Welcome to Codebook! Please reply to this email with tips or Mother's Day gift ideas.
Illustration: Rebecca Zisser/Axios
Federal agencies have no security requirements for federal employees' personal social media accounts. That leaves the door open to mischief and mayhem should one of those accounts gets hacked.
Why it matters: Officials and federal employees often blur the lines between personal and official-business accounts — as when the president announces policy from his personal Twitter account. If hackers took over the account of, say, a regulatory official, they could manipulate the stock market by tweeting regulatory changes. If they took over the account of the president, anything might go.
"Social media, especially the lack of a policy, has become a real national security threat," said James Forster, founder and CEO of ZeroFOX, a company specializing in social media security.
How to fix it: Forster advocates extending the social media policies governing official accounts to any personal account mentioning an individual's federal role. Those policies are not particularly complex. Typically, they involve two factor authentication, good password hygiene and securing email addresses tied to the account.
Why there's no policy: Tony Scott, formerly President Obama's federal CIO and currently senior data privacy and cybersecurity adviser at Squire Patton Boggs, told Axios the administration had weighed the problem but decided against acting.
Latin America has developed a unique, quirky hacker culture, according to Flashpoint analyst Liv Rowley, who presented on the topic at the recent RSA conference.
Why it matters: “Are we going to see the next WannaCry come out of Chile? Probably not,” Rowley told Axios. But the region is a laboratory for what the rest of the world's hacker culture could have been like with only a few tweaks to its starting conditions.
How did the industry ignore a continent? Many of the biggest cybersecurity firms and most lucrative potential clients hail from the U.S., Eastern Europe, Russia and China. Meanwhile, Latin American criminals largely target Latin American victims.
Government officials are considering sanctions barring Kaspersky Lab from doing business in the U.S., CyberScoop reports.
Kaspersky's products have already been barred from federal systems as an alleged security risk, with reports the company's computer security software had been hijacked by Russian intelligence operatives to steal U.S. secrets. The company denies knowing involvement in any such scheme.
Why it matters: Barring Kaspersky Lab software from Federal computers is one thing, Barring the firm from doing business in the United States is significantly more onerous. Kaspersky's business in the United States declined after the reputational hit from the federal ban, but it still exists. The firm still employs American researchers in the U.S. and has an American headquarters in Massachusetts.
Go deeper with our full coverage.
Almost 10% of first year students at the Naval Academy are majoring in cyber operations, according to the AP. The 110 new students in the major is a hefty rise from last year’s 22.
Why it matters: Inside and outside the military, there is a constant shortage of information security skills and talent. The military can’t compete with the private sector on salary and relies on the kind of mission-motivated people who attend the Naval Academy.
Ransomware took down the Ukrainian energy and coal ministry Tuesday morning, Reuters reports. But it looks like an isolated incident.
Why it matters: This looks like mundane, run of the mill ransomware. Nonetheless, every time a major Ukrainian body gets hit by any form of cyber attack, the rest of the world recalls the massive attacks Russia is believed to have spearheaded in the past — resulting in two power outages since 2015 and devastating losses last year from NotPetya.
Photo: Anton Vergun/TASS via Getty Images
Symantec is tracking what it believes to be a longstanding corporate espionage hacking effort against medical manufacturers.
The details: The choice of targets — all manufacturers of medical supplies or companies that served them — and the inconsistent quality of the hackers' work suggest that the campaign is not the work of an intelligence agency, according to Symantec. The cybersecurity firm detailed the campaign it has dubbed "Orangeworm" in a report released Monday.
"It's not often we come across this kind of campaign being used for corporate espionage," Vikram Thakur, Symantec technical director, told Axios. Typically, targeted attacks striking a low enough volume of victims are the work of government actors.
Think pharmaceuticals, not insurance: Thakur cautions that most people's first assumption about hackers targeting health care firms is wrong — they do not appear to be targeting accounts and personal information. Instead, they appear to be looking for manufacturing techniques and intellectual property.
The impact: In 2018, the group has already attacked at least a couple of dozen targets. Symantec tracked nearly 100 attacks since 2015.
Go deeper with our full coverage.
Codebook will return on Thursday.