Security News

The White House has issued its starkest warning that Russia may be planning cyberattacks against critical-sector U.S. companies amid the Ukraine invasion. Context: The alert comes after Russia has lobbed a series of digital attacks at the Ukrainian government and critical industry sectors.

The White House has denied reports that President Biden has been presented with an arsenal of ways to launch massive cyberattacks against Russia - attacks designed to disrupt the country's ability to sustain its military operations in Ukraine. Russia's military forces have been deployed in a ?full-scale attack against Ukraine.

Today, the White House has linked the recent DDoS attacks that knocked down the sites of Ukrainian banks and defense agencies to Russia's Main Directorate of the General Staff of the Armed Forces. Neuberger also added that, although "Of limited impact" these incidents could be part of a more significant Russian effort to prepare for other, "Laying groundwork" for more disruptive attacks that would come together with a potential invasion of Ukraine's territory.

A newly released Federal strategy wants the US government to adopt a "Zero trust" security model within the next two years to defend against current threats and boost cybersecurity defenses across federal agencies. The executive order initiated a government-wide effort to migrate toward zero trust and modernize the nation's defenses against cyberattacks.

Discussions on this topic took place during the Open Source Software Security Summit convened by the Biden administration on Thursday. Participants focused on three topics: preventing security defects and vulnerabilities in open source software, improving the process for finding security flaws and fixing them, and shrinking the time needed to deliver and deploy fixes.

This week the White House held a summit with various nations to address the threat of ransomware. The White House held a virtual ransomware summit this week with over 30 countries in attendance-although a few notable nations were excluded, such as China, Russia and North Korea.

"Taking action to disrupt the ransomware business model requires concerted efforts to address illicit finance risks posed by all value transfer systems, including virtual assets, the primary instrument criminals use for ransomware payments and subsequent money laundering." As incident after incident of ransomware infection requires payments in cryptocurrency, there is little reason to doubt this is a crytpocurrency crackdown.

In a meeting with President Biden at the White House on Wednesday, Apple, Google, Microsoft and other companies announced their intentions to devote money and training toward strengthening U.S. cybersecurity. As one step, the White House said that the National Institute of Standards and Technology will work with businesses to improve the security of the technology supply chain.

Jen Easterly, former NSA official and Morgan Stanley vet, will take up the lead at CISA as the ransomware scourge rages on. The U.S. has made a key move to shore up its cybersecurity strategy, with the confirmation of Jen Easterly as the director of the Cybersecurity and Infrastructure Security Agency on Monday.

Image: Srikanta H. U. Following recent ransomware attacks, Deputy National Security Advisor Anne Neuberger asked US mayors to immediately hold a meeting with state agencies' chiefs to evaluate their cybersecurity posture. Local governments have been under a constant barrage of ransomware attacks during the last few years as highlighted by an FBI public service announcement issued last year.