Cyber Connections News Roundup: November 5

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

November 5, 2019

Chinese APT Group Hacked State Institutions in Six Countries

A Chinese-speaking advanced persistent threat (APT) group, Calypso, has actively been targeting state institutions in six countries, hacking network perimeters and injecting a program to gain access to internal networks, according to a report from researchers at Positive Technologies Expert Security Center. According to an article on www.scmagazine.com, in one attack, the malfeasants, who are believed to have originated in Asia, used PlugX malware, a signature of APT groups from China and some of the attackers inadvertently revealed their IP addresses from Chinese providers. Institutions in India were hit the hardest, followed by Brazil and Kazakhstan, Russia and Thailand and Turkey. Read more.

Military Cybersecurity Market Expected to Grow to $16 Billion by 2023

According to a new Frost & Sullivan study titled “Global Military Cybersecurity Market, Forecast to 2023,” that market is projected to increase at a compound annual growth rate (CAGR) of 3.6% to reach $16.01 billion by 2023. This growth, according to the report, will be the result of global defense industry investment in disruptive technologies and platforms that are driving changes in military cybersecurity requirements. “Militaries across the globe are budgeting for and pursuing the development of new enabling, next-generation technologies for cybersecurity,” said Ryan Pinto, Research Analyst, Frost & Sullivan. Read more.

R Street Offers Free Resource for Measuring Cybersecurity

Cybersecurity experts often complain about the lack of a well-defined system for measuring cybersecurity in an objective, quantifiable, and comparative manner. R Street, a non-profit, nonpartisan, public policy research organization, has published a compendium (a downloadable PDF) of sources to fill this gap. R Street’s Institute National Security and Cybersecurity Program has developed a partial bibliography that compiles a baseline of existing disparate measurement efforts. The goal of the document is to provide a systematic overview of the field that is both technically literate and of use to decision-makers in the public and private sectors. Read more.

Will the EU Seize the Global Lead On Cybersecurity?

The European Union (EU) has undertaken cybersecurity activities over the past six years that make the case that it is about to usurp the U.S.’s presumed role as the global leader on cybersecurity, according to a recent article on www.forbes.com. Notably, it has already established cybersecurity requirements for Operators of Essential Services (OES – essentially critical infrastructure companies) and digital service providers (DSPs), and it has launched a certification framework for digital products, services, and processes. Read more.

The Construction Industry Must Pay Attention to Cybersecurity Risks

A recent article on www.bizjournals.com points out that while technology, energy, and healthcare industries seem to regularly make headlines relating to massive, nationwide cyber breaches, construction companies are exposed to the same risks. Temporary workspaces where employees and contractors commonly use project management software to track job status and collaborate with external vendors maybe at risk. In these workspaces, highly confidential plans, blueprints, bids, financial information, and even personally identifiable information (PII) – like full names and social security numbers – are vulnerable. Read more.