At a glance.
- The French data regulator calls for cybersecurity recommendations.
- After Qakbot takedown, CISA and FBI warn companies to be vigilant.
- Microsoft criticizes UN’s proposed cybercrime treaty.
The French data regulator calls for cybersecurity recommendations.
France’s National Commission on Informatics and Liberty (CNIL) is urging operators of large-scale databases in the energy, transport, banking, and insurance sectors, as well as internet service providers and government agencies, to bolster their defenses against cyberattacks. The data regulator opened a consultation session on Monday aimed at developing a set of recommended advanced security practices for these entities. The consultation will be open until October 8, with the CNIL’s recommendations expected to be released in 2024. As Gov Info Security notes, the consultation comes on the heels of the recent data breach at Pôle emploi, the French government unemployment agency, which is estimated to have impacted over ten million individuals.
After Qakbot takedown, CISA and FBI warn companies to be vigilant.
The US Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) yesterday issued a cybersecurity advisory warning following the FBI”s recent takedown of the botnet supporting QakBot malware. The advisory states, “On August 25, FBI and international partners executed a coordinated operation to disrupt QakBot infrastructure worldwide. Disruption operations targeting QakBot infrastructure resulted in the botnet takeover, which severed the connection between victim computers and QakBot command and control (C2) servers.” QakBot works on a tiered server structure, and the FBI used a bureau-controlled computer to instruct Tier 1 servers to download and install an FBI-created module that contains a new encryption key, cutting off communication from the Qakbot administrators and terminating the running Qakbot process.
A press release explains that while the malware was initially used as a banking trojan, it has “since grown to deploy multiple types of malware, trojans, and highly-destructive ransomware variants targeting the United States and other global infrastructures, including the Election Infrastructure Subsector, Financial Services, Emergency Services, and Commercial Facilities Sectors.” As Help Net Security reports, while disrupting the botnet was a necessary first step, additional action must be taken to ensure that the lingering impact of QakBot is minimized. In addition to taking over infected devices, the malware also attempts to steal email credentials in order to deliver the malicious software to additional networks. To help determine where QakBot might still be lurking, the FBI has identified the IP addresses of other potentially infected computers in order to notify email service providers and hosting companies responsible for compromised accounts. As well, CISA and the FBI are disseminating QakBot indicators of compromise in order to help organizations better detect and defend against possible attacks.
Microsoft criticizes UN’s proposed cybercrime treaty.
Over the past two weeks, the United Nations has been negotiating a new international cybercrime treaty which, once adopted, will trigger a raft of new cybercrime laws across the globe. As the Register notes, the controversial treaty has been debated for over two years, and this marks the sixth round of negotiations. The current draft dramatically expands the definition of cybercrime, and some human rights groups argue that abuse of the treaty by authoritarian regimes could lead to government censorship and unlawful surveillance of the public. As the Record explains, It doesn’t help that the treaty was originally proposed by Russia with support from countries like China and North Korea, nations that have been known to suppress the views of their citizens. A press release from Human Rights Watch on Public reads, “The treaty as currently drafted risks criminalizing online expression and conduct that is protected under international human rights standards. It also authorizes the use of intrusive tools to investigate crimes without proper safeguards, and creates a new global framework for international cooperation that could result in a race to the bottom in cross-border policing.”
Tech giant Microsoft has also spoken out against the treaty, and in a message posted on LinkedIn on Tuesday stated that the current scope of the treaty is too broad. Amy Hogan Burney, Microsoft associate general counsel, wrote, “The risk is that the treaty will not be a tool for prosecuting criminals but rather a weapon that allows for intrusive data access and surveillance instruments. The result could be an international agreement granting authoritarian states the power to suppress dissent under the guise of fighting cybercrime.” As Axios reports, Burney goes on to recommend the UN restrict the definition of cybercrime to only "core cybercrime offenses" and add provisions to protect security researchers and limit government access to private data. While it’s unclear whether Microsoft’s message will be taken into consideration, a US State Department rep says officials are hopeful the UN will land on a more limited definition of cybercrime. This negotiation session ends on Friday, and the final session is scheduled for early next year.