Tag Archive for: Uphill

How the Biden administration is making gains in an uphill battle against Russian hackers


<span class="caption">Shortly after taking office, President Biden declared that the the U.S. would no longer roll over in the face of Russian cyberattacks.</span> <span class="attribution"><a class="link rapid-noclick-resp" href="https://newsroom.ap.org/detail/Biden/29e09be03a1948fca6c2bc88ff5d40d5/photo" rel="nofollow noopener" target="_blank" data-ylk="slk:AP Photo/Evan Vucci">AP Photo/Evan Vucci</a></span>
Shortly after taking office, President Biden declared that the the U.S. would no longer roll over in the face of Russian cyberattacks. AP Photo/Evan Vucci

On Jan. 14, 2022, the FSB, Russia’s domestic intelligence service, announced that it had broken up the notorious Russia-based REvil ransomware criminal organization. The FSB said the actions were taken in response to a request from U.S. authorities. The move marks a dramatic shift in Russia’s response to criminal cyberattacks launched against U.S. targets from within Russia, and comes at a time of heightened tensions between the two countries.

U.S. policy and actions in response to cyberattacks connected to Russia have changed distinctly since the Biden administration took office. President Joe Biden has openly confronted Russian President Vladimir Putin on his responsibility regarding international cyberattacks, and the Biden administration has taken unprecedented steps to impose costs on Russian cyber criminals and frustrate their efforts.

Upon taking office, Biden immediately faced difficult challenges from Russian intelligence operatives and criminals in headline-grabbing cyberattacks on private companies and critical infrastructure. As a scholar of Russian cyber operations, I see that the administration has made significant progress in responding to Russian cyber aggression, but I also have clear expectations about what national cyber defense can and can’t do.

Software supply chain compromise

The SolarWinds hack carried out in 2020 was a successful attack on the global software supply chain. The hackers used the access they gained to thousands of computers to spy on nine U.S. federal agencies and about 100 private-sector companies. U.S. security agencies said that a sophisticated hacking group, “likely Russian in origin,” was responsible for the intelligence-gathering effort.

On Feb. 4, 2021, Biden addressed Putin in a statement delivered at the State Department. Biden said that the days of the U.S. rolling over in the face of Russian cyberattacks and interference in U.S. elections “are over.”

Biden vowed to “not hesitate to raise the cost on Russia.” The U.S. government had not previously issued indictments or…

Source…

With the increase of cybercrime, local governments face in uphill battle in hardening digital defenses


What would a small community do if its school district’s network was attacked by ransomware? What about if a municipally managed wastewater treatment plant in a rural county was shut down by a digital onslaught initiated by organized cybercriminals operating a continent away? 

With cyberthreats increasingly targeting municipal frameworks, these are the types of questions that constituents should be asking—and ones that local administrators should be prepared to answer.  

“You’re talking about tens of millions of dollars being raised from these crimes. It’s become a big business,” said Bert Kashyap, CEO of the cybersecurity firm SecureW2, which advises local governments on cybersecurity. 

Two decades ago when Kashyap entered the industry, hackers “were playing around with malware, it was less of an organized crime type of thing. Now, it’s definitely gotten to the point where there are nation states protecting these folks, and cyber gangs are basically forming syndicates,” Kashyap said. 

Last year, for example, American government organizations were targeted by nearly 80 ransomware attacks, potentially impacting 71 million people, according to a from the consumer tech information site Comparitech.  

Recently, the Allen Independent School District in Texas was targeted with ransomware. The district refused to pay, according to reports, and parents of children in the school system have since received threatening emails warning their student’s private information will be released if the district doesn’t change course. And on Thursday, the cybersecurity firm Mandiant issued a report detailing how “an aggressive, financially motivated threat actor” that goes by FIN12 is specifically targeting “critical care functions. Almost 20 percent of directly observed FIN12 victims were in the health care industry.” 

Faced with this rapidly emerging threat, Kashyap says most of the administrators he’s talked to and advised say they’re not prepared. 

“Everyone from school district (managers) to other local officials tell us they’re concerned,” he said. “Especially with the ransomware threats, when you have a situation (that)…

Source…