Press "Enter" to skip to content

Big movement from the US government on ransomware

The U.S. Government launched a new website to help public and private organizations defend against the rise in ransomware cases. StopRansomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts.

CISA also has released their Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses.  My notes – the guide includes dedicated VPN Connections to MSP infrastructure, among other stronger guidance.      How about creating a baseline for system and network behavior – that’s in there too.  

CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) jointly announced a the increase of “sophisticated Chinese state-sponsored activity targeting U.S. political, economic, military, educational, and critical infrastructure personnel and organizations.”  In an advisory, they highlight a number of actions taken.

The White House released a statement attributing recent Microsoft Exchange server exploitation activity to the People’s Republic of China (PRC).

The Department of Justice indicted four Chinese cyber actors from the advanced persistent threat (APT) group APT40 for malicious cyber activities, carried out on orders from the Chinese government.  The accusation — theft of trade secrets, intellectual property, and other high-value information from both government and commercial entities.

Also released: the  Joint Cybersecurity Advisory: TTPs of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department to help network defenders identify and remediate APT40 intrusions and established footholds.   And the Joint Cybersecurity Advisory: Chinese Observed TTPs, which describes Chinese cyber threat behavior and trends and provides mitigations and CISA Insights: Chinese Cyber Threat Overview for Leaders to help leaders understand this threat and how to reduce their organization’s risk of falling victim to cyber espionage and data theft.

And, the State Department will be offering rewards to those who help identify individuals engaged in foreign, state-sponsored malicious cyber activity.. up to $10 million, dollars.    Treasury will be working with banks to focus on improving anti-money-laundering around crypto and the tracing of ransomware proceeds. 

Unrelated, that Microsoft hack on Serv-U products – that’s also been linked to a Chinese hacker group.   

And while ransomware is the top story, Axios covers how becoming a disinformation campaign target is another growing risk.   And this one is cheaper to launch and harder to protect against.  

Think that’s not coming – Google’s threat analysis group has revealed that Russian hackers used LinkedIn Messages to target government officials, leveraging an iOS zero-day vulnerability.  

Why do we care?

I’m certainly encouraged by the long list of movements coming from the US government.   None of them will be felt immediately, however, so short term, it’s likely to get worse before it gets better.  At best this is a constant.

Today’s reason we care is this massive list of resources – just a bit of light reading for your work week.   I’m focusing on one – that specific guide for MSPs and small businesses.    There is a lot in there I suspect most providers are NOT actually doing.   Here’s the key question for me – in a world of risk management, what is the risk of not aligning with the published guidance from the experts?     Not the risk of breach, but the risk of lawsuit?    

Worth digging more into that guidance.