At a glance.
- Ransomware at the summit.
- Unintended consequences of regulation?
- Cybersecurity in US Federal contracting.
President Biden plans to bring up JBS attack with President Putin.
CNN reports President Biden’s intention of discussing at the upcoming summit with President Putin the ransomware attack on meat processing firm JBS, attributed by the FBI to Russian gang REvil, according to The Record. “Senior officials” from the two countries have already touched base over the incident. US Press Secretary Psaki articulated the Administration’s unfolding stance on host countries’ responsibility for resident cyber gangs’ behavior, noting that an array of responses is currently under review. Asked if he believed President Putin was “testing” him, President Biden responded, “No.”
Recorded Future threat intelligence analyst Dmitry Smilyanets said “everything can change” for REvil after the summit: “Putin could handle this problem if he can get something valuable out of it.”
Unintended consequences of regulation? The case of PS2D.
A report from Intsights looks at impact of the EU’s Revised Payment Services Directive (PSD2) on criminals’ behavior. The Directive seeks to secure electronic payments with Strong Customer Authentication (SCA), curtailing "card-not-present" fraud, but threat actors are also adapting to the measures. In addition to covering swindlers’ evolving methods, the report recommends “holistic fraud management” and offers a “quantitative analysis” of the Transaction Risk Analysis (TRA) exemption designed to discharge low-risk dealings from SCA burdens.
“The Dark Side Of PSD2: Fraudsters’ reaction to the EU regulation” examines how crooks sidestep two-factor authentication through social engineering, SIM swapping, software vulnerabilities, and account takeover attacks—and teach others to do the same, for a price. Inexpensive purchases are particularly vulnerable targets under the current exemption structure. PSD2’s fraud reporting requirements, however, incentivize merchants to stay ahead of the criminal curve.
Cybersecurity by Federal contract.
JD Supra breaks down the Biden Administration’s cyber Executive Order. As we’ve seen, the Order brings the following changes to the Federal landscape:
- event logging and reporting requirements
- software supply chain security improvements
- vulnerability and incident detection and response upgrades
- zero trust, cloud services, and workforce development investments
- uniform contractual provisions on cybersecurity
- a Cyber Safety Review Board
Government Executive surveys the potential cyber consequences of the Administration’s $6 trillion 2022 budget proposal, including IT, infrastructure, and Cybersecurity and Infrastructure Security Agency expenditures, and an effort to establish a “modern and diverse federal acquisition system.” A trade association representing Federal contractors highlighted language in the budget that “specifically references leveraging federal contractors to help implement critical programs,” calling contractors “valuable partners” to the Governments’ objectives.