The cybersecurity sector was met with a number of important victories, wrapping up what could be its best week in recent months.
For an industry facing a near-constant barrage of negative headlines and persistent gaps, this week brought a welcome wave of positive developments. Here are our top four:
DOJ Arrests REvil Members
Ransomware has grown increasingly common, and expensive, in recent years, with companies shelling out almost $600 million to hackers in the first half of 2021, more than all of 2020 combined. Consequently, the federal government has made it a mission to crack down on ransomware groups around the world, with President Biden vowing to "bring the full strength of the federal government to disrupt malicious cyber activity and actors, and leverage international cooperation to disrupt the ransomware ecosystem and address safe harbors for ransomware criminals."
The first signs of success were revealed this week when coordinated raids across South Korea, Europe, and the US brought in 7 suspected REvil operatives while simultaneously recovering millions in ransom payments. The arrests were part of an international operation called GoldDust, which involves law enforcement agencies from over a dozen countries.
REvil, short for Ransomware-Evil, was behind the massive JBS and Kaseya hacks earlier in the year. Two of the suspects, Vasinskyi and Polyanin (Ukranian and Russian, respectively), were arrested in Texas and are directly linked to dozens of attacks.
New Struggles for Nobelium
Nobelium is yet another group backed by the Russian intelligence agency, and was responsible for the SolarWinds hack that enabled hackers to penetrate deep into the US government. (More details about the extant and methodology of the attack can be found here.)
This week, Microsoft (one of the victims of the SolarWinds breach) warned that the group was back at work, targeting the global IT supply chain once again. However, while in the past we've seem them employing highly sophisticated attacks to leverage software vulnerabilities, they've now returned to more traditional espionage and have been largely unsuccessful.
For example, out of the 141 companies that Microsoft warned were being spied on, only 14 have identified a successful breach, and even then, with very limited impact. According to Microsoft, "Between July 1 and October 19 this year, we informed 609 customers that they had been attacked 22,868 times by Nobelium, with a success rate in the low single digits."
CISA Establishes New Advisory Committee
On Wednesday, CISA Director Jen Easterly announced that the Department of Homeland Security will be establishing a new Cybersecurity Advisory Committee, with members from each of the 12 industry sectors. The Committee will be tasked with "developing recommendations on matters related to the development, refinement, and implementation of policies, programs, planning, and training pertaining to the cybersecurity mission of the Agency."
While this alone points to a renewed commitment by the DHS to closing the cybersecurity gaps that plague our national infrastructure and industry, Director Easterly went one step further. As part of her ongoing strategy to reshape the Cybersecurity and Infrastructure Security Agency, Easterly issued a call to the entire ‘hacking community' to take up arms against foreign actors. In fact, she's pledged to appoint hackers to the new Committee, in an effort to attract fresh talent, and build bridges with the often-disenfranchised hacker community.
"At the end of the day, I feel like that's my community, man, and we want to ignite the power of hackers," she said. "Because at the end of the day, the world is full of vulnerabilities and I feel like the offense is dominating the defense. And so I want to make sure that we are tapping into the brilliance and the goodness of that community to help us identify and to close those vulnerabilities."
Finally, Easterly credited the hacking community for focusing the agency's attention on vulnerability remediation and supply chain transparency. A recent executive order included provisions on disclosure policies during the procurement process, a move that Easterly sees as a signal for what the government is expecting from the private sector moving forward.
Court Rules Against NSO Group
Finally, an ongoing legal battle between WhatsApp and the NSO Group (an Israeli outfit that helps law enforcement agencies hack into private phones) has dealt a blow to the hackers-for-hire.
About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.
WhatsApp, along with parent company Meta (formerly Facebook), filed a suit against NSO after they allegedly sent malware through WhatsApp to over 1,000 phones in order to spy on users. The firm's Pegasus software was found on the hacked phones of political leaders, activists, and reporters around the world and has played a role in the Saudi government's murder of Jamal Khashoggi.
NSO Group had filed for sovereign immunity, and this week's decision unequivocally rejected that request. The 20-page opinion by Circuit Judge Danielle J. Forrest concluded that "[t]he law governing this question has roots extending back to our earliest history as a nation, and it leads to a simple answer—no."
This comes on the back of the US Department of Commerce designating the NSO Group as a restricted entity, sending a clear message to even our closest allies that intentional breaches will not be tolerated.
The Rise of the Virtual CISO
Top Four Cloud Security Tips for 2021
Securing Communication Channels in the Enterprise Environment