U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn

2021-10-21 19:41

The launch of a standing offer to pay for Windows virtual private network software zero-day exploits came to light this week, even as the U.S. mulls new regulations on the export of tools that could be used in cyberattacks against the U.S. or its interests.

The U.S. Department of Commerce Bureau of Industry and Security has announced new regulations on the export of "Certain items" that could be used in cyberattacks.

"The United States is committed to working with our multilateral partners to deter the spread of certain technologies that can be used for malicious activities that threaten cybersecurity and human rights." U.S. Secretary of Commerce Gina Raimondo said about the new rules.

While the U.S. government efforts are certainly worthwhile, according to Chris Clements, with Cerberus Sentinel, he isn't convinced the efforts will make much of a dent in attacks.

"Certain vulnerabilities could be shared among other VPN services which use similar underlying code, putting vast amounts of private and government data at risk," he told Threatpost.

"As Zerodium does not appear to be working with the VPN services themselves to improve their overall security, any identified vulnerabilities will most likely be used to violate the privacy of innocent end-users. This would set a dangerous precedent for bug-hunting services in general."

News URL

https://threatpost.com/us-ban-cyberattack-tools-zerodium/175654/

#cyberattack #tools