Pete Recommends – Weekly highlights on cyber security issues, June 13, 2021

Subject: Ransomware Task Force co-chair says a ban on ransom payments would need to be phased
Source: FedScoop

Any federal ban on the payment of ransom demands by hackers in cyberspace would likely need to be phased, according to a co-chair of the Ransomware Task Force. In an interview with FedScoop, Chris Painter said that any such move would be introduced incrementally, and would be accompanied by new measures to support entities hit with online attacks, such as a victims recovery fund. While federal agencies don’t pay hacker ransoms, legislation would be needed to create a fund so ransomware victims could avoid paying or to elevate cybersecurity resiliency over a period of several years, he added.

“You can phase [a ban] in over time. You can come up with various backstops to help fund or protect them to get them up to a particular level of standards over a period of a couple of years,” Painter told FedScoop….


Subject: US power grid: Energy secretary says adversaries have capability of shutting it down
Source: CNNPolitics

(CNN) Energy Secretary Jennifer Granholm on Sunday warned in stark terms that the US power grid is vulnerable to attacks.

Asked By CNN’s Jake Tapper on “State of the Union” whether the nation’s adversaries have the capability of shutting it down, Granholm said: “Yeah, they do.”

“There are thousands of attacks on all aspects of the energy sector and the private sector generally,” she said, adding, “It’s happening all the time. This is why the private sector and the public sector have to work together.”The secretary’s warning comes amid a rise in ransomware attacks in America’s public and private sectors in the recent weeks, creating a sense of urgency in the Biden administration on how to confront cyber vulnerabilities. The issue will take an outsized role during President Joe Biden’s first foreign trip this week, during which he is set to talk with European leaders and meet with Russian President Vladimir Putin in Geneva, Switzerland.

Last week, the White House issued a letter to companies calling on them to take the threat of ransomware attacks more seriously, following back-to-back attacks by Russian hackers against the Colonial Pipeline Company last month and the JBS meatpacking plant….

Subject: DHS faces setbacks implementing CDM, watchdog says
Source: FCW

Setbacks and multiple delays have hampered the Department of Homeland Security in its efforts to build and implement a Continuous Diagnostics and Mitigation (CDM) program, according to an audit conducted by the department’s inspector general.

The IG report published last week identified vulnerabilities which it said left the department vulnerable to cybersecurity attacks after DHS failed to clearly define patch management responsibilities and implement required configuration settings.

Subject: Fastly internet outage won’t be last: How to prepare, protect yourself
Source: USA Today

With more and more data and services moving online amid a growing network of computer hubs across the U.S. and the world, issues will arise due to glitches and mechanical failures – or worse, from bad actors such as ransomware purveyors.

Still, we continue to adopt an increasingly digital lifestyle, with more functionality on mobile devices – Apple on Monday proposed putting driver’s licenses, as well as home and car keys, into iPhones. And most of us don’t really think about or understand, the technology behind this digital lifestyle.

And this connected existence is not as robust, reliable and secure as you might think. Just as subways may run slower than expected or trains derail, so can there be incidents on the information highway.

“We just assume all this stuff is here all the time. I think the purveyors of our digital lives have gone out of their way to made us feel like it’s always there,” said Shelly Palmer, CEO at The Palmer Group, a tech strategy advisory group, and author of “Blockchain – Cryptocurrency, NFTs & Smart Contracts: An executive guide to the world of decentralized finance.”

How do internet shutdowns happen?

This latest incident occurred due to a problem at Fastly, a San Francisco-headquartered content delivery network that supports websites for companies such as The New York Times, GitHub, Pinterest and others. It has deployed thousands of computer servers across the U.S. and the globe so that content is easily accessed by consumers.

Subject: This is how fast a password leaked on the web will be tested out by hackers
Source: ZDNet via beSpacific

ZDNet: “Half of accounts compromised in phishing attacks are manually accessed within 12 hours of the username and password being leaked, as cyber criminals look to exploit stolen credentials as quickly as possible. Cybersecurity researchers at Agari planted thousands of credentials – that were made to look like they belonged to real users, but were in fact of under the control of the researchers – onto websites and forums popular for dumping stolen usernames and passwords. The false credentials – seeded over the course of six months – were designed to look like compromised logins for well-known cloud software applications. Researchers found that the accounts are actively accessed within hours of the login credentials being posted online on phishing websites and forums…”

ZDNet filed in:


Subject: 7 Telltale Signs You’re on the Phone With a Scammer
Source: Make Use Of [MUO]

Thieves use all sorts of phone scams to rip you off. Here are some telltale signs that you’re talking to a scammer on the phone.You’re on the phone with someone who claims they need to fix a problem on your computer. Or maybe a loved one contacts you and needs your help to get out of a jam.

Before you proceed, take a minute to think. Because in many types of phone scenarios, there’s a good chance that you could end up falling for a scam. Keep the below red flags below in mind next time you get a phone call that seems suspicious.

Stay Safe From Phone Scams and More – Now you know about the most popular phone scams you’ll encounter in the wild. It’s important to stay vigilant, as many of these scams count on you acting without thinking. We recommend that you avoid phone calls from unknown numbers, and you should certainly never agree to anything from an unsolicited phone call before checking with someone you trust.

Remember that phone scams aren’t the only danger, either. Know the signs of common email scams, like the adult website Bitcoin scam, to avoid getting ripped off there too.

Filed in:

Subject: Why ransomware attacks are becoming a national security risk
Source: WHYY

The United States suffered 65,000 ransomware attacks last year – or over seven an hour. And it will likely get worse. What was previously seen as a nuisance is fast becoming a national security problem as cybercriminals target key parts of the country’s infrastructure. A recent attack on Colonial Pipeline sparked panic buying that emptied many gas stations across the Southeast, while another attack on JBS raised fears about the domestic beef supply.

The surge in attacks has been years in the making. Last year, there were 65,000 ransomware attacks, according to Recorded Future, a Boston-based cybersecurity company.

Companies and institutions have long neglected their IT systems, leaving them exposed to hacking, experts say. The pandemic has made them more vulnerable, as many Americans use personal modems and routers to work from home.

Stopping the attacks will be difficult. Criminals today can easily find sophisticated malware in dark corners of the web, and the growing popularity of cryptocurrencies such as Bitcoin is further emboldening cybercriminals by making it easier for them to evade law enforcement and financial regulators.

“I do think cryptocurrency has actually helped facilitate the ransomware market,” says Kiersten Todt, the managing director of the Cyber Readiness Institute.

Subject: Chinese Authorities Apprehend Over 1,100 Bitcoin Criminals
Source: Gizmodo

The bust spanned 23 different major provinces and cities, and rounded up more than 170 “criminal gangs,” the Ministry said. This is the fifth leg of what local authorities dubbed “Operation Card Broken,” which is meant to crack down on fraudsters peddling phone cards and credit cards across international borders. Back in late 2020, Chinese President Xi Jinping pushed law enforcement to take a tougher stance on telco fraud, after more than 30,000 people were caught committing these sorts of scams in the first half of the year.

Typically, scammers involved with sim-swap fraud or similar schemes will use stolen bank account credentials when they need to launder money. In recent years though, that’s become a bit more difficult, thanks to Chinese authorities getting better at intercepting payments before swindlers can pocket them. To get around this, the Ministry explained, these actors turned to crypto to transfer their funds and convert them between multiple currencies to cover their tracks.

Filed in Tech News

Subject: Lawmakers Renews Calls for Feds to Explore Tech to Protect American Consumers
Source: Nextgov

A proposal that would direct several federal entities to determine ways blockchains and artificial intelligence could heighten consumer safety is again up for Congress’ consideration.Rep. Jerry McNerney, D-Calif., recently introduced a bill that calls for three government-led efforts to help lawmakers and agencies better understand how emerging technologies can be applied to protect American shoppers. Another Democrat and three Republicans signed on to co-sponsor the legislation.

Though it doesn’t have the same title, the latest bill mirrors the Consumer Safety Technology Act McNerney put forward in the last Congressional session. That legislation passed the House but ultimately didn’t make it through the Senate.

Like the earlier, amended version, this fresh act includes three provisions various lawmakers have brought to the table before. The final text is not yet published on Congress’ site but was shared with Nextgov this week.

Posted in: AI, Blockchain, Congress, Cybercrime, Cybersecurity, Economy, Financial System, Legal Research, Legislative