Weekly News Roundup: October 30, 2017
Bad Rabbit Becomes Third Major Ransomware Attack of 2017
Last week, Bad Rabbit became the third major ransomware attack of 2017 after WannaCry and Petya / NotPetya. We’ve collected a few articles that describe the Bad Rabbit attack and its implications.
- Bad Rabbit: Ten things you need to know about the latest ransomware outbreak (ZD Net)
- Bad Rabbit used NSA “EternalRomance” exploit to spread, researchers say (Ars Technica)
- Security Firms Say Bad Rabbit Attack Carried Out by NotPetya Group (Bleeping Computer)
- #BadRabbit Actors Planned Attacks Since 2016 (Infosecurity Magazine)
- Infrastructure for the ‘Bad Rabbit’ Ransomware Appears to Have Shut Down (Motherboard)
Strengthening Cybersecurity Information Sharing and Coordination in Our Ports Act of 2017 Passes House
Last Tuesday, the House passed the Strengthening Cybersecurity Information Sharing and Coordination in Our Ports Act of 2017 by a voice vote. Sponsored by Rep. Norma Torres (D-Calif.), the bill would improve information sharing and cooperation in addressing cybersecurity risks at US ports through several measures:
- Setting standards for reporting
- Providing guidance to ports
- Bringing port representatives to the table for future planning
- Modernizing how the Coast Guard addresses cyber threats
Torres introduced the legislation following the NotPetya worm attack, which shut down the biggest terminal at the port of Los Angeles.
DHS and FBI Release Alert About Threat Activity Targeting Energy and Critical Infrastructure Sectors
On Friday, October 20, the Department of Homeland Security (DHS) and the FBI released Alert (TA17-293A) titled “Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors.” According to the alert, there are currently “advanced persistent threat (APT) actions targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors. […] DHS assesses this activity as a multi-stage intrusion campaign by threat actors targeting low security and small networks to gain access and move laterally to networks of major, high value asset owners within the energy sector. Based on malware analysis and observed IOCs, DHS has confidence that this campaign is still ongoing, and threat actors are actively pursuing their ultimate objectives over a long-term campaign.”
International Communications Privacy Act May Hasten US-UK Law Enforcement Info Sharing
The bipartisan International Communications Privacy Act, introduced by Senator Orrin Hatch (R-Utah) in July, may hasten an agreement between the US and UK to share data held by tech companies when law enforcement officials of either country request it. This law would supersede current privacy laws that have prohibited and complicated sharing this data for law enforcement purposes. According to the Financial Times (quoted in Engadget), “[The proposed UK-US bilateral data access agreement] would help law enforcement and security agencies protect the public through accessing data stored or controlled by companies in each others' countries in support of serious crime and terrorism investigations, and would include strong safeguards and maintain rigorous privacy protections for citizens.”
US Justice Department Will Ease Up on Information Demands from Tech Companies
After Microsoft sued the US government for requesting too much private user data for indefinite periods, the Department of Justice said it would ease up on the number and nature of its requests. According to Bloomberg Technology, “Going forward, prosecutors must ‘conduct an individualized and meaningful assessment’ of whether a secrecy order is needed, according to a memo issued by Deputy Attorney General Rod Rosenstein. For internet users whose data is sought, the government shouldn’t delay notifying them for more than a year, except ‘barring exceptional circumstances,’ according to the memo.”