Tag Archive for: dhs

Hillicon Valley: Russian hacking group believed to be behind Kaseya attack goes offline | DHS funding package pours millions into migrant surveillance

/in


Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter by clicking HERE.



a screen shot of a computer: Hillicon Valley: Russian hacking group believed to be behind Kaseya attack goes offline | DHS funding package pours millions into migrant surveillance | Jen Easterly sworn in as director of DHS cyber agency

© istock
Hillicon Valley: Russian hacking group believed to be behind Kaseya attack goes offline | DHS funding package pours millions into migrant surveillance | Jen Easterly sworn in as director of DHS cyber agency

Welcome and Happy Tuesday! Follow our cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage.

Loading...

Load Error

Websites used by the cyber criminal group known as REvil went dark Tuesday, just over a week after the group was linked by cybersecurity experts to the ransomware attack on software company Kaseya. While it is unknown why the websites went dark, President Biden last week urged Russian President Vladimir Putin to take further steps against hackers based in his country, and hinted to reporters that the U.S. had the option of disrupting the hackers’ servers.

Meanwhile on Capitol Hill, the House Appropriations Committee marked up the annual Department of Homeland Security appropriations bill, approving a proposal that included millions to pay for technologies that surveil immigrants.

SUSPICIOUS TIMING FOR A HOLIDAY: Websites on the dark web used by a criminal hacking group believed to be behind the recent massive ransomware attack on software company Kaseya went offline Tuesday.

The hacking group, REvil, is believed to be based in Russia, and has been linked by the FBI to the ransomware attack in May on JBS USA, the nation’s largest beef producer. The more recent attack on Kaseya impacted up to 1,500 companies, many of them small businesses.

According to The New York Times, the websites on the dark web used by REvil to negotiate payment with victims and lists of companies it had targeted went dark early on Tuesday morning.

John Hultquist, the vice president of Analysis at cybersecurity group FireEye’s Mandiant Threat Intelligence, confirmed the takedown, saying in a statement provided to The Hill Tuesday that “at the time of analysis…

Source…

After Colonial hack, DHS issues first cybersecurity regulation for pipelines

/in


The Department of Homeland Security has issued the first cybersecurity regulation for the pipeline sector.

The regulation, issued Thursday morning, is part of the Biden administration’s efforts to bolster security for national infrastructure after a company that operates the largest fuel pipeline in the country was hit with a ransomware attack earlier this month.

Colonial Pipeline shut down all pipeline operations after it was hacked by a group believed to be Russian criminals, who locked some of its computers and demanded a ransom to set them free.

While Colonial was able to restart operations within five days, it had already become one of the most impactful cyberattacks in American history. The United States issued an emergency order to allow truckers to drive overtime to help transport fuel, and gas stations across the country reported outages. Colonial CEO Joseph Blount told The Wall Street Journal he quickly paid the hackers’ $4.4 million demand, but that their program to restore their systems was so slow he hired outside computer experts to do it instead.

While DHS’ Cybersecurity and Infrastructure Security Agency provides guidance to U.S. companies that handle the country’s infrastructure, there are few federal government requirements for them to have even basic cybersecurity measures in place.

Under the new regulation, roughly 100 pipeline companies will be required to keep a cybersecurity coordinator on call at all times, and to report any incident to the Cybersecurity and Infrastructure Security Agency within 12 hours. 

In a call DHS held with reporters Wednesday evening, one senior agency official, who requested to not be named as part of the terms of the call, said that pipeline companies found out of compliance with the new regulation would face escalating fines starting around $7,000.

“There are financial penalties associated with failure to comply with security directives, and those can be imposed on a daily basis, so they can ramp up pretty significantly over time,” the official said.

Bryson Bort, a cybersecurity consultant and founder of the ICS Village, a nonprofit that advocates for industrial cybersecurity, said that while he didn’t expect the regulation…

Source…

DHS, White House turn spotlight on ransomware — Defense Systems

/in


threat detection

Cyber

DHS, White House turn spotlight on ransomware

  • By Justin Katz
  • May 05, 2021

The Department of Homeland Security and the White House are putting the spotlight on combatting ransomware, actively developing plans to confront the issue.

DHS has assembled a task force with representatives from the Cybersecurity and Infrastructure Security Agency, Secret Service, Coast Guard and Immigration and Customs Enforcement’s Homeland Security Investigations unit, according to Security Secretary Alejandro Mayorkas. The new task force is part of the secretary’s planned “60-day sprint” on ransomware that was announced in March as the first in a series of new efforts.

“Beyond CISA…the entire federal government is stepping up to face this challenge,” Mayorkas said at an April 29 event hosted by the Institute for Security and Technology. “The White House is developing a plan dedicated to tackling this problem,” and the Justice Department recently established its own task force focused on ransomware, he confirmed.

Ransomware “has disproportionately impacted the healthcare industry during the COVID pandemic, and has shut down schools, hospitals, police stations, city governments, and U.S. military facilities,” according to a new report by IST featuring recommendations for the Biden administration on combatting ransomware.

Some of the report’s recommendations include establishing a U.S. government “Joint Ransomware Task Force,” forming an international coalition focused on ransomware, sanctioning countries that fail to take action against threat actors and designating ransomware a national security threat.

Mayorkas earlier this month issued a joint statement with Attorney General Merrick Garland and counterparts in the United Kingdom, Australia, New Zealand and Canada on the threat ransomware poses.

“Ransomware is a growing cyber threat which compromises the safety of our citizens, the security of the online environment, and the prosperity of our economies. It can be used with criminal intent, but is also a threat to…

Source…

North Korea continues targeting security researchers. Holiday Bear gained access to DHS emails. Charming Kitten is phishing for medical professionals.

/in


By the CyberWire staff

North Korea continues targeting security researchers.

Google’s Threat Analysis Group (TAG) has published an update on a North Korean cyberespionage campaign targeting security researchers. TAG warned in January that a threat actor was messaging researchers on various social media platforms asking to collaborate on vulnerability research. They also set up a watering hole site that posed as a phony research blog, using an Internet Explorer zero-day.

Now, Google says the actor is using a new website and social media profiles posing as a fake company called “SecuriElite.” TAG writes, “The attacker’s latest batch of social media profiles continue the trend of posing as fellow security researchers interested in exploitation and offensive security. On LinkedIn, we identified two accounts impersonating recruiters for antivirus and security companies. We have reported all identified social media profiles to the platforms to allow them to take appropriate action.” Google also believes the attackers are using more zero-days.

Holiday Bear gained access to DHS emails.

The Associated Press reports that the suspected Russian hackers behind the SolarWinds attack gained access to the emails of former acting Department of Homeland Security Secretary Chad Wolf and other DHS officials. So far it doesn’t appear that classified communications were compromised, but POLITICO says the number of emails stolen was in the thousands. A State Department spokesperson told POLITICO, “the Department takes seriously its responsibility to safeguard its information and continuously takes steps to ensure information is protected. For security reasons, we are not in a position to discuss the nature or scope of any alleged cybersecurity incidents at this time.”

5 Top ICS Cybersecurity Recommendations in the Year in Review

Find out about the major ICS cyber threats, vulnerabilities and lessons learned from our field work in the just released Year in Review report. You’ll discover 5 recommendations to secure your industrial environment and the 4 new threat activity groups we’re tracking.  Read the executive summary. 

Charming Kitten is phishing for medical professionals.

Proofpoint reports that…

Source…