| | | | By Martin Matishak | With help from Eric Geller PROGRAMMING NOTE: Weekly Cybersecurity will not publish Monday, Dec. 28. We'll be back on our normal schedule on Monday, Jan. 4. Editor's Note: Weekly Cybersecurity is a weekly version of POLITICO Pro's daily Cybersecurity policy newsletter, Morning Cybersecurity. POLITICO Pro is a policy intelligence platform that combines the news you need with tools you can use to take action on the day's biggest stories. Act on the news with POLITICO Pro . | | — MC exclusive: Nearly three-dozen digital leaders and experts urged the speedy confirmation of DHS Secretary nominee Alejandro Mayorkas, saying he's the right person to tackle crises like the SolarWinds attack. — A war of words broke out within the Trump administration over the SolarWinds breach as more details about the still unfolding penetration began to surface. — A major cable company and another U.S. city are the espionage campaign's latest victims, with many more expected in the weeks and months ahead. HAPPY MONDAY and welcome to Morning Cybersecurity! Send your thoughts, feedback and especially tips to mmatishak@politico.com, and be sure to follow @POLITICOPro and @MorningCybersec. Full team info below. | | EVERYONE IS TALKING ABOUT TRANSITION PLAYBOOK, SUBSCRIBE TODAY: A new year is quickly approaching. Inauguration Day is right around the corner. President-elect Joe Biden's staffing decisions are sending clear-cut signals about his priorities. What do these signals foretell? Transition Playbook is the definitive guide to the new administration and one of the most consequential transfers of power in American history. Written for political insiders, this scoop-filled newsletter breaks big news daily and analyzes the appointments, people and emerging power centers of the new administration. Track the transition and the first 100 days of the incoming Biden administration. Subscribe today. | | | FIRST IN MC: CYBER PROS URGE SWIFT MAYORKAS CONFIRMATION — The SolarWinds digital espionage campaign highlights the urgent need for President-elect Joe Biden to have a DHS secretary in place when he takes office, and Alejandro Mayorkas is the perfect man to help Biden manage that incident and other digital crises, 33 cyber experts and former federal officials said in a new letter to the leaders of the Senate Homeland Security Committee. "Mr. Mayorkas' nomination comes at a time when the cyber and digital threats we face to our critical infrastructure … are more complex than at any point in American history," the former officials and experts wrote in the letter, which was provided first to MC. "We echo a diverse litany of others in national security, law enforcement, and public safety to urge the U.S. Senate to swiftly schedule the confirmation hearing and approve his appointment without delay." The coalition pushing the Senate to quickly confirm Mayorkas includes veterans of the three most recent administrations, including Barack Obama's cyber coordinator Michael Daniel and George W. Bush's cyber czar Richard Clarke; a host of former DHS and CISA leaders, including Trump officials Matthew Travis, Jeanette Manfra, Bryan Ware; leading security professionals, such as Black Hat founder Jeff Moss and Luta Security CEO Katie Moussouris; and two former NSA directors, Keith Alexander and Chris Inglis (the latter of whom has been floated as a possible CISA chief for Biden). The experts and former officials urged the Senate committee to follow precedent and move on Mayorkas' nomination in time for him to take office alongside Biden. "As we know," they wrote, "nefarious actors, particularly those in the cyber domain who wish to do Americans harm, do not concern themselves with political timelines or party affiliations." Mayorkas' cyber work when he was Obama's deputy DHS secretary "represented a key priority during his tenure," the coalition wrote. "Well-known and well-respected across the cyber community, Mr. Mayorkas possesses the intelligence, integrity, and skills to assume leadership and protect our homeland assets—physical and cyber in nature—on day one." | | ONE WEEK LATER — It was a wild weekend of developments on the SolarWinds breach, as official Washington grappled with the unfolding, historic hack. Secretary of State Mike Pompeo said Russia was "pretty clearly" behind the digital attack, only to be contradicted hours later by President Donald Trump, who downplayed the incident that has compromised several government agencies, deflected blame away from Moscow and suggested Chinese involvement. It was later reported that White House officials had prepared to issue a statement on Friday that accused Russia of being the "main actor" in the hack but were told at the last minute to stand down. The president's deflection, the latest example in a yearslong pattern of protecting and defending Russian President Vladimir Putin's government, brought bipartisan scorn on Sunday. "He could be going out and championing this extraordinary success. And, instead, he's leaving Washington with a whole series of conspiracy theories and things that are so nutty and loopy that people are shaking their head, wondering, what in the world has gotten into this man?" Sen. Mitt Romney (R-Utah) said on CNN's "State of the Union." "I would echo what Secretary Pompeo has said and Marco Rubio has said: all indications point to Russia. Matter of Fact, FireEye, one of the nation's top cybersecurity companies who got hacked … also indicted Russia," Sen. Mark Warner (Va.), the top Democrat on the Senate Intelligence Committee said on ABC's "This Week." As for the hack itself, Microsoft on Friday revealed that the tech giant's analysis of the compromise "led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor." Kim Zetter offered the most thorough accounting to date of the hack's origin, including a dry run of the espionage campaign last year. And as Eric "Too Many Doors" Geller reported over the weekend, the federal government's shoddy processes for ensuring software vendors have good digital practices fostered an environment for the hack to succeed. This week likely will hold more drama, with government agencies and private companies scrambling to learn if they've been hit and, if so, how badly. Also expect Congress to keep pressing the administration for more information. On Friday, the House Oversight and Homeland Security committees, who launched a joint probe into the breach, released a statement decrying a closed-door briefing on the incident. "After receiving a classified member briefing from the Trump Administration today on the major hack to government systems, we are left with more questions than answers," they said. SOLARWINDS STILL SWEEPING THE LAND — The SolarWinds supply chain campaign compromised leading U.S. cable provider Cox Communications and the government of Pima County, Arizona, Reuters reported on Friday. The news organization used data provided by FireEye and a web script provided by Kaspersky Lab to unscramble digital breadcrumbs left behind by the hackers. According to the forensic trail, the hackers behind the campaign activated backdoors inside Cox and Pima County's networks in June and July. Both victims say they are still investigating. — Todd Smith, a Cox spokesman, said the company has been "working around the clock to investigate" the SolarWinds compromise "and to apply the patch when it was released." "We are continuing our investigation and have engaged third party security experts to assist us," Smith said. — Dan Hunt, Pima County's chief information officer, said in a statement that his team deleted SolarWinds' software and disconnected affected devices as soon as they learned about the attack. "We are following proper protocol and have not been able to verify that there was any data breach," Hunt said. "We have no indication any data was stolen from Pima County."
| | A NEW YEAR, A NEW HUDDLE: Huddle, our daily must-read in congressional offices, will have a new author in 2021! Olivia Beavers will take the reins on Jan. 4, and she has some big plans in store. Don't miss out, subscribe to our Huddle newsletter, the essential guide to all things Capitol Hill. Subscribe today. | | |
| | LAST MINUTE VETOING — President Trump this week could make good on his promise to veto the $740 billion defense policy bill, H.R. 6395 . Trump has until Wednesday to sign or veto the measure or allow it to become law without his signature. Last week congressional Republicans urged the president to drop his threat — for which he has given wildly different reasons, including asserting that Chinese leaders "love" the legislation — because the measure contains dozens of cybersecurity provisions. Congressional leaders in both parties are confident they'll be able to muster enough support to override Trump's veto when a vote happens after the Christmas holiday or early January, shortly before the new Congress is sworn in. | | CAN'T STOP, WON'T STOP MALWARE — The criminal hackers behind the Dridex and Locky banking trojans may be preparing for their next act, researchers at the security firm Intel 471 said on Friday. The hacking group, known as TA505, has once again been using its first-stage malware, dubbed "Get2," according to the report. Dridex was an infamous tool controlled by the group known as Evil Corp, which usually deployed the banking trojan through malicious email attachments. Locky, the next evolution of Dridex, is known for hitting hospitals. "The reconfigured loader is meant to allow the group to carry out its operations without drawing the attention of enterprise defenses," researchers wrote. They reported seeing it download and stash a dynamic-link library, or DLL, file on target machines on Dec. 14. TA505 tends to slink away whenever researchers unmask its operations, but Intel 471 predicted that the appearance of the reconfigured Get2 malware means they're planning new campaigns. Jason Passwaters, the company's chief operating officer, described TA505 as more careful than many other financially motivated actors, adding, "Once things start ramping up like this, rest assured they are back at it with a target list in hand." TWEET OF THE WEEKEND — Peace in our time! | | — iPhones belonging to dozens of Al Jazeera journalists were hacked via zero-click malware built by NSO Group, the Israeli spyware vendor. — Democratic senators asked the GAO to examine what the Homeland Security and Education departments, and others, are doing to help protect school districts from digital threats and the effectiveness of the existing efforts. — Europol and the European Commission launched a new decryption platform. — Cyberscoop: U.S. officials shut down scam websites impersonating Moderna, Regeneron. — Florida officials said foreign hackers apparently infiltrated state government agencies. — The city of Kennesaw in Georgia will buy new software to better protect against digital threats. That's all for today. Stay in touch with the whole team: Eric Geller (egeller@politico.com, @ericgeller); Bob King (bking@politico.com, @bkingdc); Martin Matishak (mmatishak@politico.com, @martinmatishak); and Heidi Vogt (hvogt@politico.com, @heidivogt). | | Follow us on Twitter | | Follow us | | | |
No comments:
Post a Comment