US government amps up defenses while Russian hackers try to infiltrate

by Ugnius Kiguolis - - 2021-10-07

The U.S government initiates changes: contractors could be held accountable for cybersecurity incidents and unreported breaches

US poises to sue contractors who fail to report breaches New rules to avoid another SolarWinds while Russian hackers still actively target the US.

US Deputy Attorney General launches the cryptocurrency enforcement team with the Department of Justice.^[1] Two different initiatives were revealed in Lisa Monaco's speech at the Aspen Cyber Summit.^[2] These initiatives are designed to punish particular government contractors who decide to keep breaches and other cybersecurity incidents reported. The company can be sued if the required cybersecurity standards are not met. This way DoJ gets the leverage to fight cyber threats to sensitive data and significant systems when collaborating with federal agencies.

Cryptocurrency exchanges want to be the banks of the future, well we need to make sure that folks can have confidence when they're using these systems and we need to be poised to root out abuse. The point is to protect consumers.

Companies chose silence and believed that it is less risky to hide breaches than to report them. Such behavior puts people and the country, government at risk. These changes are needed to pursue companies, a government contractor who receives funds when the needed rules are not followed. Officials also intend to use the False Claims Act^[3] to go after the recipients of a particular grant to cybersecurity fraud when failing to secure their networks properly and notify related instances about security incidents.

Fighting scams, money laundering actors, and hackers

Strengthening these defenses is crucial because this is the only way how risks of intrusions in government networks can be managed. External partners and their mistakes should be held accountable. There are significant benefits from such initiatives because information security increases in the private and the public sectors. General cybersecurity practices in the country improve security and minimize the risks:

Building the protection against cyber threats, hacks, and security incidents on a government, public sectors, and the partners in different industries.
Contractors held to their commitments to ensure the protection of the infrastructure and related data.
Efforts to identify, create, report patches for vulnerabilities in popular IT products and services.
Refunding the government and taxpayers for the losses they encounter due to the company's failure to meet the particular cybersecurity rules.
Overall better security is the thing that government, private users, the public can benefit from.

The launch of another initiative – the National Cryptocurrency Enforcement Team, will dismantle the criminal abuse of platforms involving digital currency. Criminals focus on attacks and malicious campaigns on virtual currency exchanges. Money laundering, fraud, scams related to such platforms have become more and more popular. These reports on boosting defenses come a week after announcing the rules preventing the SIM swapping scams and fraud involving phone number transfers and mobile attacks.^[4]

Russian hacker group responsible for SolarWinds still tries to infiltrate the US

These reports come after the news that the Russian hacker group for months releases campaigns with the main goal of infiltrating the US and European government networks.^[5] The same group was responsible for the successful breach of US agencies back in 2020.^[6] Hackers have already breached various technology firms and used new tools, techniques to achieve the operations.

The SolarWinds incident, I think, was really a turning point for our nation. We were able to expose a significant intrusion by a foreign adversary that was trying to do our nation harm.

Hackers target organizations that focus on political and foreign policy matters. These provide direct and indirect access to the companies in North America and Europe. Particular names of IT technology companies were not identified, nor the final impact and what data hackers managed to access. These reports show that cybersecurity is a fundamental issue to the United States and the whole world. These rules that US agencies and governments try to change can affect the overall take on cyber security and threats.

About the author

Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions

References

^ Eric Tucker. US poised to sue contractors who don’t report cyber breaches. APnews. Breaking news.
^ Deputy Attorney General Lisa O. Monaco Announces National Cryptocurrency Enforcement Team. Justice. Government press releases.
^ False Claims Act. Wikipedia. The free encyclopedia.
^ Ravie Lakshmanan. 10 SIM Swappers Arrested for Stealing $100M in Crypto from Celebrities. Thehackernews. News reports on malware and security incidents.
^ Aaron Schaffer. Russian hackers haven't backed off, administration official acknowledges. Washingtonpost. News on politics, technology and security.
^ Brian Fung. Biden administration says investigation into SolarWinds hack is likely to take "several months". Edition. CNN politics news.