SolarWinds hack exposes underbelly of supply-chain attacks

Hackers of lore are often depicted breaking into prominent targets by typing frantically on keyboards in dark rooms and yelling “I’m in!” when they’ve purportedly breached their victim’s systems. But the sweeping SolarWinds breach, which has reportedly impacted the U.S. Treasury and Commerce departments, shows the reality is much less flashy and can be far more devastating. Details are still emerging about the SolarWinds breach, in which hackers inserted malicious code into software updates for the SolarWinds network management product Orion in order to conduct cyber-espionage against the U.S. federal government and multiple other targets. But the fallout from the attack, which is suspected to be linked with Russian hackers, is still being investigated, and early indications suggest the ramifications — and victims — could be extensive. In many respects, SolarWinds is just another, typical IT provider with government contracts. The company’s website has touted business with numerous U.S. military and civilian […]

The post SolarWinds hack exposes underbelly of supply-chain attacks appeared first on CyberScoop.

Continue reading SolarWinds hack exposes underbelly of supply-chain attacks

Commerce Department breached as Treasury, others reportedly victimized by suspected Russian hackers

Hackers breached the Commerce Department, and reportedly have infiltrated the Treasury Department and other U.S. agencies, in incidents that government security officials said on Sunday that they were fighting to contain. “We can confirm there has been a breach in one of our bureaus,” a Commerce Department spokesperson said. The spokesperson added that Commerce has asked the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency “and the FBI to investigate, and we cannot comment further at this time.” Reuters reported that foreign nation-backed hackers have been monitoring email traffic at the Treasury Department and Commerce Department’s National Telecommunications and Information Administration, and the attackers apparently used similar tools to breach other agencies. “The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said John Ullyot, a spokesman for the White House’s National […]

The post Commerce Department breached as Treasury, others reportedly victimized by suspected Russian hackers appeared first on CyberScoop.

Continue reading Commerce Department breached as Treasury, others reportedly victimized by suspected Russian hackers

Why the Biden administration needs a National Cyber Director more than ever

As the Biden-Harris administration thinks about cyber appointments and cyber strategy for the first 100 days of the administration, appointing a National Cyber Director role requiring Senate confirmation is critical. The National Cyber Director will coordinate, support, and deconflict efforts on cyber, technology, and related issues led by executive branch agencies, engage the private sector to build trust and advance shared priorities, and represent the administration at home and abroad on cyber. The administration will face a number of cybersecurity and technology challenges upon entering the White House. Effective mobilization and coordination of the government, and engagement with industry and civil society requires a coordinated strategy led by an empowered National Cyber Director who is responsible for the work. That person also must be able to hold federal agencies accountable. The cybersecurity landscape has only grown more complex since President-Elect Biden left office as vice president. Election security, foreign investment […]

The post Why the Biden administration needs a National Cyber Director more than ever appeared first on CyberScoop.

Continue reading Why the Biden administration needs a National Cyber Director more than ever

TikTok gets extensions on US sale order, ban enforcement

The Trump administration is giving Beijing-based ByteDance 15 more days to divest in popular video-sharing app TikTok, the Treasury Department said Friday. The Treasury Department statement is the second executive branch reprieve in as many days for TikTok, which the Trump administration has sought to ban in the United States. The Commerce Department also said Thursday that it wouldn’t start enforcing a TikTok ban as a court battle continues. The Trump administration cited the national security threat posed by the China-based company as a reason for the ban, given the vast amounts of personal information TikTok collects. TikTok has said it doesn’t share data with the Chinese government.   Thursday was the date the Commerce Department had set to implement an executive order that would have forbidden U.S. companies from providing internet and content delivery services to TikTok, which would have effectively shut down its ability to operate in the U.S. […]

The post TikTok gets extensions on US sale order, ban enforcement appeared first on CyberScoop.

Continue reading TikTok gets extensions on US sale order, ban enforcement

US sanctions Russian government institution in connection with Trisis malware

The U.S. Treasury Department sanctioned a Russian government research institute on Friday that it said was connected to the strain of destructive malware frequently labeled the most dangerous in the world. Known as Trisis or Triton, the malicious software is designed to target systems used to safely control emergency shutdowns of industrial plants. Last year, security researchers at Dragos determined that the hackers behind the tool had scanned the networks of U.S. electrical utilities, after the malware initially surfaced in 2017 at a Saudi petrochemical plant. The sanctions mark the first time any government has publicly connected Trisis to Russia. “In recent years, the Triton malware has been deployed against U.S. partners in the Middle East, and the hackers behind the malware have been reportedly scanning and probing U.S. facilities,” Treasury said it its sanctions announcement. “The development and deployment of the Triton malware against our partners is particularly troubling given the Russian government’s involvement in malicious […]

The post US sanctions Russian government institution in connection with Trisis malware appeared first on CyberScoop.

Continue reading US sanctions Russian government institution in connection with Trisis malware

US Treasury sanctions 5 Iranian organizations for alleged election influence operations

The Treasury Department on Thursday announced sanctions against five Iranian organizations for allegedly trying to influence the U.S. election through disinformation campaigns and other attempts to sow discord. Those sanctioned for the activity included the Islamic Revolutionary Guard Corps, one of its alleged front companies, the IRGC’s Quds Force and media companies allegedly linked to the Quds Force. It’s part of a broader federal effort to push back on foreign influence operations less than two weeks from Election Day. The Iranian media outlets are accused of using English-language articles that amplify “false narratives” to sow divisions among U.S. audiences. “As recently as summer 2020, Bayan Gostar was prepared to execute a series of influence operations directed at the U.S. populace ahead of the presidential election,” Treasury said in a statement, referring to one of the alleged front companies. The Iranian Mission to the United Nations did not immediately respond to […]

The post US Treasury sanctions 5 Iranian organizations for alleged election influence operations appeared first on CyberScoop.

Continue reading US Treasury sanctions 5 Iranian organizations for alleged election influence operations

Operator of bitcoin ‘mixers’ that served dark web markets faces $60 million FinCEN penalty

The operator of two “mixer” or “tumbler” services that exchanged cryptocurrency for users on “the darkest spaces of the internet” is facing $60 million in civil penalties from the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN). The decision against Larry Dean Harmon, who operated the services known as Helix from 2014-17 and Coin Ninja from 2017-20, is the first of its kind from FinCEN against a bitcoin mixer. The agency said he failed to register both as money services businesses and violated federal obligations “to develop, implement, and maintain an anti-money laundering compliance program; and to meet all applicable reporting and recordkeeping requirements.” More specifically, Harmon failed to file suspicious activity reports for transactions within dark web markets, as required by the Bank Secrecy Act. “Mr. Harmon operated Helix as a bitcoin mixer, or tumbler, and advertised its services in the darkest spaces of the internet as a way for […]

The post Operator of bitcoin ‘mixers’ that served dark web markets faces $60 million FinCEN penalty appeared first on CyberScoop.

Continue reading Operator of bitcoin ‘mixers’ that served dark web markets faces $60 million FinCEN penalty

US advisory meant to clarify ransomware payments only spotlights widespread uncertainty

If a Treasury Department advisory threatening financial penalties against anyone paying ransomware hackers was intended to send a clear message, it may have done the exact opposite. The Oct. 1 advisory from the Office of Foreign Assets Control warned that paying or helping to pay ransoms to anyone on its cyber sanctions list could incur civil penalties. Across some of the industries mentioned in the advisory — like cybersecurity incident response firms and insurance providers — reactions have ranged from confusion to silence, from yawns to raised eyebrows, from praise to fear of a blizzard of potentially unintended consequences. The worst case scenarios involve ransomware victims in the health sector having to make a life-or-death decision on whether to pay to unlock their systems while at risk of incurring Treasury’s wrath, or situations where victims try even harder to keep attacks quiet to avoid OFAC fines, which sometimes total millions […]

The post US advisory meant to clarify ransomware payments only spotlights widespread uncertainty appeared first on CyberScoop.

Continue reading US advisory meant to clarify ransomware payments only spotlights widespread uncertainty

Negligent data center shutdowns bring $60 million fine for Morgan Stanley

Investment bank Morgan Stanley is paying a $60 million fine to the U.S. government for mishandling the decommissioning of two data centers in 2016, and potentially exposing customer information. The bank reported the problem to wealth management customers this summer, saying that pieces of hardware from the facilities still had some customer data on them after they reached a recycler. In 2019, a similar situation arose during the decommissioning of network devices that stored customer data, according to Office of the Comptroller of the Currency, the Treasury Department agency that announced the fine Thursday. The case is a reminder that potential data breaches come in many forms beyond the usual concepts of cybercriminals hacking into networks to or using business email compromise to trick employees. In both cases at Morgan Stanley, the bank “failed to adequately assess the risk of subcontracting the decommissioning work, including exercising adequate due diligence in […]

The post Negligent data center shutdowns bring $60 million fine for Morgan Stanley appeared first on CyberScoop.

Continue reading Negligent data center shutdowns bring $60 million fine for Morgan Stanley

Incident Response: Pay a Ransom, Go to Jail

Companies that find their files, data or networks locked by a malicious actor demanding an extortion payment now have a new worry in their incident response: The U.S. Department of Treasury. On Oct. 1, the Treasury Department’s Office of Foreign Asset… Continue reading Incident Response: Pay a Ransom, Go to Jail