Can Cisco, FBI stop Russia from deploying VPNFilter to interfere with U.S. elections?

By Byron V. Acohido

KINGSTON, WA – NewsWrap 23May2018.  Cisco’s Talos cyber intelligence unit today said that it has high confidence that the Russian government is behind the campaign, dubbed VPNFilter, to launch destructive attacks on Ukraine.

Related article: How Russian bots supported Nunes memo

Talos researchers disclosed that VPNFilter has :

•Infected 500,000 routers and networking devices 54 countries.

•Is capable of stealing website credentials and monitoring industrial controls

•Can render any router or other devices it infects inoperable

•Can be used for espionage or to disrupt internet communications

Cisco appears to be working very closely with U.S law enforcement on this. The FBI also announced Wednesday that they’ve seized one of the primary domains the Russians have been using to distribute VPNFilter malware.

Safe to assume Russia has backup domains – and isn’t about to just abandon VPNFilter. So the key, going forward, is for Cisco and the FBI to stay a step ahead. It is vital to stop Russia from using VPNFilter to influence the U.S. midterm federal elections in November.


An assessment from Ashley Stephenson, CEO, Corero Network Security: “We often know about potential threats earlier in their lifecycle, before the actual attacks are launched. Ironically the cybersecurity community is frequently powerless to intervene before these weaponized IoTs are activated so we must continue to prepare our cyber defenses and response strategies for future attacks.”

Brits sue Google

It is now clear that Facebook’s complicity in the Cambridge Analytics scandal wasn’t a case of one-off bad behavior by a U.S. tech giant. Computer Weekly reports that a group called Google You Owe Us is suing Google for £3.2 billion ($4.2 million) for tracking millions of UK iPhone users’ browsing data.

The lawsuit accuses Google of bypassing privacy settings of Apple’s Safari browser to track UK iPhone browsing activity. The legal action on behalf of 4.4 million UK iPhone users is led by former consumer group director Richard Lloyd, and is believed to be the first mass legal action of its kind in the UK.


“In all my years speaking up for consumers, I have rarely seen such a massive abuse of trust where so many people have no way to seek redress on their own,” Lloyd says. “We will send a strong message to Google and other tech giants in Silicon Valley that we are not afraid to fight back if our laws are broken.”

Chili’s circumspection

If you ate at Chili’s over the past few months, hackers could have your credit card information. USA TODAY reports that the chain’s parent company, Brinker International, disclosed customers’ credit and data card information may have been breached at some Chili’s restaurants.

The list of impacted restaurants has not been released, but officials said the incident happened between March and April. Third-party forensic experts have been retained. So details may be forthcoming – the sooner the better, as far as the victims are concerned.

“A breach is always bad news, but perhaps the silver lining here is the how quickly the breach was discovered and customers were notified,” observes John Gunn, chief marketing officer at VASCO Data Security. “This gives hackers less time to exploit the stolen debit and credit cards and makes the breach less valuable to criminal.”

FBI’s fresh cyber threat stats

The FBI has released some fresh stats that most likely understate our exposure to cyberthreats. The FBI’s Internet Crime Complaint Center (IC3) documented over 300,000 consumers report cyber-fraud and malware attacks in 2017, with losses exceeding an estimated $1.4 billion.

Top threats included phishing, ransomware and whaling — spear phishing high net worth individuals and/or the companies they work for. New attack vectors included tech support fraud, non-payment scams and even straightforward extortion.

Whaling attacks spiked: with 15,690 individuals victimized for over $875 million. A whaling scenario typically sees criminals purporting to be senior company executives and requesting wire transfers by demanding a change in account information to siphon money into their own accounts. Other forms include requests for personally identifiable information or W-2 form data for employees. The real estate sector, in particular, was heavily targeted in 2017 according to the FBI.

Gregory Webb, CEO, Bromium, says this is part and parcel of a “new cybercrime economy.”


Observes Webb : “The walls between the criminal and legitimate worlds are blurring, and we are no longer simply dealing with ‘hackers in hoodies.’ We have to understand and tackle the underlying economic ecosystem that enables, funds and supports criminal activity on a global scale to stem the tide and better protect ourselves. By better understanding the systems that support cybercrime, the security community can better understand how to disrupt and stop them. New approaches to cybersecurity will be required.”


Cool vendor

My chat with Demisto co-founder Rishi Bhargava on the bustling exhibitors’ floor at RSA Conference 2018 was energizing. This is yet another start-up, backed by smart VC investors, contributing innovative solutions to stop bad guys. For a drill down, give a listen to the podcast of our discussion.

It doesn’t surprise me that Gartner just included Demisto on its list of  cool vendors in its “Cool Vendors in Security Operations and Vulnerability Management.” 

Bhargava is all smiles: “We see this as significant validation . . . we’re experiencing rapid growth across various verticals, organizational sizes and geographies as companies.”

(Editor’s note: LW’s NEWS WRAP is an aggregation of published articles, postings and releases supplemented by additional reporting. It usually appears on the 2nd and 4th Wednesdays of each month.)


Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone