News Bytes: The DEA gets hacked, The cyber-Cold War is spreading to South Asia, Despite growing concerns over a talent gap, it’s only getting bigger
By Austin Miller
The DEA gets hacked
It’s an awkward week for American agencies as it turns out that multiple portals were compromised by hackers. Among the list of victim organizations includes the Drug Enforcement Administration (DEA) and – after using the DEA as a jumping off point – the Federal Bureau of Investigation (FBI) and the Department of Justice (DoJ). The big questions are how did this happen and what was lost?
Early reports of the case suppose that a username-password combination was leaked for the portal system esp.usdoj[.]gov, leading to the EPIC System Portal (ESP) being breached. Users can access shared intelligence, the National Seizure System, and sensitive data about investigations. The big problem for these agencies is that screenshots of their internal goings-on were shared by the administrator of Doxbin.
Now, where have we heard this type of credential logging before? LAPSUS$ – the hacking gang that was initially arrested earlier in the year and responsible for hacking Okta and other high-profile organizations. Due to Doxbin’s association with the LAPSUS$ gang, it is suspected that the same cybercriminals are responsible in some way for this data exfiltration. And these findings have unsettled Nicholos Weaver, who is a researcher for the International Computer Science Institute at the University of California, Berkeley.
As this data would be a hot commodity for any criminal gang, there are real concerns that drug cartels could get access to it. Although there is no good guy in the world of cybercriminals, there is a definitive fear that someone could be tempted to share these details when enough money comes their way.
The cyber-Cold War is spreading to South Asia
Although the Russia-Ukraine conflict is still the hottest segment of the new Cold War between the West and the East, the cyber equivalent seems to be spreading to South Asia. With Bangladesh being dragged into the virtual conflict, we are seeing uneasy tensions between the US, the EU, China, the Kingdom of Saudi Arbia, as well as Pakistan and India.
According to Cisco Talos, the Bangladeshi people are being targeted by the Bitter APT – an epsionage-focused group that is used the Bitter RAT malware. The Talos team identified Bangladesh as fitting the victim template that was expected of the Bitter APT, being an Asian country that could be harvested for intelligence. Some have even suggested that Bangladesh’s refusal to condemn Russia earlier in the year (along with much of the Global South). Having already been targeted by Lithuania in material terms, virtual threat actors are now turning to cyberattacks against the South Asian country.
If you would like to find out more about the attacks that are being used to target Asian countries, check out the links below:
Despite growing concerns over a talent gap, it’s only getting bigger
If you are an aspiring cybersecurity professional, I have some good news for you. If you are a security leader or are working in recruiting, I have some bad news. The skills gap is only getting bigger and there simply aren’t enough talented cybersecurity professionals to meet the demands of industries that need secure cyberdefenses.
In the full report from CyberSeek, 69 percent of cybersecurity professionals who bore the brunt of an attack last year reported that their teams were understaffed. The job market backs this up – there are currently 600,000 cybersecurity roles that are unfilled in the US alone right now. As more and more people search for remote work, the roles that are being left behind simply aren’t being filled.
What does this mean for employers?
Probably the same as when the skills gap was slightly smaller. Instead of taking on cybersecurity professionals due to the rising demand in wages, more companies are going to turn to security-as-a-service organizations or simply ignored their cybersecurity obligations. Hopefully, the latter won’t be true, but it’s a possibility which could spell disaster for many (or great riches for the ever-opportunistic adversary).
Having spoken with many members of the SecPro community, it seems this feeling isn’t just a game of statistics – the disconnect between universities or boot camps and the actual cybersecurity industry is growing and the skills that people need to be successful in this industry simply aren’t available. What do you expect to happen in the near future? Can you capitalise on this or do you think it will have grand repercussions for your team?