved in cyber activities meant to destabilize Ukraine ahead of Russia's invasion. The attacks focused on Ukrainian government systems, including non-military entities, and sought to disrupt operations and erode public trust.

The cyberattack involved the use of a malware known as WhisperGate, which was designed to appear as ransomware but was actually a destructive tool meant to wipe data from Ukrainian government systems. WhisperGate hit critical Ukrainian networks, including the Ministries of Internal Affairs, Education, Energy, and more. The hackers defaced websites with threatening messages and attempted to sell stolen data online. These attacks were part of a broader campaign aimed at weakening Ukraine’s digital infrastructure and instilling fear among its citizens.

The defendants also probed computer systems belonging to NATO member countries, searching for vulnerabilities. They even targeted a federal agency in Maryland, using the same techniques applied in their attacks on Ukraine. The FBI, along with international partners, has been working to track and combat these cyber operations. The U.S. government, through its “Rewards for Justice” program, is offering up to $10 million for information leading to the identification or location of the indicted individuals.

This indictment is part of a global operation known as "Operation Toy Soldier," which aims to dismantle malicious cyber activities carried out by the GRU’s Unit 29155. The U.S. Justice Department emphasized its commitment to holding these cybercriminals accountable and strengthening defenses against future threats.

 

3.  Food Supply at Risk: Why Cybersecurity in Agriculture Needs Urgent Attention

The U.S. Department of Agriculture (USDA) is under increasing scrutiny for its inadequate preparedness in defending the nation’s food and agriculture sector from cyberattacks. Despite this industry accounting for over 5% of the U.S. economy, the USDA has been slow to prioritize cybersecurity, leaving the sector vulnerable to digital threats. With the rise of automation in farming and food production, cyber risks have surged, but USDA’s response remains underfunded and under-resourced. In comparison, other critical infrastructure sectors have taken more aggressive steps to safeguard their operations.

Recent ransomware attacks, like the 2021 incident involving meat processor JBS, highlight the potential for significant disruption in the food supply chain. Experts warn that cybercriminals could manipulate food safety data or sabotage machinery, causing nationwide chaos, from poisoned livestock to widespread food spoilage. While the USDA has been slow to act, there is growing concern that future attacks are inevitable unless the department takes cybersecurity more seriously.

USDA’s failure to address these growing threats stems from its limited budget and a lack of focus on cybersecurity. The department has been criticized for not leveraging its strong relationships with agricultural producers to promote cyber awareness. While some progress has been made, including risk assessments and information sharing with sector leaders, industry experts argue that much more needs to be done to protect the nation’s food supply from digital threats.

With bipartisan lawmakers introducing legislation to improve cybersecurity in agriculture and the White House lending resources to USDA’s cyber efforts, there is hope for improvement. However, many fear that without urgent action, the U.S. food system will remain a prime target for hackers.

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about

Are you ready to get started?