Threat Briefing: August 9, 2024

This week’s Threat Briefing includes two different articles highlighting new legislation that would help the U.S.’s response to ransomware. The articles describe how the U.S. Government will begin requiring both the U.S. intelligence community and the U.S. Treasury Department to increase their focus on identifying ransomware actors and working to better prepare organizations for ransomware attacks.

The U.S. Government has been working to combat ransomware actors and disrupt their operations, having successfully disrupted several ransomware groups and arrested ransomware actors.

There are various efforts, initiatives, and pieces of legislation governments around the world have pursued to support cybersecurity efforts, but private companies still need to do their part through patching, implementing multifactor authentication, and utiliing strong passwords.

• Proposed Bill Would Designate Ransomware Groups as “Hostile Foreign Cyber Actors” – The U.S. bill would also name countries who are “state sponsors of ransomware” that provide safe harbor for individuals involved in ransomware activity. Additionally, the bill would allow the President of the United States to impose new sanctions on those countries that support ransomware and require the Department of Treasury to report on how many individuals and groups have been sanctioned for their role in ransomware operations. The U.S. Intelligence Community would also be required to treat ransomware as a national intelligence priority and a threat to critical infrastructure. CyberScoop
• Securities & Exchange Commission (SEC) Will Not Penalize Progress Software for Vulnerability in MOVEit Software Leading to Data Theft Campaign – The company was subpoenaed by the SEC in the fall of 2023 for an investigation into the MOVEit vulnerability. Over 2,700 organizations were impacted worldwide, and the data for approximately 96 million people were impacted by the breach conducted by the Cl0p ransomware group. Progress Software is currently a party to over 140 class action lawsuits and has spent over $4.2 million in response to the MOVEit vulnerability. The Record
• $41 Million Recovered from Largest Business Email Compromise Scheme – INTERPOL worked to recover the funds for a commodity firm from Singapore. The firm received an email from a supplier requesting a payment be sent to a bank account in Timor-Leste. The email was sent from an email account slightly different from the supplier’s email address. The commodity firm realized the mistake in mid-July after the supplier contacted the commodity firm letting them know they had not been made. The funds were recovered through INTERPOL’s Global Rapid Intervention of Payments initiative, which helped to detect and freeze the funds in the bank account. The Hacker News
• macOS Sequoia Updates Prevent Users’ Ability to Override Gatekeeper Protections to Install Unauthorized Software – Gatekeeper is built into macOS and used to ensure only trusted applications run on Apple devices. When macOS Sequoia launches, users will not be able to override Gatekeeper to open software which isn’t properly signed. The update is designed to help prevent malware targeting macOS and tricking users into overriding Gatekeeper protections. The Hacker News
• Proposed Legislation Would Require U.S. Treasury Department and Private Sector to Increase Capabilities to Combat Ransomware – The Public and Private Sector Ransomware Response Coordination Act would require the Treasury Department to provide a report on efforts to combat ransomware. Additionally, the Treasury Department would also need to review and report on financial institutions reporting requirements and recommendations on improving public-private partnerships. CyberScoop