At a glance.
- US DHS program provides funding for state and local government cybersecurity.
- International operation takes down Qakbot.
US DHS program provides funding for state and local government cybersecurity.
The US Department of Homeland Security is offering $374.9 million in funding to support the cybersecurity efforts of state, local, and territorial governments, the National Law Review reports. The 2023 State and Local Cybersecurity Grant Program (SLCGP) aims to help local governments manage and reduce systemic cyber risks through focused investments in cybersecurity planning and exercising, hiring cyber personnel, and improving critical cyber infrastructure. Established under Section 2218 of 2021’s Infrastructure Investment and Jobs Act, the SLGCP is focused on protecting information systems owned or operated by local governments.
The initiative is in keeping with the Biden administration’s recently announced National Cybersecurity Strategy, which called out the nation’s over-reliance on local governments when it comes to US cybersecurity. That said, local and state governments play an integral role in defending critical infrastructure, and the SLCGP’s goal is to ensure they have the financial support to do so. According to the program’s Notice of Funding Opportunity, in order to be considered for support applicants must submit a cybersecurity strategy that aligns with the program’s principles. This includes a membership list for a Cybersecurity Planning Committee and a Cybersecurity Charter, which the Cybersecurity and Infrastructure Security Agency must approve before funds are released. The application deadline is October 6, and awards can be expected in December.
International operation takes down Qakbot.
Yesterday the US Justice Department announced the takedown of the Qakbot botnet. Led by the US FBI, it was a multinational action with participation by France, Germany, the Netherlands, Romania, Latvia, and the United Kingdom. The basic approach the agencies followed was first, to obtain lawful access to the infrastructure and redirect traffic to servers the Bureau controlled. Any computer redirected to the server received an uninstaller file that removed the Qakbot malware. The US Attorney for the Central District of California explained Qakbot's place in the criminal economy. "According to court documents, Qakbot, also known by various other names, including 'Qbot' and 'Pinkslipbot,' is controlled by a cybercriminal organization and used to target critical industries worldwide. The Qakbot malware primarily infects victim computers through spam email messages containing malicious attachments or hyperlinks. Once it has infected a victim's computer, Qakbot can deliver additional malware, including ransomware, to the infected computer. Qakbot has been used as an initial means of infection by many prolific ransomware groups in recent years, including Conti, ProLock, Egregor, REvil, MegaCortex, and Black Basta. The ransomware actors then extort their victims, seeking ransom payments in bitcoin before returning access to the victim computer networks." For more on Operation Duck Hunt, see CyberWire Pro.