Monday, May 15, 2023

Ransomware comes back with a vengeance

Presented by SentinelOne: Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.
May 15, 2023 View in browser
 
POLITICO's Weekly Cybersecurity newsletter logo

By John Sakellariadis

Presented by

SentinelOne
Driving the Day

After a one-year dip, digital extortion is on pace to eclipse its prior annual record, a troubling turnaround that shows how far D.C. still has to go to address the problem.

HAPPY MONDAY, and welcome to Morning Cybersecurity! In honor of Mother’s Day, I wanted to share a link to a special article about an ancient vase that left a lasting impact on mothers and sons the world over.

What impact, you say? Well, it depicts the Greek goddess Aphrodite chastising her unruly son Eros with the backside of a sandal.

Got tips, feedback or other commentary? Send them to John at jsakellariadis@politico.com. You can also follow @POLITICOPro and @MorningCybersec on Twitter. Full team contact info is below.

A message from SentinelOne:

The SentinelOne Singularity Platform and Security DataLake is the only FedRAMP Authorized solution empowering centralized security operations in a world of big-data, decentralized IT. SentinelOne DELIVERS Industry leading, autonomous protection, detection, and response across attack surfaces. Unmatched cross-platform security analytics and intelligence with scalable, cost-effective long-term data retention. Expert-level, US-based personnel for deep-dive, comprehensive analysis, and active threat hunting. SentinelOne brings the most innovative and impactful cyber technology solutions to our federal government customers.

 
Ransomware

NOT GOING AWAY — Researchers at a leading cryptocurrency tracing company have bad news for Washington: Ransomware is back, and it might be worse than ever.

Through the first four months of this year, cybercriminal gangs are on pace to surpass their earnings from a record-setting 2021, according to new data collected by Chainalysis.

The bounceback in extortion revenue follows a 40 percent dip in ransom payments in 2022, which many had interpreted as a promising sign the Biden administration was making headway against keyboard crooks.

2023 “could be one of, if not the, highest grossing years in ransomware yet,” Jackie Burns Koven, head of cyber threat intelligence at Chainalysis, said Friday at the Sleuthcon cybercrime conference in Arlington, Va..

Downer for D.C. — The turnaround will come as a disappointment to the Biden administration, which has launched a series of new initiatives to crack down on digital extortion over the last two years.

While the firm declined to give an exact figure for ransomware groups’ earnings thus far this year, criminal syndicates made more than $760 million in 2021, a year capped by high-profile attacks on Colonial Pipeline, JBS Foods and Kaseya.

If the trend continues, it could even reignite a debate about what more the government can do to address the problem. Just last week, the White House revealed it is weighing a partial ban on ransom payments — a hardline policy option that received a mixed reaction from cyber experts.

Hornet’s nest — Koven, who was presenting joint research with the firm’s cybercrime research lead, Eric Jardine, said the uptick in ransom payments was likely driven by several factors.

Those include a turn to mass attacks via the supply chain, a higher volume in ransomware activity, renewed targeting of large companies, and the adoption of “more aggressive extortion tactics” among criminals, who have resorted to increasingly personalized blackmail schemes to coax money from victims.

Altogether, those shifts have translated to a near doubling in the average ransom payment, which is now hovering above $220,000, according to Chainalysis. “It’s a pretty significant rise that surprised us,” Koven said.

Not all bad – Government actions, such as sanctions, cryptocurrency seizures and arrests, have still had a significant impact on the cyber baddies, said Koven.

For example, criminals are having more and more trouble cashing out their illicit crypto, in some cases just stashing it on the blockchain in an effort to evade attention.

That tactic — which Koven described as the digital equivalent of “stashing cash under your mattress” — suggests ransomware gangs might not be getting as much use out of their looted funds as the eye-popping topline suggests.

 

GET READY FOR GLOBAL TECH DAY: Join POLITICO Live as we launch our first Global Tech Day alongside London Tech Week on Thursday, June 15. Register now for continuing updates and to be a part of this momentous and program-packed day! From the blockchain, to AI, and autonomous vehicles, technology is changing how power is exercised around the world, so who will write the rules? REGISTER HERE.

 
 
Software Security

OPEN SOURCE BILL FINDS BACKERS IN THE HOUSE — The first open-source software bill ever to find its way into Congress is about to get a friendly bump from the House, where Republican leadership on the Homeland Security Committee is set to introduce its own effort to prevent free-to-use code from becoming a house of cards for software consumers.

The new wind in the sails of the Securing Open Source Software Act comes courtesy of Chair Mark Green (R-Tenn.) and cyber subcommittee lead Andrew Garbarino (R-N.Y.), who plan to bring the bill to a committee-wide markup on Wednesday, Lesley Byers, the committee’s communications director, told MC.

Refresher — Last fall, Sen. Gary Peters (D-Mich.), chair of the Senate’s homeland security panel, first introduced — and recently reintroduced — a more or less identical version of the forthcoming House bill, but it never got a floor vote and didn’t pick up momentum in the lower chamber.

But that may have been due to timing. The bill received plenty of praise from security experts, who told MC at the time that it was overdue for the government to start thinking about ways to reduce risk in open-source code.

Specifically, the bill would direct CISA to hire new open-source security experts, develop tools to assess the risks such code poses to federal agencies, and later, explore whether it could apply similar services to critical infrastructure providers.

One thing to watch — Byers said the committee is still finalizing additional co-sponsors for the bill, which should be made public soon.

To make the Wednesday markup, the legislation must be introduced at least 48 hours before then, implying Green and Garbarino will introduce the legislation later today.

 

A message from SentinelOne:

Advertisement Image

 
Industry Intel

SOUNDING THE ALARM — An enterprise software-maker's refusal to support third-party security solutions is leaving businesses with one hand tied behind their backs against hackers, according to a major provider of such security software.

Through the first quarter of 2023, ransomware gangs and foreign sleuths have targeted VMware’s ESXi vSphere hypervisors with growing frequency — a trend worsened by the company’s reluctance to allow support for external security products, argues a new blog out this morning from Crowdstrike.

Why it matters — VMware’s “virtualization” technology allows organizations to optimize computing resources by running virtual computers from a single server, and it has grown in popularity as businesses have accelerated their transition into the cloud.

But as the new workhorse behind modern IT environments, VMware’s product also makes a “highly attractive target” for spies and ransomware gangs, argues Crowdstrike, and one that external security pros can do little to defend so long as VMware boxes them out.

One example of the stakes? In February, hackers exploited a two-year-old vulnerability in the technology to mass deploy ransomware against more than 2,000 organizations.

View from the other side? — VMware did not respond to an emailed request for comment about its justification for not allowing access to third-party security or antivirus providers, or what it was doing to mitigate the increased threat to its products.

Troubling pattern — While Crowdstrike may not strike many people as a fair arbiter of how VMware should be protecting its customers, it’s clear something is amiss.

On Thursday, another endpoint security provider, SentinelOne, warned that it had identified 10 new ransomware variants targeting ESXi hypervisors since the second half of 2022, while cybersecurity firm Recorded Future recently found a three-fold increase in ransomware attacks against the VMware product between 2021 and 2022.

And last fall, Mandiant reported that likely Chinese cyber spies were getting in on the game too, apparently having determined that VMware’s 3rd-party-free hypervisors offered a great place to avoid detection.

“There’s zero question that VMware deserves some of the blame here,” Jake Williams, a former NSA hacker told me over text.

 

DON’T MISS POLITICO’S HEALTH CARE SUMMIT: The Covid-19 pandemic helped spur innovation in health care, from the wide adoption of telemedicine, health apps and online pharmacies to mRNA vaccines. But what will the next health care innovations look like? Join POLITICO on Wednesday June 7 for our Health Care Summit to explore how tech and innovation are transforming care and the challenges ahead for access and delivery in the United States. REGISTER NOW.

 
 
Tweet of the Weekend

Microsoft’s Christopher Glyer and Nick Carr won best-dressed at this weekend’s Sleuthcon cyber crime conference. And while that isn’t a real award, you should see here for the context on why it probably should be:

@JohnHultquist

Twitter

What else we're reading today

On the trail of the Dark Avenger: the most dangerous virus writer in the world.” (The Guardian)

Quick Bytes

— Personal data on more than 200,000 current and former federal employees was exposed in breach of the Department of Transportation. (Reuters)

— How a cyberattack left one Indiana hospital reeling. (NPR)

— Cybercriminals find “a new normal” for exploiting victims following Microsoft’s decision to block macros, once a hacking favorite. (CyberScoop)

— Toyota Japan exposed the location data of millions of its vehicles for more than a decade. (TechCrunch)

Chat soon. 

Stay in touch with the whole team: John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com); and Heidi Vogt (hvogt@politico.com).

A message from SentinelOne:

Today’s Federal Agencies are challenged by a growing list of adversaries operating in an increasingly complex cyber threat landscape. With staffing, expertise, and budget constraints, they are faced with managing multiple, disjointed security tools and increasing operational costs. At SentinelOne, we are uniquely positioned to help Agencies tackle these problems and combat our most aggressive and malicious adversaries.

The SentinelOne Singularity Platform delivers a single, unified console to manage the full breadth of AI-powered cybersecurity protection, detection, and response technologies for all-surface protection.

Our platform runs on the industry’s first and only unified, M-21-31 Security Data Lake that fuses SentinelOne and 3rd Party security data, threat hunting, deep-dive analytics, and autonomous enforcement into a single unified console.

Authorized through the FedRAMP program, the SentinelOne Platform and Security Data Lake are architected to surpass the stringent operational and security requirements, protecting our nation’s most critical and sensitive data and information.

 
 

Follow us on Twitter

Heidi Vogt @HeidiVogt

Maggie Miller @magmill95

John Sakellariadis @johnnysaks130

 

Follow us

Follow us on Facebook Follow us on Twitter Follow us on Instagram Listen on Apple Podcast
 

To change your alert settings, please log in at https://www.politico.com/_login?base=https%3A%2F%2Fwww.politico.com/settings

This email was sent to edwardlorilla1986.paxforex@blogger.com by: POLITICO, LLC 1000 Wilson Blvd. Arlington, VA, 22209, USA

Please click here and follow the steps to unsubscribe.

No comments:

Post a Comment

Private investors pour $50 billion into booming sector… investment opportunity

Unstoppable megatrend driven by hundreds of billions in government spending ...