Friday Five: AI in Cybercrime, the Ongoing Battle Against Ransomware, & More

WHITE HOUSE URGES STREAMLINED CYBER RULES FOLLOWING INDUSTRY FEEDBACK BY DAVID DIMOLFETTA

The Biden administration's cyber czar, Harry Coker, calls for an overhaul of cybersecurity regulations following feedback from nearly 90 responses to an August 2023 White House request. Industry feedback highlighted that inconsistent and duplicative requirements divert funds from cybersecurity programs to compliance spending, hindering cyber defense improvements. Coker urges Congress to help align cyber policy standards, noting that current requirements, like notification deadlines and frameworks, create cost and time burdens. Respondents recommend closer collaboration with foreign allies and adherence to NIST cybersecurity standards. While some regulations, such as those by the FCC, are praised, others, like the SEC's four-day incident disclosure rule, face pushback for potentially attracting more cyberattacks and legal issues.

Read more

NIST COMMITS TO PLAN TO RESUME NVD WORK BY ROBERT LEMOS

The National Institute of Standards and Technology (NIST) is addressing a backlog in the National Vulnerability Database (NVD) by awarding a contract to resume normal processing rates within a few months. This follows a halt in validating vulnerability reports since mid-February 2023 due to a "perfect storm" of challenges, including resource reductions and increased vulnerability disclosures. NIST plans to collaborate with the Cybersecurity and Infrastructure Security Agency (CISA) and the cybersecurity community to streamline processes, employ automation, and update standards. The growing number of vulnerabilities disclosed annually, which has surged from 6,500 in 2016 to a projected 36,000 in 2023, exacerbates the issue.

Read more

7,000 LOCKBIT DECRYPTION KEYS NOW IN THE HANDS OF THE FBI, OFFERING VICTIMS HOPE BY DAN GOODIN

The FBI has recovered over 7,000 decryption keys from the LockBit ransomware group, urging victims to come forward to reclaim inaccessible data. This follows a major international law enforcement operation that seized LockBit's servers and assets, including 34 servers and 200 cryptocurrency accounts. Despite these efforts, LockBit's ransomware activities persist, with new attacks and data releases continuing. The FBI warns that obtaining decryption keys does not prevent future data extortion. Authorities have arrested some LockBit associates and identified key figures, but the ransomware threat remains. The US State Department offers rewards for information leading to the arrest or conviction of LockBit leaders and affiliates.

Read more

RANSOMWARE SAW A RESURGENCE IN 2023, MANDIANT REPORTS BY CHRISTIAN VASQUEZ

Despite global law enforcement efforts, ransomware incidents continue to rise, with Mandiant identifying 50 new variants in 2023. Cybercriminals reportedly earned over $1 billion from ransoms last year, with data leak site posts increasing by 75% year-over-year. ALPHV and LOCKBIT were said to be the most active variants with hospitals and healthcare being some of the most affected parties. Mandiant noted a surge in ransomware after a slight dip in 2022, possibly due to factors like the Russian invasion of Ukraine or leaked Conti chats. CISA is finalizing a mandate requiring critical infrastructure operators to report ransomware payments within 24 hours.

Read more

AI FUELS RISE IN ATTACKS FROM ‘UNSOPHISTICATED THREAT ACTORS,’ FEDERAL CYBER LEADERS SAY BY MATT BRACKEN

Sarah Nur, the Treasury Department’s top cybersecurity official, described the increasing difficulty of defending against AI-driven cyberattacks, which make it easier for inexperienced attackers to create sophisticated attacks. FBI and State Department officials noted that AI enhances attackers' capabilities--particularly in phishing and social engineering--while Nur highlighted the need to use AI for rapid detection of anomalies and fraud. Treasury's Project Fortress aims to protect the financial sector through collaboration. Nur emphasized the importance of overcoming the reluctance to share information due to embarrassment, advocating for a mindset shift towards expecting and managing frequent cyber incidents through enhanced coordination and information sharing.

Read more