| | | | |  | | By Sam Sabin | | | | — As the Winter Olympics kick off in Beijing this week, the big worry is cyberespionage, rather than disruptive attacks. — The House's latest China competition bill has plenty of new and old cyber goodies. Here's what you need to know as the House eyes a floor vote this week. — A hacktivists group's decision to deploy ransomware in an attack could mark an escalation in the tactics activists are willing to tap as the Russia-Ukraine conflict continues. HAPPY MONDAY, and welcome back to Morning Cybersecurity! I'm your host, Sam Sabin. Not sure about y'all, but I've reached the point in Washington winter where I'm spending half of my free time looking for flight deals to a warmer destination. Spring can't get here soon enough! Have tips and secrets to share with MC? Or thoughts on what we should track down next? Send what you've got to ssabin@politico.com. Follow along at @POLITICOPro and @MorningCybersec. (Full team contact info below). Let's get to it:
| | | | BECOME A GLOBAL INSIDER: The world is more connected than ever. It has never been more essential to identify, unpack and analyze important news, trends and decisions shaping our future — and we've got you covered! Every Monday, Wednesday and Friday, Global Insider author Ryan Heath navigates the global news maze and connects you to power players and events changing our world. Don't miss out on this influential global community. Subscribe now. | | | | | Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You'll also receive daily policy news and other intelligence you need to act on the day's biggest stories.
| | | LET THE GAMES BEGIN — Unlike in 2018, when suspected Russian hackers disrupted telecasts of the Winter Olympics' opening ceremony in South Korea, researchers and cybersecurity officials appear to be less concerned about a similarly disruptive cyber incident affecting this week's games in Beijing. This time around, they're worried about cyberespionage by the Chinese government. As the games kick off later this week, here are some of the top cyber concerns researchers, lawmakers and other officials have warned about in recent weeks: — Snooping via a mobile app: Earlier this month, researchers at the University of Toronto's Citizen Lab found that the MY2022 app, which all attendees of the 2022 Winter Games must use, has a security flaw that would allow hackers to sidestep encryption on sensitive user data stored in the app, allowing them to see passport details, demographic information and medical and travel history. Audience members, journalists and athletes are all required to download the app. So the U.S. Olympics and Paralympic Committee and several other Western countries have advised athletes to use burner phones. — Fears associated with Beijing's digital currency: Sen. Marco Rubio (R-Fla.) sent a letter to President Joe Biden earlier this month asking about the steps his administration has taken to educate athletes about the cybersecurity risks associated with China's digital yuan, which is the currency of choice for the games. Specifically, Rubio was concerned that U.S. athletes and attendees would have to download China-made software to gain access to the digital yuan, leaving them exposed to snooping. — Hacktivists and cybercrime: While researchers say it's unlikely there will be large-scale attacks or state-sponsored hackers targeting the games, hacktivists and cybercriminals could still have plenty of motives. Security firm GardaWorld warned in a post last week that growing tensions between China and Western nations could encourage hacktivists to "use the Winter Olympics to compromise ideological and political foes through cyber-attacks."
| | | GETTING DOWN TO BUSINESS — As House lawmakers prepare to consider the China competition bill (H.R. 4521) on the floor this week, a handful of cybersecurity provisions are sure to catch the eyes of lobbyists, advocates and administration officials. Your MC host dug through the package to get a sense for where the cyber world's focus will be this week: — New hits: As privacy advocates push back against the federal government's growing reliance on biometric data in light of the IRS' contract with Virginia-based startup ID.me , two provisions in the House bill could receive renewed attention. One would direct the National Institute of Standards and Technology to establish technical standards for account login tools targeting the public and private sector. The other provision directs NIST to set up a biometrics vendor test program where companies offering tools like facial recognition can test the accuracy and effectiveness of their programs. Building on similar electric grid funding in the bipartisan infrastructure law, House lawmakers also proposed providing $75 million each year from fiscal year 2022 through FY 2026 to the Energy Department to make the electric grid more resilient. — Making a comeback: Several cybersecurity provisions in the House's China bill have also been tossed into other major legislative packages in the last year. For example, one provision establishing a federal rotational cyber workforce program was in the Senate's counterpart China bill last year. The House Energy and Commerce Committee also included Rep. Jeff Duncan (R-S.C.)'s legislation renaming the agency's Office of Policy Analysis and Development to the Office of Policy Development and Cybersecurity. The legislation renews the committee's efforts to make cybersecurity a bigger priority at NTIA. — Expected players : House lawmakers are proposing $1.5 billion to fund proposals in the most recent National Defense Authorization Act targeting the security of the communications sector, an issue that both Democrats and Republicans have expressed concerns about. Some of the provisions include one directing the assistant secretary of Commerce for communications and information to submit a report studying security issues facing mobile networks.
| | | DIFFERENT KIND OF ESCALATION — While the world waits to see if an all-out cyber war will result from rising tensions on the Russian-Ukrainian border, the conflict could already be escalating tactics among a different kind of cyber adversary: Hacktivists. The Belarusian Cyber Partisans, a hacking group that's been targeting the Belarus government for years over its pro-Russia leadership, claimed last week it was responsible for a ransomware attack that encrypted the servers, databases and workstations of the Belarusian Railway. The attack came right as Russian President Vladimir Putin started sending military equipment and personnel to Belarus via the rail service. As of Sunday, the railway's website still had a notice that some services were unavailable, including the ability to purchase and access previously purchased tickets. The incident was unusual for two reasons : Hacktivists — a group of politically-motivated hackers that target organizations as a form of protest — don't typically target critical infrastructure or rely on ransomware, said James Lewis, senior vice president and director of the strategic technologies program at the Center for Strategic and International Studies. "Usually, it's like drawing mustaches on the president's webpage or something, so this is a step forward," said Lewis, who is also a former U.N. adviser. "Critical infrastructure is usually something they don't do." — Confirming attribution: Because of how unusual the attack was, cybersecurity researchers have been careful to not directly attribute this to hacktivists. While the Cyber Partisans shared documents both on Twitter and with a researcher at Curated Intelligence last week to prove it's behind the attack, it hasn't shared malware samples, making it difficult to verify that they're behind the attack. SentinelOne researchers also cautioned in a report last week that "most hacktivism is used as a cover" by state-sponsored hacking groups. If the latest incident is the work of the hacktivist group, it marks the first known case where such a group has deployed ransomware. Typically, hacktivists have stuck to defacing websites, hacking and leaking vulnerable databases and making websites inaccessible through distributed denial of service attacks. "This would be an escalation" for hacktivists, Lewis said. "But until we know if it's politically motivated or was it for money, we can't say it's an escalation" for hacktivism as a whole.
| | | HEALTHCARE WOES — Roughly 45 million individuals were affected by cyberattacks targeting healthcare organizations in 2021, up from 34 million in 2020, according to a report from critical infrastructure security firm Critical Insight published this morning. While attacks targeting healthcare providers declined about four percent between 2020 and 2021, the number of attacks on health plans jumped 35 percent, and they increased 18 percent against third-party health vendors. BUSY FEW MONTHS — Beijing-linked hacking group Wicked Panda and Russia-linked group Cozy Bear are behind 46 percent of all state-sponsored hacking campaigns in the third quarter of 2021, according to a report from cybersecurity company Trellix released this morning. And in a third of all state-sponsored attacks, the hacking groups abused security operations tools from Cobalt Strike to gain access to a victim's network, the report also said. — NSO Group has hired law and lobbying firm Paul Hastings to help engage with government officials, according to our colleagues at POLITICO Influence. — Jasmine Willians, a former policy adviser at the National Security Council, is now a strategic outreach and visits manager for government affairs and public policy at Google, per NatSec Daily.
| | | Bad news, Wordle fans. People have already figured out how to hack their scores. From Chris Wysopal, co-founder and chief technology officer at Veracode: "Hacking Wordle. Now we can't trust anyone's posted score." DEPT. OF CORRECTIONS — Friday's edition of this newsletter incorrectly described Public Knowledge, Consumer Reports and the Electronic Privacy Information Center's comments on a petition pushing the FTC to open a surveillance advertising rulemaking process. They argued that the FTC already has the authority to proceed with the rulemaking.
| | | | STEP INSIDE THE WEST WING: What's really happening in West Wing offices? Find out who's up, who's down, and who really has the president's ear in our West Wing Playbook newsletter, the insider's guide to the Biden White House and Cabinet. For buzzy nuggets and details that you won't find anywhere else, subscribe today. | | | | | | | | — ICYMI: "Suicide hotline shares data with for-profit spinoff, raising ethical questions" (POLITICO) — The United States government purchased NSO Group's spyware , but never deployed it, before it started regulating against the company's cyber offensive tools. (The New York Times) — A White House homeland security adviser, who advised on cyber policies, had employee stock options at two cybersecurity firms , Dragos and Resilience, during her first 85 days on the job. (The Intercept) — "This Is Why There's Been So Many NFT and Crypto Hacks." (Motherboard) — State Department says its global IT services outage last week was the result of a defect in a recently deployed security patch, not a cyberattack. (FedScoop) — Opinion: "How Russia Has Turned Ukraine Into a Cyber-Battlefield." (Foreign Policy) Chat soon. Stay in touch with the whole team: Eric Geller (egeller@politico.com); Konstantin Kakaes ( kkakaes@politico.com) ; Maggie Miller ( mmiller@politico.com); Sam Sabin ( ssabin@politico.com); and Heidi Vogt ( hvogt@politico.com). | | | | Follow us on Twitter | | | | Follow us | | | | |
Comments
Post a Comment