Overnight Cybersecurity: Ransomware attack – where we stand now | Researchers find North Korean connection | Lawmakers to vote on cyber bills

Overnight Cybersecurity: Ransomware attack – where we stand now | Researchers find North Korean connection | Lawmakers to vote on cyber bills
© Getty

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...

THE BIG STORY: 

--WORLD REACTS TO RANSOMWARE ATTACK: The United States and countries around the world sought to manage the spread of the "Wanna Cry" ransomware attack over the weekend after it began to impact multiple sectors and countries on Friday. The attack had spread to 150 countries as of Monday and dealt blows to British hospitals, Germany's railway network, and FedEx. The ransomware campaign appeared to exploit a vulnerability in Microsoft Windows discovered by the National Security Agency (NSA) and leaked publicly earlier this year by hacker group Shadow Brokers.

--WHERE WE STAND: Homeland Security Advisor Tom Bossert manned the lectern for the administration on Wednesday to give an update on the ransomware outbreak. His message, in part, was like many others: the situation was both better than it could have been and worse than it should have been. ... Wanna Cry has done enough damage that the White House is now getting twice a day briefings on the outbreak. But at the same time, said Bossert, Wanna Cry did not appear to be having the kind of impact in the United States that it had in Asia and Europe. No federal systems were hit and only a "small number" of U.S. businesses were affected.

Click here for more on the impact.

ADVERTISEMENT
--RESEARCHERS FIND NORTH KOREAN CONNECTION: Researchers have discovered identical code in the Wanna Cry ransomware and a North Korean state hacking group. Google security researcher Neel Mehta appears to be the first to have noticed that large swaths of computer code in an early version of Wanna Cry were identical to code used by the Lazarus Group, a team of hackers linked to the government of North Korea. ... Mehta tweeted a roadmap researchers could use to find the overlapping code on Monday.

The overlap has swayed other researchers. Kaspersky Lab noted that the matching code was removed from later versions of the ransomware, which they believe would be unlikely if it had been intended to throw researchers off the scent of the real criminals. The overlap only shows up in a sample from February. 

"We believe a theory a false flag although possible, is improbable," Kaspersky Lab explained in a blog post.

Click here to read more on the suspected North Korean connection.

--MICROSOFT TAKES AIM AT GOVERNMENT HACKING TOOLS: On Sunday, Microsoft president and chief legal officer Brad Smith partially blamed the U.S. government for the ransomware campaign, urging governments to stop stockpiling hacking techniques. "This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage," Smith wrote. "The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world."

To read the rest of our piece, click here.  

--REACTION: U.S. lawmakers have sounded alarm over the ransomware attacks, Sen. Ben Sasse (R-Neb.) saying that it is likely to be a "watershed moment" in history. Rep. Ted Lieu (D-Calif.) expressed grave concerns about the apparent connection to the NSA, highlighting his pursuit of legislation that would reform the process by which the federal government decides to disclose software vulnerabilities to manufacturers. "Today's worldwide ransomware attack shows what can happen when the NSA or CIA write malware instead of disclosing the vulnerability to the software manufacturer," Lieu said.

--Other noteworthy reactions came from NSA leaker Edward Snowden, who called it "a perfect storm of all the problems everyone has been warning about" at a privacy issues conference Monday morning; and Russian President Vladimir Putin used it to jab at the United States.

To read more, check out our five things to know about the global ransomware attack.

A POLICY UPDATE: 

IT MODERNIZATION GETS A PRICE TAG: Legislation moving swiftly through Congress that would incentivize federal agencies to modernize their IT infrastructure would cost $500 million over a five-year period, according to the Congressional Budget Office (CBO).

The score is likely welcome news for the bipartisan cosponsors of the new version of the Modernizing Government Technology Act, a legislative effort that hit a snag late last year when the CBO priced implementation of the bill at $9 billion.

The bill, introduced by a group of lawmakers in the House and Senate, would set up two channels of funding for agencies to adopt modern, more secure IT equipment. It would create a general fund for agencies to borrow from for modernization efforts and would also allow agencies to keep money saved from replacing legacy systems and spend it on future modernization efforts within three years.

The bill passed the House late last year but stalled in the Senate after the CBO assessed that it would cost $9 billion to implement, including $3 billion alone for the modernization fund.

House lawmakers are expected to vote on this bill this week.

To read the rest of our piece, click here.

A COMEY CLICK: The saga surrounding FBI director James Comey's ouster continues. On Monday, Senate Majority Leader Mitch McConnellAddison (Mitch) Mitchell McConnellGOP strategist donates to Alabama Democrat McConnell names Senate GOP tax conferees Brent Budowsky: A plea to Alabama voters MORE (R-Ky.) announced that deputy attorney general Rod Rosenstein would brief all 100 senators on President Trump's firing of Comey on Thursday.

Rosenstein has been at the center of the controversy. White House officials cited a memo from Rosenstein and Attorney General Jeff SessionsJefferson (Jeff) Beauregard SessionsGOP strategist donates to Alabama Democrat House passes concealed carry gun bill Rosenstein to testify before House Judiciary Committee next week MORE faulting Comey's handling of the handling of Hillary ClintonHillary Diane Rodham ClintonGrassley blasts Democrats over unwillingness to probe Clinton GOP lawmakers cite new allegations of political bias in FBI Top intel Dem: Trump Jr. refused to answer questions about Trump Tower discussions with father MORE's use of a private email server as the reason for the firing.

But last week, Trump said that he would have fired Comey regardless of the recommendation in an interview with NBC News. He also indicated that the bureau's investigation into Russian election interference--including a probe into any ties between Trump's campaign and Moscow--played a role in his decisionmaking.

The briefing with Rosenstein will take place at 2:30 p.m. Thursday. The Senate previously invited Comey to testify at a closed session about his firing, but Comey declined. Reports have indicated that Comey is willing to testify, but only in public.

To read our piece about Rosenstein, click here.

A REPORT IN FOCUS: The Government Accountability Office (GAO) is out with a report on the Internet of Things (IoT), which offers a number of insights on the potential implications of the rapid spread of internet-connected devices on consumers, business, and policymakers. Unsurprisingly, the report delves into impacts on information security and privacy.

"The IoT brings the risks inherent in potentially unsecured information technology systems into homes, factories, and communities. IoT devices, networks, or the cloud servers where they store data can be compromised in a cyberattack," the report states.

There has been heightened concern about the cybersecurity of IoT devices in the wake of the highly-publicized distributed denial of service (DDoS) attack targeting web services provider Dyn last October. The attack, which took down popular websites like Twitter and Amazon, leveraged thousands of infected IoT devices.

To read the full GAO report, click here.

WHAT'S IN THE SPOTLIGHT: BILLS BILLS BILLS: Congress will vote on two pieces of cybersecurity-related legislation this week, including a bill aimed at modernizing the federal government's IT infrastructure.

The House on Tuesday will consider a bill introduced by Rep. John Ratcliffe (R-Texas) aimed at helping state and local law enforcement officials combat cyber crime by authorizing a federally funded computer forensics training center located in Hoover, Ala.

A past version of the bill cleared the full House last year but never went to the Senate floor for a vote.

House lawmakers will also vote on the MGT Act, which was introduced by Reps. Will Hurd (R-Texas), Gerry ConnollyGerald (Gerry) Edward ConnollyDems resurface Flynn's 'lock her up' comments after Mueller charges Virginia Dem jokes: ‘I am probably not interested’ in being Time’s 'Person of the Year' Lights, camera, SCOTUS MORE (D-Va.), and Robin Kelly (D-Ill.).

The scheduled votes signal an effort to move swiftly on legislation addressing cybersecurity in the wake of President Trump's signing of a long-awaited executive order.

The executive order, which Trump signed Thursday, puts a priority on modernizing information technology. "Effective immediately, it is the policy of the executive branch to build and maintain a modern, secure, and more resilient executive branch IT architecture," the order states.

To read the rest of our piece, click here.

IN CASE YOU MISSED IT:

Links from our blog, The Hill, and around the Web.

Hopes rise that Trump will modernize fed technology. (The Hill)

Five story lines to watch in the fight between Trump and ousted FBI director James Comey. (The Hill)

FireEye researchers have identified an espionage group "aligned with Vietnamese state interests" beyind cyberattacks dating back to 2013. (The Hill)

Google and Lyft teaming up on a self-driving car project. (The Hill)

Uber ordered to turn over allegedly stolen files. (The Hill)

John Oliver urges net neutrality supporters to tone down FCC comments. (The Hill)

The Federal Trade Commission is going after tech support scams. (The Hill)

Wanna Cry ransomware hits county in Illinois. (StateScoop)

Boris Johnson says there is a "realistic possibility" Russia will try to interfere in Britain's upcoming general election (The Telegraph).

Global business groups appeal for delay in China's new cybersecurity law. (Reuters)

The Pentagon is leveraging a machine learning project to help track down ISIS militants. (Defense One)

Five things Congress should do in response to the Wanna Cry attack (Opinion)

Wanna Cry is just the latest warning sign of global cyber insecurity. (Opinion)

If you'd like to receive our newsletter in your inbox, please sign up here.