|
|
|
|
|
|
|
|
|
|
Cyber Daily: DOJ Seeks More Ransomware Victim Reports
|
|
|
|
|
|
|
|
Good morning. Law enforcement authorities have an incomplete picture of how well their efforts against ransomware groups are working because not enough companies report attacks. At our WSJ Pro Cybersecurity conference on Wednesday, Principal Associate Deputy Attorney General John Carlin said that without more detail from victims, the Justice Department can’t say whether ransomware attacks are increasing or decreasing.
Also at the event, Intercontinental Exchange CISO Jerry Perullo said that even a contract with a small vendor can introduce an existential threat to companies. Plus, Secret Service Director James Murray said authorities can more easily return stolen funds to victims if they quickly report a cybercrime. More below.
|
|
|
|
|
CONTENT FROM OUR SPONSOR: Netscout
|
|
5 Steps for Improving Collaboration Between IT and Security
The need to defend and protect vital assets and network systems grows more urgent each day. Learning these tried-and-true techniques will ensure better communication, cooperation and security results.
Get Started
|
|
|
|
|
|
|
|
|
Pro Cybersecurity Executive Forum
|
|
|
|
|
|
|
The Justice Department has launched a number of initiatives designed to combat cybercrime and ransomware in particular. PHOTO: STEFANI REYNOLDS/BLOOMBERG NEWS
|
|
|
|
|
|
The Justice Department can’t tell if its recent initiatives against ransomware groups are working because not all victims report attacks to authorities, Principal Associate Deputy Attorney General John Carlin said at the WSJ Pro Cybersecurity Forum on Wednesday. Earlier this year, the department launched a number of initiatives to tackle ransomware gangs, and announced new rules for federal contractors, but the lack of complete data from victims makes it impossible to know if those efforts have had an effect on the number of attacks. “We’re not there right now,” he said. Read the full story.
Authorities want to know about cyberattacks sooner rather than later. The Secret Service seized around $2 billion in the last five years and prevented the loss of around four or five times that amount, James Murray, the agency’s director, said at the conference. Authorities can return money to victims much more quickly if they find out about an attack early and stop the theft. One company reported a business email compromise attack last Wednesday. By Friday, the money was frozen and on its way back to the victim, he said. “A lot of times we’re not able to seize the money because it’s gone because of the delay in letting law enforcement know,” he added.
Tech supply chain security is a big concern for many companies. SolarWinds President and CEO Sudhakar Ramakrishna said it would have been irresponsible if the company hadn’t publicly reported details about the major hack it suffered last December. “A lot of people ask me why SolarWinds and why Microsoft in some cases. I like to describe it as the price you pay for ubiquity so to speak, meaning you’re deployed in a very large number of organizations and if you can be penetrated and potentially with admin privileges, then the possibility to laterally move in the organization increases,” Mr. Ramakrishna said.
Even a low-value contract with a small vendor can pose a major security risk to a company, said Jerry Perullo, chief information security officer at Intercontinental Exchange. “There’s a real asymmetry between the contract when it comes to cybersecurity and the value of risk,” he said. Limiting liability in contracts isn’t going to make a vendor more secure. The way for a CISO to have assurance that a vendor has strong security measures is to commission third-party penetration testing, he added.
|
|
|
|
Quotes From The Conference
|
|
|
|
“There is a risk, whether it’s the Treasury Department or Congress or whomever, of overregulating in this space because what happens is you force these people to not use those spaces that are out there. It makes them harder to detect.”
James Murray, Director, U.S. Secret Service, on efforts to impose new rules on cryptocurrency exchanges
|
|
|
|
“We boiled it down to three possibilities: a spearphishing attack, a password-spraying attack or a zero-day vulnerability. If you were to ask me without knowing anything what was my first guess, my first guess was a targeted spearphishing attack. But there’s no way to confirm it.”
Sudhakar Ramakrishna, President and CEO, SolarWinds Corp., on how hackers penetrated his company
|
|
|
|
“Even if my CFO said ‘Hey, here’s $50 million, go hire all the people you want,’ it’s very challenging to get those qualified people. You kind of have a very difficult perfect storm situation where existing resources are more and more stressed out, the threat level is increasing and it’s hard to resource the problem away.”
Joey Johnson, CISO, Premise Health
|
|
|
|
“What happens is, I think there’s a figure that’s less than a million or maybe even millions, there’s no investigation that happens. There is an investigation happening in our case right now and that’s because I don't take no for an answer, quite frankly, because to me $650,000 is real money.”
Sherry Williams, Executive Director, One Treasure Island, on getting law enforcement's help with a business email compromise attack
|
|
|
|
|
|
|
|
|
More Cyber and Privacy News
|
|
|
|
|
|
PHOTO: MICHAEL M. SANTIAGO/GETTY IMAGES
|
|
|
|
|
|
|
FBI seized $2.3 million from ransomware affiliate. The Federal Bureau of Investigation seized $2.3 million from an affiliate of the REvil and GandCrab ransomware groups in August, according to court documents unsealed this week. The FBI’s complaint didn’t state how they accessed the Exodus wallet where the bitcoins were stored. The Justice Department said in November that the FBI seized $6 million in ransoms paid to REvil. It is unclear if that includes August's $2.3 million. (BleepingComputer)
Finnish court disallows data from encrypted phone company that worked with FBI. A Finnish court said phone messages were obtained illegally in a drug-related case because the suspect used the Anom app, which secretly sent messages to the FBI and Australian police. In June, law enforcement made hundreds of arrests based on messages between alleged drug smugglers who used the app. Authorities didn’t apply for the correct permits required for surveillance, the court said. (Vice)
|
|
|
|
|
PHOTO: SUSAN WALSH/ASSOCIATED PRESS
|
|
|
|
|
FBI investigated potential hacking of Jeff Bezos's phone. The FBI investigated the possibility that the phone of Amazon founder Jeff Bezos was compromised, as part of a broader probe into Saudi-sponsored hacking and espionage in the U.S. Mr. Bezos's security team accused Saudi Arabia of hacking his phone to obtain data and accused the National Enquirer in 2019 of trying to extort him with embarrassing texts and photos.
|
|
|
-
The FBI didn't obtain Mr. Bezos's phone and stopped short of some technical steps in the investigation, such as "jailbreaking" the phone to bypass security restrictions. The investigation wasn't a high priority for the FBI, people familiar with the matter said. It hasn't led to public action from authorities.
-
Cybersecurity experts from FTI Consulting hired by Mr. Bezos wrote in a report that the phone was likely hacked by a WhatsApp account associated with Saudi Crown Prince Mohammed bin Salman. Saudi Arabia has previously denied allegations about the phone hack. (WSJ)
Russian national sentenced to five years in cybercrime case. Aleksandr Grichishkin, who was sentenced on Wednesday by a federal judge in Michigan, had earlier pleaded guilty to federal charges related to his role in providing computer infrastructure to hackers launching cyberattacks on U.S. financial institutions between 2009 and 2015. Mr. Grichishkin also helped hackers evade law enforcement, the Justice Department said. Three other men have also pleaded guilty in the case; one received a two-year prison term and one received four years, according to the Justice Department. The remaining co-conspirator awaits sentencing.
|
|
|
|
|
|
|
|
|
PHOTO: JIN LIANGKUAI/ZUMA PRESS
|
|
|
|
|
China calls for better cross-border data security. China’s Ministry of Industry and Information Technology, led by Xiao Yaqing, pictured, named improved security management of cross-border data flows in its new five-year plan. The plan refers to data as a “national strategic resource” and calls for improved computer power and for China to take a leading role in developing global tech standards. China introduced two laws this year that address how companies store and handle data, the Personal Information Protection Law and the Data Security Law. (Reuters)
|
|
|
|
|
|
$8,500
|
|
Average price in online hacker forums for access to a corporate network using stolen admin credentials, according to cybersecurity firm TrendMicro.
|
|
|
|
|
|
|
|
|
|
|
|
|
