The US has taken the unusual step taking a shot at China over the hacking of Microsoft. This March, Microsoft reported that at least 30,000 customers were affected by a hack that allowed outsiders to access the firm’s email and calendar service through a software loophole previously unknown to the company. Volexity, the cybersecurity firm that first discovered the Exchange breach, and Microsoft concluded the attacks originated from China and appeared to be state-sponsored.
This has now led to the U.S. Justice Department charging four Chinese citizens from China’s secretive ministry of state security who are alleged to have hacked into the computer networks of dozens of companies, universities and government entities. China denies this:
“The U.S. ganged up with its allies and launched an unwarranted accusation against China on cybersecurity,” Chinese Foreign Ministry spokesman Zhao Lijian said Tuesday at a regular press briefing in Beijing. “It is purely a smear and suppression out of political motives. China will never accept this.”
But this is likely the beginning according to Director of Enterprise Security at Darktrace, David Masson:
“We have entered a new era of cyber-threat – attacks are increasing in speed, sophistication, and scale with malicious software like ransomware being able to encrypt an organization’s entire digital infrastructure in seconds. Even more alarmingly, geopolitical tensions are being played out in cyber battles with organizations getting caught in the crossfire.
Although it is difficult to attribute these attacks to any single nation-state, our government should take every opportunity to pressure cyber-criminals and grow international condemnation in the hopes of resetting the current state of unchecked nation and non-nation state cyber-aggression targeting countries globally. This lack of a unified strong and significant international response only further emboldens nation-state driven or sponsored cyber-attacks against the private sector and government institutions.
Canada can lead the way in putting every nation state and cybercriminal group, whether state-sponsored, supported, or simply sheltered, on notice that cyber-attacks will not only be taken extremely seriously, but that there could be a high cost where those responsible are held accountable through all levers of national power.
The priority must be protecting Canadian businesses and institutions from cyber-attacks that pose a threat to both economic and national security.”
Hopefully Canadian businesses, if not all businesses take heed of this warning.
US Companies Will Soon Have To Report Any Instance That They Have Been Pwned Or They Paid A Ransom
Posted in Commentary with tags Cybercrime, Law, USA on March 13, 2022 by itnerdI’ve said for a long time that companies will only ensure that their cyber defences are as strong as they possibly can be if they’re forced to by law. That’s why this news is really good news as far as I am concerned:
Companies critical to U.S. national interests will now have to report when they’re hacked or they pay ransomware, according to new rules approved by Congress.
The rules are part of a broader effort by the Biden administration and Congress to shore up the nation’s cyberdefenses after a series of high-profile digital espionage campaigns and disruptive ransomware attacks. The reporting will give the federal government much greater visibility into hacking efforts that target private companies, which often have skipped going to the FBI or other agencies for help.
“It’s clear we must take bold action to improve our online defenses,” Sen. Gary Peters, a Michigan Democrat who leads the Senate Homeland Security and Government Affairs Committee and wrote the legislation, said in a statement on Friday.
The reporting requirement legislation was approved by the House and the Senate on Thursday and is expected to be signed into law by President Joe Biden soon. It requires any entity that’s considered part of the nation’s critical infrastructure, which includes the finance, transportation and energy sectors, to report any “substantial cyber incident” to the government within three days and any ransomware payment made within 24 hours.
What I hope this does is make companies think long and hard if they want to be on the wrong end of getting pwned, and having to report it to the US Government. Which will make them invest time, effort, money, and more time, effort, and money into people, training and products that will keep their companies from getting pwned. That in turn will hopefully make cybercrimes like ransomware less attractive to cybercriminals, and we will see less of this as a result.
Oh. In case you’re wondering what happens if a company doesn’t report a cyber incident? Here’s your answer:
The new rules also empower CISA to subpoena companies that fail to report hacks or ransomware payments, and those that fail to comply with a subpoena could be referred to the Justice Department for investigation.
The CISA is the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. This is the lead agency for the US Government for this sort of thing. And I am pretty sure that no company wants the Justice Department knocking on their door. Thus this is great news as far as I am concerned.
1 Comment »