The US has issued an emergency cyber security directive in response to an ongoing attack attributed to Iran-linked hackers striking during the government shutdown.

Prompted by disagreements over President Donald Trump's $5.6bn (£4bn) budget request for a border wall with Mexico, the shutdown has now stretched into its 34th day and become the longest in US history.

As no budget has been passed, many federal employees have been furloughed from their jobs, left unpaid and effectively ordered to not come into work, including those who maintain the security of IT systems.

This in turn has left civilian agencies exposed to a global cyber attack hijacking the internet's Domain Name System (DNS), which cyber security firms believe originated from Iran.

DNS is a directory service system underpinning the internet, and DNS hijacking is when the attacker redirects something to route to the wrong place - often a place they can monitor and manipulate.

Federal agencies are being required to audit these public systems to identify whether any malicious actors have modified them to direct people to attacker-controlled addresses.

Chris Krebs, director of the US cyber and infrastructure security agency (CISA), has now issued "an emergency directive to US civilian agencies requiring immediate actions to protect federal information systems from ongoing DNS hijacking and tampering activities".

Iranian regime's "halal" internet stifes protest

Domestic cyber capabilities in Iran have grown very quickly as a method of asserting the clerical regime's control

Mr Krebs said that the government was "aware of a number of agencies affected by the tampering activities" and said that CISA has notified them.

Federal agencies have until Friday to submit a status report to the Department for Homeland Security about their work to protect their systems from the flaw, and are required to submit a completion report by 5 February.

The relationship between Iran and the US has become more fraught since the election of Mr Trump, who has reimposed economic sanctions against the country.

Other western nations including the UK have attempted to navigate a more conciliatory course regarding sanctions, but have also clashed with the regime - particularly in regards to the status of jailed nationals.

Britain's Foreign Secretary Jeremy Hunt has called on Tehran to release what he says are innocent people whom the regime has imprisoned, including charity worker Nazanin Zaghari-Ratcliffe.

Iran has developed a significant offensive cyber capability in recent years which it has regularly exercised against neighbouring states and the West.

One of the most significant cyber attacks ever recorded, the Shamoon attack against Saudia Arabia's state-owned oil company Saudi Aramco, is believed to have been sponsored by the Iranian state.

Elsewhere, attacks from the country have appeared less geopolitically motivated.

A hacking group linked to Iran was identified as targeting dozens of universities in 14 countries, including the UK, in an attempt to steal student credentials, presumably as a method of circumventing academic literature sanctions.

Innovation centre Plexal has announced two new global partnerships as it aims to help its cyber security companies to scale internationally.

The East London co-working space has partnered with the Global Cyber Alliance, City of New York and the New York Economic Development Corporation.

The partnerships, which are designed to expand Plexal’s role as a major global cyber security cluster, build on the launch of the London Office for Rapid Cybersecurity Advancement last year.

LORCA is hosted and delivered by Plexal with £13.5m of funding from the Department for Digital, Culture, Media & Sport. Its director Lydia Ragoonanan told BusinessCloud last year that we risk throwing away the precious legacy left to us by internet pioneer Tim Berners-Lee.

As a global, collaborative non-profit dedicated to reducing cyber risk, Global Cyber Alliance has an extensive network of dedicated partners around the world.

It offers cyber security expertise from government and the private sector to share with Plexal members and members of the LORCA cohort to help them shape their products into viable solutions that solve real-world cyber challenges. 

“Sharing knowledge and being open to cooperation between global cyber innovators and industry is more important than ever,” said Andrew Roughan, managing director of Plexal.

“These important partnerships with the New York Development Corporation and the Global Cyber Alliance will mean the emerging cyber stars we support can have even greater direct access to new markets and the networks they need to succeed.

By 2021, Plexal predicts that LORCA will have stimulated the growth of at least 72 high-potential companies, grown up to 2,000 jobs, and secured £40m in investment.

It recently announced the 11 scaling cyber companies that will form its second cohort.

“Cyber security is one of our world’s greatest threats, and we need to be ambitious about protecting ourselves,” said James Patchett, president and CEO at the New York City Economic Development Corporation.

“That’s why we’re making New York City a hotbed for cyber innovation, to protect every New Yorker and every business – all while creating good-paying jobs.

"We’re proud to help launch this important challenge, which will benefit New York City and create game-changing technology for the world to share.”

Image copyrightGOOGLE

Fee-paying schools were targeted in a cyber attack which accessed parents' email addresses, it has emerged.

Fraudulent emails sent from school accounts offered a 25% discount on fees for paying quickly via the Bitcoin cryptocurrency.

Newcastle's Royal Grammar School warned parents of the "sophisticated attack". It has been approached for comment.

The Information Commissioner's Office (ICO) said other schools had been targeted and it was investigating.

In an email to parents, the grammar school's headmaster, John Fern, said it had reported the attack to police.

Because of the "potential breach of data" in the use of parent's email contacts, it is also liaising with the ICO.

This is required under the General Data Protection Regulation.

The emails, which included spelling, grammatical and punctuation errors, were sent on 29 December from the address of the school's bursar, who is responsible for fees.

The school told parents it was working with the company that provides its email systems, iSAMS, to "establish exactly what happened". ISAMS said it would be issuing a statement.

Mr Fern told parents the school would "never ask for money or bank details in this way" and apologised. No financial details were accessed, he added.

The ICO did not provide details of how many schools were affected but said: " aware of other phishing type attacks that have been targeted towards schools.

"Royal Grammar School has made us aware of an incident and we will assess the information provided."

Enterprise Times recently went to Omaha, Nebraska. While there, we talked with Scott Dally, Director of the Security Operations Centre for the Americas Region at NTT Security. Dally is responsible for the security offerings that NTT Security provides for its customers. This includes vulnerability management, threat detection services and enterprise security monitoring.

Dally’s team provide support to customers using Active Guard, NTT Security’s own SIEMsolution. One of the main roles of the security analysts in Dally’s team is to manage security alerts from customers. Many of these alerts come from rules generated by the SIEM used by the customer. To further enhance this, Dally has a team that do nothing but create new rules based on vulnerability alerts that come the National Vulnerability Database. Once deployed, the rules increase the level of security at customer sites.

Inevitably, companies will experience a security breach at some point. This is also where the SOC team comes into play. They work with customers to develop their Incident Response plans. They also help customers understand the challenge of forensics. This is a growing area in cybersecurity. When an incident occurs, many organisations are so focused on how to solve the problem that they inadvertently destroy evidence. Dally has security experts who can deploy to a client site to help deal with a breach while still retaining the evidence required to prosecute the bad guys.

In the podcast Dally also talks about a number of other issues that he sees enterprise customers facing. Many of these are problems that experienced SOC teams can solve for the business.

To hear what else Dally had to say listen to the podcast

Where can I get it?

obtain it, for Android devices from play.google.com/music/podcasts

use the Enterprise Times page on Stitcher

use the Enterprise Times page on Podchaser

listen to the Enterprise Times channel on Soundcloud

listen to the podcast (below) or download the podcast to your local device and then listen there

Audio Player

00:00

00:00

Use Up/Down Arrow keys to increase or decrease volume.