CRI looks to outsmart ransomware rivals

Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.

Sep 30, 2024 View in browser   By Joseph Gedeon With help from Maggie Miller Driving the day — This week’s Counter Ransomware Initiative is pulling out all the stops to combat the global ransomware epidemic, with new launches and international cooperation in the forefront. HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! I’ve switched to an ergonomic keyboard and I’m now convinced it’s been a plot from Big Keyboard to keep it a secret all along. Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Find me on X at @JGedeon1 or email me at jgedeon@politico.com. You can also follow @POLITICOPro and @MorningCybersec on X. Full team contact info is below. Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories. Ransomware HERE COMES THE CRI — The Biden administration has tried to wrangle the global ransomware problem, but it's been a banner year for the bad guys. As it kicks off a week-long Counter Ransomware Initiative, the White House is hoping some hefty new moves and members can turn the tide. — New initiatives on deck: Deputy National Security Adviser for Cyber and Emerging Technology Anne Neuberger teased to reporters during a press call on Sunday several key announcements expected at this week's summit: A new counter-ransomware fund administered by USAID that will be supported through contributions from CRI members and the private sector  Victim guidance endorsed by CRI members and insurance bodies for organizations going through a ransomware attack Canada’s  new private sector advisory panel that will, in part, “catalyze effective information sharing”  Expansion of cybersecurity supply chain efforts in the energy sector to all CRI members, based on the success of this year’s G7 initiative (that your MC host was first to report)   — And there’s always AI: This year's CRI summit will also include a day dedicated to the intersection of AI and cyber, with presentations from leading U.S. AI companies and government agencies. — The more the merrier: The CRI is welcoming 18 new members to its now 68-member clubhouse. Argentina, Bahrain, Cameroon, Chad, Morocco, Hungary, the Philippines, Slovenia, Vanuatu and Vietnam are among the fresh faces. — Counting the casualties: According to Laura Galante, director of Cyber Threat Intelligence Integration Center for the Office of the Director of National Intelligence: 2022 saw 2,593 ransomware attacks 2023 witnessed a jump to 4,506 attacks The first half of 2024 has already logged 2,321 attacks About half of the attacks target U.S. organizations, with the remainder spread globally. Of those non-U.S. victims, roughly 52 percent are in Europe, the officials said. They also warned that health care and emergency services have been particularly hard hit in 2024. — Russian to conclusions: Officials on the press call reiterated that many ransomware actors continue to operate from Russia, complicating disruption efforts. When asked about inviting Russia to join the CRI, Neuberger said Moscow hasn't reached out. "Our only rule is that countries have to sign up to the principles of CRI with regard to not offering haven to actors and participating as responsible state actors in cyberspace,” Neuberger said. — What’s next: The CRI summit is running Monday to Thursday and Neuberger is promising “significant, major new deliverables” to taper off the ransomware threat. Regular readers will know we’ve heard this one before. We’ll be watching closely all week to see how that really shapes up. On the Hill DO MORE, PLEASE — Senate Intel Committee chair Mark Warner (D-Va.) is pressing CISA to up its election security game, firing off a letter to Director Jen Easterly with a wish list of enhancements. — The ask: Warner wants CISA to boost support for state and local governments in combating disinformation, ramp up information sharing and work with election officials to tackle emerging AI-powered threats. The senator specifically points to growing foreign disinformation campaigns and AI-powered threats as key concerns. “I strongly urge you to use all the tools at your disposal to provide state and local administrators with the necessary resources to uncover, build resilience against, and rapidly respond to information manipulation campaigns leading up to the election and afterwards,” Warner wrote. — Why this is important: CISA is tasked with helping protect the nation’s election infrastructure against cyber and physical threats and supports state and local officials that have jurisdiction over elections on this. Agency officials have made repeated statements and media appearances in recent weeks to get the message out that the election process is secure, even in the middle of increasing threats. That’s so far included hacking operations by Iran against U.S. presidential campaigns and Russian efforts to spread disinformation around the election. — Radio silence: CISA's keeping mum for now on Warner’s letter, with spokesperson Scott McConnell declining to comment. STAY ALERT — Warner was among the several lawmakers who reacted to the Justice Department’s indictment on Friday of three Iranian individuals for allegedly carrying out hack and leak operations against Donald Trump’s presidential campaign. The indictment accused Masoud Jalili, Seyyed Ali Aghamiri and Yaser Balaghi — all employees of the Islamic Revolutionary Guard Corps — of targeting and hacking into the personal email accounts of employees for an unnamed presidential campaign, then subsequently sending that stolen information to media outlets and officials with a different presidential campaign. While the indictment did not name the campaigns, the FBI and other agencies announced last week that Iranian hackers sent information from the Trump campaign to the personal emails of staffers on President Joe Biden’s campaign, which has since disbanded. — Questions, concerns: Warner said in a statement that the indictment “once again underscores the extent to which adversaries like Iran are actively seeking to influence the outcome of our elections using a wide range of tools,” praising the U.S. intelligence community’s efforts to guard against these types of attacks. House Intelligence Committee Chair Mike Turner (R-Ohio) said in a separate statement that “through hacking campaigns and plotting assassinations, Iran’s clear objective is to target former President Trump and interfere in the U.S. election.” He criticized the Biden administration for “failing to respond to Iran.” “President [Joe] Biden and Vice President [Kamala] Harris must immediately and forcefully push back against Iran to protect former President Trump and ensure the integrity of our upcoming election,” Turner said. DRONE DILEMMA — House China Committee leaders are urging Fairfax County, Virginia, to ground its Chinese-made drones, citing risks to national security. They’re also calling on the county to be a test case for the rest of the nation. — The players: Reps. John Moolenaar (R-Mich.) and Raja Krishnamoorthi (D-Ill.), chair and ranking member of the Select Committee on China, are targeting drones from DJI and Autel Robotics, two Chinese manufacturers who dominate the global market. — The stakes: The lawmakers say Fairfax County's drone fleet — used for public safety and emergency services — sits uncomfortably close to sensitive national security sites. CISA and FBI unveiled guidance in January that data collected by these drones could be accessed by Beijing under China's 2017 National Intelligence Law. That guidance also warns that Chinese drones could expose everything from intellectual property to critical infrastructure vulnerabilities. — New tactics: The letter warns of "white-labeling," where Chinese firms partner with other companies to sell drones under different brand names — a move that could sidestep scrutiny and fly under the regulatory radar. — Elephant in the room: DJI drones make up the vast majority of the global market, not because of lax security standards but often because Chinese drones win on price due to PRC government subsidies. Moolenaar and Krishnamoorthi hint at adjusting federal grant programs to help local governments opt for pricier but "more secure" alternatives, particularly FEMA’s Urban Area Security Initiative. “We cannot continue to allow unfair CCP market practices to pressure our state and local governments and put them at risk,” they write. “We urge Fairfax County to ensure PRC drones are excluded from procurement and partner programs in the future and assist other counties and the Commonwealth of Virginia.” Tweet of the Day Finally, a win for Washington’s pro-pupusa community. X Quick Bytes META’S MILLIONS — The Data Protection Commission in Ireland fined Meta approximately $100 million for storing millions of users' passwords in plaintext on its systems in 2019, writes Bill Toulas for BleepingComputer. THAT’S A NO FROM DOD — The Pentagon wants Congress to strike out a measure in the proposed 2025 National Defense Authorization Act that would require the agency to commission an independent study on establishing a Cyber Force, Martin Matishak reported for The Record. ICYMI — The Treasury Department imposed sanctions on Iranians for election interference in 2020 and 2024. (POLITICO)   Follow us on Twitter Heidi Vogt @HeidiVogt Maggie Miller @magmill95 John Sakellariadis @johnnysaks130 Joseph Gedeon @JGedeon1   Follow us

To change your alert settings, please log in at https://login.politico.com/?redirect=https%3A%2F%2Fwww.politico.com/settings This email was sent to edwardlorilla1986.paxforex@blogger.com by: POLITICO, LLC 1000 Wilson Blvd. Arlington, VA, 22209, USA Unsubscribe | Privacy Policy | Terms of Service