The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

U.S. government provides cyber budget specifics

The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Welcome to The Cybersecurity 202! Fantasy basketball playoffs have started. Wish me luck.  

Reading this online? Sign up for The Cybersecurity 202 to get scoops and sharp analysis in your inbox each morning.

Below: A newly uncovered Russian-speaking hacking group is targeting Eastern European governments, and the U.K. announces the creation of an agency to mitigate digital espionage and other national security threats. First:

Biden administration proposes billions for federal cyber budget

The Biden administration is asking for $26.2 billion from Congress in cyber funding in fiscal 2024, according to documents the administration released Monday.

That’s a big increase from the past, and the development came on the same day an FBI report attracted attention for saying it had seen a large increase in cybercrime losses reported to the bureau in the past year.

The budget documents released Monday give a better collective sense of the Biden administration’s cyber budget proposal than the initial batch of documents last week and provide more details on specific agency cyber budget requests.

And the FBI’s report on cybercrime gave a partial picture of how what cybercrime is costing Americans amid the push for more resources to combat it and other cyber malfeasance.

The budget figures

The budget request for all civilian federal agencies — those outside the Defense Department — totaled $12.7 billion, the administration said. That’s a 13 percent increase above the amount Congress gave civilian agencies in fiscal 2023, according to one budget document.

The funding will pay for improving cybersecurity at federal agencies, among other tasks, the document states.

“Agencies are implementing higher levels of encryption, using the best methods in the industry to verify legitimate users, and utilizing toolsets that create constant vigilance within Federal systems,” it reads. “These efforts to adopt technologies and practices that enhance cybersecurity defenses and ensuring the human capital to maintain these endeavors will and must continue.”

A budget document for the Justice Department points to the need to protect its systems.

“Several highly publicized breaches of systems and data, including a cyber incident involving one of the FBI’s own systems as recently as February 2023, have exposed cybersecurity vulnerabilities in government networks and information systems,” it states.

Defense Department “cyberspace activities,” meanwhile, would get $13.5 billion under the Biden budget, the department said. Although the budget documents don’t list what Congress gave the Defense Department for cyberspace activities in fiscal 2023, it’s approximately 20 percent more than than Biden sought in his fiscal 2023 budget proposal. 

“The FY 24 budget request reaffirms the department's enduring cyberspace missions, defend the DOD information network, defend the nation and prepare to fight and win the nation's wars,” Vice Adm. Sara Joyner, director of force structure, resources and assessment with the Joint Staff, said at a budget briefing Monday. “With this budget request, we will continue to modernize network defense capabilities to build a secure and resilient cyber architecture.”

Combining the civilian and defense federal cyber budget proposals, they compare most closely to the budget for NASA, with Biden seeking $27.2 billion for the agency in fiscal 2024.

The FBI report

The annual report of the FBI’s Internet Crime Complaint Center said that reported losses jumped from $6.9 billion in 2021 to $10.2 billion in 2022 — a nearly 48 percent leap. (The report, released last week, got some attention at the time, but got more Monday.)

The report only reflects those crimes reported to the center, so it’s not a complete picture of all cybercrime. But the total losses tallied is another big increase from year to year, with annual figures rising annually over the last five years, from $2.7 billion in 2018.

The longtime leader in terms of reported losses inflicted, business email compromise scams where the criminal poses as a trusted figure to request fund transfers, was finally unseated. Investment scams, usually offers of investment opportunities in cryptocurrency, accounted for $3.3 billion in losses, according to the center. That’s up 127 percent from 2021.

  • Reported losses for business email compromises also rose — from $2.4 billion to $2.7 billion.
  • Tech support scams (where the criminal poses as someone informing you of a problem with your computer and asks for money to fix it); personal data breaches; and romance scams rounded out top-five causes of cybercrime reported losses.
  • Ransomware reported losses dropped from $49.2 million last year to $34.4 million in this year’s report.

The keys

Newly uncovered Russian-speaking hacking group targeting Eastern European governments

A Russian-speaking threat actor has been running several espionage campaigns across Eastern Europe since at least last June, according to a report out this morning.

The threat actor named “YoroTrooper” was identified by Cisco Talos Intelligence Group, the cyberthreat intelligence arm of Cisco Systems. Talos assesses the operators of the threat actor are Russian-speaking, though they are not necessarily residing in Russia or Russian nationals.

YoroTrooper’s main goals have been espionage and data theft, the report says. It has targeted the European Union, Turkey and countries in the Commonwealth of Independent States, which was formed after the Soviet Union dissolved. Its espionage tactics include registering malicious domains similar to legitimate domains from CIS entities, including Kyrgyzstan’s Ministry of Foreign Affairs, the European Commission’s email and the National Statistical Committee of Belarus.

Related malicious domains were also created for Russian entities, though Talos says that it did not find evidence that Russian government-affiliated groups were successfully breached.

The report later adds that YoroTrooper successfully compromised embassies belonging to Turkmenistan and Azerbaijan, where the hackers tried to steal key documents. The group also obtained access to a key European health-care agency’s credentials, as well as credentials from the World Intellectual Property Organization.

Hackers pilfer $200 million from cryptocurrency lender Euler Finance

Hackers stole about $200 million from cryptocurrency lender Euler Finance in a series of transactions detected by blockchain monitoring firm PeckShield and crypto security firm Blockset, Lorenzo Franceschi-Bicchierai reports for TechCrunch.

The hack is the 26th-largest crypto theft ever, Franceschi-Bicchierai reports, citing data from De.Fi, a site used for tracking crypto scams and hacks.

“We are aware and our team is currently working with security professionals and law enforcement,” Euler wrote in response to the tweet from PeckShield, adding that new information on the hack will be released once it’s obtained.

Euler did not immediately respond to a comment request from Franceschi-Bicchierai. The TechCrunch story said several Euler investors in the company’s official Discord and Telegram channels are complaining about the incident and are wondering how to proceed.

In a follow-up tweet Monday afternoon, Euler said the investigation is continuing and that it is working to recover the stolen funds and identify how the breach started.

MI5 to oversee new cyberespionage security agency

The United Kingdom announced the creation of a new agency responsible for helping entities protect themselves from national security threats, including digital espionage, Alex Scroxton reports for Computer Weekly.

The agency, titled the National Protective Security Authority, will be overseen by MI5 and absorbs the responsibilities of Britain’s Center for the Protection of National Infrastructure. It will also work alongside the National Cyber Security Center and the National Counter Terrorism Security Offices to provide holistic cybersecurity advice, Scroxton writes.

U.K. Security Minister Tom Tugendhat said cyberthreats have the potential to harm key institutions in academia, science and technology, and that the new agency “will play a crucial role in helping businesses and universities better protect themselves and maintain their competitive advantage,” the report said.

U.K. security authorities have previously spoken about ongoing cyberthreats stemming from China and Russia. The new agency will ultimately serve as a resource to train and advise organizations on best practices for digital safeguarding, and the agency has already released guidance on surveillance equipment, protecting physical security equipment and other areas.

Cyber insecurity

Ransomware group claims hack of Amazon's Ring (Motherboard)

Government scan

IRS plans to approve use of Login-dot-gov as Tax Day nears (Federal Computer Week)

Hill happenings

Senate Democrats offer measure establishing ‘reasonable duties’ for securing data from website and app users (Inside Cybersecurity)

Global cyberspace

U.K. probing TikTok’s ownership, Security minister Tugendhat says (Bloomberg News)

India plans new security testing for smartphones, crackdown on pre-installed apps (Reuters)

Ransomware attacks have entered a ‘heinous’ new phase (Wired)

Estonian official says parliamentary elections were targeted by cyberattacks (The Record)

APT group targeting military in India, Pakistan through malicious Android messaging apps (The Record)


Secure log off

Thanks for reading. See you tomorrow.