Hackers sponsored by China are targeting federal agencies, technology companies and critical infrastructure sector organizations with a new type of malware affecting Linux, VMWare kernel and Windows environments that may be difficult to detect and eradicate.

The Cybersecurity and Infrastructure Security Agency, the National Security Agency and the Canadian Centre for Cyber Security are strongly advising organizations take steps to scan systems for BRICKSTORM using detection signatures and rules; inventory all network edge devices; monitor edge devices for suspicious network connectivity and ensure proper network segmentation. The organizations released a malware analysis report to help organizations combat the threat.

“BRICKSTORM underscores the grave threats that are posed by the People’s Republic of China to our nation’s critical infrastructure. State sponsored actors are not just infiltrating networks, they are embedding themselves to enable long term access, disruption and potential sabotage. That’s why we’re urging every organization to treat this threat with the seriousness that it demands,” said Nick Andersen, CISA’s executive assistant director for cybersecurity, during a call with reporters today. “The advisory we issued today provides indicators of compromise (IOCs) and detection signatures to assist critical infrastructure owners and operators in determining whether they have been compromised. It also gives recommended mitigation actions to protect against what is truly pervasive PRC activity.”

CISA says BRICKSTORM features advanced functionality to conceal communications, move laterally and tunnel into victim networks and automatically reinstall or restart the malware if disrupted. Andersen said CISA became aware of the threat in mid-August and it’s part of a “persistent, long-term campaigns of nation state threat actors, in particular those that are sponsored by the People’s Republic of China, to hold at risk our nation’s critical infrastructure through cyber means.”

The malware has impacted at least eight organizations, including one where CISA provided incident response services to. Andersen wouldn’t say how many of those eight were federal agencies or which ones have been impacted.

“This is a terribly sophisticated piece of malware that’s being used, and that’s why we’re encouraging all organizations to take action to protect themselves, and if they do become victims of it or other malicious activity, to report it to CISA, so we can have a better understanding of the full picture of not just where this malware is being employed, but the more robust picture of the wider cyber threat landscape,” Andersen said.

New way to interact with industry

Since January, CISA has issued 20 joint cybersecurity advisories and threat intelligence guidance documents with U.S. allies, including the United Kingdom, Canada, Australia and New Zealand, as well as with our other international partners.

“Together, we’ve exposed nation-state sponsored intrusions, AI enabled ransomware operations and the ever evolving threats to critical infrastructure,” Andersen said.

Along with the warnings and analysis about BRICKSTORM, CISA also launched a new Industry Engagement Platform (IEP). CISA says it’s designed to let the agency and companies share information and develop innovative and security technologies.

“The IEP enables CISA to better understand emerging solutions across the technology ecosystem while giving industry a clear, transparent pathway to engage with the agency,” CISA said in a release. “The IEP allows organizations – including industry, non-profits, academia, government partners … and the research community – with a structured process to request conversations with CISA subject matter experts to describe new technologies and capabilities. These engagements give innovators the opportunity to present solutions that may strengthen our nation’s cyber and infrastructure security.”

CISA says while participation in the IEP does not provide preferential consideration for future federal contracts, it serves as a channel for the government to gain insight into new capabilities and market trends.

Current areas of interest include:

• Information technology and security controls

• Data, analytics, storage, and data management

• Communications technologies

• Any emerging technologies that advance CISA’s mission, including post-quantum cryptography and other next-generation capabilities

Andersen said while the IEP and related work is separate from the BRICKSTORM analysis, it’s all part of how CISA is trying to ensure all organizations protect themselves from the ever-changing cyber threat.

“The threat here is not theoretical, and BRICKSTORM underscores the grave threats that are posed by the People’s Republic of China to our nation’s critical infrastructure,” he said  “We know that state sponsored actors are not just infiltrating networks. They’re embedding themselves to enable the long term access disruption and potential sabotage that enables their strategic objectives, and that’s why we continue to urge every organization to treat this threat with serious demands.”

The post Agencies, IT companies impacted by latest malware from China first appeared on Federal News Network.

© The Associated Press

Congress has temporarily extended a landmark cyber information sharing law, but industry representatives and cyber experts are urging lawmakers to act quickly to enact a more long-term solution.

The continuing resolution signed into law Wednesday night extends the provisions of the Cybersecurity Information Sharing Act of 2015 through the end of January. The law had expired Oct. 1.

CISA 2015 provides privacy and liability protections to encourage companies to share data about cyber vulnerabilities and threats. Cybersecurity leaders say those protections provide a critical underpinning to facilitate collaboration across government and industry.

Despite the temporary reprieve, the path forward for a long-term CISA 2015 extension in Congress remains unclear, with divergent reauthorization bills in the House and the Senate.

The White House has called for a “clean” 10-year reauthorization of CISA 2015. But Senate Homeland Security and Governmental Affairs Committee Chairman Rand Paul (R-Ky.) has opposed efforts to move forward such a bill in the Senate.

The long-term extension of the information sharing law, meanwhile, remains a chief concern for the technology industry.

Mike Flynn, senior vice president of government affairs for the Information Technology Industry Council, called the short-term extension “a step in the right direction.”

“Without a long-term CISA 2015 fix, cybersecurity stakeholders will continue to face uncertainty and questions that will undermine the network of information-sharing organizations and programs that have been built over the last decade,” Flynn said in a statement.

Henry Young, senior director of policy at BSA The Software Alliance, said he hopes to see a “sense of urgency” in Congress to extend the law long term.

“While we’re pleased that the law is hopefully going to be extended, we remain concerned that if the CR lapses, we’ll return to a world where cybersecurity information sharing is slowed or stopped, and that really leaves everyone at risk,” Young told Federal News Network.

CISA 2015 lapses

When the law lapsed Oct. 1, some cyber policy experts worried industry would stop sharing information about cyber threats affecting their products or networks.

But Nick Andersen, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency, said information sharing between government and industry was “holding steady” through the end of October.

The cooperation “is a testament to CISA’s reputation that it’s built up and our ability to have long-term collaboration tools,” Andersen told reporters at the Palo Alto Networks public sector conference in Tysons Corner, Va., on Oct. 30.

“I hate to see what’s going to continue to happen, though, after we get past the shutdown and we start having these longer conversations with the vendor ecosystem,” Andersen added.

While companies continued to share information during the lapse, Young said the process slowed down.

“It started to slowly reintroduce the legal review into each one of these individual decisions, which isn’t going to necessarily stop all information sharing, but is going to slow it, and it also might reduce it in increments,” Young said.

“People wanted to work together and continue to share information, and they did, to some extent, but it also created more risk for them to do,” he added.

Cynthia Kaiser, former deputy director of the FBI’s cyber division and now senior vice president of Halycon’s Ransomware Research Center, said the lapse showed the need for a long-term solution to reauthorizing the law.

“It’s critical that protecting cybersecurity information sharing is considered a priority in Congress upon the government’s reopening in order to maintain a strong national security posture,” Kaiser said.

Debate in Congress

While Congress has just over two months to extend the law, the path forward for reauthorization remains murky.

In September, the House Homeland Security Committee passed the Widespread Information Management for the Welfare of Infrastructure and Government Act. The bill was led by Homeland Security Committee Chairman Andrew Garbarino (R-N.Y.).

Garbarino’s bill would extend the CISA 2015 protections for another 10 years, while updating definitions to account for advances in artificial intelligence. It would also require the Department of Homeland Security to improve its outreach on emerging cyber threats.

In a statement released after the House passed the CR, Garbarino called for reauthorizing multiple expired DHS authorities, including CISA 2015.

“With the federal government reopening, I look forward to continuing this Committee’s important work alongside our colleagues in both the House and Senate to find long-term solutions for reauthorizing these vital DHS authorities, bolster our nation’s cyber defenses, maintain President Trump’s secure borders, and ensure the safety of America’s skies and the traveling public,” Garbarino said.

It’s unclear, however, if and when Garbarino’s bill will be called for a vote on the House floor.

In the Senate, meanwhile, Homeland Security and Governmental Affairs Committee Ranking Member Gary Peters (D-Mich.) and Sen. Mike Rounds (R-S.D) have put forward a bill that would extend CISA 2015 for an additional 10 years without modifying the provisions in the law.

“This short-term extension is an important stopgap, but it is set to expire in just two months unless we pass bipartisan legislation to provide more long-term certainty,” Peters said in a statement. “That’s why I’m pushing to pass my Protecting America from Cyber Threats Act with Senator Rounds, which would renew these critical protections for a full decade so that companies know they can count on them in the event of a cyberattack.”

A HSGAC aide said Peters “remains committed to getting this across the finish line and will continue working with colleagues across the aisle to make sure these protections are fully restored.”

However, Paul has blocked efforts to pass a “clean” CISA 2015 extension. He has pledged to oppose any efforts to reauthorize the law unless it prohibits the Cybersecurity and Infrastructure Security Agency from working on future disinformation efforts.

Paul has said the agency’s work in that area infringed on free speech rights. Cyber experts counter that reauthorizing the CISA 2015 law has nothing to do with CISA the agency’s work on disinformation. The cyber agency does rely on the law to undergird its collaboration with industry on cyber threats.

Officials have also lamented how the shared names between the information-sharing law and the cyber agency has muddied the waters in the debate over reauthorizing the law.

“They happen to share that same acronym, which is a fluke,” White House National Cyber Director Sean Cairncross said at the Palo Alto Networks conference last month.

A key question is whether the White House will throw its weight more forcefully behind any congressional efforts to reauthorize the bill. In public comments, Trump administration officials have advocated for a 10-year reauthorization without further modifications to the law.

“It’s a common-sense law,” Cairncross said. “The White House is pushing for a 10-year, clean reauthorization of this authority. It’s something that we want to see done. It’s important to national security and it fosters the sort of collaboration, not only amongst the private sector, but between the public and private sector that’s vital.”

The post Congress extends CISA 2015, but path to long-term reauthorization remains murky first appeared on Federal News Network.

© Federal News Network