Category Archives: Colonial Pipeline

TSA pushes more cybersecurity mandates on critical pipeline owners, emphasizing ransomware

Posted on by

The Transportation Security Administration on Tuesday handed down additional cybersecurity requirements for owners of major pipelines, this time focused on ransomware. It’s the second time the Department of Homeland Security’s TSA has issued a security directive to critical pipeline owners since ransomware attackers struck Colonial Pipeline in May, an incident that spurred panic-buying amid fears of a gas shortage. The specific requirements of the directive were not immediately clear. “This Security Directive requires owners and operators of TSA-designated critical pipelines to implement specific mitigation measures to protect against ransomware attacks and other known threats to information technology and operational technology systems, develop and implement a cybersecurity contingency and recovery plan, and conduct a cybersecurity architecture design review,” a DHS statement reads. The same month of the Colonial Pipeline attack, TSA threatened to fine certain pipeline owners — an estimated 100 companies — if they failed to meet cybersecurity guidelines. TSA […]

The post TSA pushes more cybersecurity mandates on critical pipeline owners, emphasizing ransomware appeared first on CyberScoop.

Continue reading TSA pushes more cybersecurity mandates on critical pipeline owners, emphasizing ransomware

The Second Wave of a Ransomware Pandemic

Posted on by

In January, we published the Ransomware Pandemic, a report discussing the ever-evolving threat of ransomware and the growing devastation disseminated by these malicious malware strains. The report discussed the future forecast for ransomware and how w… Continue reading The Second Wave of a Ransomware Pandemic

Jack Cable, Stanford student and cyber whiz, aims to crowdsource ransomware details

Posted on by

Ransomware has never been more of a national security concern after a string of hacks against the fuel supplier Colonial Pipeline, meat giant JBS and perhaps thousands of others compromised after breach at a large IT firm. Few people, if any, seem to grasp the breadth and cost of the scourge, as there are no legal requirements for victims to disclose when they pay hackers to unlock their network.  That, combined with the suspicious that most victims don’t, report their digital extortion payments, makes it harder for law enforcement and security firms to combat attacks, or even understand how to fight them. That’s the impetus behind a project that Stanford University student and security researcher Jack Cable launched on Thursday, dubbed “Ransomwhere,” a plan to track payments to bitcoin addresses associated with known ransomware gangs. “Having public transparency around the impact of ransomware, especially as we’re proposing and considering different […]

The post Jack Cable, Stanford student and cyber whiz, aims to crowdsource ransomware details appeared first on CyberScoop.

Continue reading Jack Cable, Stanford student and cyber whiz, aims to crowdsource ransomware details

Biden again urges Putin to disrupt ransomware gangs operating inside Russia

Posted on by

President Joe Biden pushed Russian President Vladimir Putin to disrupt ransomware groups operating within Russian borders in a phone call Friday, according to a White House statement. “I made it very clear to him that the United States expects [that] when a ransomware operation is coming from his soil even though it’s not sponsored by the state, we expect [Russia] to act if we give them enough information to act on who that is,” Biden told reporters after the call. The call came on the heels of the latest major cyberattack against a U.S. company. REvil, a ransomware group believed to be in Russia, hit Florida-based IT software company Kaseya last week. Researchers have suggested that the hack affected between 1,500 to 2000 of the firm’s clients as well as likely thousands of more customers of those clients. The Kremlin says it has not received any official requests from U.S. […]

The post Biden again urges Putin to disrupt ransomware gangs operating inside Russia appeared first on CyberScoop.

Continue reading Biden again urges Putin to disrupt ransomware gangs operating inside Russia

Kaseya says up to 1,500 victims affected by ransomware, as Biden directs ‘full resources’ to investigate

Posted on by

One of the largest mass ransomware attacks ever has compromised up to 1,500 businesses, according to a Tuesday update from the Florida IT company Kaseya, which the hackers used to spread their malicious software. The self-proclaimed culprit of the Friday outbreak, the Russia-based ransomware gang REvil, is seeking $70 million in cryptocurrency collectively from what it says are actually more than 1 million victims to unlock affected systems, reportedly ranging from Swedish supermarket chains to New Zealand kindergartens that were closed or knocked offline. It’s the latest of three recent huge ransomware incidents to draw White House attention, with President Joe Biden over the weekend directing “the full resources of the government to investigate this incident,” according to a statement by Deputy National Security Adviser for Cyber and Emerging Technology Anne Neuberger. Unlike the last two major incidents that affected single victims in fuel transporter Colonial Pipeline and meat supplier […]

The post Kaseya says up to 1,500 victims affected by ransomware, as Biden directs ‘full resources’ to investigate appeared first on CyberScoop.

Continue reading Kaseya says up to 1,500 victims affected by ransomware, as Biden directs ‘full resources’ to investigate

White House weighs cracking down on secret ransomware payments, pursuing hackers

Posted on by

Going on offense against attackers and penetrating the secrecy surrounding attacks are two ways the Biden administration is pondering to tackle ransomware, a top White House official said on Tuesday. Anne Neuberger, the deputy national security adviser, said that that a joint FBI, U.S. Cyber Command and private sector effort to cripple the Trickbot botnet, a hacking tool that U.S. officials had feared would disrupt 2020 election season, should be the kind of operation used to tackle ransomware gangs in the future. “Certainly that serves as a model to say where we identify actors and infrastructure that are used … to conduct ransomware attacks, we want to ensure that we make it a lot harder for those actors to operate,” Neuberger said at an event hosted by the Silverado Policy Accelerator, a nonprofit think tank. In advance of the 2020 election, Cyber Command and Microsoft led missions to weaken Trickbot, […]

The post White House weighs cracking down on secret ransomware payments, pursuing hackers appeared first on CyberScoop.

Continue reading White House weighs cracking down on secret ransomware payments, pursuing hackers

A plan to label companies vulnerable to hacking is set to spark debate on Capitol Hill

Posted on by

The notion of writing more cybersecurity regulations is gaining traction following the Colonial Pipeline and JBS ransomware incidents, after decades of a largely hands-off approach to private sector-owned critical infrastructure. Top Biden administration team picks have testified about how voluntary standards aren’t getting the job done, and some in Congress have indicated their patience is waning with letting industry go it alone. Enter a proposal that some lawmakers and the Cyberspace Solarium Commission that they say strikes a middle ground between the new zeal for hard rules and the tradition of non-regulation in cyberspace: “systemically important critical infrastructure.” Also known as SICI, it’s an idea that involves labeling hacking targets that are most likely to cause economic, public health or national security disruptions if attacked, then offering the owners of that infrastructure a mixture of government boons in exchange for meeting baseline cybersecurity standards. But even as something of a […]

The post A plan to label companies vulnerable to hacking is set to spark debate on Capitol Hill appeared first on CyberScoop.

Continue reading A plan to label companies vulnerable to hacking is set to spark debate on Capitol Hill

Critical Infrastructure is Missing Something Critical

Posted on by

The Colonial Pipeline attack was yet another reminder that critical infrastructure is in desperate need of stronger security. The attack is one of the most recent victims of cyberattacks on critical infrastructure; the phenomenon is not new, nor is it… Continue reading Critical Infrastructure is Missing Something Critical

DOJ didn’t ask for Russia’s help tracking down Colonial Pipeline hackers, senior official says

Posted on by

The U.S. Justice Department did not ask Russian law enforcement for help in tracking down the perpetrators of the Colonial Pipeline ransomware attack because Moscow’s history of harboring cybercriminals essentially makes it a waste of time, according to a senior department official. “I think we’ve reached the stage, today, where there’s very little point in doing so,” said John Demers, the assistant attorney general for national security. “We have made those requests in the past.” The Russian government is “not just tolerating this,” Demers said at CyberTalks, presented by CyberScoop. “They’re actively getting in the way of U.S. law enforcement efforts to combat this type of hacking,” he added, referring to previous Russian efforts to block U.S. requests to extradite accused hackers from other countries. The remarks were pre-recorded on June 3. The Justice Department did not answer follow-up questions about possible Russian cooperation in the weeks since. The Russian […]

The post DOJ didn’t ask for Russia’s help tracking down Colonial Pipeline hackers, senior official says appeared first on CyberScoop.

Continue reading DOJ didn’t ask for Russia’s help tracking down Colonial Pipeline hackers, senior official says