Information Technology

Cyberattackers are targeting rare earth mining companies in a new campaign designed to keep China in a dominant market position.On June 28, Mandiant published new research into Dragonbridge, a misinformation program focused on disrupting rare earth facilities. The rare earths market is driven by demand for consumer products, including smartphones and PCs, due to their role in the development of electronics, circuit boards, and batteries. The aerospace and military tech industries also rely on rare earth supplies.  China is one of the world’s largest exporters of rare earth elements. Despite the country’s current dominant position, the Dragonbridge group, known to promote the political interests of the People’s Republic of China (PRC), is working to disrupt suppliers and rare earth processors outside of the country.  Dragonbridge is a vast network comprising thousands of accounts on numerous social networks and communication channels. According to Mandiant, the network has been active since 2019, twisting and publishing narratives online that benefit China’s ruling party.  However, recently, the researchers have monitored a change in tactics, leading to an expansion into misinformation campaigns targeting mining companies.  Among the firms on the target list are Australian mining company Lynas Rare Earths Ltd. Now, Dragonbridge is turning its attention to Canada and the United States. This month, the misinformation group was linked to propaganda activities focused on tarnishing the reputations of Canada’s Appia Rare Earths and Uranium Corp., as well as USA Rare Earth. Specifically, the group appears to be promoting material in criticism of new mining and production facilities.  Appia has located a potential site for mining in Northern Saskatchewan, Canada, while USA Rare Earth intends to construct a new facility in Oklahoma later this year. The misinformation network runs thousands of fake accounts on platforms including Facebook and Twitter. The majority of content is posted by fake concerned US “citizens” in English, with a scattering of posts also written in the Chinese and Malay languages.  A potential reason for this shift in tactics is the US 2022 Defense Production Act (DPA) Title III. The act has been signed by US President Biden to encourage the domestic production of rare earths and other materials, thereby lessening reliance on exports from other countries, including China. It should also be noted that companies targeted by Dragonbridge are large enough that they could potentially threaten China’s dominant position in the future.  “While the activity we detail here does not appear to have been particularly effective and received only limited engagement by seemingly real individuals, the campaign’s microtargeting of specific audiences suggests the possibility of using similar means to manipulate public discourse surrounding other US political issues to the PRC’s advantage,” the researchers said.Mandiant has contacted the companies at the heart of Dragonbridge’s campaigns, alongside the social networks used by the group to promote its narratives. “An economic decoupling with China will only encourage more victimization of the private sector by Chinese actors,” commented John Hultquist, VP of Mandiant Intelligence. “Unfortunately, businesses will be on the front lines of a fight that may not be fair.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Software Bill of Materials (SBOM)s aren’t optional anymore. If we really want the applications we’re running in containers to be secure, we must know what’s what within them. To make that easier, Codenotary, a leading software supply chain security company, is launching its new SBOM Operator for Kubernetes in both its open-source Community Attestation Service and its flagship service, Codenotary’s Trustcenter.
Open Source
An SBOM (pronounced S-Bomb) is a record containing the details and supply chain relationships of the components used in building software. Since most programs today are made by assembling existing open-source and commercial software components, it’s essential to know the name and specific versions of all these elements. For instance, a program using Apache Log4j2 versions 2.17.0 is vulnerable to Log4Shell attacks. One using Log4j2 2.17.1 or newer is as safe as houses. Now, you could check for that and thousands of other potential vulnerabilities by hand, or you could turn to a service like Codenotary’s new offering. I know which one I’d pick. The SBOM Operator for Kubernetes mitigates the risk of software supply chain attacks by tracking all software and software dependencies running in Kubernetes. It does this by generating SBOMs of your running container images and maintaining up-to-date records of all builds, and dependencies. SBOM Operator builds its SBOMs using its own SBOM generator. When a new vulnerability shows up — and trust me, one will — this lets you know that it’s time to make a fix when dangerous or vulnerable artifacts are detected.To make this keep working properly, Codenotary continuously updates its SBOM records, This data is kept in its open-source speedy, immutable database, Immudb. This is a zero-trust tamper-proof, auditable database. The container image files are kept in a Git repository.Codenotary claims this information is instantly available for search. With it, you can locate the software artifacts in your code in seconds. The program also keeps a history of verified image content changes.”By itself, the SBOM is not very useful without continuously being updated and maintained as the information is deprecated with every new deployment or update,” said Dennis Zimmer, Codenotary’s co-founder and CTO. “Now, users know exactly what is running in containers, with the most recent information, so they have the ability to immediately remediate something if necessary.”SBOM Operator’s chief programmer, Christian Kotzbauer, said, “I am pleased to contribute to the wider adoption and use of SBOMs with the Codenotary integration in my Kubernetes operator, especially the additional security, timestamp, and search capabilities across the infrastructure were key to developing the extension. This is another step forward in Codenotary’s efforts to provide comprehensive tools for cataloging and securing the software development lifecycle. Its programs and services, both free and paid, deserve Kubernetes developers’ attention.Related Stories: More

Ransomware is the biggest cybersecurity threat facing the world today, with the potential to significantly affect whole societies and economies – and the attacks are unrelenting, the head of the National Cyber Security Centre (NCSC) has warned.  “Even with a war raging in Ukraine – the biggest global cyber threat we still face is ransomware. […] More

Getty Images Welcome to the latest installment of Ask ZDNet, where we answer the questions that make your IT guy reach for the Tums. In the mailbag this week:  A user wants to get through one workday without having to recharge their laptop battery.  As you’ve discovered, there’s really no industry standard to measure battery […] More

Getty Images/Nitat Termmee Many businesses will fail to see the benefits of their zero trust efforts over the next few years, while legislation around paying off ransomware gangs will be extended and attacks on operational technology may have real-life consequences, according to set of cybersecurity predictions. The list comes from tech analyst Gartner, which said […] More

StackCommerce The following content is brought to you by ZDNet partners. If you buy a product featured here, we may earn an affiliate commission or other compensation. ZDNet Recommends Cybersecurity is one of the tech sector’s most rewarding fields, which likely won’t change as long as big companies have data to protect. Unfortunately, it’s also […] More

StackCommerce The following content is brought to you by ZDNet partners. If you buy a product featured here, we may earn an affiliate commission or other compensation. ZDNet Recommends From your laptop to the servers at America’s biggest corporations, everybody needs cybersecurity. That’s doubly true for the government, and as you might imagine, the rules […] More

The cyber insurance market has matured fast in recent years but it may fall short when it comes to certain major attacks, the US government spending watchdog has warned.The US Government Accountability Office (GAO) has called for a federal response to insurance for “catastrophic” cyberattacks on critical infrastructure. A functioning insurance markets is essential for businesses, consumers and, as GAO highlights, for critical infrastructure operators. 
ZDNet Recommends
The GAO, which audits the trillions of dollars the US government spends each year, warns that private insurers and the US government’s official terrorism risk insurance — the Terrorism Risk Insurance Program (TRIP) — may not be able to cover catastrophic financial loss arising from cyberattacks.”Cyberattacks may not meet the program’s criteria to be certified as terrorism, even if they resulted in catastrophic losses. For example, attacks must be violent or coercive in nature to be certified,” the GAO said.Ransomware and insurance is a tricky issue due to the vagaries involved in attribution. While ransomware is mostly driven by cybercriminals, some incidents that costed victims millions of dollars have been officially attributed by Western governments to the governments of Russia, North Korea and China.  Some insurers have used these official attributions to avoid payouts to victims because those incidents can be construed in court as an act of war, which cyber insurance policies don’t cover. Insurance policies do cover acts of terrorism, but these also have clauses that limit coverage to acts of certified violence.  “The government’s insurance may only cover cyberattacks if they can be considered “terrorism” under its defined criteria,” the GAO said in a statement.The question of insurance is now a bigger concern for the US government after Russia’s ongoing invasion of Ukraine, which it fears could spur cyberattacks from Kremlin-backed hackers on US organizations in response to US sanctions on Russia and Russian businesses. So what should the US and GAO do, at a national level, when the market for cyber insurance for enterprises could fail to support businesses?”Any federal insurance response should include clear criteria for coverage, specific cybersecurity requirements, and a dedicated funding mechanism with concessions from all market participants,” the GAO said.As GAO notes, some insurance firms are ring-fencing their policies to protect themselves from incidents that cause systemic problems. Insurers don’t cover attacks that technically could fall into the category of warfare, for example. The GAO says TRIP is the “government backstop for losses from terrorism”. Combined with cyber insurance, they do provide some protection but “both limited in their ability to cover potentially catastrophic losses from systemic cyberattacks”. “Cyber insurance can offset costs from some of the most common cyber risks, such as data breaches and ransomware,” says GAO. “However, private insurers have been taking steps to limit their potential losses from systemic cyber events. For example, insurers are excluding coverage for losses from cyber warfare and infrastructure outages. TRIP covers losses from cyberattacks if they are considered terrorism, among other requirements. However, cyberattacks may not meet the program’s criteria to be certified as terrorism, even if they resulted in catastrophic losses. For example, attacks must be violent or coercive in nature to be certified.”The GAO recommends Cybersecurity and Infrastructure Security Agency (CISA), the cybersecurity authority for federal agencies, should work with the Director of the Federal Insurance Office to “produce a joint assessment for Congress on the extent to which the risks to the nation’s critical infrastructure from catastrophic cyberattacks, and the potential financial exposures resulting from these risks, warrant a federal insurance response.” More