Articles

US cryptocurrency exchange sanctions over ransomware likely not the…

The sanctions against Suex, aimed to cut ransomware gangs off from their revenue, sends a signal to other exchanges that support criminal activity.

Days after the Russia-linked BlackMatter ransomware gang hit an Iowa grain cooperative with a ransomware attack, the Biden administration unveiled its latest effort to address the ongoing ransomware crisis. In a move designed to cut off ransomware gangs from their financial rewards, the Treasury Department announced that its Office of Foreign Asset Control (OFAC) placed Czech Republic-registered but Russian national-owned and -operated cryptocurrency exchange Suex on its sanctioned entity list, formally called the Specially Designated Nationals and Blocked Persons (SDN) List.

Suex facilitates “financial transactions for ransomware actors, involving illicit proceeds from at least eight ransomware variants,” according to the announcement. Treasury says that over 40% of Suex’s known transaction history is associated with illicit actors, representing $370 million in illicit trading.

OFAC included on the SDN list a total of 25 bitcoin, ethereum, and tether addresses known to be controlled by Suex. These addresses received more than $934 million in various crypto assets overall. In addition, blockchain transactions tracking company Chainanalysis said that the Suex addresses have received more than $160 million in bitcoin alone from “ransomware actors, scammers, and dark net market operators” since the exchange was founded in 2018.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Jon Tyson on Unsplash

Articles

Software cybersecurity labels face practical, cost challenges

The federal government wants consumer software to have cybersecurity labels; experts question the feasibility of the mandate.

As part of his extensive cybersecurity executive order issued in May, President Biden directed the National Institute of Standards and Technology (NIST) to develop two pilot labeling programs on the cybersecurity capabilities of internet-of-things (IoT) consumer devices and software development practices. Although these pilot programs won’t be mandatory for device or software sellers, they could likely raise market expectations. In addition, whatever labels come out of these programs would also carry with them some sense of government authority and might ultimately become part of the government contracting process.

Last week NIST held a two-day workshop on these topics. Of the two pilot programs, the consumer software labeling initiative is the trickier one given the ever-changing nature of software and the absence of any similar existing consumer software labeling initiative.

To help it grasp the more complex task of developing labels for software, NIST solicited one- to two-page labeling position papers from interested parties. In calling for these papers, NIST cited “the challenges and practical approaches to consumer software labeling,” asking` for feedback on the “technical criteria needed to support validation of consumer software security assertions that reflect a baseline level of secure practices.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Jon Tyson on Unsplash

Articles

Federal agencies face new zero-trust cybersecurity requirements

The OMB and CISA issue guidance to move all federal agencies to a shared zero-trust maturity model for FY22-24. The catch: No new funding.

As part of the Biden administration’s wide-ranging cybersecurity executive order (EO) issued in May, the Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) issued three documents on zero trust last week. Zero trust is a security concept that “eliminates implicit trust in any one element, node, or service and instead requires continuous verification of the operational picture via real-time information from multiple sources to determine access and other system responses,” according to the EO.

From a cybersecurity practitioner’s perspective, zero trust is a security approach that, among other things, relies on stringent authentication and authorization processes to give users needed access to digital assets but in constrained ways that limit damage when a breach or compromise occurs. The EO repeatedly references zero trust and directs CISA and OMB to develop initiatives to incorporate zero-trust cybersecurity security models throughout the federal government.

The documents released last week offer draft versions of these models. CISA and OMB call them “strategic and technical guidance documents meant to move the US government towards a zero-trust architecture.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Laura Heimann on Unsplash

Articles

Federal agencies face new zero-trust cybersecurity requirements

The OMB and CISA issue guidance to move all federal agencies to a shared zero-trust maturity model for FY22-24. The catch: No new funding.

As part of the Biden administration’s wide-ranging cybersecurity executive order (EO) issued in May, the Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) issued three documents on zero trust last week. Zero trust is a security concept that “eliminates implicit trust in any one element, node, or service and instead requires continuous verification of the operational picture via real-time information from multiple sources to determine access and other system responses,” according to the EO.

From a cybersecurity practitioner’s perspective, zero trust is a security approach that, among other things, relies on stringent authentication and authorization processes to give users needed access to digital assets but in constrained ways that limit damage when a breach or compromise occurs. The EO repeatedly references zero trust and directs CISA and OMB to develop initiatives to incorporate zero-trust cybersecurity security models throughout the federal government.

The documents released last week offer draft versions of these models. CISA and OMB call them “strategic and technical guidance documents meant to move the US government towards a zero-trust architecture.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Laura Heimann on Unsplash

Articles

NSA, CISA release Kubernetes hardening guidance following Colonial Pipeline,…

The guidance seeks to educate IT administrators about cloud security risks and best practices for implementing and maintaining Kubernetes.

Earlier this week, the US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA)  issued a joint document entitled Kubernetes Hardening Guidance. Kubernetes is an open-source orchestration system that relies on containers to automate the deployment, scaling and management of applications, usually in a cloud environment. According to the most recent State of Kubernetes Security report by RedHat, more than half the security professionals surveyed said they delayed deploying Kubernetes applications into production due to security.

In addition, almost all the security respondents said they had one security incident in their Kubernetes environment during the past year. Underscoring the depth of security concerns surrounding Kubernetes, 59% of respondents said they are most worried about unaddressed security and compliance needs or threats to containers.

The rapid shift to cloud environments, particularly since the advent of the pandemic, undoubtedly heightens these security concerns. It’s little surprise, then, that NSA and CISA felt the need to help organizations deal with security in a containerized environment, which is more complex than “traditional, monolithic software platforms.” Although the agencies tailored their guidance to system administrators of national security systems (systems containing classified or intelligence information) and critical infrastructure, they encourage administrators of federal and state, local, tribal, and territorial (SLTT) government networks to also implement the recommendations.

Within the Kubernetes architecture are clusters composed of control planes and one or more physical or virtual machines called worker nodes, which host pods that comprise one or more containers. The containers house software packages and all their dependencies.

The joint guidance says that while Kubernetes has always been a target for malicious actors to steal data, threat actors are increasingly drawn to Kubernetes systems to steal computation power, often for cryptocurrency mining.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Sigmund on Unsplash

Articles

Biden memo, infrastructure deal deliver cybersecurity performance goals and…

The White House initiatives and expected passage of the US infrastructure plan will set new cybersecurity standards for critical infrastructure, provide money to state and local governments.

Both the Biden administration and the Congress continued their frenetic pace this week to beef up the country’s digital infrastructure protections through two highly consequential and unprecedented initiatives. Both efforts aim to prepare the nation for the next significant cybersecurity incidents, making up for lost time due to the previous administration’s relative inattention to the topic.

First, the White House issued a National Security Memorandum (NSM) on “Improving Cybersecurity for Critical Infrastructure Control Systems.” The memo requires the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) and the Department of Commerce’s National Institute of Standards and Technology (NIST), working with other agencies, to develop cybersecurity performance goals for critical infrastructure. The hope is that companies responsible for providing essential services like power, water, and transportation would follow those voluntary goals to strengthen their cybersecurity.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Lucas Sankey on Unsplash

Articles

TSA issues second cybersecurity directive for pipeline companies

Experts applaud the agency’s new, detailed security requirements for US pipeline operators but question how they will be enforced or monitored.

The Department of Homeland Security’s (DHS) Transportation Safety Administration (TSA) yesterday announced a second security directive that requires owners and operators of TSA-designated critical pipelines to implement cybersecurity measures that help protect against malicious digital incidents. This directive is a more expansive follow-up to an initial pipeline security directive issued on May 27, roughly two weeks after the highly disruptive ransomware attack against Colonial Pipeline.

The initial directive required pipeline companies to report cybersecurity incidents to DHS’s Cybersecurity and Infrastructure Security Agency (CISA). It also required pipeline owners and operators to designate a cybersecurity coordinator available around the clock to coordinate cybersecurity practices and any cybersecurity incidents with TSA and CISA. Finally, that directive required companies to examine their cybersecurity practices and assess risks, identify gaps, develop remediation measures, and report the results to TSA and CISA.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Mike Benna on Unsplash

Articles

Biden administration, US allies condemn China’s malicious hacking, espionage…

Global coalition calls on China to curtail its cyber activities. For the first time, the US blames China directly for ransomware attacks.

Following a  push by the White House to address the ransomware crisis emanating from Russia and the imposition of sanctions on Russia for its spree of malicious cyber actions, the Biden administration has launched a multi-part strategy to shame another digital security adversary, China, into halting its digital malfeasance.

First, the administration formally accused China of breaching Microsoft’s Exchange email servers to implant what most experts consider reckless and damaging surveillance malware. Although Microsoft has long attributed that incident to a Chinese hacking group it calls HAFNIUM, the White House has now finally and officially acknowledged China’s role in that supply chain attack.

In a statement, the White House said it is attributing “with a high degree of confidence that malicious cyber actors affiliated with PRC’s MSS conducted cyber-espionage operations utilizing the zero-day vulnerabilities in Microsoft Exchange Server disclosed in early March 2021.”

Secretary of State Anthony Blinken said in a statement that “the United States government, alongside our allies and partners, has formally confirmed that cyber actors affiliated with the MSS exploited vulnerabilities in Microsoft Exchange Server in a massive cyber-espionage operation that indiscriminately compromised thousands of computers and networks, mostly belonging to private sector victims.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Nick Fewings on Unsplash

Articles

Biden Administration announces flurry of new anti-ransomware efforts

The defensive initiatives include a reward for information on nation-state actors and the formation of a new interagency ransomware task force.

Under pressure to halt ongoing and highly damaging ransomware attacks from Russian criminal groups, the Biden administration yesterday announced a flurry of defensive initiatives to deal with the crisis. These announcements come one week after President Biden issued a stark warning to Russian President Vladimir Putin to deal with the ransomware threat groups in his country or else the US will take action to dismantle the threat.

First, the State Department announced that its Rewards for Justice program, which the Diplomatic Security Service administers, will give a $10 million reward to anyone offering information that leads to identifying state-sponsored threat actors. Specifically, rewards will be given to those who supply information that leads to the “identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against US critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA).”

The Rewards for Justice (RFJ) program has set up a Tor-based dark web reporting site to protect the safety and security of potential sources. Additionally, the RFJ program works with interagency partners to enable the rapid processing of information and the possible relocation of and payment to sources.

Second, the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) announced it would convene a FinCEN Exchange in August 2021 focused on ransomware concerns. The Exchange will be composed of financial institutions, other key industry stakeholders, and federal government agencies. The goal of the meeting is to inform FinCEN’s next steps in addressing ransomware payments.

This article appeared in CSO Online. To read the rest of the article please visit here.

 

Articles

Biden administration releases 100-day plan to address electric system…

The plan focuses largely on supply chain risks to the electric grid, requests input on the DOE’s role in coordinating cybersecurity efforts.

On April 20, the Biden administration, through the United States Department of Energy (DOE), issued what it is calling its 100-day plan to address cybersecurity risks to the US electric system. The plan is a coordinated effort among DOE, the electricity industry, and the Cybersecurity and Infrastructure Security Agency (CISA). It “represents swift, aggressive actions to confront cyber threats from adversaries who seek to compromise critical systems that are essential to US national and economic security,” according to the announcement.

The idea is that DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER), working with utilities, will “continue to advance technologies and systems that will provide cyber visibility, detection, and response capabilities for industrial control systems of electric utilities.” To achieve this goal, the efforts undertaken in this “sprint” focus on encouraging power grid players to:

  1. Implement measures or technology that enhance their detection, mitigation and forensic capabilities.
  2. Deploy technologies that enable near real-time situational awareness and response capabilities in the critical industrial control system (ICS) and operational technology (OT) networks.
  3. Enhance the security posture of their IT networks.
  4. Deploy technologies to increase the visibility of threats in ICS and OT systems.

This article appeared in CSO Online. To read the rest of the article please visit here.