First TikTok, Now Nvidia—U.S. Continues To Tighten National Security
WASHINGTON, DC – JULY 25: U.S. President Joe Biden participates virtually in a meeting on the … [+]
Geopolitical tension between the U.S. and China continues to ensue. With continuous efforts to secure America’s supply chain and increase national security to upend China’s dominance in the manufacturing and technology sectors, the U.S. government is doubling down on its measures to ensure America’s safety and economic prosperity.
Earlier this year, we saw TikTok’s CEO Shou Chew appear before Congress to defend the popular social media platform against concerns of national security due to its alleged ties to the Chinese Communist Party. With over 150 million American users—half of the U.S. population, lawmakers’ skepticism over TikTok’s ability to protect user data sparked a heated debate on whether TikTok’s parent company, ByteDance—a Chinese-owned company—would be forced to cooperate with China if requested to fork over data of U.S. citizens. During the congressional hearing, House Energy and Commerce Chair Cathy McMorris Rodgers (R-Wash) said, “TikTok surveils us all and the Chinese Communist Party is able to use this as a tool to manipulate America as a whole…We do not trust TikTok will ever embrace American values. Your platform should be banned.”
Just months after the viral showdown between TikTok and Congress, the fight over national security concerns has not abated. Refusing to relent on perceived threats of national security, the U.S. government continues to hammer down guardrails to secure the nation—now, with increased restrictions on AI chip exports to China.
Source…
Hospitals urged to tighten DDoS defenses after health data found on Killnet list
The Killnet hacktivist group is actively targeting the health sector with DDoS attacks, claiming to have successfully exfiltrated data from a number of hospitals within the last month, according to a Department of Health and Human Services Cybersecurity Coordination Center alert.
In fact, users found and publicly shared global health and personal information belonging to global health organizations on the alleged Killnet list on Jan. 28.
John Riggi, the American Hospital Association’s national advisor for cybersecurity and risk, warned that “As of today, we understand that some of the named entities were, in fact, targeted by DDoS attacks.”
However, the impact of the activity was found to be “minimal and temporary with no impact to care delivery services,” he added. Although DDoS attacks don’t typically cause significant damage, the traffic surges brought on by these cyberattacks can cause website outages that can last for several hours or days.
As such, provider entities should ensure they have adequate DDoS protection for their web hosting.
Killnet is notorious for launching DDoS attacks with “thousands of connection requests and packets to be sent to the target server or website per minute, slowing down or even stopping vulnerable systems,” according to a December HC3 alert that followed a successful attack on a U.S. healthcare entity.
The group operates multiple public channels for recruitment purposes and has suspected ties with Russian government organizations like the Russian Federal Security Service (FSB) or the Russian Foreign Intelligence Service (SVR). But the connections have not been confirmed.
What’s clear is that the group’s senior members have extensive experience with deploying DDoS attacks, having “previously operated their own DDoS services and botnets. Most of these operations rely on publicly available DDoS scripts and IP stressers.
But researchers are divided on the group’s impact, noting the group has failed at pivoting their attack models. In October, for example, Killnet successfully blocked the infrastructure of J.P. Morgan but was unable to disrupt the bank operations.
The Department of Justice seized 48 internet domains tied to some of…
In Ukraine’s South, Russian Occupiers Tighten the Screws
DNIPRO, Ukraine—Russia is tightening its hold over occupied areas of southern Ukraine, installing pro-Moscow leaders, hunting for dissenters and dismantling Ukrainian state institutions.
In the city of Melitopol, like many others in the area, red, blue and white Russian flags now fly atop public buildings. Russian security forces patrol the streets and soldiers man checkpoints, inspecting people’s identification documents and looking through the contents of their mobile phones, residents say.
Channel backs government plans to tighten supply chain security
At the start of the week, the government revealed that it wanted to boost the cyber resilience of UK supply chains and would consider calling on managed service providers (MSPs) to adhere to rules that ensure they are secure.
Those that operate on the security and data protection side of the channel have broadly welcomed the consultation started by the Department for Digital, Culture, Media and Sport (DCMS).
There is a feeling among many in the channel that security is already taken extremely seriously, and any hoops that the government would require MSPs to jump through could be accommodated and are likely to be already met by many suppliers.
The consultation period kicked off this week and runs until 11 July, with MSPs getting the chance to share their thoughts. The DCMS is keen to hear about best practices and examples of good supplier risk management.
The government hinted that one of the ideas it is considering is that it could become mandatory for MSPs to meet the current Cyber Assessment Framework and adhere to the 14 principles that encourage higher levels of security.
Andrew Pitt, co-founder of security specialist Saepio, said that those channel players that already understood the importance of securing their own data would not be phased by the government’s discussion.
“We are very centred around strengthening the community and ensuring we are doing everything we can to mitigate the risk,” he said.
“Cyber security definitely has our government’s ear and as a result we are able to substantiate the messaging from a business point of view and relate it back top parliamentary initiatives,” he added. “It’s good that our government is focused on supporting businesses and cyber security businesses.”
Brooks Wallace, vice-president of Europe, Middle East and Africa (EMEA) sales at Deep Instinct, also welcomed the opportunity to share thoughts about how MSPs could improve their security levels, and saw the DCMS move as a positive.
“The DCMS can help to educate [MSPs] on the value of prevention and what it can mean for an MSP in the marketplace. That’s exactly what we want to hear because we can help out,” he said.
Others in the industry accepted…