Eric Geller Profile picture
Feb 18 13 tweets 2 min read
White House briefing starting now. Anne Neuberger, deputy national security adviser for cyber, is one of the speakers.
Neuberger: “While there are currently no specific or credible cyber threats to the homeland, the U.S. government has been preparing for potential geopolitical contingencies since before Thanksgiving.”
Essentially confirming recent WaPo story, Neuberger says USG "believes that Russian cyber actors likely have targeted the Ukrainian government, including military and critical infrastructure networks, to collect intelligence & preposition to conduct disruptive cyber activities."
Neuberger: "We believe that the Russian government is responsible for wide-scale cyber attacks on Ukrainian banks this week."

First word from the Biden administration that Russia was behind the DDoS attacks.
Neuberger says infrastructure belonging to Russia's Main Intelligence Directorate, aka the GRU, "was seen transmitting high volumes of communication to Ukraine-based IP addresses and domains."
Since November, Neuberger says, the U.S. has "further intensified our support to the government of Ukraine, specifically to network defenders, working to help them respond to and recover from cyber incidents, as well as strengthen the resilience of cyber critical infrastructure."
The U.S. shared the intelligence underpinning its DDoS attribution with Ukrainian and European partners, Neuberger says.

She says the attacks were "consistent with what a Russian effort could look like in laying the groundwork" for more disruptive hacks accompanying an invasion.
Neuberger, asked when U.S. attributed: “The speed with which we made that attribution … is very unusual, and we've done so because of a need to call out the behavior quickly, as part of holding nations accountable when they conduct disruptive or destabilizing cyber activity.”
Q: Are you confident that private sector is prepared for spillover?

Neuberger: “We are confident that we have worked closely with the private sector to press critical infrastructure owners and operators in the private sector to take the necessary steps to deploy cyber defenses.”
Neuberger: "We've shared sensitive information ... and we've exercised the maximum of government authorities to mandate those steps as needed. We know that, should anything occur, we'll work closely with the private sector to rapidly respond and recover.”
Several of the White House reporters' questions about possible hacks of critical infrastructure have focused on banks. (One asked if Americans can be confident that their money is safe.)

But the banks, and our money, are arguably the best protected of any infrastructure.
Asked if a hack of Ukraine's power grid would be a red line for the U.S. triggering retaliatory cyberattacks, Neuberger says "disruptive or destructive attacks," especially against infrastructure, are "of significant concern" and "outside the boundaries of international norms."
Asked which infrastructure sectors are the most vulnerable, Neuberger cites power, comms, and water, three places where infrastructure has "digitized quickly" and needs a resilience boost.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Eric Geller

Eric Geller Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @ericgeller

Feb 17
During panel at Munich Cybersecurity Conference, FBI Cyber Division's Tonya Ugoretz says "international standardization" of AML rules for cryptocurrency "would greatly help" stop ransomware. Many countries don't have consistent rules, so even well-meaning exchanges can't help.
Ugoretz: "Sometimes foreign exchanges want to be cooperative...but because they don't have that existing framework that provides consistency in the types of information that they're collecting about their customers, they may not even have the information on hand to provide..."
On ransomware, DHS Under Secretary for Policy Rob Silvers says “we are taking this problem on from all angles, and it's among our very highest cybersecurity priorities.” He notes stopransomware.gov, various alerts and guidance docs, and partnerships with other agencies.
Read 7 tweets
Feb 17
Deputy AG Lisa Monaco is speaking now at the Munich Cybersecurity Conference.

“We're adapting old tools to use in new ways," she says, "while also designing novel techniques to use in our major cyber investigations.”
Monaco: “The FBI is forming a specialized team dedicated to cryptocurrency, the Virtual Asset Exploitation Unit."

The team brings together cryptocurrency experts to "provide equipment, blockchain analysis, virtual asset seizure, and training to the rest of the FBI."
DOJ's National Cryptocurrency Enforcement Team now has a dozen prosecutors, Monaco says. And former AUSA Eun Young Choi, a senior counsel to Monaco, will be the team's first director. Choi oversaw the JPMorgan hack case.
Read 12 tweets
Feb 1
Deputy National Security Adviser for Cyber Anne Neuberger is traveling to Europe today for a week of meetings with U.S. partners on cyber issues, including the defense of Ukraine, senior administration officials told reporters.
Neuberger will start in Brussels w/ meetings w/ EU counterparts & NATO officials on cyber resilience, a sr admin official said, "including deterring, disrupting, and responding to further Russian aggression against Ukraine, neighboring states, and in our respective countries."
After Brussels, Neuberger will travel to Warsaw for meetings with Polish officials and reps from Baltic govts.

She'll also meet with reps from the "Bucharest Nine" group of eastern NATO allies, and she'll meet virtually with French and German officials.
Read 7 tweets
Nov 16, 2021
New: The Belarusian government is behind a wide-ranging campaign of cyberattacks on its Eastern European neighbors, @Mandiant says. subscriber.politicopro.com/article/2021/1…

Attacks targeted Ukraine, Lithuania, Latvia, Poland, and Germany, as well as Belarusian journalists and dissidents.
In research presented at @CYBERWARCON, Mandiant said it's attributing these attacks to Belarus based on technical evidence and the fact that the targets are "most consistent with Belarusian interests."

Some Belarusians targeted before disputed 2020 election were later arrested.
Mandiant said it had “sensitively sourced technical evidence” that the operation was based in Minsk, as well as “separate technical evidence” specifically linking the Belarusian military to the campaign.
Read 7 tweets
Nov 16, 2021
New: FBI Cyber Division chief Bryan Vorndran told House Oversight in written statement for the record that Biden admin is “troubled” that cyber incident reporting mandate doesn’t set up simultaneous reporting to CISA *and* FBI.

Story with @woodruffbets: politico.com/news/2021/11/1…
Going beyond what he said at the still-ongoing hearing, Vorndran's statement says the current legislation “fails to recognize the critical expertise and role” of DOJ/FBI.

Both CISA and the FBI “should immediately receive all information mandated to be reported,” Vorndran wrote.
Needless to say, this could throw a wrench into the plan to pass the painstakingly crafted incident reporting mandate that is in the House NDAA and is expected to be folded into the Senate NDAA soon.

I've asked the legislation's sponsors if they'll rework the provisions.
Read 8 tweets
Nov 16, 2021
New: The hackers behind a watering-hole campaign against targets in the Middle East may be using software from the Israeli spyware firm Candiru, recently targeted by U.S. export restrictions, according to @ESET: subscriber.politicopro.com/article/2021/1…
In research being presented today at @CYBERWARCON, ESET experts say an IP address linked to Candiru in a recent @citizenlab report has ties to two of the malicious domain names in the watering-hole attacks.
These watering-hole attacks spoofed websites of Yemen’s parliament & interior ministry, Iran’s foreign ministry, Syria’s electricity ministry, @MiddleEastEye, and Hezbollah-linked TV channels.

Fake sites delivered malware that exploited web browser vulnerabilities.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

:(