President Biden issues warning of potential Cyber Attack

  • Biden releases Russian cyberattack warning to all Americans – here it is
  • This is a critical moment to accelerate our work to improve domestic cybersecurity and bolster our national resilience.
  • I have previously warned about the potential that Russia could conduct malicious cyber activity against the United States, including as a response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners.
  • Today, my Administration is reiterating those warnings based on evolving intelligence that the Russian Government is exploring options for potential cyberattacks.
  • We need everyone to do their part to meet one of the defining threats of our time — your vigilance and urgency today can prevent or mitigate attacks tomorrow.

Read the original article by clicking here.

U.S. to tell critical rail, air companies to report hacks, name cyber chiefs

By Christopher Bing

(Reuters) -The Transportation Security Administration will introduce new regulations that compel the most important U.S. railroad and airport operators to improve their cybersecurity procedures, Homeland Security Secretary Alejandro Mayorkas said on Wednesday.

The upcoming changes will make it mandatory for “higher-risk” rail transit companies and “critical” U.S. airport and aircraft operators to do three things: name a chief cyber official, disclose hacks to the government and draft recovery plans for if an attack were to occur.

The planned regulations come after cybercriminals attacked a major U.S. pipeline operator, causing localized gas shortages along the U.S. East Coast in May. The incident led to new cybersecurity rules for pipeline owners in July.

“Whether by air, land, or sea, our transportation systems are of utmost strategic importance to our national and economic security,” Mayorkas said. “The last year and a half has powerfully demonstrated what’s at stake.”

A key concern motivating the new policies comes from a growth in ransomware attacks against critical infrastructure companies.

“It’s the first of its kind with respect to the cyber focus,” said a senior homeland security official, who declined to be named, about the railway security directive and an update to aviation security programs.

Ransomware, a type of malware variant that encrypts a victimized system until the owner pays a ransom in the form of cryptocurrency to the hacker, has become increasingly common in recent years.

“If transportation does not work, if people can’t go from A to B, then it can create pressure pretty quickly [to pay the ransom],” said the senior official.

The announcement also follows reports in June of a Chinese hacking group infiltrating New York City’s Metropolitan Transportation Authority and an August 2020 ransomware attack https://www.inquirer.com/transportation/septa-malware-attack-employees-riders-app-announcements-20200824.html against the Southeastern Pennsylvania Transportation Authority, causing a disruption to services.

The Homeland Security Department helped investigate the MTA incident alongside other federal agencies, including the FBI.

Last month, the TSA notified the private sector about the impending regulations, said the senior official, and the agency is currently receiving feedback.

The regulations will become active before the end of 2021.

(Reporting by Christopher Bing; editing by Diane Craft)

Iowa farm services firm: systems offline due to cybersecurity incident

By Karl Plume and Christopher Bing

CHICAGO (Reuters) -Iowa-based farm services provider NEW Cooperative Inc said on Monday its systems were offline to contain a “cybersecurity” incident just as the U.S. farm belt gears up for harvest.

The cooperative operates grain storage elevators in the top U.S. corn producing state, buys crops from farmers, sells fertilizer and other chemicals needed to grow crops and owns technology platforms for farmers that provide agronomic advice on the way to maximize their harvests.

“We have proactively taken our systems offline to contain the threat, and we can confirm it has been successfully contained,” NEW Cooperative Inc said in a statement. “We also quickly notified law enforcement and are working closely with data security experts to investigate and remediate the situation.”

Several grain storage elevators operated by NEW Cooperative contacted by Reuters were open.

The timing of the attack is making it crucial that NEW gets their systems back online as soon as possible as many farmers will start their combines this week and begin delivering crops to NEW’s elevators across Iowa, said Don Roose, president of U.S. Commodities in West Des Moines, Iowa.

“They have got you boxed into a corner,” Roose said. “Harvest is right now. This is the week that we are just starting to ramp up harvest, particularly for soybeans.”

Cybersecurity has risen to the top of the agenda for the Biden administration after a series of high-profile attacks on network management company SolarWinds Corp, the Colonial Pipeline’s oil network, meat processing company JBS and software firm Kaseya. The attacks hurt the United States far beyond just the companies hacked, affecting fuel and food supplies.

A spokesperson for the U.S. Cybersecurity and Infrastructure Security Agency declined to comment on the incident at NEW Cooperative.

The Federal Bureau of Investigation did not immediately respond to a request for comment.

“This is a very clear attack on an organization that is part of our critical infrastructure,” said Allan Liska, a senior analyst with U.S. cybersecurity firm Recorded Future. “This could result in disruptions to food delivery in parts of the country.”

A Russian-speaking cybercriminal group named BlackMatter said on its website they had recently stolen data from NEW Cooperative.

BlackMatter is known for using ransomware to threaten their victims with data leaks, often extorting them for a crypto currency payment.

The claim follows a July meeting between U.S. President Joe Biden and Russian President Vladimir Putin, where Biden reportedly told Putin that “critical infrastructure” companies should be off limits to ransomware gangs.

Cybersecurity experts and federal prosecutors say ransomware groups often operate from Russia or Ukraine. The “food and agriculture” industry is publicly defined as a critical infrastructure sector by the Department of Homeland Security.

(Reporting by Karl Plume, Editing by Franklin Paul, David Gregorio and Marguerita Choy)

Cyber threats top agenda at White House meeting with Big Tech, finance executives

WASHINGTON (Reuters) – The White House will ask Big Tech, the finance industry and key infrastructure companies to do more to tackle the growing cybersecurity threat to the U.S. economy in a meeting with the President Joe Biden and members of his cabinet on Wednesday.

“Cybersecurity is a matter of national security. The public and private sectors must meet this moment together, and the American people are counting on us,” a senior administration official told reporters.

Cybersecurity has risen to the top of the agenda for the Biden administration after a series of high-profile attacks on network management company SolarWinds Corp, the Colonial Pipeline company, meat processing company JBS and software firm Kaseya. The attacks hurt the United States far beyond just the companies hacked, affecting fuel and food supplies.

The guest list includes Amazon.com Inc CEO Andy Jassy, Apple Inc CEO Tim Cook, Microsoft Corp CEO Satya Nadella, Google’s parent Alphabet Inc CEO Sundar Pichai and IBM Chief Executive Arvind Krishna, according to two people familiar with the event.

One official said private sector executives were expected to announce commitments across key areas, including technology and staffing.

The meeting comes as Congress weighs legislation concerning data breach notification laws and cybersecurity insurance industry regulation, historically viewed as two of the most consequential policy areas within the field.

Executives for energy utility firm Southern Co and financial giant JPMorgan Chase & Co are also expected to attend the event.

The event will feature top cybersecurity officials from the Biden administration, including recently confirmed National Cybersecurity Director Chris Inglis, as well as Secretary of Homeland Security Alejandro Mayorkas, to lead different conversations with industry representatives.

(Reporting by Andrea Shalal and Christopher Bing; Editing by Lisa Shumaker)

White House calls on America’s most critical companies to improve cyber defenses

By Christopher Bing and Nandita Bose

WASHINGTON (Reuters) – The White House is signaling to U.S. critical infrastructure companies, such as energy providers that they must improve their cyber defenses because additional potential regulation is on the horizon.

U.S. President Joseph Biden signed a national security memorandum on Wednesday, launching a new public-private initiative that creates “performance controls” for cybersecurity at America’s most critical companies, including water treatment and electrical power plants.

The recommendations are voluntary in nature, but the administration hopes it will cause companies to improve their cybersecurity ahead of other policy efforts, said a senior administration official.

The announcement comes after multiple high profile cyberattacks this year crippled American companies and government agencies, including a ransomware incident which disrupted gasoline supplies.

“These are the thresholds that we expect responsible owners and operators to go,” said the official. “The absence of mandated cybersecurity requirements for critical infrastructure is what in many ways has brought us to the level of vulnerability that we have today.”

“We are pursuing all options we have in order to make the rapid progress we need,” they added.

Biden on Tuesday warned that if the United States ended up in a “real shooting war” with a “major power” it could be the result of a significant cyber attack on the United States, highlighting what Washington sees as a growing threat posed by hackers from Russia, China, Iran and North Korea.

“The federal government cannot do this alone,” said the official. “Almost 90% of critical infrastructure is owned and operated by the private sector. Securing it requires a whole of nation effort.”

The official described the current state of cybersecurity rules for critical infrastructure companies as “patchwork” and “piecemeal.”

“We’ve kicked the can down the road for a long time,” said the official.

(Reporting by Christopher Bing; Editing by Lincoln Feast.)

U.S. and Russian officials will meet next week on ransomware – White House

By Raphael Satter and Andrea Shalal

WASHINGTON (Reuters) -Ransomware attacks on U.S. businesses, such as the latest one centered on Florida IT firm Kaseya, will be discussed at a meeting of senior U.S. and Russian officials next week, the White House said on Tuesday.

“We expect to have a meeting next week focused on ransomware attacks,” spokeswoman Jen Psaki told reporters.

The ransomware attack on Friday scrambled the data of hundreds of small businesses worldwide, including many in the United States. Kaseya said in a statement on Tuesday they were never a threat to critical U.S. infrastructure, however.

The cyberattack was the latest in a series of intrusions from hackers who have made a lucrative business out of holding organizations’ data hostage in return for digital currency payments.

Although cybercrimes have been going on for years, the attacks have escalated dramatically recently, and an intrusion at Colonial Pipeline in May snarled U.S. gasoline supplies up and down the East Coast.

Psaki said Biden would meet with officials from the Justice Department, State Department, the Department of Homeland Security and the intelligence community on Wednesday to discuss ransomware and U.S. efforts to counter it.

The hack that struck Kaseya’s clients – many of whom are back office IT shops commonly referred to as managed service providers – did not have the same kind of impact in the United States as the ransoming of Colonial Pipeline.

Disruption elsewhere was more severe.

In Sweden, many of the 800 grocery stores run by the Coop chain are still in the process of recovering from the attack, which knocked out most of its supermarkets, though a spokesman told Reuters “we have more open stores than closed ones now.”

In New Zealand, 11 schools and several kindergartens were affected.

Germany’s cybersecurity watchdog, BSI, said on Tuesday that it was aware of three IT service providers in Germany that have been affected, with a spokesperson estimating that several hundred companies were touched overall.

“In Germany there are no cases as prominent as the one in Sweden,” the spokesperson added.

The hackers who claimed responsibility for the breach have demanded $70 million to restore all the affected businesses’ data, although they have indicated a willingness to temper their demands in private conversations with a cybersecurity expert and with Reuters.

(Reporting by Raphael Satter; Douglas Busvine in Frankfurt and Johan Ahlander in Stockholm also contributed reporting. Editing by Kirsten Donovan, Alistair Bell and Sonya Hepinstall)

White House warns companies to step up cybersecurity

By Doina Chiacu

WASHINGTON (Reuters) – The White House warned corporate executives and business leaders on Thursday to step up security measures to protect against ransomware attacks after intrusions disrupted operations at a meatpacking company and a southeastern oil pipeline.

There has been a significant hike in the frequency and size of ransomware attacks, Anne Neuberger, cybersecurity adviser at the National Security Council, said in a letter.

“The threats are serious and they are increasing. We urge you to take these critical steps to protect your organizations and the American public,” she added.

The recent cyberattacks have forced companies to see ransomware as a threat to core business operations and not just data theft, as ransomware attacks have shifted from stealing to disrupting operations, she said.

Strengthening the country’s resilience to cyberattacks was one of President Joe Biden’s top priorities, she added.

“The private sector also has a critical responsibility to protect against these threats. All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,” Neuberger wrote.

The letter came after a major meatpacker resumed U.S. operations on Wednesday following a ransomware attack that disrupted meat production in North America and Australia.

A Russia-linked hacking group that goes by the name of REvil and Sodinokibi was behind the cyberattack against JBS SA, a source familiar with the matter told Reuters.

The cyberattack followed one last month by a group with ties to Russia on Colonial Pipeline, the largest fuel pipeline in the United States, which crippled fuel delivery for several days in the U.S. Southeast.

Biden believes Russian President Vladimir Putin has a role to play in preventing these attacks and planned to bring up the issue during their summit this month, White House press secretary Jen Psaki said on Wednesday.

Neuberger’s letter outlined immediate steps companies can take to protect themselves from ransomware attacks, which can have ripple effects far beyond the company and its customers.

Those include best practices such as multifactor authentication, endpoint detection and response, encryption and a skilled security team. Companies should back up data and regularly test systems, as well as update and patch systems promptly.

Neuberger advised that companies test incident response plans and use a third party to test the security team’s work.

She said it was critical that corporate business functions and production operations be run on separate networks.

(Reporting by Doina Chiacu; Editing by David Holmes and Steve Orlofsky)

White House cyber adviser says it will take months to investigate Russian hack

By Christopher Bing

(Reuters) – The White House’s top cybersecurity adviser said on Wednesday an investigation into a sprawling Russian hacking operation against the United States, known as the SolarWinds hack, will take several more months to complete.

White House Deputy National Security Adviser for Cyber and Emerging Technology Anne Neuberger said that a total of nine federal agencies and 100 private-sector companies had been affected by the hack, which first came to light in December.

She also said that a number of the affected private-sector companies were technology companies, which were breached to facilitate access to other victims.

The FBI, the Department of Homeland Security and several other U.S. government agencies have been digging into affected computer networks ever since the hacks’ discovery to find clues about the attackers. While multiple U.S. government officials have said the hackers came from Russia, they have offered little additional detail.

“We believe it took them months to plan and compromise,” said Neuberger. “It will take us some time to uncover this layer by layer.”

The Biden administration is currently working on set of cybersecurity policies to prevent a similar style attack, and Neuberger predicted some of these recommendations would become part of an upcoming “executive action.”

Government statements and public reporting have revealed that a diverse list of federal agencies were breached by the hackers, including the Justice, Treasury, Homeland Security and Commerce departments. In those cases, the hackers typically attempted to steal emails belonging to high-ranking officials, Reuters previously reported.

“When there is a compromise of this scope & scale, both across govt & across the U.S. technology sector to lead to follow on intrusions, it is more than a single incident of espionage,” said Neuberger. “It’s fundamentally of concern for the ability for this to become disruptive.”

The recent government cyberattack is commonly referred to as the SolarWinds hack because of how the cyber spies exploited software created and sold by Texas technology company SolarWinds, which makes a popular network management tool that is commonly deployed across both U.S. government and private sector computer networks.

While SolarWinds was the first known supply chain victim of this hacking campaign, cybersecurity experts and government officials have cautioned that other technology companies were similarly exploited as part of the same operation.

(Reporting by Christopher Bing; Editing by Chris Reese, Nick Macfie and Jonathan Oatis)

Hackers targeting groups involved in COVID-19 vaccine distribution, IBM warns

By Raphael Satter

WASHINGTON (Reuters) – IBM is sounding the alarm over hackers targeting companies critical to the distribution of COVID-19 vaccines, a sign that digital spies are turning their attention to the complex logistical work involved in inoculating the world’s population against the novel coronavirus.

The information technology company said in a blog post published on Thursday that it had uncovered “a global phishing campaign” focused on organizations associated with the COVID-19 vaccine “cold chain” – the process needed to keep vaccine doses at extremely cold temperatures as they travel from manufacturers to people’s arms.

The U.S. Cybersecurity and Infrastructure Security Agency reposted the report, warning members of Operation Warp Speed – the U.S. government’s national vaccine mission – to be on the lookout.

Understanding how to build a secure cold chain is fundamental to distributing vaccines developed by the likes of Pfizer Inc and BioNTech because the shots need to be stored at minus 70 degrees Celsius (-94 F) or below to avoid spoiling.

IBM’s cybersecurity unit said it had detected an advanced group of hackers working to gather information about different aspects of the cold chain, using meticulously crafted booby-trapped emails sent in the name of an executive with Haier Biomedical, a Chinese cold chain provider that specializes in vaccine transport and biological sample storage.

The hackers went through “an exceptional amount of effort,” said IBM analyst Claire Zaboeva, who helped draft the report. Hackers researched the correct make, model, and pricing of various Haier refrigeration units, Zaboeva said.

“Whoever put together this campaign was intimately aware of whatever products were involved in the supply chain to deliver a vaccine for a global pandemic,” she said.

Messages sent to the email addresses used by the hackers were not returned.

IBM said the bogus Haier emails were sent to around 10 different organizations but only identified one target by name: the European Commission’s Directorate-General for Taxation and Customs Union, which handles tax and customs issues across the EU and has helped set rules on the import of vaccines.

In a statement, the European Commission said it was aware that it had been targeted by a hacking campaign.

“We have taken the necessary steps to mitigate the attack and are closely following and analyzing the situation,” the statement said.

IBM said other targets included companies involved in the manufacture of solar panels, which are used to power vaccine refrigerators in warm countries, and petrochemical products that could be used to derive dry ice.

Who is behind the vaccine supply chain espionage campaign is not clear.

Reuters has previously documented how hackers linked to Iran, Vietnam, North Korea, South Korea, China, and Russia have on separate occasions been accused by cybersecurity experts or government officials of trying to steal information about the virus and its potential treatments.

IBM’s Zaboeva said there was no shortage of potential suspects. Figuring out how to swiftly distribute an economy-saving vaccine “should be topping the lists of nation states across the world,” she said.

(Reporting by Raphael Satter; editing by Grant McCool and Rosalba O’Brien)

Exclusive: Hackers test defenses of Trump campaign websites ahead of U.S. election, security staff warn

By Jack Stubbs

LONDON (Reuters) – Hackers have stepped up efforts to knock Trump campaign and business websites offline ahead of the U.S. election, in what a security firm working for the campaign said could be preparation for a larger digital assault, according to emails seen by Reuters.

The security assessment was prepared by staff at U.S. cybersecurity firm Cloudflare, which has been hired by President Donald Trump to help defend his campaign’s websites in an election contest overshadowed by warnings about hacking, disinformation and foreign interference.

Cloudflare is widely used by businesses and other organizations to help defend against distributed denial-of-service (DDoS) attacks, which aim to take down websites by flooding them with malicious traffic.

Internal Cloudflare emails sent to senior company managers – including CEO Matthew Prince – on July 9 state that the number and severity of attacks on Trump websites increased in the preceding two months and reached record levels in June. The emails did not give the total number of attacks.

“As we get closer to the election, attacks are increasing in both numbers (and) sophistication” and succeeded in disrupting access to the targeted websites for short periods of time between March 15 and June 6, the assessment said.

Cloudflare did not respond directly to questions about the emails or their contents. The company said it was providing security services to both U.S. presidential campaigns and declined to answer further questions about the nature or details of its work.

“We have seen an increase in cyber attacks targeting political candidates. We will continue to work to ensure these attacks do not disrupt free and fair elections,” it said in a statement when asked about the emails.

A spokesman for the Trump campaign did not respond to a request for comment. The Biden campaign declined to comment on its work with Cloudflare or any attacks on its websites.

A spokeswoman for the Trump Organization said no Trump websites had been taken offline by cyber attacks. She did not respond to further questions about the attacks or Trump’s work with Cloudflare.

Cloudflare’s security team did not comment on the identity of the hackers and Reuters was not able to determine who was responsible for the attacks.

DDoS attacks are viewed by cybersecurity experts as a relatively crude form of digital sabotage – easily deployed by anyone from tech-savvy teenagers to top-end cyber criminals.

But seven of the attacks on Trump websites, including donaldjtrump.com and a Trump-owned golf course, were judged to be more serious by the Cloudflare security team, the emails show.

The increasing number and sophistication of attempts suggested the attackers were “probing” the website defenses to establish what would be needed to take them fully offline, the security assessment said.

“We therefore cannot discount the possibility that there are attackers using this as an opportunity to collect information for more sophisticated attacks,” it added.

The Cloudflare team said they would continue to monitor the attacks and carry out “a further round of security hardening” to better protect the websites.

(Additional reporting by Joseph Menn in SAN FRANCISCO; Editing by Jonathan Weber and Edward Tobin)