Monday, May 24, 2021

Biden’s spotty cyber roster — Cyber’s looming crypto problem — Conti targeting U.S. health systems

Presented by American Edge Project: Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.
May 24, 2021 View in browser
 
POLITICO's Weekly Cybersecurity newsletter logo

By Sam Sabin

Presented by American Edge Project

Editor's Note: Weekly Cybersecurity is a weekly version of POLITICO Pro's daily Cybersecurity policy newsletter, Morning Cybersecurity. POLITICO Pro is a policy intelligence platform that combines the news you need with tools you can use to take action on the day's biggest stories. Act on the news with POLITICO Pro.

Quick Fix

— Three major cyber incidents in, the Biden administration's roster of cyber officials is still spotty, with key nominees awaiting confirmation hearings and others yet to be nominated.

— A recent tax proposal could give regulators more insight into shady ransomware payments over $10,000, opening companies to heightened scrutiny.

— The cybercriminals behind Ireland's health services ransomware attack also instigated several attacks against U.S.-based health care services in the past year, per the FBI.

HAPPY MONDAY and welcome to Morning Cybersecurity! I'm your host, Sam Sabin, and I'm now accepting bets on when the mysterious Taco Bell Cantina in D.C.'s Columbia Heights neighborhood will open. Winner gets the glory of being right and a shout-out because, well, that's all I can offer.

Send your thoughts, feedback and — especially — tips to ssabin@politico.com. Be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.

WHO'S IT GONNA BE In their five months in office, the Biden administration has faced the SolarWinds espionage attack, the Microsoft Exchange Server data breach and now the Colonial Pipeline incursion. Yet, its top two cyber-related nominees — Jen Easterly as CISA director and Chris Inglis to be the national cyber director — are still sitting in the wings awaiting confirmation hearings. And many mid-level cybersecurity-related posts, such as the director of the Commerce Department's NTIA or under secretary roles at the Department of Energy, don't even have nominees.

The holdup in filling these roles has come under a bright spotlight, as your MC host and colleagues noted during a Pro briefing on the Colonial Pipeline attack recently. President Joe Biden's cyber executive order was probably the biggest move the administration made in response to the pipeline hack, but while it's been seen as a welcome step, the proposal has received scrutiny for its zealous approach to Zero Trust. And the lack of dedicated cyber spending and language in the ever-changing infrastructure proposal doesn't do much to help boost confidence in the administration's cyber agenda.

Among the list of nominations still missing are the director of the NTIA and the Department of Energy's leader of the Office of Cybersecurity, Energy Security and Emergency Response. NTIA oversees policies on software component transparency, vulnerability disclosures, IoT security and other general internet architecture security items, while CESER works on all things at the intersection of energy and security, which has received renewed importance given Colonial. (Both roles have acting officials in place who have worked in their respective divisions before.)

— For comparison, former President Donald Trump nominated his first NTIA director, David Redl, in mid-May of his first year in office. The Energy Department's cyber office wasn't established until 2018.

What's next: Acting CISA director Brandon Wales said during a National Infrastructure Advisory Council meeting Thursday that Easterly's confirmation hearing is "likely to take place early in June." The timeline for the rest is hushed: A spokesperson for the Senate Homeland Security Committee, which oversees Easterly and Inglis' confirmation hearings, didn't respond to a request for comment, and a White House spokesperson pointed to comments Biden made earlier this month calling on Congress to "move quickly" on their nominations

A message from American Edge Project:

Colonial Pipeline Attack Shows Need for Cyber Vigilance: America is reckoning with the real-world consequences these threats have on our economy, our infrastructure, and our national security. Recently, the American Edge Project released a report discussing the drivers of risk and the incentives that can mitigate these cyber threats.

 
Ransomware

CYBER'S CRYPTO DOUBLE-WHAMMY — Noted in the Treasury Department's proposal to strengthen tax compliance late last week is a two-sentence policy suggestion that could have cascading ramifications for companies facing ransomware attacks: All crypto transactions over $10,000 must be reported to the IRS.

Although not directly a ransomware policy, the proposal would give the U.S. government an unprecedented sneak peek at the ransomware attacks companies have kept hidden from public view. According to the Ransomware Task Force, ransom payments reached $350 million worth of cryptocurrency in 2020. And they haven't stopped in 2021, with Colonial Pipeline paying its $4.4 million ransom through Bitcoin . So it's plausible that the Treasury Department's move could set up the IRS as the de-facto regulator for ransomware payments if enacted. (Currently, information-sharing between the government and private institutions is voluntary in most cases, although lawmakers are working to change that.)

Of course, the policy isn't completely fool-proof as some companies will most likely take advantage of tax loopholes to avoid reporting; however, the Treasury Department's proposed crypto transaction requirement still presents a one-two punch for ransomware targets, said Darren Williams, the founder and chief executive of BlackFog, a cybersecurity company focused on ransomware.

"Companies will be hit not only by the ransom itself but by the IRS who could potentially assess taxes on top of this," Williams said.

The quick-hit policy suggestion comes as Washington officials and lawmakers revisit the debate over whether to make ransomware payments illegal. Proponents of delegitimizing the payments argue that if you cut off the revenue stream for attackers, the bad actors won't have a motive to keep attacking. But it's not so cut and dry, critics note, since criminals could just find new ways to exploit victims, such as by releasing their sensitive data.

— How'd we get here: This isn't the first time the Treasury Department has waded into the ransomware payment debate. It issued an advisory in October warning companies they could be prosecuted for paying ransom to sanctioned hackers. And if it becomes official policy, it could help the U.S. government collect better information about the private world of ransomware attacks.

But it does represent what could be an interesting middle ground between the government's go-to advice to not pay ransoms and officials' recent public statements reconciling with why a company pays ransom. This proposal could be the first of many that will have some inadvertent impact on cyber incident reporting.

 

JOIN TUESDAY FOR A CONVERSATION ON AMERICA'S MATERNAL HEALTH CRISIS: The maternal and infant mortality rates in the U.S. have been rising, especially for women and babies of color. One year into the pandemic, how have social determinants of health contributed to maternal and child health outcomes for Black women and other women of color? Join POLITICO for a deep-dive conversation for which we'll use Illinois as a case study to understand how social determinants of health and Covid-19 complicate efforts to eliminate maternal and infant mortality. We will also explore the various public health and policy solutions to reduce racial disparities during pregnancy and postpartum. REGISTER HERE.

 
 

A LONG-AWAITED WARNING CALL — Conti, the criminal ransomware-as-a-service group believed to be behind a weeks-long ransomware attack plaguing Ireland's health care system, also instigated 16 ransomware attacks targeting U.S.-based healthcare and first responder networks in the last year, the FBI warned in a recent flash alert . The alert is the latest in the United States' government's efforts to target the quickly growing ransomware group, following a CISA warning last fall, and underscores the existential security threats hospitals and health care systems face.

The alert's details: The FBI said the 16 new attacks targeted law enforcement agencies, emergency medical services, 9-1-1 dispatch centers and municipalities, and recent ransom demands have been as high as $25 million. Typically, the hackers wait between four days and three weeks after gaining access to a network to deploy the group's ransomware. Specific victims weren't named.

Conti has been active for at least the last year, with IT security company Sophos noting that the group appeared on the scene last May and is known for "the speed at which it encrypts and deploys across a target system" and its double-encryption model (ie., wherein hackers both steal and threaten to leak their info as well as encrypt it). The group is believed to be controlled by Russian-based cybercriminal group Wizard Spider, which CrowdStrike has described as "a highly capable group with a diverse and potent arsenal."

 

Advertisement Image

 
Report Watch

RANSOM UNPREPAREDNESS Almost one in three companies (32 percent) say they believe they're "highly prepared" for a ransomware attack, and another 67 percent said their organizations are taking new security precautions in response to the Colonial attack, according to new polling from information technology trade association ISACA released today. The survey was conducted among more than 1,2000 of the group's members shortly after the pipeline incident.

While few say they're highly prepared for an attack, a vast majority (80 percent) said their organization is more prepared for a ransomware attack than they were in 2017 when the WannaCry, Petya and NotPetya attacks happened.

Based on the results, ISACA recommended companies start running preemptive tests of their systems, scan for patches often and regularly review their security policies to help ensure they don't become ransomware's next victim.

TWEET OF THE DAY A note of sarcasm from Bleeping Computer editor Lawrence Abrams: "Wow. Who would have thought that ransomware was suddenly such a problem."

 

HAPPENING TUESDAY - A PLAYBOOK INTERVIEW WITH ADAM KINZINGER: From the ousting of Liz Cheney from her leadership position to the looming death of a bipartisan commission to investigate the Jan. 6 insurrection at the Capitol, Donald Trump appears to be winning the internal GOP battle over the party's future. Join Playbook co-authors Rachael Bade and Eugene Daniels for an interview with a leading member of the Trump opposition, Rep. Adam Kinzinger (R-Ill.), to discuss his efforts to change the party's direction -- and whether that is even possible. Register here to watch live.

 
 
Quick Bytes

— MI5 boss warns terrorists, child abusers would benefit from Facebook's encryption plans. (POLITICO)

— DarkSide affiliates claim the group shut down before paying out their share of ransom profits. (Ars Technica)

— Personal information of about 4.5 million Air India fliers exposed in cyberattack. (Bloomberg)

"Could the ransomware crisis force action against Russia?" (MIT Technology Review)

— Oracle, once again, calls for reconsideration of JEDI award in recent court filing. (FedScoop)

Chat soon.

Stay in touch with the whole team: Eric Geller (egeller@politico.com); Bob King (bking@politico.com); Martin Matishak (mmatishak@politico.com); Sam Sabin (ssabin@politico.com); and Heidi Vogt ( hvogt@politico.com).

A message from American Edge Project:

Foreign Cyberattacks Threaten Our National Security

"Countries such as Russia, China, North Korea and Iran are eager to exploit such access to seize U.S. intellectual property, including sensitive military capabilities and future innovations. In a worst-case scenario, an adversary nation could leverage existing access into U.S. networks to disrupt or even shut down American communications or critical infrastructure services."

Read the American Edge Project report.

 
 

Follow us on Twitter

Heidi Vogt @HeidiVogt

Eric Geller @ericgeller

Martin Matishak @martinmatishak

Sam Sabin @samsabin923

 

Follow us

Follow us on Facebook Follow us on Twitter Follow us on Instagram Listen on Apple Podcast
 

To change your alert settings, please log in at https://www.politico.com/_login?base=https%3A%2F%2Fwww.politico.com/settings

This email was sent to edwardlorilla1986.paxforex@blogger.com by: POLITICO, LLC 1000 Wilson Blvd. Arlington, VA, 22209, USA

Please click here and follow the steps to unsubscribe.

No comments:

Post a Comment

Mailbag

Subject: RE: 74 Of '74 For an interesting exercise, compare this 50-years-after-the-fact list with the Top Album list Rolling Stone ac...