| Welcome to The Cybersecurity 202! Hope everyone had a nice break. Awesome Con was fun, it turns out — a real visual feast for people watchers. Was this forwarded to you? Sign up here. Below: A cyberattack caused Microsoft's recent platform outages, and hackers threaten to leak Reddit data in response to its new API policy. First: | As U.S. officials issue dire warnings of Chinese cyberthreat, little hope for improvement after Blinken visit |  U.S. Secretary of State Antony Blinken shakes hands with Chinese President Xi Jinping in the Great Hall of the People in Beijing, China, on Monday. (Leah Millis/AP) | | | If U.S. Secretary of State Antony Blinken's weekend trip to China offered only a little in the way of progress toward stabilizing the overall U.S.-China relationship, it likely offered even less on cyber hostilities between the two nations. Conflict in cyberspace between the United States and China is at something of a peak, with U.S. officials often describing the Chinese cyberthreat as being "unparalleled" or an "epoch-defining threat." If cyber even came up at all during the Blinken trip, neither he nor the State Department publicly said as much. At best, perhaps a more stable relationship could curtail some Chinese hacking modestly, one expert on China cyberattacks told me. "What we could see is maybe a quieting down of the worst of the most overt kind of hacking and intrusion," said Annie Fixler, director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, a think tank. | | The closest thing to the subject coming up was in a readout that mentioned security in regards to North Korea (also known as the Democratic People's Republic of Korea) and China (also known as the People's Republic of China). | | "The two sides discussed a range of global and regional security issues, including Russia's war of aggression against Ukraine, the DPRK's provocative actions, and U.S. concerns with PRC intelligence activities in Cuba," spokesman Matthew Miller said. U.S. officials said recently that Cuba is hosting a spy facility for China, reportedly with the partial goal of collecting electronic communications in the southeastern United States. China has denied the allegations, claiming that it's the United States that has a track record of surveillance and hacking. My colleagues John Hudson and Meaghan Tobin have a full rundown of the "candid" talks between Blinken and Chinese President Xi Jinping. | - "We both agreed on the need to stabilize our relationship," Blinken said, even though they disagreed on other subjects.
- Said Xi in a statement, per a state news outlet: "The two sides have also made progress and reached agreement on some specific issues, and this is very good."
| | The warnings from U.S. officials about Chinese spying have been growing increasingly dire over the last year-plus. FBI Director Christopher A. Wray, for instance, last year said that the Chinese threat (including cyberattacks) has been growing "more brazen, more damaging than ever before." | - "They're not just hacking on a huge scale but causing indiscriminate damage to get to what they want, like in the recent Microsoft Exchange hack, which compromised the networks of more than 10,000 American companies in a single campaign alone," he said in a speech at the Ronald Reagan Presidential Library and Museum.
- Earlier this year, Wray elaborated during testimony before the House Appropriations Committee. "The scale of the Chinese cyberthreat is unparalleled," he said. "They've got a bigger hacking program than every other major nation combined and have stolen more of our personal and corporate data than all other nations big or small combined."
| | Cybersecurity and Infrastructure Security Agency Director Jen Easterly has taken to calling China's cyber activity an "epoch-defining threat." In the past month alone, U.S. cyber companies have called attention to major alleged Chinese hacking campaigns. | - Microsoft said in May that a Chinese government-backed group it calls Volt Typhoon has been compromising U.S. infrastructure, possibly with the goal of disrupting communications between the United States and Asia during "future crises." U.S. cyber agencies issued an alert about the group.
- Mandiant said last week that suspected Beijing-backed hackers exploited a vulnerability in Barracuda Networks' Email Security Gateway to conduct a massive espionage campaign that included government agency victims.
| | There was evidence of a temporary let up in Chinese hacking after a 2015 deal between Xi and then-President Barack Obama to curb cyberespionage. "The nature of the hacking changed," Fixler said. "It was less of a vacuum cleaner approach and it became much more targeted. It continued, but it looked a little different." Now, though, China isn't being as subtle, and is instead growing more overt, experts have been saying. "I think that's true across a number of domains, cyber being just one of them," Fixler said. "It certainly seems like across a number of spaces China is much less risk-averse and is willing to do things that are more outrageous, that you would think even six months to a year ago would have been just sort of too provocative." For now on the cyber front, things look like they'll stay on the same level, said Javed Ali, a former U.S. national security official. "Secretary Blinken's visit with China's leader was a necessary engagement to address each country's respective concerns based on tensions over the last year," Ali, now an associate professor of practice at the Gerald R. Ford School of Public Policy at the University of Michigan, told me via email. "Despite U.S. warnings and moves like economic sanctions, diplomatic demarches, and criminal indictments against Chinese cyber hackers and intelligence officers, these have not yet deterred China from engaging in these attacks, and they will likely continue well into the future — especially with Beijing's anger over expanding U.S. military and economic ties with Taiwan," he said. | | |  | The keys | | Cyberattack caused Microsoft Outlook, cloud platform outages in June |  Microsoft added that there was no evidence of user or company data that had been compromised. (Rick Rycroft/AP) | | | Microsoft disclosed late Friday that disruptions that occurred in its Office suite of tools like Outlook and OneDrive in early June were caused by a cyberattack, Frank Bajak reports for the Associated Press. Hackers flooded the office tools' sites with junk traffic to overload their servers in what is known as a distributed denial of service (DDoS) attack, the report adds. | - "A spokeswoman confirmed that the group that calls itself Anonymous Sudan was behind the attacks. It claimed responsibility on its Telegram social media channel at the time. Some security researchers believe the group to be Russian," Bajak writes.
- Microsoft added that there was no evidence of user or company data that had been compromised.
| | Measuring impact of the attack is difficult unless Microsoft provides more details on the nature of the attacks, sources told the AP. "While DDoS attacks are mainly a nuisance — making websites unreachable without penetrating them — security experts say they can disrupt the work of millions if they successfully interrupt the services of a software service giant like Microsoft on which so much global commerce depends," the report says. | MOVEit fallout continues with growing victim list |  Clop has started demanding ransom payments from victims, though it claims it does not intend to target the U.S. government. (Chris Ratcliffe/Bloomberg) | | | The fallout from a ransomware gang's cyberattack on the secure file transfer software MOVEit continues after its initial discovery weeks ago, with U.S. citizens and agencies being added to its victim list. Millions in Louisiana and Oregon are said to be impacted, Sean Lyngaas reports for CNN, where the breach "has affected 3.5 million Oregonians with driver's licenses or state ID cards, and anyone with that documentation in Louisiana," according to authorities. | | The hackers are linked to the Clop ransomware group, a "repeat player" that has claimed credit for the attack, as previously reported by your newsletter host. Clop has started demanding ransom payments from victims, though it claims it did not intend to target the U.S. government, our colleague Joseph Menn reported Friday. | | The U.S. Cybersecurity and Infrastructure Security Agency and National Institute of Standards and Technology are directing affected entities to patch their MOVEit software by Friday. The State Department will also pay up to a $10 million bounty for information linking the Clop ransomware attacks to a foreign government, Lawrence Abrams from Bleeping Computer reported Saturday. | Hackers threaten to leak Reddit data in response to new API policy |  Hackers are threatening to release confidential Reddit data if the company does not pay a ransom demand and reverse its new controversial API policy. (Matt Slocum/AP) | | - "In a post on its dark web leak site, the BlackCat ransomware gang, also known as ALPHV, claims to have stolen 80 gigabytes of compressed data from Reddit during a February breach of the company's systems," Page writes.
- The report adds: "Reddit spokesperson Gina Antonini declined to answer TechCrunch's questions but confirmed that BlackCat's claims relate to a cyber incident confirmed by Reddit on February 9" when the group used a phishing scam to access employee information and internal documents.
| | Reddit declined to say whether it would respond to the $4.5 million ransom demand. BlackCat is also demanding a withdrawal of the platform's new API policies that have sent the platform into a frenzy, with several major subreddits shutting down in protest. "BlackCat was also linked to a March attack on Western Digital that saw hackers steal 10 terabytes of data from the company, including reams of customer information. That same month, the gang also threatened to leak data allegedly stolen from Amazon-owned video surveillance company Ring," the report adds. | | |  | Global cyberspace | | | |  | Cyber insecurity | | | |  | Hill happenings | | | |  | Daybook | | - DOJ special counsel John Durham testifies before the House Judiciary Committee tomorrow at 9 a.m.
- The World Bank convenes a discussion on securing critical infrastructure tomorrow at 9 a.m.
- Cyberspace and Digital Policy Ambassador Nathaniel Fick speaks at a Hudson Institute event on U.S. tech diplomacy tomorrow at 9:30 a.m.
- CISA's Jen Easterly and Eric Goldstein speak at the Homeland Security & Defense Forum 3rd Annual Evolution of Federal Cybersecurity Symposium beginning at 1 p.m.
- The Atlantic Council holds an event on trust and safety on the web tomorrow at 3 p.m.
- State Department AI director Charles Chen discusses cyber intelligence with the Institute of World Politics tomorrow at 6 p.m.
| | |  | Secure log off | | | Thanks for reading. See you tomorrow. | | |
No comments:
Post a Comment