The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Today's ransomware summit is about international cooperation

The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Good morning and happy Wednesday! Scroll down to read about the hottest paint color in the cybersecurity world.

Below: Chinese hackers targeted groups with a Microsoft vulnerability and scammers target iPhone dating app users in Europe.

The White House has kicked off its 30-country ransomware summit

Today and tomorrow the White House is huddling with representatives from 30 countries and the European Union to discuss ways to tackle ransomware, as it tries to build an international coalition to combat the growing problem of hacks.

Much of the meeting will be focused on resilience, virtual currencies, law enforcement disruptions and diplomacy efforts, a senior administration official told reporters Tuesday. India, the United Kingdom, Australia and Germany are organizing and leading those sessions.

“We know very well – all of us who have gathered here today – that we cannot do this alone,” national security advisor Jake Sullivan said this morning in opening remarks. “No one country, no one group, can solve this problem.”

“Your participation underscores that our governments are very much like-minded in one important respect: we've recognized the urgency of the ransomware threat, the need to protect our citizens and businesses from it, and the criticality of international cooperation to counter it,” he added.

Accomplish what?

It's unclear exactly what might result from the meeting; a senior administration official declined to comment on what they want the results to look like. But Chris Painter, the State Department’s top cyber diplomat under former president Barack Obama, listed some actions that might potentially result.

  • The top point of such a summit is “a commitment to working with like-minded countries to go after this threat,” Painter said. It follows similar talks at the G-7 and NATO, he added.
  • High-level commitments like cracking down on cryptocurrency abuse could come out of the meeting, Painter said.
  • The countries could also pinpoint further work that needs to be done and how the countries can meet to discuss it in the future, he said.

This type of bilateral cooperation is just what the U.S. needs, said Allan Liska, a ransomware expert at cybersecurity firm Recorded Future. 

“I think this is good,” Liska said. "We need multiple-country cooperation in order for whatever sanctions or whatever steps are going to be taken to actually work. It can't just be the U.S. doing this; it has to be Europe, it has to be Asia, it has to be kind of all of these countries coming together and saying, ‘no, we’re going to put a stop to this, and whatever that takes.’ ”

Experts will be looking for actions that come after the meeting.

“More important than the meetings is the follow-on actions,” Red Canary director of intelligence Katie Nickels told my colleague Ellen Nakashima. Nickels said she’d be looking for “firm commitments to cooperating on investigations [and] extraditions.” 

“We all need to be cautious of declaring victory too soon,” Nickels said.

Growing problem

The summit reflects the significance of the issue for Washington and the global community. Ransomware, once seen as a criminal menace, has been elevated to a national security issue following cyberattacks on Colonial Pipeline, a major U.S. pipeline, and international meat processor JBS.

The 30 countries include Ukraine, which arrested a pair of suspected ransomware operators last week. And officials from Bulgaria, Canada and South Korea, which have conducted raids or arrested suspected ransomware criminals this year, are also attending.

Russia, which the White House and experts say is harboring many ransomware groups, wasn’t invited, the official said. That makes sense, Stewart Baker, a former top National Security Agency and Department of Homeland Security official who is of counsel at Steptoe & Johnson, told me.

“If you want to have candid discussions about the problem — and Russia is the problem — you don't invite the problem in to discuss it in front of them because if they're there, they will be looking to disrupt progress, to prevent agreement and the like,” Baker said.

“It already sends a signal that 30 countries are willing to come to a meeting that talks about this problem and that doesn't include Russia,” Baker said. “That means they're all willing to leave Russia out of this while they talk about it, and for countries that are not as big and hard to hurt as the U.S., that's already a step forward.”

Who's not at the meeting is significant, said Megan Stifel, the global policy officer at the Global Cyber Alliance.

When there is a “group of countries who are coming together to agree in principle on a problem and that they will individually and collectively take action to combat it … there is kind of a loud absence of certain countries from that conversation,” she said.

Meanwhile, ransomware isn’t going away.

“I have not seen any significant, material changes,” CISA Director Jen Easterly said at a Washington Post Live event last week. “We have seen ransomware gangs that seem to have gone offline for a period of time. That's not terribly unusual … this is a difficult, complicated problem.”

The keys

A Trump-era cybersecurity official sued the Pentagon after being placed on leave five months ago

Katie Arrington argues in a lawsuit that the National Security Agency suspended her security clearance to “interfere with the cyber security activities that [she] was running through DoD, which NSA did not support.” The lawsuit alleges that she “has been deprived of procedural and substantive due process,” Bloomberg’s Anthony Capaccio reports.

In 2020, Arrington began working as the chief information security officer for acquisition and sustainment at the Defense Department. Former president Donald Trump endorsed her when she unsuccessfully ran for a congressional seat in 2018.

In her lawsuit, Arrington says that she was told in a May memo that her classified security clearance was suspended “as a result of a reported Unauthorized Disclosure of Classified Information and subsequent removal of access” by the NSA. Arrington was put on administrative leave, according to Pentagon spokeswoman Jessica Maxwell.

The NSA declined to comment. Pentagon spokesman John Kirby declined to comment on Arrington’s case in detail. The Pentagon referred Bloomberg to the Justice Department, which did not respond.

China-linked hacking group targeted servers with previously unknown Microsoft vulnerability

Versions of the hack were found in cyberespionage campaigns on IT companies, defense contractors and “diplomatic entities,” according to researchers from Kaspersky. Microsoft patched the vulnerability on Tuesday, they said.

Researchers connected the hacking group to a Chinese-speaking group called IronHusky after spotting similarities in their code and infrastructure. They said they first spotted attacks using the vulnerability in late August and early September.

Olympus was hit by an apparent cyberattack less than a month after it was targeted by ransomware hackers

The Japanese technology company is investigating the “potential cybersecurity incident” that affected its systems in the United States, Canada and Latin America, CyberScoop's AJ Vicens reports. The company said it detected the incident Sunday.

“The Tokyo-based company has offices and subsidiaries around the world, which produce and sell equipment such as medical devices and various microscopes,” Vicens writes.

A company spokesperson did not respond to a request for comment from CyberScoop.

In September, the BlackMatter ransomware group targeted Olympus's systems in Europe, the Middle East and Africa. 

Cyber insecurity

Scammers target iPhone dating app users

Victims in Europe have lost thousands of dollars through the CryptoRom scam, according to researchers from Sophos. Scammers have successfully convinced people on popular dating apps to install fake cryptocurrency trading apps. They also push their victims to invest large amounts of money during the scam, the researchers say.

One of the cryptocurrency wallets that scammers directed a victim to contained at least $1.4 million. “This scam campaign remains active, and new victims are falling for it every day, with little or any prospect of getting back their lost funds,” the researchers write.

Microsoft said it mitigated a 2.4 Tbps DDoS attack, the largest ever (The Record)

Woman allegedly hacked flight school, cleared planes with maintenance issues to fly (Motherboard)

Azure, GitHub, GitLab, BitBucket mass-revoke SSH keys following bug report (The Record)

Industry report

CIA funding arm gave encrypted app Wickr $1.6 million (Motherboard)

Global cyberspace

Report: China’s network security spending set to double in first half of 2021 (The Record)

Chat room

We made it: Sherwin-Williams's October color of the month is “Cyberspace.” Intel 471's Greg Otto:

Whitney Merrill, Asana's data protection officer and privacy counsel:

Facebook's Nathaniel Gleicher:

Product security manager Immanuel Chavoya:

Daybook

  • Cybersecurity executives and experts speak on the second day of Recorded Future’s Predict 21 conference today.
  • National Cyber Director Chris Inglis, CISA Director Jen Easterly, U.K. National Cyber Security Centre CEO Lindy Cameron and others participate in CISA's annual four-week cybersecurity summit today.
  • CISA Deputy Director Nitin Natarajan and Rep. Jim Langevin (D-R.I.) speak at the Blackberry Security Summit today.
  • Cybersecurity executives and officials speak at the Pearson Global Forum on Thursday.
  • Palo Alto Networks Chair and CEO Nikesh Arora and Suzanne Spaulding, a senior adviser at the Center for Strategic and International Studies and former DHS official, speak at a Washington Post Live event on Thursday at 4 p.m.
  • Natarajan speaks at the Oregon Cyber Resilience Summit on Thursday at 5:30 p.m.

Secure log off

Thanks for reading. See you tomorrow.

Loading...