Cyber Week in Review: October 29, 2021

REvil Forced Offline by FBI, U.S. Cyber Command, in Joint Operation with Several Countries 

REvil, the Russian group behind a series of high-profile ransomware attacks across the West, was taken offline in a coordinated cyberattack by the United States and its partners. The move marks one of the first offensive cyber operations by Western powers against ransomware gangs. The server disruption comes after the FBI delayed the release of a universal encryption key needed to unlock the IT firm Kaseya’s servers earlier this year. The FBI were apparently able to compromise REvil’s systems after gaining access to the encryption key, which likely led REvil to shut down operations for several months while they attempted to remove the malware from their systems. However, when the group restarted from an older backup of its systems, the FBI and other agencies were able to gain access and bring down REvil’s servers. The takedown of REvil led several other major ransomware groups to threaten retaliation, with Groove, another Russia-based ransomware gang, publishing a blog post threatening to attack the U.S. public sector. The United States has been placing greater emphasis on combating ransomware recently, announcing several anti-ransomware initiatives, and the effort appears to be paying off.   

FTC Opens Investigation Into Facebook Over Whistleblower Disclosures 

The Wall Street Journal reported Wednesday that Federal Trade Commission (FTC) officials have begun looking into whether Facebook failed to disclose the true scope of its research into the harms of its social media networks. The investigation stems from earlier disclosures by Francis Haugen, a former Facebook employee who leaked troves of documents which included internal research conducted by Facebook into the harm the social networks the company owns can cause. The FTC is looking specifically into whether Facebook violated the terms of a 2019 settlement where the company agreed to pay regulators over $5 billion and forced it to adhere to new, more stringent privacy standards. The FTC is examining whether Facebook should have disclosed the information leaked by Ms. Haugen to investors and users as part of that earlier settlement. If the commission determines that Facebook misled users, it could levy large penalties against the company. The FTC isn’t the only federal agency investigating Facebook, as the WSJ report also stated that the Securities and Exchanges Commission (SEC) was looking into whether Facebook had misled investors. If the SEC were to investigate Facebook, it could pose big problems for the company. Facebook’s regulatory issues don’t appear to be letting up anytime soon, as federal and congressional groups have been heavily scrutinizing the company’s activities since Ms. Haugen’s disclosures earlier this month. 

SolarWinds Hackers Attacking U.S. cyber Infrastructure Once Again, Seeking Data 

Microsoft announced earlier this week that Nobelium, the group behind the SolarWinds hack in 2020, is believed to be targeting U.S. companies once again in an effort to steal more data from various businesses in the United States. According to Microsoft, Nobelium is targeting service providers to gain access to trusted channels of communication, which it can then use to enter the systems of companies downstream from the original hacked firm. These new revelations come despite the announcement of U.S. sanctions against Russia earlier this year for both the SolarWinds hack and Russian interference in the 2016 election. While Microsoft and other cybersecurity groups have called the attacks a significant intrusion, U.S. officials downplayed the severity of the hack, with some officials characterizing the attacks as routine espionage. Unlike the earlier SolarWinds hack, Microsoft believes it detected this attack in its early stages and that Nobelium only managed to compromise around 14 of the 140 companies targeted.  

Antony Blinken Announces new Cybersecurity Ambassador at the State Department 

Secretary of State Antony Blinken announced on Wednesday that the Biden administration would be creating two positions within the State Department devoted to cybersecurity and emerging technologies. The State Department will create a Cyberspace and Digital Policy Bureau, headed by a Senate-confirmed ambassador-at-large. The announcement also notes that the secretary of state will name a special envoy for critical and emerging technology. The Cyberspace Solarium Commission had recommended the creation of the bureau, and Senator Angus King (I-ME), the chairman of the commission, announced his support for the move. The policy change also represents a broader pivot towards cybersecurity, as Blinken committed to hiring more individuals with a background in science and technology in the department.  

Iranian Gas Stations Hacked and Shut Down 

Iran was hit by a massive cyberattack Tuesday, as gas stations across the country shut down due to malware. The attack appeared to affect gas stations which accepted Iranian gas subsidy cards. The attack rendered the cards useless and led to huge lines at gas stations across the country. It took hours for many stations to resume service, although Iranians were able to buy gas during that time at a higher, unsubsidized price. The attack may be tied to the group Indra, suspected hacktivists opposed to the Iranian government, who launched a cyberattack against the Iranian rail system in July of this year. The attack may have also been timed to fall near the anniversary of massive protests in Iran in 2019. At that time, the country was rocked as rising gas prices spurred protests which became some of the largest social unrest seen in the country in decades and prompted heavy-handed repression by the government.  

A Reemergence of Crypto, NFTs in China? 

Despite China announcing its intention to ban the generation and exchange of crypto assets in September, Ant Group and Tencent reintroduced non-fungible tokens (NFTs), digital assets which carry unique identifiers and function like certificates of ownership for images or videos, onto their trading platforms as “digital collectibles.” Beijing has accused cryptocurrencies of fostering gambling, fraud, and money laundering, warning citizens that a “huge bubble” could occur in the NFT market. However, Chinese traders’ faith in NFTs appears to reflect their attempted “[decoupling of] blockchain applications from cryptocurrencies in order to protect the former from regulatory action,” according to Zeyi Yang of Protocol. Ant Group and Tencent seem to be following this strategy, as both firms emphasized that the digital assets have no inherent monetary attributes and are not resold for profit. McDonald’s China’s giveaway of over 150 NFTs to consumers this month reaffirm companies’ attempt to reframe NFTs as a benign asset despite nominal compliance with Beijing’s standards. Look for companies to continue to navigate a heightened regulatory environment while China prepares to launch its own NFT infrastructure in January 2022, and the NFT-trading landscape will again transform.