Cyber Week in Review: October 30, 2020

U.S. Treasury Department Sanctions Russia’s CNIIHM

Last Friday, the U.S. Treasury Department imposed sanctions on a Russian research center, the Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM), for having connections with the Triton malware. The malware made headlines in 2017 after it was deployed at a petrochemical plant in Saudi Arabia, sabotaging safety systems and risking an explosion. Triton’s creators have also been accused of probing upwards of twenty U.S. electric utilities in 2019. The Treasury Department’s sanctions are the latest in Western governments’ efforts to discourage malicious Russian cyber activity. Last Monday, the Department of Justice indicted six Russian military intelligence (GRU) officials for a series of cybercrimes, and last Thursday, U.S. government agencies exposed recent Russian hacking activity while the European Union levied sanctions on GRU hackers for compromising German parliament networks in 2015.

China Cracks Down on Mobile Browsers

On Monday, the Cyberspace Administration of China (CAC) announced that Chinese mobile browsers must purge sensationalist headlines, gossip, and content that doesn’t align with the values of socialism by November 9. Currently, the CAC considers mobile browsers “uncivilized” and “a gathering place and amplifier for dissemination of chaos.” Under particular scrutiny is “self-media”—social media accounts that publish news and are independent of the Chinese government—and is often used to share narratives and information unreported by state media. Browsers belonging to Huawei, UCWeb, and Xiaomi will be among the first investigated for potential violations after the deadline, and Huawei has already agreed to cooperate. Yu Ping, previously a reporter for Southern Metropolis Daily, has called China’s broad internet censorship efforts “a naked information monopoly.”

Australia, Japan, and the United States to Jointly Fund Palau Undersea Telecoms Cable

On Wednesday, Australia's Foreign Minister Marise Payne, Japanese Foreign Minister Toshimitsu Motegi, and U.S. Secretary of State Mike Pompeo announced that Australia, Japan, and the United States will jointly fund Palau’s new $30 million undersea telecoms cable. The cable, connecting Palau to a larger undersea line between Singapore and the United States, will support the large amounts of data demanded by 5G networks that will pass through the Indo-Pacific region in the coming years. The joint project is part of broader efforts to offset China’s rising technological influence [PDF] in the Indo-Pacific. “This project is very important for Palau strategically and geographically,” said Motegi. Palau has also recently requested that the United States grow its military presence on the island: two months ago, Palau’s president urged the U.S. to establish “joint use facilities, then come and use them regularly.”

Georgia County Election Data Released After Officials Refused to Pay Ransomware

On Wednesday, hackers released voters’ private information taken from government databases in Hall County, Georgia after officials allegedly refused to pay a ransom. The files included voter names and registration numbers, an inventory of election equipment, and ballots identified to contain mismatched signatures. Given that the published files are labeled as “example files,” it is expected that the hackers will continue to release increasingly sensitive information if the ransom remains unpaid. Hall County’s election infrastructure, including a voting precinct map and voter signature database, was first compromised by ransomware on October 7. It was the first known instance of ransomware affecting election systems during the 2020 election. At the time the attack was first announced, officials claimed that citizen and employee data, as well as the voting process, remained uncompromised. Last week, the FBI and CISA announced that Russian hackers had also potentially gained access to election infrastructure after successfully targeting a wide range of government computer networks.

Six Hospitals Hit by Ryuk Ransomware

On Monday, Ryuk, a ransomware linked to Russia, encrypted data on computers at six U.S. hospitals, disrupting patient care in some instances. Several hospitals have paid a ransom, which reportedly exceeded $1 million. “If they can do this to six hospitals, there’s no reason they can’t do this to a dozen,” said Allan Liska, a cybersecurity analyst at Recorded Future. “Patient care could be seriously impacted.” The global health-care system is already facing extreme pressure from rising coronavirus infection rates that threaten to surpass spring peaks, and this is not the first instance of ransomware targeting health-care systems. In September, a German woman died after an unknown ransomware attack forced health-care providers to divert her to a more distant hospital for treatment. Shortly after this incident, the Ryuk ransomware slowed critical services at Universal Health Services when it forced medical record, laboratory, and pharmacy systems offline.