Cyber Intelligence Weekly (May 1, 2022): Our Take on Three Things You Need to Know

Welcome to our weekly post where I will be sharing some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

You can also Subscribe to receive Cyber Intelligence Weekly in your inbox each week.

Before we get started on this week’s CIW, I’d like to highlight a case study from the great work we did with one of our favorite clients, Bell and Howell. Our focus on client collaboration during our penetration testing process is a game-changer and is always appreciated by our clients. Please check out the case study by clicking the picture below!

Away we go!

1. Russia Sanctions Complicate Paying Ransomware Hackers

A recent Wall St. Journal report highlights just how difficult things are becoming in order to successfully pay ransomware demands. The United States government doesn’t allow organizations to make payments to any sanctioned entities, and this applies to ransomware payments as well. With Russia’s aggression against the Ukraine, this list of sanctioned entities continues to grow, making it more difficult for organizations afflicted with ransomware to get their data back.

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory back in September of 2021 to further highlight the sanctions risks associated with ransomware payments. The Wall St. Journal article quotes an attorney that specializes in international transactions who believes that OFAC will look to make examples out of organizations who make ransomware payments and completely ignore the due diligence that they must perform.

If an organization is hit by ransomware, they should strongly consider the advice of legal counsel before paying to ensure that they don’t run afoul of any government regulations. These types of legal issues must be considered at the highest levels of any organization and this responsibility is more than just the job of IT or cybersecurity. This highlights why good controls against ransomware currently are paramount and prevention is key.

2. French Fiber Optic Attack Highlights Physical Vulnerabilities to Critical Infrastructure

Last week, the prosecutor’s office in Paris opened a preliminary investigation into the malicious damage of fiber optic cables. This physical attack against the critical infrastructure disrupted the internet in several regions around France.

Photo: https://mobile.twitter.com/Free_1337/status/1519274261713666048

The initial investigation appears to suggest that the attackers knew that they could inflict maximum damage by tampering with this station in particular. In addition, initial reports are saying the lines were cut in two spots, making repairs a tough task.

Physical security of critical infrastructure is a vulnerability that cannot be overlooked. Logical access almost doesn’t matter if someone can physically access your infrastructure. The amount of massive damage that can occur through taking advantage of physical access weaknesses is a risk that cannot be ignored. Personally, I worry about copycat style attacks once stories like this are in the news.

3. FBI Conducted Millions of Searches of Americans’ Data Last Year

According to an annual transparency report released by the Office of the Director of National Intelligence on Friday, between December 2020 and November 2021, the FBI conducted nearly 3.4 million queries on Americans without a warrant. The Office releases these reports since the fallout from the 2013 Snowden leaks. This number was up from the 1.4 million in the prior year.

A Wall St. Journal article on the subject notes that according to the FBI, a large number of these queries (around 1.9 million to be exact) were related to a single investigation into Russian hackers that were targeting United States critical infrastructure. The intent of the searches regarding the Russian hacking were to help find clues or leads to tip any of the potential victims.

Per the DNI report, the FBI is the only agency that may query this type of data on U.S. citizens, such that the queries are reasonably likely to return useful information on a crime or foreign intelligence information. The long-time debate of privacy versus national security will seemingly never end, and the answer is never black and white. This is yet another controversial example in a sea of gray.

Thanks for reading!

Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about