Eric Geller Profile picture
Feb 17 7 tweets 2 min read
During panel at Munich Cybersecurity Conference, FBI Cyber Division's Tonya Ugoretz says "international standardization" of AML rules for cryptocurrency "would greatly help" stop ransomware. Many countries don't have consistent rules, so even well-meaning exchanges can't help.
Ugoretz: "Sometimes foreign exchanges want to be cooperative...but because they don't have that existing framework that provides consistency in the types of information that they're collecting about their customers, they may not even have the information on hand to provide..."
On ransomware, DHS Under Secretary for Policy Rob Silvers says “we are taking this problem on from all angles, and it's among our very highest cybersecurity priorities.” He notes stopransomware.gov, various alerts and guidance docs, and partnerships with other agencies.
Ugoretz: "I would certainly hope that we're not waiting for some sort of catalyst in the form of a catastrophic incident to be what moves us to make significant progress in this area. I'd like to think that we've learned some lessons from the 9/11 example … in that regard."
.@DAlperovitch says it's no accident that Russia arrested some ransomware hackers during the Ukraine crisis. "They're sending a signal to us that they can indeed be very helpful...but they will not do so, obviously, if the relations disintegrate over Ukraine."
Alperovitch predicts that if the West imposes severe sanctions on Russia over Ukraine, Russia may release the hackers it arrested, which "would send an unmistakable, even [if] unspoken, message to the Russian cybercrime ecosystem that it's open season on Western organizations."
But Alperovitch also says that cyber may not be Russia's first way of responding to sanctions, because it can also impose export controls on critical materials like palladium "that will do a lot to hurt the U.S. economy and the global economy and cause rising inflation."

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Eric Geller

Eric Geller Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @ericgeller

Feb 18
White House briefing starting now. Anne Neuberger, deputy national security adviser for cyber, is one of the speakers.
Neuberger: “While there are currently no specific or credible cyber threats to the homeland, the U.S. government has been preparing for potential geopolitical contingencies since before Thanksgiving.”
Essentially confirming recent WaPo story, Neuberger says USG "believes that Russian cyber actors likely have targeted the Ukrainian government, including military and critical infrastructure networks, to collect intelligence & preposition to conduct disruptive cyber activities."
Read 13 tweets
Feb 17
Deputy AG Lisa Monaco is speaking now at the Munich Cybersecurity Conference.

“We're adapting old tools to use in new ways," she says, "while also designing novel techniques to use in our major cyber investigations.”
Monaco: “The FBI is forming a specialized team dedicated to cryptocurrency, the Virtual Asset Exploitation Unit."

The team brings together cryptocurrency experts to "provide equipment, blockchain analysis, virtual asset seizure, and training to the rest of the FBI."
DOJ's National Cryptocurrency Enforcement Team now has a dozen prosecutors, Monaco says. And former AUSA Eun Young Choi, a senior counsel to Monaco, will be the team's first director. Choi oversaw the JPMorgan hack case.
Read 12 tweets
Feb 1
Deputy National Security Adviser for Cyber Anne Neuberger is traveling to Europe today for a week of meetings with U.S. partners on cyber issues, including the defense of Ukraine, senior administration officials told reporters.
Neuberger will start in Brussels w/ meetings w/ EU counterparts & NATO officials on cyber resilience, a sr admin official said, "including deterring, disrupting, and responding to further Russian aggression against Ukraine, neighboring states, and in our respective countries."
After Brussels, Neuberger will travel to Warsaw for meetings with Polish officials and reps from Baltic govts.

She'll also meet with reps from the "Bucharest Nine" group of eastern NATO allies, and she'll meet virtually with French and German officials.
Read 7 tweets
Nov 16, 2021
New: The Belarusian government is behind a wide-ranging campaign of cyberattacks on its Eastern European neighbors, @Mandiant says. subscriber.politicopro.com/article/2021/1…

Attacks targeted Ukraine, Lithuania, Latvia, Poland, and Germany, as well as Belarusian journalists and dissidents.
In research presented at @CYBERWARCON, Mandiant said it's attributing these attacks to Belarus based on technical evidence and the fact that the targets are "most consistent with Belarusian interests."

Some Belarusians targeted before disputed 2020 election were later arrested.
Mandiant said it had “sensitively sourced technical evidence” that the operation was based in Minsk, as well as “separate technical evidence” specifically linking the Belarusian military to the campaign.
Read 7 tweets
Nov 16, 2021
New: FBI Cyber Division chief Bryan Vorndran told House Oversight in written statement for the record that Biden admin is “troubled” that cyber incident reporting mandate doesn’t set up simultaneous reporting to CISA *and* FBI.

Story with @woodruffbets: politico.com/news/2021/11/1…
Going beyond what he said at the still-ongoing hearing, Vorndran's statement says the current legislation “fails to recognize the critical expertise and role” of DOJ/FBI.

Both CISA and the FBI “should immediately receive all information mandated to be reported,” Vorndran wrote.
Needless to say, this could throw a wrench into the plan to pass the painstakingly crafted incident reporting mandate that is in the House NDAA and is expected to be folded into the Senate NDAA soon.

I've asked the legislation's sponsors if they'll rework the provisions.
Read 8 tweets
Nov 16, 2021
New: The hackers behind a watering-hole campaign against targets in the Middle East may be using software from the Israeli spyware firm Candiru, recently targeted by U.S. export restrictions, according to @ESET: subscriber.politicopro.com/article/2021/1…
In research being presented today at @CYBERWARCON, ESET experts say an IP address linked to Candiru in a recent @citizenlab report has ties to two of the malicious domain names in the watering-hole attacks.
These watering-hole attacks spoofed websites of Yemen’s parliament & interior ministry, Iran’s foreign ministry, Syria’s electricity ministry, @MiddleEastEye, and Hezbollah-linked TV channels.

Fake sites delivered malware that exploited web browser vulnerabilities.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

:(