Ransomware gang Conti has already bounced back from damage caused by chat leaks, experts say

A Twitter account known as ContiLeaks debuted to much fanfare in late February, with people around the globe watching as tens of thousands of leaked chats between members of the Russia-based ransomware gang Conti hit the web. In the days after the leaks, many celebrated what they thought would be a devastating blow to Conti, which a Ukrainian security researcher had apparently punished by leaking the internal chats because the gang threatened to “strike back” at any entities that organized “any war activities against Russia.” But ten days after the leaks began, Conti appears to be thriving. Experts say the notorious ransomware gang has pivoted all too easily, replacing much of the infrastructure that was exposed in the leaks while moving quickly to hit new targets with ransom demands. According to Vitali Kremez, CEO of the cybersecurity firm AdvIntel, by Monday morning Conti had successfully completed two new data breaches at […]

The post Ransomware gang Conti has already bounced back from damage caused by chat leaks, experts say appeared first on CyberScoop.

Continue reading Ransomware gang Conti has already bounced back from damage caused by chat leaks, experts say

Offense will win some battles, but cyber defense will win the war

We are years into a ransomware epidemic with no clear end in sight.  Policymakers and security researchers are now using combative efforts to “impose cost” on hackers. Sanctions, hacking back, infrastructure disruption, indictments and other offensive activities all have a negative impact on cybercriminals.  But to have real, long-term impact on these nefarious activities, organizations and governments need to more actively consider the ways that defense can impose costs too: Robust, consistent and well-funded cyber defenses cost adversaries time, effort and the likelihood of success. Defense, and investment in mandatory cybersecurity requirements, is how we will solve the fundamental problems at the heart of the ransomware epidemic.  Since early 2021, law enforcement and U.S. military activities against cybercrime threat actors, specifically those responsible for ransomware attacks against critical infrastructure, have increased dramatically. The White House also announced this year the creation of a ransomware task force, and dozens of nations […]

The post Offense will win some battles, but cyber defense will win the war appeared first on CyberScoop.

Continue reading Offense will win some battles, but cyber defense will win the war

Cyber Command alerts US firms of ‘ongoing’ hacks targeting Atlassian enterprise software

U.S. Cyber Command is warning American organizations that hackers are exploiting software flaws in a popular project management tool, an indication that attackers could be preparing for a larger campaign that creates headaches throughout the private sector. Cyber Command — the Defense Department’s cyber unit — said in a tweet Friday that “mass exploitation” of the issue “is ongoing and expected to accelerate.” The issue exists in Atlassian Confluence, an enterprise application marketed as a means of enabling remote work in corporate environments. Atlassian, an Australian corporation, warned clients on Aug. 25 to update their systems to the latest version of Confluence. “Please patch immediately if you haven’t already — this cannot wait until after the weekend,” the Cyber Command warning stated. The message comes after the Department of Homeland Security’s cyber division, along with the FBI, warned firms to be on guard for ransomware attacks ahead of Labor Day, […]

The post Cyber Command alerts US firms of ‘ongoing’ hacks targeting Atlassian enterprise software appeared first on CyberScoop.

Continue reading Cyber Command alerts US firms of ‘ongoing’ hacks targeting Atlassian enterprise software

Lawmakers throw cold water on splitting Cyber Command from NSA

Although Pentagon officials have suggested in recent days that the nation’s offensive cyber arm should split away from the National Security Agency, Cyber Command is a long way from being ready to stand on its own, according to a bipartisan group of lawmakers. The proposal, which some DOD officials have been entertaining in the last several days, would separate out the command from the Department of Defense’s foreign signals intelligence agency, which it has been co-located with for 10 years in order to help it find its footing. Both the NSA and Cyber Command are currently run by the same leader, Gen. Paul Nakasone, and some critics say the Trump administration has been interested in separating the two in order to carve out a leadership spot for a political ally at the helm of the NSA before his time in the Oval Office expires, according to The Washington Post. But […]

The post Lawmakers throw cold water on splitting Cyber Command from NSA appeared first on CyberScoop.

Continue reading Lawmakers throw cold water on splitting Cyber Command from NSA

A look inside Congress’ biggest cyber bill ever

Congress this week is slated to pass what just might be the most significant cybersecurity legislation ever. This year’s annual defense policy bill, known as the National Defense Authorization Act (NDAA), is loaded with provisions that would reshape the federal bureaucracy on cybersecurity. It would create a national cyber director in the White House and strengthen the Department of Homeland Security’s Cybersecurity and Information Security Agency (CISA), among other changes. “I believe it’s safe to say that this is the most important piece of cybersecurity legislation ever passed” should the final bill advance this week, said Sen. Angus King, I-Maine, who co-chaired the Cyberspace Solarium Commission that produced many of the proposals in the legislation. Mark Montgomery, executive director of the commission, called it “the most substantive” cyber legislation Congress will have passed. Others agree. “I think that’s true, 100%,” said Jonathan Reiber, a former Defense Department cybersecurity official during […]

The post A look inside Congress’ biggest cyber bill ever appeared first on CyberScoop.

Continue reading A look inside Congress’ biggest cyber bill ever

Congress set to establish White House national cyber director, enact other Solarium Commission recommendations

Congress is on the verge of creating a Senate-confirmed national cyber director within the White House who would advise the president on cybersecurity and coordinate the federal government’s related work. And supporters say it would improve on a White House czar position that President Donald Trump controversially eliminated: In addition to Senate confirmation, it would be housed outside of, rather than under, the National Security Council. Multiple sources familiar with negotiations on an annual must-pass defense policy bill say that the final agreement will include the national cyber director position. And it will largely reflect a proposal by the Cyberspace Solarium Commission, which earlier this year put together a comprehensive report that made sweeping recommendations. The Trump White House had opposed the creation of the position. It’s not the only major recommendation from the Solarium Commission that was included in the legislation, either, according to those sources. It would grant the Department of Homeland Security the power to […]

The post Congress set to establish White House national cyber director, enact other Solarium Commission recommendations appeared first on CyberScoop.

Continue reading Congress set to establish White House national cyber director, enact other Solarium Commission recommendations

Cyber Command deployed personnel to Estonia to protect elections against Russian threat

Personnel from the U.S. Department of Defense’s Cyber Command deployed to Estonia in recent months as part of a broader effort to protect U.S. elections against foreign hacking, American and Estonian officials announced Thursday. The mission allowed personnel from U.S. Cyber Command and Estonia’s Defense Forces Cyber Command to collaborate on hunting for malicious hacking efforts on critical networks from adversaries, officials said. Estonia in particular could help the U.S. glean intelligence about Russian cyber-operations, as it has borne the brunt of Russian hacking in the past. Montenegro, a perennial target of Russian hacking, has also worked with Cyber Command on similar missions, known as “Hunt Forward” missions, to protect the 2020 presidential elections against foreign hacking. As the thinking goes, Cyber Command can run these kinds of operations to help protect a foreign ally against intrusions conducted by shared adversaries, while also obtaining information that could help protect U.S. […]

The post Cyber Command deployed personnel to Estonia to protect elections against Russian threat appeared first on CyberScoop.

Continue reading Cyber Command deployed personnel to Estonia to protect elections against Russian threat

It’s hard to keep a big botnet down: TrickBot sputters back toward full health

Mounting evidence suggests that TrickBot, the vast botnet that both U.S. Cyber Command and a Microsoft-led coalition sought to disable around the 2020 elections, is on the mend and evolving. The separate campaigns featured Microsoft going to court to disable IP addresses associated with TrickBot command and control servers, as Cyber Command’s operation also targeted command and control servers.  Hints of its rebound began in late October, shortly after signs of success in the bids to dismantle the TrickBot network of zombie computers. While Cyber Command and Microsoft always billed their assaults as a disruption rather than a full takedown, the TrickBot comeback is proof that it’s difficult to kill a botnet outright. Botnets are dangerous because they can be used to conduct a range of harmful activities, like distributed denial of service attacks that overwhelm a site with traffic or ransomware attacks, the latter of which were a major issue of concern for U.S. national security […]

The post It’s hard to keep a big botnet down: TrickBot sputters back toward full health appeared first on CyberScoop.

Continue reading It’s hard to keep a big botnet down: TrickBot sputters back toward full health

TrickBot really is on the run after Microsoft, Cyber Command disruption

After some initial doubts, Tuesday brought encouraging signs that a multi-front attempt to dismantle the massive TrickBot botnet in advance of Election Day has taken root, perhaps thanks to an extra push. In recent weeks, a Pentagon hacking division and a coalition of organizations led by Microsoft took aim at TrickBot, one of of the world’s largest armies of zombie computers. Fears that attackers could use the botnet to deploy ransomware and disrupt the 2020 election motivated the takedown bids. Microsoft said on Tuesday that, as of the start of this week, it had disabled 120 out of 128 command-and-control servers the company identified as part of TrickBot’s infrastructure, good for a 94% takedown rate. Nearly 60 of the 128 sprung up as cybercriminals sought to fortify its infrastructure, after which Microsoft said it shut down all but one. “To be clear, these numbers will change regularly as we expect action we’ve already […]

The post TrickBot really is on the run after Microsoft, Cyber Command disruption appeared first on CyberScoop.

Continue reading TrickBot really is on the run after Microsoft, Cyber Command disruption