Yazılar

Biden to Order Tougher Cybersecurity Standards Amid Growing China Hacking Threat

/in /tarafından

President Joe Biden is preparing to issue an executive order aimed at enhancing cybersecurity standards for federal agencies and contractors, as part of efforts to combat the escalating threat of cyberattacks linked to China and cybercriminal organizations. The new executive order, expected to be published in the coming days, seeks to address several high-profile cyberattacks attributed to China, targeting critical infrastructure, government agencies, major telecom firms, and most recently, the U.S. Treasury Department. While the U.S. government has attributed these hacks to China, Beijing has consistently denied involvement.

The proposed order emphasizes stricter standards for secure software development, including the need for vendors to provide detailed documentation that verifies adherence to these standards. The Cybersecurity and Infrastructure Security Agency (CISA) will be tasked with evaluating and validating this documentation through its software attestation program. Vendors whose software fails validation may face further legal action, as per the draft.

Tom Kellermann, Senior Vice President of Cyber Strategy at Contrast Security, expressed support for the effort to push for more secure software development but warned that the proposed attestation process might not go far enough. Kellermann pointed out that the timeline outlined in the order appears arbitrary given the urgency of the threat posed by China, Russia, and cybercriminal syndicates. “They’re already here,” Kellermann said, stressing the ongoing cyberattacks against U.S. critical infrastructure and government agencies, which have been fueled by foreign state actors.

The executive order also includes guidelines for the secure management of access tokens and cryptographic keys used by cloud providers. In 2023, Chinese-linked hackers exploited vulnerabilities in this area to access email accounts belonging to senior U.S. government officials, an issue that was highlighted by Microsoft.

Brandon Wales, Vice President of Cybersecurity Strategy at SentinelOne, acknowledged that the order builds on efforts from the past five years to strengthen cybersecurity capabilities, and emphasized that the Chinese threat is a major focus. However, he also noted that the U.S. faces a broad range of cybersecurity challenges that require ongoing attention.

The White House has declined to comment on the forthcoming order, and CISA did not respond to requests for comment.

 

US Charges Russian-Israeli Dual National Linked to Lockbit Ransomware Group

/in /tarafından

The U.S. Department of Justice announced on Friday that it has charged Rostislav Panev, a Russian-Israeli dual national, for his alleged involvement with the Lockbit ransomware group. The 51-year-old was arrested in Israel in August and is awaiting extradition to the U.S.

Panev, who was a developer for Lockbit from its inception in 2019 through at least February 2024, played a role in the group’s rise to become one of the most active and destructive ransomware operations in the world, according to the DOJ.

Lockbit and its malware were responsible for cyberattacks on over 2,500 victims across more than 120 countries, including small businesses, large corporations, hospitals, schools, and even government agencies. The group operated a ransomware-as-a-service model, working with affiliates to carry out attacks while sharing the extortion proceeds.

The DOJ estimates that Lockbit and its affiliates extorted at least $500 million from victims, alongside significant financial losses from disruption and recovery efforts.

Panev’s arrest follows recent developments in the case, including guilty pleas from two other Lockbit members in July, and a major seizure of Lockbit websites by law enforcement in February. While the group resurfaced after these actions, cybersecurity experts agree that these efforts have significantly weakened Lockbit’s influence in the cybercrime world.