Overnight Cybersecurity: New ransomware attack spreads globally | US pharma giant hit | House intel panel interviews Podesta | US, Kenya deepen cyber partnership
Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We’re here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you’re a consumer, a techie or a D.C. lifer, we’re here to give you …
THE BIG STORIES:
–LATEST RANSOMWARE OUTBREAK WREAKS HAVOC GLOBALLY: A new, fast-growing ransomware outbreak is spreading across Europe, with infections also reported in the United States and India. Though widely reported to be a variant of the Petya ransomware, there is disagreement among researchers as to whether it is actually Petya or something with a similar design. The ransomware encrypts files on Windows computers and demands a $300 ransom to have them unencrypted. The ransomware appears to be spreading quickly. Dave Kennedy of security consulting firm TrustedSec wrote on Twitter that he observed more than 5,000 infections in a 10-minute period. Kennedy said the malware infects systems, forcing them to reboot and then displays a ransom message as the computer boots. Many of the first reports came from Ukraine. Ukraine’s national bank said that some banks, as well as businesses and public organizations, had been affected by the malware. Reports indicate that the state power company was also affected. Ukraine’s national bank said in a statement Tuesday that it had “warned banks and other financial market participants about an external hacker attack on the websites of some Ukrainian banks, as well as commercial and public enterprises, which was carried out today.” The Department of Homeland Security’s computer emergency readiness team issued a release Tuesday afternoon alerting reports of the ransomware affecting networks “in many countries around the world.”
To read the rest of our piece, click here.
{mosads}–AMERICAN PHARMA GIANT HIT BY RANSOMWARE: Pharmaceutical giant Merck announced Tuesday that it has been hit by the rapidly spreading Petya ransomware attack. “We confirm our company’s computer network was compromised today as part of global hack. Other organizations have also been affected. We are investigating the matter and will provide additional information as we learn more,” the pharmaceutical company said on Twitter. The Kenilworth, New Jersey-based Merck is one of the 10 largest pharmaceutical companies in the world. It’s the first major American company to announce that it has been hit by the ransomware, which has already hit firms across Europe and India. Petya’s spread lagged in the United States because the U.S. workday had not yet begun when the ransomware began to spread. The attack appears to be utilizing the same “EternalBlue” vulnerability in Windows computers that was also used in May’s “WannaCry” ransomware attack, a hacking tool widely believed to have been stolen from the NSA.
To read the rest of our piece, click here.
–IN OTHER NEWS: HOUSE INTEL PANEL INTERVIEWS PODESTA: The House Intelligence Committee on Tuesday afternoon interviewed former Hillary Clinton campaign chairman John Podesta in its investigation into Russian interference in the election. Lawmakers were tight-lipped when exiting the committee’s secure briefing space after the roughly two-hour interview. Podesta indicated that the panel was interested in what he knew about Russian hacking. His personal email account was breached by hackers and the contents released in batches on the anti-secrecy platform WikiLeaks in the lead-up to the Nov. 8 election, a steady drip-drip-drip of minor revelations that were politically damaging to Clinton. Podesta declined to criticize the Obama administration for its handling of the hack, which the U.S. intelligence community says was part of a wide-scale campaign by the Russian government to tip the election in President Trump’s favor. “The president and the entire administration were dealing with an unprecedented incidence of the weaponization of the fruits of Russian cyber activity and making the best judgments they could on behalf of the American people,” Podesta told reporters on Tuesday afternoon.
To read the rest of our piece, click here.
A POLICY UPDATE: U.S., KENYA DEEPEN CYBER PARTNERSHIP: The United States and Kenya have strengthened their bilateral cooperation on cyber and digital economic policy at a recent meeting, the State Department said on Tuesday.
U.S. and Kenyan officials met on June 22 and 23 in Nairobi for the first U.S.-Kenya Cyber and Digital Economy Dialogue, a meeting that focused on the digital economy and related issues of fighting cybercrime and enforcing cybersecurity.
“Officials discussed policy coordination, information sharing, and capacity building, with an emphasis on public-private cooperation,” the State Department said Tuesday in a statement issued in partnership with the government of Kenya. “The Dialogue underscores our shared goal to collaborate on Internet policy matters and engage on digital economy and cyber issues in relevant international fora. Representatives from both delegations applauded the progress made and agreed to build on the exchange through annual Dialogues going forward.”
The U.S. delegation to Kenya was led by Chris Painter, the department’s coordinator for cyber issues, and Julie Zoller, the acting coordinator for international communication and information policy. Officials with the Departments of Commerce and Justice, the Federal Communications Commission, and the U.S. Agency for International Development also attended.
“Following a productive day of bilateral discussions, key private sector and civil society members joined the exchange and offered insights into policies to spur innovation, develop the digital workforce, and increase public awareness of cyber-related issues,” the State Department said. “Key non-government partners in attendance included the Kenya Private Sector Alliance, the American Chamber of Commerce, Microsoft, Symantec, and others.”
A LIGHTER CLICK:
Dubai has unveiled self-driving miniature police cars (Gulf News).
A REPORT IN FOCUS:
BUG BOUNTY PROGRAMS ON THE RISE: A new report released by bug bounty platform HackerOne finds that public and private organizations are increasingly turning to outside hackers to find digital vulnerabilities.
The Hacker-Powered Security Report 2017 released on Tuesday found a growth in the use of bug bounty programs by governments and organizations in media, financial service, banking, and other sectors. The average bounty paid to hackers for a critical vulnerability has increased by 16 percent since 2015, rising to $1,923 this year. Some of the top-performing bug bounty programs award hackers as much as $900,000 each year, the study found.
“Bug bounty and hacker-powered security programs are becoming the norm, used by organizations as diverse as Facebook and the U.S. government. Forty-one percent of bug bounty programs were from industries other than technology in 2016,” the executive summary of the report reads. Still, “despite bug bounty program adoption and increased reward competitiveness, vulnerability disclosure programs still lag behind. Ninety-four percent of the Forbes Global 2000 companies do not have policies.”
To read more from the report, click here.
WHAT’S IN THE SPOTLIGHT:
‘UNMASKING’: Sen. Lindsey Graham (R-S.C.) became frustrated over a request for the intelligence community during a Senate Judiciary Committee hearing Tuesday focused on the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act (FISA).
The senator revealed that he has yet to receive a response to his formal request that the intelligence community tell him whether his communications were swept up in U.S. spying on foreign targets.
In a tense exchange with a top intelligence community lawyer during the hearing, Graham repeatedly demanded to know whether he is legally entitled to know if his communications are collected and “unmasked” within the administration.
“It’s like months ago [that the request was made], so am I ever going to get it in my lifetime — and if you’re not going to give it to me, tell me why,” Graham said.
The South Carolina lawmaker has said in the past that he has reason to believe that a conversation he had with a foreign leader was picked up by U.S. spies and that an official requested that his identity be revealed internally.
Bradley Brooker, acting general counsel for the Office of the Director of National Intelligence (ODNI), confirmed that the administration had received Graham’s request, but that it was so broad that staff are still negotiating the parameters.
Brooker said he had “no legal reason” for not answering Graham. Typically if a member of Congress is unmasked, he said, the intelligence community informs the so-called Gang of Eight — Senate and House leadership and the top members of both Intelligence Committees — in a so-called “Gates notification.”
According to Brooker, Graham requested details on any and all information collected related to him — something that would include “every news clip” on the senator. Brooker said ODNI had asked Graham’s staff to narrow the request to Gates requests only, but Graham’s staff refused.
The exchange quickly became adversarial, as Graham repeatedly cut in to press Brooker on the legal ramifications of his request. Chairman Chuck Grassley (R-Iowa) weighed in, insisting that Graham be given the time to complete the line of questioning.
To read the rest of our piece, click here.
IN CASE YOU MISSED IT:
Links from our blog, The Hill, and around the Web.
Investigation shows DHS did not hack Georgia state computers. (The Hill)
FCC chairman reveals new details about cyberattack following John Oliver segment. (The Hill)
Lawsuit targets firm that failed to secure 198 million Americans’ data. (The Hill)
EU slaps Google with record $2.7B antitrust fine for skewing search results. (The Hill)
Facebook hits 2 billion monthly users. (The Hill)
Analysts say ransomware that broke out globally Tuesday was designed for Ukraine. (The Hill)
Three resign from CNN after Russia story retraction. (The Hill)
Fears about cyberattacks in the U.K. energy industry are running high. (The Guardian)
China unveils a formal national cyber threat response plan. (Reuters)
The FBI has questioned former Trump adviser Carter Page. (Washington Post)
If you’d like to receive our newsletter in your inbox, please sign up here.
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed..