|
Cyber Daily: Ransom Payments Debate Still Unsettled as Security Officials Urge Victims to Hold Out
|
|
|
|
|
|
Good day. Paying ransoms directly fuels their popularity, Homeland Security official Christopher Krebs warned in a Senate hearing Tuesday. Government and city officials likewise caution that giving in to hackers' demands makes the problem worse, WSJ Pro’s James Rundle reports. But the calculation isn’t simple for companies.
Other news: Huawei equipment for existing telecom networks, including 4G, contains backdoor access, U.S. officials say; and Microsoft issues 99 updates for vulnerabilities.
|
|
|
|
|
Christopher Krebs, director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, at a House hearing last year. PHOTO: JONATHAN ERNST/REUTERS
|
|
|
Don't pay cyber ransoms, officials warn. Municipalities and businesses should think carefully before paying ransoms to hackers, senior government officials say, given the lack of certainty they will recover their data and the role such payments play in promoting crime.
“They’re doing it because they get paid out; the business plan works,” said Christopher Krebs, director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency.
In 2019, at least 170 local governments around the U.S. were hit with ransomware, said John Miller, the New York City Police Department's deputy commissioner of intelligence and counterterrorism.
Read the full article.
|
|
|
|
|
90 Million
|
Number of potentially malicious network access attempts that the state of Michigan repels per day, according to its chief security officer, Christopher DeRusha, who testified at a hearing of the Senate Homeland Security Committee on Tuesday.
|
|
|
|
|
|
Governments have had to weigh Huawei’s alleged threat to national security against what many carrier executives say is its high-quality gear and competitive pricing. PHOTO: MARK SCHIEFELBEIN/ASSOCIATED PRESS
|
|
|
U.S. officials say Huawei can covertly access telecom networks. Intelligence shows Huawei Technologies Co. has had this secret capability for more than a decade, The Journal reports, citing U.S. officials. The U.S. kept the intelligence highly classified until late last year, when American officials provided details to allies including the U.K. and Germany, according to officials from the three countries. That was a tactical turnabout by the U.S., which in the past had argued that it didn’t need to produce hard evidence of the threat it says Huawei poses to nations’ security.
Huawei rejected the allegations. Huawei “has never and will never do anything that would compromise or endanger the security of networks and data of its clients,” the company said.
4G not secure? U.S. officials declined to say whether the U.S. has observed Huawei using its alleged backdoor access. U.S. officials also haven’t provided details about the access, except to say they have been aware of it since observing it in 2009 in early 4G equipment. Washington has been sharing the intelligence with allies for months, and declassified part of it last week to allow for wider distribution, according to the officials.
Microsoft issues fix for web browser flaw it warned of in January. In its latest set of patches, Microsoft Corp. includes one to fix a vulnerability in the Internet Explorer browser that could let a hacker gain the same permissions as a legitimate user, SC Magazine reports. The set also addresses problems in the Windows operating system, Microsoft Exchange and other software—99 potential vulnerabilities in all, which is an unusually large monthly update.
|
|
|
|
|