With help from Eric Geller, Martin Matishak and Cristiano Lima
Editor’s Note: Morning Cybersecurity is a free version of POLITICO Pro Cybersecurity’s morning newsletter, which is delivered to our subscribers each morning at 6 a.m. The POLITICO Pro platform combines the news you need with tools you can use to take action on the day’s biggest stories. Act on the news with POLITICO Pro.
Advertisement
— There’s a scramble for more cybersecurity funding and election aid in the next Covid-19 package from Congress.
— Hackers lobbed ransomware attacks against health care organizations in March, researchers found.
— Government auditors faulted DoD on cyber hygiene, and a Pentagon official said phishing attacks are on the rise against the department’s workforce.
HAPPY TUESDAY and welcome to Morning Cybersecurity! There have been too few octopuses around here lately. Send your thoughts, feedback and especially tips to [email protected]. Be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
POLITICO Pro is here to help you navigate these unprecedented times. Check out our new Covid-19 Coverage Roundup, which provides a daily summary of top Covid-19 news coverage from across all 16 federal policy verticals as well as premium content, such as DataPoint graphics. Please sign up at our settings page to receive this unique roundup sent directly to your inbox every weekday afternoon.
Sign up for POLITICO Nightly: Coronavirus Special Edition, your daily update on how the illness is affecting politics, markets, public health and more.
ANY MORE CYBER, ELECTION MONEY? — House Homeland Security Democrats on Monday pressed the top chamber leaders from both parties to include cybersecurity funding for state and local governments in the next legislative response to the pandemic. Although they didn’t specify a dollar figure, they touted a panel-approved bill (H.R. 5823) that would provide $400 million in annual grants. State and local governments have already been hit by costly ransomware attacks for which they were ill-prepared, and now they’re even more vulnerable with more workers at home who might be using insecure devices, the Democrats said in a letter obtained by MC.
“The American public is counting on state and local jurisdictions to implement and deliver COVID-19 relief packages approved by Congress,” wrote Chairman Bennie Thompson (D-Miss.), cybersecurity subcommittee Chairman Cedric Richmond (D-La.) and Reps. Derek Kilmer (D-Wash.) and Dutch Ruppersberger (D-Md.). “Any disruption in the delivery of services would only compound the strain on state and local governments struggling to effectively serve their citizens in the midst of a global pandemic. We cannot let that happen.”
No push for election funds on Hill: The top Democrats in the House and Senate drew a line in the sand over the next coronavirus legislative package, and election security and administration grants didn’t make the list of demands. In the last round of negotiations, a House bill with $4 billion for that purpose ran into a Senate bill with $140 million, with lawmakers settling on $400 million.
For the upcoming response, House Speaker Nancy Pelosi (D-Calif.) and Senate Minority Leader Chuck Schumer (D-N.Y.) said they will insist on coupling more money for small-business loans the Trump administration is seeking with more money for state and local governments, hospitals and food stamps. A Senate Democratic proposal released last week included no mention of new election assistance money, instead only calling for “technical fixes” to Election Assistance Commission funds from the last package that were requested by states.
But there’s a big external push for election funding. Nearly 50 advocacy groups late Monday released a letter to congressional leaders seeking the $4 billion proposed by the House.
“While Congress has already allocated $400 million in election assistance funding to the states, that sum is simply not enough to ensure that our elections are secure and that voting is accessible to all who are eligible,” they wrote, seeking funds that would pay for expanded vote-by-mail and early voting, as well as voter education and online and same-day voter registration. “None of us know how long this pandemic will last. Failing to provide states with this necessary funding puts the November election and the rights of every voter at risk.”
Even if lawmakers change their mind on election funding, it might be a while before any more money is doled out. The House is not expected to meet before May 4.
NO SENSE OF DECENCY INDEED — Hackers impersonated the World Health Organization to try to infect “a Canadian government health care organization and a Canadian medical research university” with the open-source ransomware EDA2 in late March, Palo Alto Networks security researchers said in a report published today, in the latest evidence that malefactors are exploiting the coronavirus crisis for their own ends. The attackers were apparently unsuccessful, according to Palo Alto Networks. The government health organization is “actively engaged” in Canada’s coronavirus response effort, while the university is studying the virus, wrote researchers Adrian McCabe, Vicky Ray and Juan Cortes.
Palo Alto Networks also noted coronavirus-themed phishing attacks on a wide range of targets that attempted to deploy the password stealer AgentTesla. The hackers posed as the targets’ vendors and sent them .zip files labeled “COVID-19 Supplier Notice,” according to a screenshot. The researchers said the targets of the unsuccessful campaign included a U.S. “entity” involved in defense research activities, multiple communications and technology firms based overseas, Japanese and Canadian medical organizations, and a Turkish government agency.
“Threat actors who profit from cybercrime will go to any extent, including targeting organizations that are in the front lines and responding to the pandemic on a daily basis,” wrote McCabe, Ray and Cortes. They added that Palo Alto Networks is tracking “multiple” coronavirus-themed operations that are likely to continue “for weeks to come.”
FIRST IN MT: DEMS URGE REGISTRARS TO CRACK DOWN ON COVID SCAMS — A group of Senate Democrats is calling on domain name gatekeepers to do more to combat phishing scams and online misinformation about the coronavirus outbreak. “As people the world over turn increasingly to the Internet for information about the coronavirus and use online applications to work, learn, and keep in contact with friends and family, it is imperative that domain name registrars not turn a blind eye to such illicit activity but, rather, act to protect the Internet-using public,” Sens. Mazie Hirono (Hawaii), Cory Booker (N.J.) and Maggie Hassan (N.H.) wrote in letters to eight registrars and hosting sites, including GoDaddy and Namecheap.
The lawmakers are calling on the sites to spell out by April 20 what steps they take to vet applicants seeking to register for domain names and what punishments they dole out for those doing so for unlawful purposes related to the virus. They also asked the companies to disclose whether they are cooperating with authorities regarding suspected illegal activity.
‘I’ FOR INCOMPLETE — Despite pushing a host of cyber hygiene efforts, the Defense Department doesn’t know the extent to which they’ve been implemented, according to a GAO study. “By directing a component to monitor the extent to which practices to protect DoD’s networks are implemented, DoD would be better positioned to ensure that its networks are secure and decrease potential risks to military operations, critical functions, and information assurance,” the audit found. The watchdog office made seven recommendations for the department aimed at completing the hygiene efforts and ensuring their effectiveness. DoD concurred with one of the suggestions, partially agreed with four others, and disagreed with two.
The GAO report came the same day a top Pentagon official said DoD is seeing a surge in spear phishing attacks on its personnel as they shift to telework. “We’re getting better and better at getting their [tactics, techniques and procedures] and finding out where these threat vectors are coming from,” Air Force Lt. Gen. Bradford Shwedo, chief information officer for the Joint Chiefs, told reporters.
YET MORE SECONDARY EFFECTS — Cybersecurity experts around the globe saw an 11 percent jump in phishing in March, an index operated by the NYU Center for Cybersecurity at the New York University Tandon School of Engineering reported on Monday. “While this increase represents a meaningful jump in sentiment among our polled experts, I guess it really should come as no big surprise,” said NYU Tandon Distinguished Research Professor Edward Amoroso. “Phishing attacks always rise when attackers believe their targets are spending more time in front of PCs.”
CYBER STILL RANKED A TOP FEAR — The spread of infectious diseases tops the list of topics that Americans deem “major threats,” but cyberattacks aren’t far behind, a Pew Research Center survey released on Monday found. Nearly 80 percent of those polled in March listed spread of infectious diseases as a major threat, followed by terrorism and nuclear weapons at 73 percent and cyberattacks at 72 percent. China’s power and influence was deemed a major threat by 62 percent, and Russia’s power and influence by 56 percent.
PATCHES O’HOULIHAN SAYS, ‘IF YOU CAN DODGE A ZERO-DAY…’ — Most exploitation of newly discovered vulnerabilities occur before a patch is released or shortly after, FireEye research revealed. In a blog post on Monday, the company said it examined 60 vulnerabilities between the first quarter of 2018 and the third quarter of 2019. “The majority of vulnerabilities were exploited as zero-days — before a patch was available,” the company wrote. “More than a quarter were exploited within one month after the patch date.” FireEye said it believed those estimates to be conservative.
TWEET OF THE DAY — A problem that seems unlikely to disappear anytime soon.
— Kevin Lynch will become the CEO of Optiv next week, replacing Dan Burns, a co-founder of the company who will remain on its board of directors. Lynch most recently served as a senior partner at Deloitte.
— GroupSense named Adam Bregenzer as chief technology officer and Jeffrey Duran as chief marketing officer. Prior to joining GroupSense, Bregenzer was a senior engineering manager at Venmo. Duran, who has had stints with Verizon and U.S. Army Cyber Command, most recently was vice president of marketing for threat investigation company Nisos.
— POLITICO: “Apple, Google unveil more details about coronavirus contact-tracing apps.”
— The New Yorker has more details on the 2016 debate among congressional leaders and the Obama administration about a statement on Russia meddling, focusing on Sen. Mitch McConnell’s role and his reported opposition to declaring elections critical infrastructure.
— The Wall Street Journal: A New York state government network was breached in late January.
— The Wall Street Journal: Microsoft is touting Teams amid Zoom’s woes.
— CyberScoop: The IRS and FBI are reportedly investigating a tax fraud scheme.
— Inside Cybersecurity: This week brings a meeting about the Software Bill of Materials initiative.
— StateScoop: “Vendor-tracking software firm wields pandemic in latest pitch to states.”
— Milwaukee Journal Sentinel: A Milwaukee Election Commission meeting got “Zoom-bombed.”
— Bleeping Computer: Yes, quite a prank.
That’s all for today.
Stay in touch with the whole team: Eric Geller ([email protected], @ericgeller); Bob King ([email protected], @bkingdc); Martin Matishak ([email protected], @martinmatishak); and Tim Starks ([email protected], @timstarks).
- Tim Starks @timstarks
- Eric Geller @ericgeller
- Martin Matishak @martinmatishak
Will cybersecurity, election assistance have a place in next coronavirus bill?
0 Comments: