Friday Five 11/5
$10 million for ransomware intel, four companies blacklisted for malicious cyber activities, and a new CMMC program gets revamped - catch up on the infosec news of the week with the Friday Five!
1. U.S. blacklists Israeli hacking tool vendor NSO Group by Christopher Bing
In perhaps the news of the week, the U.S. Commerce Department added four companies to its trade blacklist on Wednesday - Israel's NSO Group and Candiru, Russia's Positive Technologies, and Singapore's PTE LTD - saying the companies peddled spyware and offensive cybersecurity tools. In a document published by the Federal Register, the Commerce Department said "These four entities have been determined by the U.S. Government to be acting contrary to the foreign policy and national security interests of the United States." It's important to note, as the ever astute Claudio Guarnieri - now with Amnesty International, formerly of CitizenLab - points out, these aren't sanctions but heightened export controls regime measures that should deter foreign businesses and investors alike. The action also means that exports to the companies from U.S counterparts are restricted.
2. State Department offers $10 million to bring DarkSide ransomware leadership to justice by Joe Uchill
The U.S. government is willing to pay out top dollar for information that helps unmask the leaders of the DarkSide ransomware group. The Department of State announced this week its looking to pay $10 million for any information that can lead to the identification or location of the leaders and $5 million for information on the group’s affiliates. DarkSide was the group responsible for May's Colonial Pipeline incident, one that forced the company to shut down its 5,500 mile pipeline, something that led to sporadic gas shortages on the east coast. For those who haven't been keeping track, the group rebranded earlier this year as BlackMatter. That group said this week that it was closing up shop following pressure from law enforcement, so the timing of State Department's reward announcement makes sense; it's trying to identify these cybercriminals before they distance themselves from the scene, if that's what they ultimately wind up doing.
3. BlackMatter ransomware claims to be shutting down due to police pressure by Lawrence Abrams
Further reading from BleepingComputer on what BlackMatter claims is the end of its time as a ransomware group. Lawrence Abrams reports on a post allegedly made by the ransomware group reporting it was going to shut down in 48 hours. VX-Underground shared a screenshot of the announcement, made on BlackMatter's ransomware-as-a-service site earlier this week. As Abrams notes, it's entirely unclear if BlackMatter actually intends to shutter or if this is just smoke and mirrors. If the group does ultimately disband, it wouldn't be a huge surprise to see them resurface as a different group, with a different name later down the line, just like what DarkSide did when it transitioned to the BlackMatter name following the Colonial Pipeline attack.
4. Defense DOD revamps controversial CMMC program by Adam Mazmanian
News via the Department of Defense that the Cybersecurity Maturity Model Certification is getting a refresh, 2.0, following a lengthy nine-month review. Announced on Thursday, the new versions of the compliance program for government contractors will establish "a more collaborative relationship with industry," while updates supporting business "in adoption the practices they need to thwart cyber threats while minimizing barriers to compliance with DOD requirements." FCW cites an statement issued by Jesse Salazar, deputy assistant secretary of defense for industrial policy. According to the DOD, "contractors will be required to obtain a third-party CMMC assessment for a subset of acquisitions... requiring Level 2 ('Advanced') cybersecurity standards that involve information critical to national security."
5. FBI warns of increased use of cryptocurrency ATMs, QR codes for fraud by Sergiu Gatlan
More news from the U.S. government this week, this time the FBI, which warned on Thursday that fraudsters are increasingly using cryptocurrency ATMs and QR codes to get victims to complete payment transactions. Consider a scam in which attackers supply a QR code that corresponds to their cryptocurrency wallet or one in which they direct the victim to a physical cryptocurrency ATM location to insert money and convert it to Bitcoin. While these techniques may give you pause, they may not seem that far-fetched to someone unfamiliar with cryptocurrency or these types of scams. The warning is a reminder never to send money to someone you’ve only spoken to online or anyone who reaches out and asks you for payment in cryptocurrency. "Cryptocurrency’s decentralized nature creates challenges that makes it difficult to recover,” the FBI said, “Once a victim makes the payment, the recipient instantly owns the cryptocurrency, and often immediately transfers the funds into an account overseas,"