Publications

New U.S. legislation

After its silent demise last year in Congress, a revamped computer-crimes bill once again made its way onto the dockets of this year’s 110th Congress. H.R. 1525 – an amendment to part one of Title 18 (Chapter 47, section 1030 of U.S. Code) – was approved by the House Energy and Commerce subcommittee. H.R. 1525 is ongoing evolution to the original (I-SPY) Internet Spyware Protection Act of 2005. Specifically, the new bill is “to discourage spyware, and for other purposes”.

One of the other purposes of the bill is to ensure that major security breaches do not go unreported. In certain cases, reporting a computer intrusion to authorities is not just an option, it is mandatory. Because attackers are increasingly going after data stored at large data warehouses (DSW Shoes, TJ Maxx, ChoicePoint, etc.), and then using the stolen information to commit fraud and ID theft-related crimes, this is important protection for consumers.

The bill also protects the company (or person) being attacked. When there is a computer intrusion that results in the potential disclosure of confidential information, details of the attack may not have to be reported to the public. The bill proposes that companies work with law enforcement agencies to investigate the incident before releasing details to the public. This offers the company time to harden its computer security and put into place monitors and procedures for affected clients. Both are preemptive actions that could save the company additional millions in costly lawsuits.

But while the new legislation serves an important purpose, it won’t bring an end to computer crime. We’ve seen attackers regularly target low-hanging fruits. The relatively easy money that can be made from mass-spammed phish e-mails fits in with that model. Too, the anonymity that attackers think the Internet affords to them is empowering; legislation in one country doesn’t necessarily affect somebody in another country. We can thus expect computer fraud and computer invasion crimes to continue for the foreseeable future.

http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=110_cong_bills&docid=f:h1525ih.txt.pdf

New U.S. legislation

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Subscribe to our weekly e-mails

The hottest research right in your inbox