Cyber Week in Review: August 27, 2020

TikTok Sues U.S. Government

On Monday, TikTok filed a federal lawsuit against the Trump administration, challenging the president’s executive order banning the Chinese-owned company from operating in the United States on national security grounds. In a press release, TikTok argued that the Trump administration “failed to follow due process and act in good faith, neither providing evidence that TikTok was an actual threat, nor justification for its punitive actions.” Additionally, the suit claims that President Trump exceeded his authority and that the executive order violates TikTok’s First Amendment rights. While experts are skeptical that the U.S. District Court for the Central District of California will rule in the company’s favor, it is possible that the lawsuit could delay the mid-September deadline for TikTok to be sold by ByteDance, its Chinese parent company. On Thursday, TikTok CEO Kevin Mayer resigned from his role at the company, citing the current political environment.

New Zealand Stock Exchange Disrupted by Cyberattacks Since Tuesday

Distributed denial of service (DDoS) attacks have disrupted New Zealand’s stock exchange (NZX) since Tuesday, causing the closure of debt, derivatives, and equity markets throughout the week. Though NZX says that the attacks came from abroad, their motive remains unclear, and NZX declined to comment on whether the attackers demanded a ransom. Last November, New Zealand’s cybersecurity organization CertNZ warned that Russian hacking group Fancy Bear was threatening its financial firms with DDoS attacks unless a ransom was paid. CertNZ said at the time that no attack had been carried out, despite the firms not paying up. Due to the widespread availability of cheap DDoS-for-hire services, DDoS attacks have become much more common, with the number of incidents during the first quarter of 2020 being 542 percent higher than in the first three quarters of 2019.

India to Phase out Chinese Equipment From Telecommunications Networks

On Monday, the Financial Times reported that India will be quietly phasing out Chinese equipment from its telecommunications networks amid rising tensions between the two countries following deadly border clashes in June. “It’s open now that the government is not going to allow Chinese equipment,” said an Indian industry executive. “It’s really game over.” The Indian government seems to be opting for a de facto ban, rather than imposing an outright ban on Chinese equipment as some countries have done, to avoid provoking a harsh response from Beijing. Industry analysts expect the exclusion of Chinese companies will benefit efforts by Nokia, Ericsson, and Samsung to supply equipment to Indian networks. Anti-China sentiment has surged in India in recent months, and New Delhi banned TikTok, along with fifty-eight other Chinese-owned apps in late June.

Federal Agencies Release Advisory on North Korean Targeting of Banks

On Wednesday, the Cybersecurity and Infrastructure Security Agency, FBI, Department of the Treasury, and U.S. Cyber Command released an advisory about an ongoing campaign by North Korean threat group “BeagleBoyz” to initiate fraudulent money transfers from banks worldwide. The campaign, which has been underway since at least February, relies on spearphishing and social engineering attacks aimed at employees of financial institutions. U.S. and UN officials estimate that the group, which is believed to overlap with the Lazarus Group, has attempted to steal nearly $2 billion since at least 2015 in an effort to offset losses from international sanctions and fund North Korea’s weapons programs. As part of its malware inoculation efforts, Cyber Command uploaded malware samples from BeagleBoyz’ campaign to its account on VirusTotal, a service that allows users to scan files for known malware.