Cyber Security News Update 06/08/2018

A contractor working for the U.S. Navy reported that it had been hacked and that 500+ Gigabytes of information had been stolen. This information would be considered “Classified” in aggregate but it was stored on an unsecured server by the contractor. The information stolen contains plans for a anti-ship missile that was expected to be in use within a few years, along with other data. Encryption schemes, plans, designs, countermeasures, communication methods, sensor data, and other cryptographic information was among the data acquired. The Chinese government denies any connection to the hack and states that it “staunchly upholds cyber security” and “opposes and combats all forms of cyber attacks.” Cyber attacks by Chinese actors focus on defense contractors associated with the U.S. Government, defense research agencies, and organizations associated with U.S. tech development. The United States is looking to close the gap created by the growing Chinese naval power that the U.S. sees as threatening its allies in the region. U.S. naval innovation fell off after the Cold War when the U.S. Navy ceased having a force that could, realistically, challenge it. Now, the U.S. has found itself racing to catch up to other countries naval developments, such as the hypersonic missiles being developed by China to neutralize U.S. naval assets.
Source: China hacked sensitive U.S. Navy undersea warfare plans: Washington Post
Source: China hacked a Navy contractor and secured a trove of highly sensitive data on submarine warfare

It has come to light that VPN Filter Malware has affected more brands and models of routers than was initially reported. The FBI requested that users reset their routers as a way of aiding in the detection of VPN Filter and possibly as a way to remove it from the affected devices. A factory or hard reset wipes the router clean and once it starts up it calls out to its manufacturer for software to install. The VPN Filter software also calls out to the router, expecting a response and if it doesn’t get one it may takes steps to re-infect the router. This process was what the FBI was watching for and they likely hoped to use it so that they could cut off the infection at the source or launch a probe into the support network for VPN Filter. The expanded list for brands affected by VPN Filter includes: Asus, D-Link, Hauwei, ZTE, Ubiquiti, and Upvel. Additional devices from Linksys, Netgear, MikroTik, and TP-Link have been added to the list of compromised models. VPN Filter converts HTTPS connections into unsecured HTTP ones instead, which allows VPN Filter’s creators to see the data being transmitted such as login information or other private data. Router manufacturers are now recommending that their products be reset and then have their firmware updated to the latest version.
Source: VPN Filter malware: More routers affected by Russia-linked malware attack (Full List)