Cyber Week in Review: November 4, 2022

The United States sanctions Iranian groups over crackdowns

The United States Department of Treasury sanctioned two Iranian officials, a major cybersecurity training school, and an Iranian company last Wednesday for their role in digital repression in the country during protests following Mahsa Amini’s death in September. Sahab Pardaz, a company which runs many of Iran’s social media filtering services, was sanctioned for social media censorship and internet shutdowns, and Ravin Academy, a cybersecurity training school, because its hackers disrupted the communications of those protesting the Iranian regime.. The officials and organizations are part of a larger group of fourteen individuals and three entities sanctioned in response to the violent actions and suppression of the protestors by the Iranian government. Ravin Academy published a statement denying the allegations of involvement in the crackdowns. At least 277 people have been killed in the protests since they began in September, according to Iran Human Rights.

Mondelez and Zurich American Insurance reach settlement in NotPetya payout case

Food company Mondelez International and insurance provider Zurich American Insurance Co. reached a settlement last Thursday in a lawsuit stemming from the 2017 NotPetya cyberattacks. NotPetya caused approximately $10 billion in damages worldwide and was widely attributed to Sandworm, a threat actor associated with Russian military intelligence agency GRU, although the Kremlin continues to deny involvement. Zurich refused to cover Mondelez International’s damages after the attack due to the “warlike” nature of NotPetya and because it was conducted by a “government or sovereign power.” According to court documents, Mondelez International lost more than 1,700 servers and 24,000 laptops to NotPetya, which wiped affected systems and rendered them inoperable. Insurance companies are changing their coverage policies following the NotPetya attack, and earlier this year Lloyd’s of London required that cyber insurance must include an exemption for catastrophic, state-backed attacks. It remains unclear what constitutes a state-sponsored or catastrophic attack under Lloyd’s policy.

United States hosts global ransomware summit

The White House hosted thirty six countries, and representatives from the European Union (EU), for the second International Counter Ransomware Initiative Summit this week to discuss how to prevent ransomware attacks from disrupting nations’ critical infrastructure. Participants included nations such as Israel, Ukraine, and India. Russia, North Korea, and Iran, major havens for ransomware gangs, were not invited. The summit, which also included companies such as Siemens, Microsoft, and Crowdstrike, focused on collaboration between the public and private sector, countering the use of cryptocurrency by cybercriminals, and holding threat actors accountable for ransomware attacks. Ransomware remains a potent threat to the United States, according to a new report released earlier this week from the U.S. Financial Crimes Enforcement Center (FinCEN), which showed ransomware gangs stole over $1.2 billion in the past year.

Red Cross proposes adding digital emblem to medical systems

The International Committee of the Red Cross (ICRC) released a new report on the possibility of adding a digital emblem to certain medical and ICRC systems to warn hackers that they are attacking non-combatants. The ICRC proposed several mechanisms for creating the emblem, including a domain name system (DNS) addition or an IP-based emblem. A red cross has long been a symbol that a building, vehicle, or person are participating in medical activity. The ICRC said that the emblem provide a clear boundary for cyber attackers operating on critical infrastructure networks. Hospitals have frequently been targeted by ransomware attackers over the last five years, with 66 percent reporting some kind of ransomware incident in 2021, and the ICRC’s own systems were compromised by an advanced persistent threat earlier this year.

EU Digital Markets Act comes into force

The recent EU Digital Markets Act came into force on Wednesday, November 1. The Digital Markets Act targets the unfair practices of “gatekeepers” such as Amazon, Google, and Meta. Businesses must meet several standards to be considered gatekeepers. A gatekeeper company has over forty five million active end users and ten thousand business users, or has $7.5 billion in revenue in the European Union or $75 billion in revenue worldwide. Gatekeepers will no longer be allowed to prioritize their own applications or payment systems on platforms they own and will be forced to allow third party companies greater access to the platform’s internal tracking systems. Companies are expected to be in compliance with the Digital Markets Act by March 2024. The EU has pioneered a new model of internet governance over the past decade, and the DMA is the latest addition to that framework.