Новини

As the U.S. government seemed headed for a possible shutdown last week, cybersecurity firms began picking up on an alarming trend: a spike in cyberattacks targeting government agencies and the U.S. defense industry.

It has some analysts concerned that U.S. adversaries and criminal hackers might have been preparing to take advantage of weaker-than-usual cybersecurity if lawmakers had not been able to reach a deal to keep U.S. agencies open past September 30.

Check Point Software last week said it had detected an 18% increase in cyberattacks against U.S. agencies and U.S. defense companies during the previous 30 days, compared with weekly averages for the first half of the year.

The attacks, according to Check Point, focused on using malware programs designed to steal information and credentials, as well as a focus on exploiting known vulnerabilities.

A second cybersecurity company, Trellix, told VOA that it too saw “a significant spike” in ransomware attacks on U.S. government agencies over the past 30 days.

Trellix attributed 45% of the malicious cyber activity to Royal ransomware, which previously had been used to target a variety of U.S. manufacturing, health care and education sectors.

Agencies would be affected

A surge in the use of Royal ransomware earlier this year prompted the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) to issue an advisory this past March. And some cybersecurity analysts have linked Royal ransomware to Russian cybercriminals.

As for the recent spike in attacks, using Royal and other malware, analysts are concerned.

“I can’t state this is related to the impending shutdown,” Patrick Flynn, head of the Advanced Programs Group at Trellix, told VOA via email. “But one could speculate it probably has something to do with it.”

Concerns

While refusing to comment directly on the pace of cyberattacks as it related to the potential shutdown, U.S. government agencies did express concern.

“[The] Cybersecurity and Infrastructure Security Agency’s (CISA) capacity to provide timely and actionable guidance to help partners defend their networks would be degraded,” the Department of Homeland Security said in a fact sheet before the shutdown was averted.

“CISA would also be forced to suspend both physical and cybersecurity assessments for government and industry partners, including election officials as well as target rich, cyber poor sectors like water, K-12, and health care, which are prime targets for ransomware,” it added.

DHS did say that had there been a shutdown, some of its employees who specialize in cybersecurity would have been required to work without pay.

While not commenting directly on the question of cybersecurity, the FBI told VOA in a statement that some of its personnel would also have been required to work in the case of a shutdown to support bureau activities that “involve protecting life and property.”

For now, some of those fears have been put aside after lawmakers agreed on a bill that will fund the U.S. government until November 17.

But if ongoing talks on legislation to fully fund the government for the coming year stall, it could again put U.S. government networks in the crosshairs.

Attacks seem part of trend

Not all cybersecurity analysts are convinced a government shutdown would make the U.S. more vulnerable to cyberattacks.

Trellix told VOA that while malicious cyber activity spiked in the month leading up to passage of the temporary funding bill, the attacks seemed to be part of a larger, months-long trend that has seen cyber actors increasingly target governments across the globe.

Other cybersecurity firms caution that other recent U.S. government shutdowns, including those in 2013 and in late 2018 to early 2019, have not led to a jump in attacks.

“Mandiant hasn’t historically seen any upward trends of cyberattacks tied to government shutdown,” said Ben Read, the head of cyber espionage analysis at Mandiant-Google Cloud.
…

Meta is proposing to offer European users subscription-based versions of Instagram and Facebook if they would rather not be tracked for ads, a source said on Tuesday.

The idea, first reported by the Wall Street Journal, comes as the social media giant seeks to comply with a growing list of EU regulations designed to curb the power of U.S. big tech.

The company founded by Mark Zuckerberg makes its billions of dollars in profit by offering advertisers highly individualized data on users, but new European regulations and EU court decisions have made that practice harder to do.

The proposal has been put to EU regulators and is another example of big tech companies having to adapt long-held practices to meet oncoming EU rules.

The source close to the matter said subscribers in Europe could pay $10.50 a month for a desktop version of Instagram or Facebook, or $13.50 a month for Instagram on their phones.

Social media platforms have increasingly floated the idea of charging users for access to their sites, whether to comply with data privacy regulations or better guarantee the identity of users.

But the practice would be a major shift for the social media industry that grew exponentially over the past decade on an advertising model that made the site free for users in return for being tracked and seeing highly personalized ads.

The proposal could help meet several regulations, including the Digital Markets Act, which imposes a list of do’s and don’ts on big tech companies in Europe, including a ban on tracking users when they surf other sites if their consent hasn’t been clearly granted.

It also follows the recommendation of the EU’s highest court, which in a July decision said that Meta platform users who declined to be tracked should be offered an ad-free alternative “for an appropriate fee.”

That ruling echoed many previous rulings against Meta and other big tech firms in which the court ruled that the U.S. company must ask for permission to collect large amounts of personal data, striking down various workarounds that Meta had offered.

Meta declined to comment directly on the Wall Street Journal report but said in a statement that it still “believes in the value of free services which are supported by personalized ads.”

“However, we continue to explore options to ensure we comply with evolving regulatory requirements.”

Meta reported second-quarter revenues of $32 billion, of which $31.5 billion came from advertising. Some $7.2 billion of that came from Europe.
…

New technologies are giving bionic hands some of the more complex features of human hands. Genia Dulot reports on a California company that is using touch feedback to give users a sense of the objects they are holding or interacting with
…

A Kenyan parliamentary panel called on the country’s information technology regulator on Monday to shut down the operations of cryptocurrency project Worldcoin within the country until more stringent regulations are put in place.

The government suspended the project in early August following privacy objections over its scanning of users’ irises in exchange for a digital ID to create a new “identity and financial network.”

Worldcoin was rolled out in various countries around the world by Tools for Humanity, a company co-founded by OpenAI CEO Sam Altman. It has also come under scrutiny in Britain, Germany and France.

The project still has a virtual presence in Kenya and can be accessed via the internet, even after the August suspension.

The regulatory Communications Authority of Kenya should “disable the virtual platforms of Tools for Humanity Corp and Tools for Humanity GmbH Germany [Worldcoin] including blacklisting the IP addresses of related websites,” the ad hoc panel of 18 lawmakers said in a report.

It also called for the suspension of the companies’ “physical presence in Kenya until there is a legal framework for regulation of virtual assets and virtual services providers.”

Worldcoin’s press office said it had “not seen anything official announced by the Committee directly.”

The panel’s report will be tabled at the National Assembly for consideration and adoption at a later date.

During the suspension of data collection in August, authorities said the project’s method of obtaining consumer consent in return for a monetary award of just over $50 at the time bordered on inducement.

Registering to use the platform involved long lines of people queuing to get their irises scanned. The parliamentary panel’s investigation found that Worldcoin may have scanned the eyes of minors as there was no age-verification mechanism during the exercise, its report said.

The panel also asked government ministries to develop regulations for crypto assets and firms that provide crypto services and called on the police to investigate Tools for Humanity and take any necessary legal action.
…