Elevated cyber threats are the ‘new normal’ | #itsecurity | #infosec | #cybersecurity | #infosecurity | #hacker

The Biden administration gets darker in its assessment of the nation’s cyber threat

More frequent cyberattacks are the “new normal” for U.S. companies and individuals, the Biden administration’s top cyber officials are warning.

It’s a significant messaging shift for the administration, following more than a year of ransomware attacks pummeling U.S. businesses, schools and local governments and months of warnings about beefed-up Russian cyber aggression related to the war in Ukraine. 

The bottom line: Things are bad out there and unlikely to get better soon. 

• “The prospect of cyberattacks here at home — whether by Russia or other malign state and non-state actors — will not dissipate anytime soon,” Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly and National Cyber Director Chris Inglis warn in an op-ed for the publication CyberScoop.

CISA has been sounding an alarm since mid-February that U.S. companies should put their “shields up” in response to heightened fears of Russian aggression — prompting a breakneck rush of activity among cyber pros to harden their companies’ digital defenses and far more cyber threat information sharing within critical industries.

Now, CISA acknowledges, that pace is unlikely to slow: “In today’s complex, dynamic, and dangerous cyberthreat environment, the answer is that our shields will likely be up for the foreseeable future,” the op-ed states.

The warning reflects a seismic shift in cybersecurity’s role during the last decade and especially the past few years — from an occasional and wonky concern for government and industry to one that often drives policy at the White House, in Congress and among top industry leaders. 

Given the pace of cyber crises, the op-ed frets about the danger of “vigilance fatigue” and warns that “maximum alert posture is not sustainable over a long period of time.”

• Easterly and Inglis lay out the broad strokes of a post “shields-up” world that focuses on more tailored and specific warnings to industry about specific threats.
• They compare the effort to responding to hurricanes and other weather emergencies — where the scope of the response is determined by the specific event. “When a cyberthreat arises that is both severe and wide-ranging, a general warning to the American people will be warranted,” they write. “But when a more localized threat arises … a far more targeted warning must be issued.”

The shift comes amid troubling signs that the cyberthreat could get even worse.

Moscow’s top information security official, A.V. Krutskikh, warned the United States against cyber aggression targeting Russia in an interview yesterday with the publication Komersant, pledging that “a rebuff will certainly follow” and that “there will be no winners in a direct cyber clash of states.”

• That came after Gen. Paul Nakasone, the commander of U.S. Cyber Command, acknowledged in a Sky News interview that U.S. forces are conducing offensive hacks against Russian targets in support of Ukrainian forces — one of the rare times U.S. officials have ever acknowledged conducting such operations.

Ukraine, meanwhile, continues to face a barrage of mostly low-level Russian hacks targeting government agencies, media, energy and financial firms among other targets. During a Monday press briefing marking the 100th day of the conflict, the nation’s top cyber official, Victor Zhora, described a sustained attempt to compromise Ukrainian officials’ phones with malware. Here are details via Reuters’s Raphael Satter.

• Russian hackers have also tried to penetrate government and military computers in Eastern Europe and as far west as Italy — but have not launched any significant and disruptive hacks against the United States since the beginning of the Ukraine conflict.

Supreme Court asks Biden administration to weigh in on WhatsApp vs. NSO lawsuit

The lawsuit launched in 2019 when WhatsApp sued the Israeli surveillance company NSO for exploiting software flaws to help government clients spy on roughly 1,400 of its customers. Now, the controversial spyware maker argues it can’t be sued because it was acting as a contractor for foreign governments  — and should get the same immunity from lawsuits those governments would get in U.S. courts.  

NSO’s argument didn’t fly at the federal or appeals court level, but it’s asking the U.S. Supreme Court to reverse those rulings. NSO asked the Supreme Court to invite the Justice Department to weigh in before deciding whether it will take up the case — a request the court complied with.

The legal case is part of a wave of troubles for NSO. An investigation by The Washington Post and 16 media partners last year found that NSO spyware was used to target dozens of phones belonging to activists, executives and journalists in numerous countries. 

• If NSO receives immunity in the WhatsApp case, it could be shielded from legal consequences in both that case and another filed by Apple. Those suits could pry damaging discovery documents from the spyware company if they proceed.
• In November, the Biden administration blocked NSO from receiving American technologies after finding that its hacking tools were used by governments to “maliciously target” activists, government officials and journalists. 

WhatsApp opposed the request to ask for the Justice Department’s views. Its lawyers told the high court that “nothing justifies NSO’s effort to draw the government into a case that it has shown no interest in supporting.” 

• WhatsApp spokesman Carl Woog said the company “firmly believe that NSO’s operations violate U.S. law” and is “determined to hold NSO accountable.”
• NSO said the company “welcomes the Supreme Court’s decision … which has significant implications on the defense industry and national security community.”

A 2020 election denier is set to be the GOP nominee to lead elections in New Mexico

Audrey Trujillo has called for a “full forensic statewide audit” of the 2020 election. She’s running unopposed in today’s GOP primary to be New Mexico’s next election chief and will go up against the state’s incumbent Democratic election chief Maggie Toulouse Oliver in November.

Trujillo has a history of questionable behavior. 

• She has called the 2020 election a “coup” and asserted U.S. voting systems are “no better than any other communist country like Venezuela or any of these other states where our elections are being manipulated,” The New York Times reports.
• Last month, she suggested her Twitter account was hacked after reporters found that she had shared tweets mocking people from Mexico and saying Jewish people were linked to the development of coronavirus vaccines.
• President Biden won New Mexico by nearly 100,000 votes. In 2018, Toulouse Oliver won her general election by a 20-point margin.

Another election denier is making a long-shot bid to be California’s elections chief. 

Rachel Hamm has called for forensic audits to be conducted in all 50 states. She has also detailed a long battle with Satanists. 

She faces an uphill battle in California, which President Biden won by more than 5 million votes.

A ransomware gang claimed it hacked a cyber giant — but it looks like a PR stunt

The LockBit 2.0 group claimed without evidence that it had hacked the cyber firm Mandiant and threatened to release the company’s files, CyberScoop’s AJ Vicens reports. But Mandiant does “not have any evidence to support their claims,” a Mandiant spokesperson told CyberScoop. 

The dubious claim may have been retribution. Last week, Mandiant linked LockBit ransomware to a separate hacking gang Evil Corp, which the U.S. government says is based in Russia and has ties to Russia’s government.

LockBit 2.0 hasn’t leaked any files from Mandiant. Instead the hackers released a rant and a few images that appeared to depict the group’s negotiations with another victim. Here’s more from CNN’s Sean Lyngaas:

Bleeping Computer Editor in Chief Lawrence Abrams called the gambit a PR stunt aimed at evading U.S. sanctions imposed on Evil Corp.

Meet the Vigilantes Who Hack Millions in Crypto to Save It From Thieves (Motherboard)

AlphaBay Is Taking Over the Dark Web—Again (Wired)

Recorded Future’s Allan Liska tweeted about his observations about the state of the ransomware ecosystem:

Cybersecurity spending isn’t recession-proof. But it’s pretty close. (Protocol)

SPECIAL REPORT-How crypto giant Binance became a hub for hackers, fraudsters and drug traffickers (Reuters)

Russia sanctions U.S. Treasury and energy secretaries, defence and media executives (Reuters)

China to conclude Didi cybersecurity probe, lift ban on new users (Wall Street Journal)

How to screen remote-learning apps for privacy (By Heather Kelly)

• Facebook parent Meta has named Guy Rosen as its first chief information security officer.

• The Atlantic Council’s Digital Forensic Research Lab hosts the second day of its two-day summit today.
• The House Committee on Veterans Affairs holds a hearing on cybersecurity today at 10 a.m.
• The Senate Homeland Security Committee hosts a hearing on ransomware and cryptocurrency payments today at 10 a.m.
• Commodity Futures Trading Commission Chair Rostin Behnam and Sens. Kirsten Gillibrand (D-N.Y.) and Cynthia M. Lummis (R-Wyo.) discuss the future of cryptocurrency regulation at a Washington Post Live event on Wednesday at 9 a.m.
• The House Armed Services Committee’s cybersecurity subcommittee discusses the annual defense authorization bill on Wednesday at 10 a.m.

“I interface with my database and my database is in cyberspace.” Thanks for reading. See you tomorrow.