Skip to main content
search
BlogCybersecurity

SWK Cybersecurity News Recap November 2021

By November 20, 2021No Comments

cybersecurity-news-november-2021-october-revil-ransomware

October to November 2021 were very busy months for cybersecurity news, so SWK Technologies has compiled this recap of some of the top stories to help keep you up to date with the trends that will have the biggest impact on your business. This month’s collection of stories center around the US government’s increasing activities aimed at improving national cybersecurity and readiness, at the legislative, enforcement and even diplomatic levels. Besides the public sector’s programs, there have also been significant movements in the ransomware world, with predicted upsurges in attacks yet some good news in one of the biggest gangs being ostensibly dismantled and its membership brought to justice.

Here are some of the top cybersecurity news stories from October to November 2021:

US Government Shows It’s Serious About Cybersecurity

Almost $2 Billion for Cybersecurity in Infrastructure Bill

The Infrastructure Investment and Jobs Act which finally passed in November includes $1.9 billion earmarked for various cybersecurity funding. Some of the breakdown of monies include:

  • $1 billion for state and local governments (including designated territories and tribes) to modernize systems
  • $100 million for CISA to secure federal civilian systems
  • $100 million for improving government response to network intrusions

The Build Back Better bill which is still being discussed at the time of this writing will also contain funding for cybersecurity programs, including:

  • $50 million for cloud security
  • $50 million for ICS security

Cybersecurity Bills Passed in Congress, More on the Way

Even while the infrastructure bill while was still being debated, both chambers of Congress were passing their own cyber-focused legislation addressing a number of security concerns across multiple categories. Some are still in review at the time of writing, but their combined language and often bipartisan support reflect just how serious the current US government is becoming about cybersecurity.

Senate bills include:

House bills include:

CISA Enforces Government Security Controls

CISA (the DHS’s Cybersecurity and Infrastructure Security Agency) issued a directive to every federal agency obliging them to fix “hundreds” of security vulnerabilities within their technology stacks, including both software and hardware solutions. This directive is aimed at securing many of the gaps that allowed attacks like the infamous SolarWinds breach and preventing similar intrusions of government databases from occurring.

US Joins International & Multi-institutional Cyber Campaign

On November 10, 2021, Vice President Kamala Harris announced that the US would join several collaborative efforts with France and other allies to address cybersecurity, namely the Paris Call for Trust and Security in Cyberspace. Launched by French President Emmanuel Macron in 2018, the Paris Call now includes representatives from many different countries as well as several large private companies like Microsoft and Google.

NSA Director Claims US Gov Surge Against Ransomware

Director of the NSA and concurrent head of US Cyber Command General Paul Nakasone spoke at length the 2021 Aspen Security Forum in Washington, D.C. about efforts being undertaken to combat ransomware. While refusing to comment on “specific operations” being conducted, he did allude to a “surge” over the previous three months along with a focus on going after ransomware gangs’ capabilities and cash flow.

Deputy Treasury Secretary Seeks Cooperation Against Ransomware

U.S. Deputy Treasury Secretary Wally Adeyemo visited several countries in the Middle East mid-November, including  Israel, Saudi Arabia, the United Arab Emirates and Qatar, looking for partnerships in combating ransomware and terrorism financing. On November 15, Israeli Finance Minister Avigdor Liberman and National Cyber Directorate Director Yigal Unna announced a formal agreement after talks with Adeyemo that will include cybersecurity exercises as well as information sharing, with an emphasis on securing the global financial sector against attacks.

cyber-security-news-stories-recap-november-october-2021-infrastructure

Ransomware Attacks, Law Enforcement Fights Back

Candy Corn Manufacturer Hacked Before Halloween

The biggest candy corn manufacturer in the US, Ferrara Candy Co., was hacked October 19 and had some of their mission-critical files encrypted after refusing to give into a ransom demand made over a week prior. While their product may make this story seem like a novelty, it reflects a grim reality with ransomware gangs – they research their victims, and they understand how factors like seasonality can make an attack hurt more. Thankfully, with the help of law enforcement and cybercrime experts Ferrara was able to resume most of their operations, albeit at limited capacity going into their Halloween surge.

New Ransomware Type Threatens Victims

Yet another new ransomware type called Yanluowang has hit the scene, making waves for how it directly threatens punitive actions against victims if they attempt to contact law enforcement or cybersecurity professionals. Named appropriately enough after one of the of deities of the underworld in Taoism and Chinese folk religion, the threatening notes also imply that any further perceived lack of cooperation will bring retaliation as well, including deletion of encrypted data, DDOS attacks and even calling partners and employees. Fortunately, the incident where the malware was uncovered involved an unsuccessful attack, but it could still signal a progressively harsher approach from hackers and which will also lead to more victims staying silent.

End of REvil Ransomware Gang?

In a sea of bad news surrounding the ransomware epidemic, there may finally be a highlight – REvil, one of the most notorious ransom gang, was ostensibly dismantled and possibly shut down for good in a series of actions by international law enforcement efforts. Some details are still unconfirmed at the time of this writing to ongoing operations against the cybercriminals and their remaining affiliates, but what is clear is that a huge blow was dealt to the cyber extortion ecosystem, and that it may only be the beginning.

REvil Server Hacked, Group Shuts Down Operations

After shutting down in July 2021 during the Kaseya hack fallout, REvil resumed operations around September 2021 – only for one of their purported leaders to announce on Twitter they would shut down again. They posted several messages claiming that their own server had been hacked, their payment portal for ransoms hijacked and that whoever was responsible was actively tracking them down, forcing them to cover their tracks.

Coalition of US & Allies Brings Down REvil

It was soon revealed that law enforcement and intelligence agencies from several countries were the ones who broke into REvil’s systems by infiltrating their backups and taking control once they spun the databases back up. Nations involved include Romania, Australia, Belgium, Canada, France, Germany, Luxembourg, Norway, the Philippines, Poland, South Korea, Sweden, Switzerland, Kuwait and more, and several arrests mounting as of this writing.

Two REvil Indictments, One Arrest and Millions of Dollars Seized

The US Justice Department was responsible for indicting two of the individuals found in connection with REvil, arresting one, Yaroslav Vasinskyi, after he crossed the border form his native Ukraine into Poland. The other culprit, Yevgeniy Polyanin, is still at large (although believed to be in Russia), but the DOJ did manage to seize $6.1 million in cryptocurrency from payments made to Polyanin suspected to be from ransoms.

Future of REvil and Ransomware

While the dismantling of REvil is indeed good news, ransomware gangs owe part of their persistence to their ability to disperse and rebrand once scrutiny diminishes, and one of REvil’s other known leaders (ironically called “Unknown”) disappeared after the July shutdown with millions of the syndicate’s money. Other former REvil affiliates (including the Colonial Pipeline culprits) have gone through several resurrections. However, the efforts of this multinational coalition indicate a new chapter in cybercrime prosecution, one in which law enforcement can start bridging the digital gap.

The pace of cybersecurity trends today can make it too easy to feel inundated with bad news that is hard to sift through to find the lessons that will impact your business, but SWK Technologies is here to help you stay on top of the latest updates and make sense of current trends. Get in touch with our experts today to uncover the risks that most affect you, and learn more about what you can do to protect your systems and data.

Contact SWK today to discover more about the latest cybersecurity news and trends, and how to best to secure your mission-critical assets.

""
1
CONTACT SWK IT SERVICES TO LEARN MORE
First Name
Last Name
PhonePhone Number
Company
Messagemore details
0 /
Previous
Next
Close Menu
SWK Technologies, Inc.