October to November 2021 were very busy months for cybersecurity news, so SWK Technologies has compiled this recap of some of the top stories to help keep you up to date with the trends that will have the biggest impact on your business. This month’s collection of stories center around the US government’s increasing activities aimed at improving national cybersecurity and readiness, at the legislative, enforcement and even diplomatic levels. Besides the public sector’s programs, there have also been significant movements in the ransomware world, with predicted upsurges in attacks yet some good news in one of the biggest gangs being ostensibly dismantled and its membership brought to justice.
Here are some of the top cybersecurity news stories from October to November 2021:
US Government Shows It’s Serious About Cybersecurity
Almost $2 Billion for Cybersecurity in Infrastructure Bill
The Infrastructure Investment and Jobs Act which finally passed in November includes $1.9 billion earmarked for various cybersecurity funding. Some of the breakdown of monies include:
- $1 billion for state and local governments (including designated territories and tribes) to modernize systems
- $100 million for CISA to secure federal civilian systems
- $100 million for improving government response to network intrusions
The Build Back Better bill which is still being discussed at the time of this writing will also contain funding for cybersecurity programs, including:
- $50 million for cloud security
- $50 million for ICS security
Cybersecurity Bills Passed in Congress, More on the Way
Even while the infrastructure bill while was still being debated, both chambers of Congress were passing their own cyber-focused legislation addressing a number of security concerns across multiple categories. Some are still in review at the time of writing, but their combined language and often bipartisan support reflect just how serious the current US government is becoming about cybersecurity.
Senate bills include:
- Defense of United States Infrastructure Act of 2021
- Federal Cybersecurity Workforce Expansion Act
- CISA Cyber Exercise Act
- GOOD AI Act
House bills include:
- National Defense Authorization Act for Fiscal Year 2022
- Ransomware and Financial Stability Act of 2021
- SBA Cyber Awareness Act
CISA Enforces Government Security Controls
CISA (the DHS’s Cybersecurity and Infrastructure Security Agency) issued a directive to every federal agency obliging them to fix “hundreds” of security vulnerabilities within their technology stacks, including both software and hardware solutions. This directive is aimed at securing many of the gaps that allowed attacks like the infamous SolarWinds breach and preventing similar intrusions of government databases from occurring.
US Joins International & Multi-institutional Cyber Campaign
On November 10, 2021, Vice President Kamala Harris announced that the US would join several collaborative efforts with France and other allies to address cybersecurity, namely the Paris Call for Trust and Security in Cyberspace. Launched by French President Emmanuel Macron in 2018, the Paris Call now includes representatives from many different countries as well as several large private companies like Microsoft and Google.
NSA Director Claims US Gov Surge Against Ransomware
Director of the NSA and concurrent head of US Cyber Command General Paul Nakasone spoke at length the 2021 Aspen Security Forum in Washington, D.C. about efforts being undertaken to combat ransomware. While refusing to comment on “specific operations” being conducted, he did allude to a “surge” over the previous three months along with a focus on going after ransomware gangs’ capabilities and cash flow.
Deputy Treasury Secretary Seeks Cooperation Against Ransomware
U.S. Deputy Treasury Secretary Wally Adeyemo visited several countries in the Middle East mid-November, including Israel, Saudi Arabia, the United Arab Emirates and Qatar, looking for partnerships in combating ransomware and terrorism financing. On November 15, Israeli Finance Minister Avigdor Liberman and National Cyber Directorate Director Yigal Unna announced a formal agreement after talks with Adeyemo that will include cybersecurity exercises as well as information sharing, with an emphasis on securing the global financial sector against attacks.
Ransomware Attacks, Law Enforcement Fights Back
Candy Corn Manufacturer Hacked Before Halloween
The biggest candy corn manufacturer in the US, Ferrara Candy Co., was hacked October 19 and had some of their mission-critical files encrypted after refusing to give into a ransom demand made over a week prior. While their product may make this story seem like a novelty, it reflects a grim reality with ransomware gangs – they research their victims, and they understand how factors like seasonality can make an attack hurt more. Thankfully, with the help of law enforcement and cybercrime experts Ferrara was able to resume most of their operations, albeit at limited capacity going into their Halloween surge.
New Ransomware Type Threatens Victims
Yet another new ransomware type called Yanluowang has hit the scene, making waves for how it directly threatens punitive actions against victims if they attempt to contact law enforcement or cybersecurity professionals. Named appropriately enough after one of the of deities of the underworld in Taoism and Chinese folk religion, the threatening notes also imply that any further perceived lack of cooperation will bring retaliation as well, including deletion of encrypted data, DDOS attacks and even calling partners and employees. Fortunately, the incident where the malware was uncovered involved an unsuccessful attack, but it could still signal a progressively harsher approach from hackers and which will also lead to more victims staying silent.
End of REvil Ransomware Gang?
In a sea of bad news surrounding the ransomware epidemic, there may finally be a highlight – REvil, one of the most notorious ransom gang, was ostensibly dismantled and possibly shut down for good in a series of actions by international law enforcement efforts. Some details are still unconfirmed at the time of this writing to ongoing operations against the cybercriminals and their remaining affiliates, but what is clear is that a huge blow was dealt to the cyber extortion ecosystem, and that it may only be the beginning.
REvil Server Hacked, Group Shuts Down Operations
After shutting down in July 2021 during the Kaseya hack fallout, REvil resumed operations around September 2021 – only for one of their purported leaders to announce on Twitter they would shut down again. They posted several messages claiming that their own server had been hacked, their payment portal for ransoms hijacked and that whoever was responsible was actively tracking them down, forcing them to cover their tracks.
Coalition of US & Allies Brings Down REvil
It was soon revealed that law enforcement and intelligence agencies from several countries were the ones who broke into REvil’s systems by infiltrating their backups and taking control once they spun the databases back up. Nations involved include Romania, Australia, Belgium, Canada, France, Germany, Luxembourg, Norway, the Philippines, Poland, South Korea, Sweden, Switzerland, Kuwait and more, and several arrests mounting as of this writing.
Two REvil Indictments, One Arrest and Millions of Dollars Seized
The US Justice Department was responsible for indicting two of the individuals found in connection with REvil, arresting one, Yaroslav Vasinskyi, after he crossed the border form his native Ukraine into Poland. The other culprit, Yevgeniy Polyanin, is still at large (although believed to be in Russia), but the DOJ did manage to seize $6.1 million in cryptocurrency from payments made to Polyanin suspected to be from ransoms.
Future of REvil and Ransomware
While the dismantling of REvil is indeed good news, ransomware gangs owe part of their persistence to their ability to disperse and rebrand once scrutiny diminishes, and one of REvil’s other known leaders (ironically called “Unknown”) disappeared after the July shutdown with millions of the syndicate’s money. Other former REvil affiliates (including the Colonial Pipeline culprits) have gone through several resurrections. However, the efforts of this multinational coalition indicate a new chapter in cybercrime prosecution, one in which law enforcement can start bridging the digital gap.
Stay Up to Date with the Latest Cybersecurity News & Trends
The pace of cybersecurity trends today can make it too easy to feel inundated with bad news that is hard to sift through to find the lessons that will impact your business, but SWK Technologies is here to help you stay on top of the latest updates and make sense of current trends. Get in touch with our experts today to uncover the risks that most affect you, and learn more about what you can do to protect your systems and data.
Contact SWK today to discover more about the latest cybersecurity news and trends, and how to best to secure your mission-critical assets.
[fc id=’34’][/fc]