National Security Institute's Weekly Security News Watch 11/3/2022


NSI's Weekly Security NewsWatch
For security leaders who want to extend their knowledge base: 10 expertly curated news items, summarized and designed to widen your perspective.
In This Issue 
  • Russia Linked to Nearly 75% of Late 2021 Ransomware Attacks
  • UN Security Council Boosts Commitment to Fight Digital Terror
  • North Korean Gang Hacking Android Phones to Gather Intel
  • NIST Digital ID Update to Include Standards for Biometric Proofing
  • New Guide for Agencies on Responding to DDoS Attacks Is Released
  • Developing Deal on Export Controls Would Target China’s Chip Access
  • Chinese Disinfo Campaign Targeting Midterm Elections
  • CISA Unveils Voluntary Cybersecurity Performance Goals
  • Report: State, Local Govs Using Chinese Telecom Products Despite Ban
  • Survey: Government Cyber Experts Feel They Lack Resources for Breach Response
FORWARD to security colleagues who want to extend their knowledge base and widen their perspective of the security professionFORWARD to security colleagues who want to extend their knowledge base and widen their perspective of the security profession

Checkout the market leading enterprise level security information management product designed by FSOs for FSOs:  Learn More

Russia Linked to Nearly 75% of Late 2021 Ransomware Attacks, Per Analysis (Nextgov, 11/1/22)

A new analysis from the Department of Justice’s Financial Crimes Enforcement Network reveals that Russian actors comprised roughly three-quarters of recorded ransomware incidents during the latter portion of 2021, contributing to the sharp uptick in ransomware attacks experienced over the course of 2021 versus 2020. Building off of data collected from the Bank Secrecy Act and an earlier agency report, FinCEN officials attributed 594 of the ransomware-related activities recorded between July and December 2021 to Russia-linked actors, out of a cumulative 793 reported to the agency during that time frame. The total cost of incidents over that time period was $488 million. 

Earlier in October, FinCEN issued a larger report showcasing the amount of money lost to ransomware attacks increased from the $527 million lost in 2020 to about $886 million dollars over the course of 2021, representing a 68% increase in the cost of malicious cyberattacks. Specifically, officials recorded 1,251 ransomware attacks in 2021, as opposed to just 602 incidents in 2020. More 

UN Security Council Boosts Commitment to Fight Digital Terror (HS Today, 10/31/22)

A two-day meeting of the UN Security Council Counter-Terrorism Committee in India has ended with the adoption of a document committing member states to prevent and combat digital forms of terror, notably using drones, social media, and online terrorist financing.  The non-binding document, known as the Delhi Declaration on countering the use of new and emerging technologies for terrorist purposes, was adopted following a series of panels.

The declaration aims to cover the main concerns surrounding the abuse of drones, social media platforms, and crowdfunding, and create guidelines that will help to tackle the growing issue.  “The Delhi declaration lays out the foundation for the way ahead,” said David Scharia from the Counter-Terrorism Executive Committee.  “It speaks about the importance of human rights, public-private partnership, civil society engagement, and how we are going to work together on this challenge.” More

North Korean Gang Hacking Android Phones to Gather Intel (Tech Monitor, 10/28/22)

North Korean cybercrime gang Kimsuky is hacking Android phones to steal data as part of a government intelligence-gathering mission which is focused on South Korea, Japan and the U.S., new research has revealed.  Cyberattacks on smartphones are on the rise globally and could have dangerous implications for companies which allow staff to use their own devices for work purposes.
South Korean cybersecurity company S2W has released research into the gang, which it believes is sponsored by the government in Pyongyang.  According to the report, the hackers are targeting individuals and companies across the public and private sectors in South Korea, Japan and the U.S., in a bid to gather as much intelligence as possible for North Korea. More

NIST Digital ID Update to Include Standards for Biometric Proofing (FCW, 10/28/22)

NIST is due to release its first update to its digital identity guidelines in five years, officials said last week.  The updates have been in the works since 2020 and respond to changes in the cybersecurity threat landscape, new technologies and concerns about equity, according to an presentation from NIST officials.  They also incorporate lessons learned from the pivot to digital services at the onset of the COVID-19 pandemic.

The forthcoming draft will include biometric performance requirements designed to make sure there aren't major discrepancies in the tech’s effectiveness across different demographic groups.  Prior NIST research found that most facial recognition software products are less effective at identifying people of color than white people when it comes to one-to-one matching.  The update will also increase identity proofing options that don’t require facial recognition. More

Upgrade Your NISPOM Required Employee Security Awareness Communications Program

Stop wasting precious resources pulling content from multiple sources and then patch working it together. One smart outsourcing decision delivers:

  • Professionally written quarterly newsletter - zero effort required by your team
  • Content that motivates people to protect classified information and CUI
  • A place to insert your logo and make it your own
  • Fulfill and exceed NISPOM requirements - great inspection results

 More About Employee Security Connection

New Guide for Agencies on Responding to DDoS Attacks Is Released (HS Today, 10/28/22)

CISA, the FBI, and the Multi-State Information Sharing and Analysis Center have released Understanding and Responding to Distributed Denial-of-Service Attacks to provide organizations proactive steps to reduce the likelihood and impact of distributed denial-of-service (DDoS) attacks.  The guidance is for both network defenders and leaders to help them understand and respond to DDoS attacks, which can cost an organization time, money, and reputational damage.

Concurrently, CISA has released Capacity Enhancement Guide: Additional DDoS Guidance for Federal Agencies, which provides federal civilian executive branch agencies additional DDoS guidance, including recommended FCEB contract vehicles and services that provide DDoS protection and mitigations.  CISA encourages all network defenders and leaders to review the guides. More

Developing Deal on Export Controls Would Target China’s Chip Access (Nextgov, 10/27/22)

The Biden administration expects to have “a deal done in the near-term” with U.S. allies to limit China’s access to advanced semiconductors and related equipment, according to Alan Estevez, undersecretary of commerce for industry and security.  He said additional export controls on other advanced technologies remain on the table.  Officials are working to ensure that Chinese-focused export controls announced earlier this month by the department’s Bureau of Industry and Security are similarly implemented by other countries, Estevez said, adding that efforts to make the rules multilateral remain “a work in progress.”

BIS unveiled the new export controls on Oct. 7, saying the “series of targeted updates” were designed to “restrict the PRC’s ability to obtain advanced computing chips, develop and maintain supercomputers and manufacture advanced semiconductors.”  The export controls announced by the Commerce Department also limit China’s access to advanced semiconductors produced in other countries that utilize U.S.-made equipment.  More

Raise the Cybersecurity Maturity Level of Every Single Person in Your Organization 

Cyber breaches are really human breaches. It's insiders who to open the door to bad actors, mainly out of ignorance. SecuritySense is an easy and effective program to address the human side of cybersecurity.  Learn More

Chinese Disinfo Campaign Targeting Midterm Elections (Gov Info Security, 10/27/22)

A Chinese threat actor is targeting the U.S. midterm elections by using fake social media accounts to dissuade Americans from voting.  Researchers from Mandiant say an influence campaign promoting the political interests of Beijing that's been active since at least 2019 has lately taken to posting social media content casting doubt on voting's efficacy and invoking the prospect of civil war.

Mandiant dubs the campaign Dragonbridge.  Partisan dominance over the U.S. Congress for the next two years hinges on the outcome of nationwide voting that concludes on Nov. 8.  Foreign interference from authoritarian governments via social media and other means has been a danger facing elections across the United States and other democratic countries since 2016.  Some critics of social media companies contend online platforms are poorly incentivized to stop disinformation due to Section 230 of the Communications Decency Act of 1996, a law shielding online platforms from lability for user-generated content. More

CISA Unveils Voluntary Cybersecurity Performance Goals (Fed News Network, 10/27/22)

CISA has issued cybersecurity performance goals to help critical infrastructure operators and other companies prioritize the adoption of key security measures.  The performance goals are based on NIST’s Cybersecurity Framework. CISA describes the goals document as a “quick-start guide” to help organizations start adopting the NIST framework and a more comprehensive cybersecurity program.

The goals apply to both information technology and operational technology.  “The goals were developed to really represent a minimum baseline of cybersecurity measures that, if implemented, will reduce not only risk to critical infrastructure, but also to national security, economic security and public health and safety,” CISA Director Jen Easterly said.  She said the measures were developed with feedback from “hundreds of organizations across the government and the private sector, as well as our international partners.” More

Report: State, Local Govs Using Chinese Telecom Products Despite Ban (State Scoop, 10/26/22)

Nearly 1,700 state and local government agencies and education institutions have since 2015 purchased telecommunications products manufactured by Chinese firms banned from doing business with the federal government, according to research published Wednesday by a Georgetown University think tank.  According to the report, 1,681 state and local governments nationwide spent about $45 million on equipment made by five firms — Huawei, ZTE, Hikvision, Dahua and Hytera — even as the U.S. has since 2018 banned federal agencies from doing so, citing those companies’ potential as conduits for espionage.
But the FCC’s “Covered List” — which was expanded earlier this year to include the Russian cybersecurity firm Kaspersky — does not apply to state and local entities.  Researchers found that state, local and educational organizations have continued to buy the otherwise-barred equipment, including smartphones and networking devices, because it’s often cheaper than competing, non-Chinese products. More

Survey: Government Cyber Experts Feel They Lack Resources for Breach Response (Fed Scoop, 10/26/22)

Just 42% of government cybersecurity professionals feel they have the necessary tools and staff to respond to cyber incidents in the next two to three years, according to a survey by nonprofit (ISC)².  U.S. government and military were among five industry categories from which survey respondents were least likely to express confidence about their organization’s ability to respond to potential cyber incidents.

The findings were outlined in a study commissioned earlier this year that surveyed over 11,000 cybersecurity professionals. (ISC)² is a major nonprofit association for certified cybersecurity professionals.  Of those surveyed, 61% said their primary concern in the next two years is the potential risks of emerging technologies like blockchain, AI, VR, quantum computing, and keeping up with changing government regulatory requirements.  More


Someone forward this to you? Go ahead and sign up for yourself here

Advertising - Over 14k security professionals subscribe. For more information contact us at 

Stay out of the junk folder:



National Security Institute
3 Sanger Circle, Dover, MA 02030

Contact: 508-533-9099 or 
Learn More: