Weather
The Pine Tree, News for Calaveras County and Beyond Weather
Amador Angels Camp Arnold Bear Valley Copperopolis Murphys San Andreas Valley Springs Moke Hill/West Point Tuolumne
News
Business Directory
Weather & Roads
Sports
Real Estate
Search
Weekly & Grocery Ads
Entertainment
Life & Style
Government
Law Enforcement
Business
Wine News
Health & Fitness
Home & Garden
Food & Dining
Religion & Faith
Frogtown USA
Legal Notices
Calendar
Polls
Columns
Free Classifieds
Letters to the Editor
Obituaries
About Us

Coming Soon...
Friday, Nov 27
All Day The Trifilo Garden Center is Your Holiday & Nursery Headquarters (Open Thurs, Fri & Sat!)
Saturday, Nov 28
All Day The Trifilo Garden Center is Your Holiday & Nursery Headquarters (Open Thurs, Fri & Sat!)
Sunday, Nov 29
All Day Our Sunday Edition with Local Features, Local Specials & More Every Sunday All Day Long!
Wednesday, Dec 2
06:00 PM Overeaters Anonymous (OA)
Thursday, Dec 3
All Day The Trifilo Garden Center is Your Holiday & Nursery Headquarters (Open Thurs, Fri & Sat!)
Friday, Dec 4
08:00 AM St. Patricks Angels Camp Winter Rummage Sale
Saturday, Dec 5
All Day The Trifilo Garden Center is Your Holiday & Nursery Headquarters (Open Thurs, Fri & Sat!)
Wednesday, Dec 9
06:00 PM Overeaters Anonymous (OA)
Thursday, Dec 10
All Day The Trifilo Garden Center is Your Holiday & Nursery Headquarters (Open Thurs, Fri & Sat!)

Search Announcements




Log In
Username

Password

Remember Me



Posted by: thepinetree on 10/22/2020 07:33 PM Updated by: thepinetree on 10/22/2020 07:33 PM
Expires: 01/01/2025 12:00 AM
:

Iranian State Sponsored Advanced Persistent Threat Actor s Threat en Election Related Systems

Washington, DC...The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are warning that Iranian advanced persistent threat (APT) actors are likely intent on influencing and interfering with the U.S. elections to sow discord among voters and undermine public confidence in the U.S. electoral process.





The APT actors are creating fictitious media sites and spoofing legitimate media sites to spread leaked U.S. voter-registration data, anti-American propaganda, and misinformation about voter suppression, voter fraud, and ballot fraud.

The APT actors have historically exploited critical vulnerabilities to conduct distributed denial-of-service (DDoS) attacks, structured query language (SQL) injections attacks, spear-phishing campaigns, website defacements, and disinformation campaigns.

TECHNICAL DETAILS
These actors have conducted a significant number of intrusions against U.S.-based networks since August 2019. The actors leveraged several Common Vulnerabilities and Exposures (CVEs)—notably CVE-2020-5902 and CVE-2017-9248—pertaining to virtual private networks (VPNs) and content management systems (CMSs).
 CVE-2020-5902 affects F5 VPNs. Remote attackers could exploit this vulnerability to execute arbitrary code.1
 CVE-2017-9248 affects Telerik UI. Attackers could exploit this vulnerability in web applications using Telerik UI for ASP.NET AJAX to conduct cross-site scripting (XSS) attacks.2
Historically, these actors have conducted DDoS attacks, SQL injections attacks, spear-phishing campaigns, website defacements, and disinformation campaigns. These activities could render these systems temporarily inaccessible to the public or election officials, which could slow, but would not prevent, voting or the reporting of results.

1 https://webhelp.episerver.com/Ektron/documentation/documentation/wwwroot/current/ReleaseNotes/Release8/8.02SP5.htm

2 https://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness

 A DDoS attack could slow or render election-related public-facing websites inaccessible by flooding the internet-accessible server with requests; this would prevent users from accessing online resources, such as voting information or non-official voting results. In the past, cyber actors have falsely claimed DDoS attacks have compromised the integrity of voting systems in an effort to mislead the public that their attack would prevent a voter from casting a ballot or change votes already cast.

 A SQL injection involves a threat actor inserting malicious code into the entry field of an application, causing that code to execute if entries have not been sanitized. SQL injections are among the most dangerous and common exploits affecting websites. A SQL injection into a media company’s CMS could enable a cyber actor access to network systems to manipulate content or falsify news reports prior to publication.

 Spear-phishing messages may not be easily detectible. These emails often ask victims to fill out forms or verify information through links embedded in the email. APT actors use spear phishing to gain access to information—often credentials, such as passwords—and to identify follow-on victims. A malicious cyber actor could use compromised email access to spread disinformation to the victims’ contacts or collect information sent to or from the compromised account.

 Public-facing website defacements typically involve a cyber threat actor compromising the website or its associated CMS, allowing the actor to upload images to the site’s landing page. In situations where such public-facing websites relate to elections (e.g., the website of a county board of elections), defacements could cast doubt on the security and legitimacy of the websites’ information. If cyber actors were able to successfully change an election-related website, the underlying data and internal systems would remain uncompromised.

 Disinformation campaigns involve malign actions taken by foreign governments or actors designed to sow discord, manipulate public discourse, or discredit the electoral system. Malicious actors often use social media as well as fictitious and spoofed media sites for these campaigns. Based on their corporate policies, social media companies have worked to counter these actors’ use of their platforms to promote fictitious news stories by removing the news stories, and in many instances, closing the accounts related to the malicious activity. However, these adversaries will continue their attempts to create fictitious accounts that promote divisive storylines to sow discord, even after the election.

MITIGATIONS
The following recommended mitigations list includes self-protection strategies against the cyber techniques used by the APT actors:

 Validate input—input validation is a method of sanitizing untrusted input provided by web application users. Implementing input validation can protect against security flaws of web applications by significantly reducing the probability of successful exploitation. Types of attacks possibly prevented include SQL injection, XSS, and command injection.

 Audit your network for systems using Remote Desktop Protocol (RDP) and other internet-facing services. Disable the service if unneeded or install available patches. Users may need to work with their technology vendors to confirm that patches will not affect system processes.

 Verify all cloud-based virtual machine instances with a public IP; do not have open RDP ports, unless there is a valid business reason to do so. Place any system with an open RDP port behind a firewall and require users to use a VPN to access it through the firewall.

 Enable strong password requirements and account lockout policies to defend against brute-force attacks.

 Apply multi-factor authentication, when possible.

 Apply system and software updates regularly, particularly if you are deploying products affected by CVE-2020-5902 and CVE-2017-9248.
o For patch information CVE-2020-5902, refer to F5 VPN vulnerabilities.
o For patch information on CVE-2017-9248, refer to Progress Telerik details for CVE-2017-9248.

 Maintain a good information back-up strategy that involves routinely backing up all critical data and system configuration information on a separate device. Store the backups offline; verify their integrity and restoration process.

 Enable logging and ensure logging mechanisms capture RDP logins. Keep logs for a minimum of 90 days and review them regularly to detect intrusion attempts.

 When creating cloud-based virtual machines, adhere to the cloud provider's best practices for remote access.

 Ensure third parties that require RDP access are required to follow internal policies on remote access.

 Minimize network exposure for all control system devices. Where possible, critical devices should not have RDP enabled.

 Regulate and limit external to internal RDP connections. When external access to internal resources is required, use secure methods, such as VPNs, recognizing VPNs are only as secure as the connected devices.

 Be aware of unsolicited contact on social media from any individual you do not know.

 Be aware of attempts to pass links or files via social media from anyone you do not know.

 Be aware of unsolicited requests to share a file via online services.

 Be aware of email messages conveying suspicious alerts or other online accounts, including login notifications from foreign countries or other alerts indicating attempted unauthorized access to your accounts.

 Be suspicious of emails purporting to be from legitimate online services (e.g., the images in the email appear to be slightly pixelated and/or grainy, language in the email seems off, the email originates from an IP address not attributable to the provider/company).  Be suspicious of unsolicited email messages that contain shortened links (e.g., via tinyurl, bit.ly).

 Use security features provided by social media platforms, use strong passwords, change passwords frequently, and use a different password for each social media account.

 See CISA’s Tip on Best Practices for Securing Election Systems for more information.
General Mitigations
Keep applications and systems updated and patched
Apply all available software updates and patches; automate this process to the greatest extent possible (e.g., by using an update service provided directly from the vendor). Automating updates and patches is critical because of the speed at which threat actors create exploits after a patch is released. These “N-day” exploits can be as damaging as a zero-day exploits. Vendor updates must also be authentic; updates are typically signed and delivered over protected links to ensure the integrity of the content. Without rapid and thorough patch application, threat actors can operate inside a defender’s patch cycle.3 In addition to updating the application, use tools (e.g., the OWASP Dependency-Check Project tool4) to identify publicly known vulnerabilities in third-party libraries that the application depends on.

Scan web applications for SQL injection and other common web vulnerabilities
Implement a plan to scan public-facing web servers for common web vulnerabilities (SQL injection, cross-site scripting, etc.); use a commercial web application vulnerability scanner in combination with a source code scanner.5 As vulnerabilities are found, they should be fixed or patched. This is especially crucial for networks that host older web applications; as sites get older, more vulnerabilities are discovered and exposed.

Deploy a web application firewall
Deploy a web application firewall (WAF) to help prevent invalid input attacks and other attacks destined for the web application. WAFs are intrusion/detection/prevention devices that inspect each web request made to and from the web application to determine if the request is malicious. Some WAFs install on the host system and others are dedicated devices that sit in front of the web application. WAFs also weaken the effectiveness of automated web vulnerability scanning tools.

3 NSA "NSA'S Top Ten Cybersecurity Mitigation Strategies" https://www.nsa.gov/Portals/70/documents/what-we-do/cybersecurity/professional-resources/csi-nsas-top10-cybersecurity-mitigation-strategies.pdf

4 https://owasp.org/www-project-dependency-check/

5 NSA "Defending Against the Exploitation of SQL Vulnerabilities to Compromise a Network" https://apps.nsa.gov/iaarchive/customcf/openAttachment.cfm?FilePath=/iad/library/ia-guidance/tech-briefs/assets/public/upload/Defending-Against-the-Exploitation-of-SQL-Vulnerabilities-to-Compromise-a-Network.pdf&WpKes=aF6woL7fQp3dJiG87RQydmHPV3wzA9gWbuR5k

Deploy techniques to protect against web shells
Patch web application vulnerabilities or fix configuration weaknesses that allow web shell attacks, and follow guidance on detecting and preventing web shell malware.6 Malicious cyber actors often deploy web shells—software that can enable remote administration—on a victim’s web server. Malicious cyber actors can use web shells to execute arbitrary system commands, which are commonly sent over HTTP or HTTPS. Attackers often create web shells by adding or modifying a file in an existing web application. Web shells provide attackers with persistent access to a compromised network using communications channels disguised to blend in with legitimate traffic. Web shell malware is a long-standing, pervasive threat that continues to evade many security tools.

Use multi-factor authentication for administrator accounts
Prioritize protection for accounts with elevated privileges, with remote access, and/or used on high value assets.7 Use physical token-based authentication systems to supplement knowledge-based factors such as passwords and personal identification numbers (PINs).8 Organizations should migrate away from single-factor authentication, such as password-based systems, which are subject to poor user choices and more susceptible to credential theft, forgery, and password reuse across multiple systems.

Remediate critical web application security risks
First, identify and remediate critical web application security risks first; then, move on to other less critical vulnerabilities. Follow available guidance on securing web applications.9,10,11
How do I respond to unauthorized access to election-related systems?
Implement your security incident response and business continuity plan
It may take time for your organization’s IT professionals to isolate and remove threats to your systems and restore normal operations. In the meantime, take steps to maintain your organization’s essential functions according to your business continuity plan. Organizations should maintain and regularly test backup plans, disaster recovery plans, and business continuity procedures.

RESOURCES
https://us-cert.cisa.gov/ncas/tips/ST19-002 Best Practices for Securing Election Systems
6 NSA & ASD "CyberSecurity Information: Detect and Prevent Web Shell Malware" https://media.defense.gov/2020/Jun/09/2002313081/-1/-1/0/CSI-DETECT-AND-PREVENT-WEB-SHELL-MALWARE-20200422.PDF
7 https://us-cert.cisa.gov/cdm/event/Identifying-and-Protecting-High-Value-Assets-Closer-Look-Governance-Needs-HVAs
8 NSA "NSA'S Top Ten Cybersecurity Mitigation Strategies" https://www.nsa.gov/Portals/70/documents/what-we-do/cybersecurity/professional-resources/csi-nsas-top10-cybersecurity-mitigation-strategies.pdf
9 NSA “Building Web Applications – Security for Developers” https://apps.nsa.gov/iaarchive/library/ia-guidance/security-tips/building-web-applications-security-recommendations-for.cfm
10 https://owasp.org/www-project-top-ten/
11
https://cwe.mitre.org/top25/archive/2020/2020_cwe_top25.html
https://us-cert.cisa.gov/ncas/tips/ST16-001 Securing Voter Registration Data
https://us-cert.cisa.gov/ncas/tips/ST18-006 Website Security
https://us-cert.cisa.gov/ncas/tips/ST04-014 Avoiding Social Engineering and Phishing Attacks
https://us-cert.cisa.gov/ncas/tips/ST18-001 Securing Network Infrastructure Devices
https://us-cert.cisa.gov/ncas/alerts/aa20-245a Technical Approaches to Uncovering and Remediating Malicious Activity
https://www.cisa.gov/sites/default/files/publications/CISA_Insights_Actions_to_Counter_Email-Based_Attacks_on_Election-Related_S508C.pdf
 Spoofed Internet Domains and Email Accounts Pose Cyber and Disinformation Risks to Voters Fri, 02 Oct 2020
 Foreign Actors Likely to Use Online Journals to Spread Disinformation Regarding 2020 Elections Thu, 01 Oct 2020
 Distributed Denial of Service Attacks Could Hinder Access to Voting Information, Would Not Prevent Voting Wed, 30 Sep 2020
 False Claims of Hacked Voter Information Likely Intended to Cast Doubt on Legitimacy of U.S. Elections Mon, 28 Sep 2020
 Cyber Threats to Voting Processes Could Slow But Not Prevent Voting Thu, 24 Sep 2020
 Foreign Actors and Cybercriminals Likely to Spread Disinformation Regarding 2020 Election Results Tue, 22 Sep 2020


Comments - Make a comment
The comments are owned by the poster. We are not responsible for its content. We value free speech but remember this is a public forum and we hope that people would use common sense and decency. If you see an offensive comment please email us at news@thepinetree.net
Senator Ratcliffe - Co\mey oOtober Surprise 2.0
Posted on: 2020-10-22 19:56:39   By: Anonymous
 
Another October surprise attempt using old news, just as Comey did in October 2016. It was well known that Russia , Iran and others were using social media again to propaganda vulnerable Americans open to propaganda.
Comey did the same in 2016 with the copies of the Clinton emails.

Sad how some fall for this, sadder is the ignoring of the Russia efforts, the hallmark of dump , who is well known to get very agitated when Russia's connection to efforts against America.

dump is a traitor.

[Reply ]

    Re: Brilliant!
    Posted on: 2020-10-22 20:51:25   By: Anonymous
     
    You are definitely on the cutting edge, well, on the edge of insanity anyhow. Since the left still hasn't given up on Russian interference in the 2016 election they are more than ready to keep it up (Jeffery Toobin language). Only problem with the Russian's and the 2016 election is that the only people conspiring with the Russians was Hillary and her followers on the left---sorry, your BS is just that, BS!!!

    [Reply ]

      Re: Brilliant!
      Posted on: 2020-10-22 21:25:21   By: Anonymous
       
      Pure propaganda. Evidence that the social media has infested by foreign adversaries, invited by trump,p back whence was running for President. Trump, Putin, and any others, like your post, are efforts to create chaos and division, and doubt into our democracy. That was a propaganda and anti American , pro Russian , pro trump disinformation attemp.🖕

      [Reply ]

        Re: Brilliant!
        Posted on: 2020-10-23 07:30:05   By: Anonymous
         
        DIE DONALD DIE

        [Reply ]

          Re: Brilliant!
          Posted on: 2020-10-23 11:05:24   By: Anonymous
           
          Shut your pie-hole moron!!! The only ones dealing with propaganda are you leftest liberals and your media buddies!!!

          [Reply ]


What's Related
These might interest you as well
Photo Albums

Local News

Calendar

phpws Business Directory

Web Pages


Mark Twain Medical Center
Meadowmont Pharmacy
Bank of Stockton
Bear Valley Real Estate
Bear Valley Cross Country
Cedar Creek Realty
Cave, Mine & Zip Lines
Fox Security
Bistro Espresso
Pinnacle Physical Therapy
Chatom Winery
Middleton's Furniture
Bear Valley Mountain Resort
Paul D. Bertini
Premier Properties
High Country Spa & Stove
Calaveras Mentoriing

Ebbetts Pass Scenic Byway
Sierra Logging Museum
Jenny's Kitchen

Copyright © The Pine Tree 2005-2020