Trouble viewing this email?  View in web browser ›

The Wall Street Journal ProThe Wall Street Journal Pro

CybersecurityCybersecurity

Sponsored by NetscoutNetscout

Cyber Daily: U.S. Officials Call for More Teeth in Hack-Reporting Rules | Consumers Turn on Big Tech

By James Rundle

 

Good day. Three of the most senior cybersecurity officials in the Biden administration told a Senate committee yesterday that just requiring critical infrastructure operators to report cyber incidents isn't enough, WSJ Pro's David Uberti reports.

Cybersecurity and Infrastructure Security Director Jen Easterly called for a short reporting window for hacked companies and fines for firms that don't comply, proposals that are likely to draw pushback from industry groups and business-friendly lawmakers.

Also today: The Mafia is getting in on cybercrime, Ireland’s state cyber unit is underfunded and overwhelmed, and U.S. voters are concerned about the reach of big tech.

Sponsored by Netscout

Collaboration Is Key

Playing the blame game wastes time. Once these two operations unite, you’ll proactively detect threats without pointing fingers.

Read More

 

Incident Reporting

Jen Easterly, CISA director and a former cybersecurity executive at Morgan Stanley, was among the senior administration officials calling for fines against companies that fail to report attacks. 

PHOTO: ROD LAMKEY/ZUMA PRESS

Reported: Top U.S. cyber officials on Thursday urged Congress to add teeth to proposed requirements that businesses disclose hacks, calling for a 24-hour reporting window after a breach and fines against companies that don’t follow the rules.

Mandating companies that operate critical infrastructure to disclose cyberattacks could help federal agencies and critical economic sectors respond to incidents, security experts say. But many businesses are wary of the tighter regulation and potential penalties for which the Biden administration is advocating.

The statements suggest the Biden administration sees aggressive enforcement as key to a potential incident-reporting regime, which Congress has failed to create over the past decade amid pushback from the private sector.

Read the full story. 

 

More Cyber News

Europol announced the arrest of over 100 people who had ties to organized crime and employed hackers, along with Spanish and Italian police. PHOTO: YURIKO NAKAO/BLOOMBERG NEWS

Mafia groups pivot to cybercrime. Traditional organized crime groups such as the Italian Mafia and Camorra are dabbling in cybercrime. Europol, Spanish and Italian police said this week that they arrested more than 100 people who employed hackers and had ties to Mafia groups. They carried out phishing, SIM swapping and other malware-based attacks. Police involved in the recent arrests said an organized crime ring likely hired technicians as freelance workers, and investigators are still looking for developers who customized malware and sent out the phishing emails. (Vice)

The NCSC is headquartered in Dublin, Ireland.

PHOTO: CHRIS RATCLIFFE/BLOOMBERG NEWS

Ireland’s government cyber unit underfunded, internal report finds. The Irish National Cyber Security Centre is under-resourced and faces considerable strain in the near future to cope with joint European Union initiatives as well as its own objectives, a review commissioned by the NCSC itself found. The confidential review made 45 recommendations to enhance the NCSC’s capabilities and called for additional legal authorities. (Irish Times)

Ransomware groups cheat their affiliates. A prominent ransomware gang built a backdoor into software it provided to affiliates, in order to step in at critical points during the negotiation process, researchers found. Ransomware affiliates can earn up to three-quarters of a ransom, but the backdoor enabled the parent group to take control of chats with victims and secure the entire ransom for themselves, analysis of malware code revealed. Some operators have been open about their ability to do this, while others keep it a secret, researchers said. (Bleeping Computer)

 
Advertisement
‏‏‎ ‎
 

Privacy News‎

Amazon and other big technology companies have generally rejected claims that they exercise too much market power.
PHOTO: DAVID PAUL MORRIS/BLOOMBERG NEWS

Americans express deep concerns about big tech’s power in poll. A survey of U.S. voters found that around 80% are concerned about the power of large technology companies and the visibility they have into consumers’ private lives, and believe that the federal government should act to curb that power. The poll, conducted for the privately funded Future of Tech Commission, found similar responses from both Democrats and Republicans in a sample of over 2,000 voters. (The Wall Street Journal)

 

Weekend Reading

PHOTO: RODRIGO GARRIDO/REUTERS

Banks Share Data to Block Cyberattacks

PHOTO: STEFANI REYNOLDS/BLOOMBERG NEWS

U.S. Sanctions Crypto Exchange Accused of Catering to Ransomware Criminals

PHOTO: GETTY IMAGES/ISTOCKPHOTO

Iowa Grain Cooperative Hit by Cyberattack Linked to Ransomware Group

PHOTO: STEFANI REYNOLDS/BLOOMBERG NEWS

U.S. to Target Crypto Ransomware Payments with Sanctions

 
Share this email with a friend.
Forward ›
Forwarded this email by a friend?
Sign Up Here ›
 

About Us

Write to the WSJ Pro Cybersecurity Team: Kim S. Nash, James Rundle, Catherine Stupp and David Uberti.

Follow us on Twitter: @knash99, @catstupp and @DavidUberti. 

Contact Enterprise Technology Editor Steve Rosenbush at steven.rosenbush@wsj.com or follow him on Twitter: @Steve_Rosenbush.

 
Desktop, tablet and mobile. Desktop, tablet and mobile.
Access WSJ‌.com and our mobile apps. Subscribe
Apple app store icon. Google app store icon.
Unsubscribe   |    Newsletters & Alerts   |    Contact Us   |    Privacy Notice   |    Cookie Notice
Dow Jones & Company, Inc. 4300 U.S. Ro‌ute 1 No‌rth Monm‌outh Junc‌tion, N‌J 088‌52
You are currently subscribed as [email address suppressed]. For further assistance, please contact Customer Service at pro‌newsletter@dowjones.com or 1-87‌7-975-6246.
Copyright 2021 Dow Jones & Company, Inc.   |   All Rights Reserved.
Unsubscribe