DHS Announces Bolstering of Cybersecurity Protections Against Ransomware Attacks

This week, the United States Department of Homeland Security (DHS) announced several new measures that it will take to improve America's cybersecurity.

As part of this bold new strategy to fortify US Defenses against international threats, DHS Secretary Alejandro Mayorkas will be increasing cybersecurity spending via Federal Emergency Management Agency (FEMA) grants. 

"Cybersecurity is more important than ever, and we will build on the Department’s excellent work as we transform our whole-of-government approach to tackle the challenge we face as a nation," Mayorkas said in a published statement. 

The plan is for Mayorkas to promote the Cybersecurity and Infrastructure Agency’s (CISA) new program aimed at raising awareness about ransomware. Additionally, the US Secret Service will employ its Cyber Fraud Task Forces to target the more prolific ransomware gangs that have been victimizing schools, hospitals, schools and many public and private entities. 

Mayorkas is scheduled to appear at several events in the coming weeks and will speak on cybersecurity issues, as well as the need to engage America’s international partners on initiatives that will better secure the country against cyber threats. 

During his Senate confirmation hearing in January, Mayorkas noted that cybersecurity was one of his "highest priorities" and received praise from members of Congress, including House Homeland Security Committee Chairman Bennie Thompson (D-Miss.) and Rep. Yvette Clarke (D-N.Y.), the chair of the panel’s cybersecurity subcommittee.

"For several years, the Federal government has underestimated the cyber threats posed to state and local networks and neglected the federal government’s responsibility to help defend them," Thompson and Clarke relayed in a joint statement released on Monday. "Inaction has proven costly for victims – from Albany to Atlanta. And response to opportunistic breaches take the time away from defending against more sophisticated attacks."

The lawmakers noted that they intend to work with Mayorkas in attempting to pass the State and Local Cybersecurity Improvement Act. 

The bill, if passed, will create a $400 million grant program to fund improved defenses for state and local governments against cyberattacks, which have exploded as a result of societal changes during the COVID-19 pandemic.  

"By making strategic investments in raising the baseline cybersecurity posture of state and local governments, we can help avoid opportunistic attacks against them and free up resources to defend against more sophisticated threats," the statement from Thompson and Clarke added.  

CISA, the DHS subdivision that is tasked with defending America’s critical infrastructure, has been ramping up its manpower since the firing of former Director Christopher Krebs in the aftermath of the 2020 election. 

Nitin Natarajan was confirmed as deputy director of CISA earlier in February, while this week saw the agency announce that Eric Goldstein and David Mussington would be joining CISA in the roles of executive director for Cybersecurity and executive assistant director for Infrastructure Security, respectively. 

According to CISA’s Acting Executive Director, Brandon Wells, who is yet to be replaced by the new Biden administration, "CISA is gaining strong advocates and leaders with these appointments, and I welcome them to the team." Wells also added that, "Their appointments this early in the new administration signals a commitment to CISA’s mission and the recognition of our role in defending the nation’s critical infrastructure against cyber and physical threats." 

Reports have indicated that Wells may soon be replaced at CISA by Rob Silvers, a former Obama administration official.

As the Ransomware threat continues to gain more priority within the Biden administration, here are some of the more prevalent threats you need to look out for:

• Silver Sparrow Malware is dominating the news cycle as the mysterious Mac malware has already infected 30,000 Macs. Apple recently revoked the certificates of the malware developer accounts, and they believe that this will at least temporarily halt the spread of this infection. Similar to Pirrit and GoSearch22 adware, it affects Macs utilizing M1 chip technology.
• MassLogger, one of the more prevalent keyloggers is back with a fileless attack method it uses to perform password theft. The malware was recently deployed to steal passwords from Discord, Outlook, most major web browsers and NordVPN.
• Clop Ransomware, which hit the scene in 2019, continues to terrorize people in 2021. The Hackers that created this strain were able to exploit a vulnerability in FTA software and use it to steal sensitive data. Victims include Canadian airplane manufacturer Bombardier, tech firm Danaher, geo-spatial data company Fugro, Singapore telco Singtel, and American law firm Jones Day.
• BendyBear is a Chinese malware that is thought to be linked to cyberespionage group BlackTech. This group has a reputation for targeting tech firms and government agencies in Eastern Asia. 
• Total Anti Malware Protection, a so-called anti-virus program that employs intimidating system alerts, phony system scans, and scare tactics to trick victims into believing that they are dealing with dangerous threats, is designed to scare victims into subscribing for bogus paid services.