Overnight Cybersecurity: Newly identified hacker group stole millions from banks | House passes DHS cyber overhaul bill | Facebook app for kids spurs privacy concerns

Overnight Cybersecurity: Newly identified hacker group stole millions from banks | House passes DHS cyber overhaul bill | Facebook app for kids spurs privacy concerns
© Greg Nash

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...



--NEW HACKER GROUP STOLE MILLIONS FROM U.S., WORLD BANKS: A newly detailed hacker group stole millions of dollars since May 2016 through international heists, including $8 million from 16 United States banks, according to a report released Monday by security firm Group IB. Group IB nicknamed the hackers "Moneytaker" after the name of the malware used in certain attacks. The Moneytaker group, according to the research, has picked mostly smaller, community banks as U.S. victims, stealing money by infiltrating the credit card processor. It cleared money from the U.S. banks by organizing fraudulent credit card transactions. Group IB linked the 16 U.S. bank victims to two hacked Russian banks and a hacked United Kingdom software company by the use of the same hacking infrastructure and software tools. The hackers appear to speak both Russian and Portuguese according to the report.

To read the rest of our piece, click here.


--FACEBOOK KIDS APP SPARKS PRIVACY CONCERNS: A new Facebook chat app designed for kids is raising concern among lawmakers and children's groups over data privacy and safety. The app, Messenger Kids, is targeted toward children aged 6-12, who are still too young to use Facebook. Unveiled last week, it differs from the existing Facebook Messenger app in key ways. An account can only be set up by a parent, who must also add any contacts for their child. Facebook also won't advertise to children within the app or sell any data it collects to third-party advertisers. Children don't need to set up a Facebook account and after the age of 12 they won't be pushed on to the adult app. Facebook says those safeguards will protect children and give parents more control, but lawmakers are seeking more assurances.

To read the rest of our piece, click here.

--HOUSE GAVEL IN CHARGE OF SURVEILLANCE POWERS UP FOR GRABS: The House Judiciary Committee is losing its chairman next year, creating an unusually wide-open race for one of the most powerful gavels in Congress. Behind Rep. Bob GoodlatteRobert (Bob) William GoodlatteRosenstein to appear for House interview next week Fusion GPS co-founder pleads the Fifth following House GOP subpoena House Judiciary chairman threatens to subpoena Rosenstein MORE (R-Va.), who is retiring at the end of his term, is a deeply unsettled committee bench whose senior ranks have been decimated by retirements. This likely means that several candidates will jockey to take over leadership of the committee, which has sprawling jurisdiction over issues like gun control, surveillance law and patent reform. "As you go down the dais, there's not a clear heir apparent chairman," said one Republican aide closely tracking the race. Change is also coming to the Democratic side of the panel, where the ranking member slot is up for grabs due to the resignation of Rep. John ConyersJohn James ConyersFormer campaign aide to New Jersey governor says she was sexually assaulted by his ex-staffer Kavanaugh controversy has led to politicization of 'Me Too,' says analyst Sexual assault is not a game — stop using women to score political points MORE Jr. (D-Mich.). If Democrats win back the House next year, the ranking member would likely become Judiciary chairman in 2019. That means that, one way or another, there will soon be a dramatic reshaping of a committee that Goodlatte has run with an iron fist.

To read the rest of our piece, click here.

--SPY CHIEF ORDERS CONTROLS ON TRANSITION 'UNMASKING' REQUESTS: Director of National Intelligence Dan CoatsDaniel (Dan) Ray CoatsHillicon Valley: Intel chief wants tech, government to work more closely | Facebook doesn't believe foreign state behind hack | New net neutrality lawsuit | Reddit creates 'war room' to fight misinformation Hillicon Valley: Russia-linked hackers hit Eastern European companies | Twitter shares data on influence campaigns | Dems blast Trump over China interference claims | Saudi crisis tests Silicon Valley | Apple to let customers download their data Overnight Defense — Presented by The Embassy of the United Arab Emirates — Senators seek US intel on journalist's disappearance | Army discharged over 500 immigrant recruits in one year | Watchdog knocks admiral over handling of sexual harassment case MORE is implementing tighter controls on how the names of U.S. individuals masked in intelligence reports can be uncovered during transitions between presidential administrations, according to an exclusive report in Reuters late last week. Coats signaled the new rules in a letter to members of Congress sent in late November that indicated the new policy on "unmasking" requests is due by mid-January. The revelation comes months after President TrumpDonald John TrumpCorker: US must determine responsibility in Saudi journalist's death Five takeaways from testy Heller-Rosen debate in Nevada Dem senator calls for US action after 'preposterous' Saudi explanation MORE charged that former President Obama ordered surveillance on Trump Tower, a claim that has been widely refuted.



HOUSE PASSES HOMELAND SECURITY CYBER OVERHAUL BILL: House lawmakers have passed legislation that would reorganize the Department of Homeland Security's cybersecurity mission.

The House passed the legislation, which is spearheaded by Homeland Security Chair Michael McCaulMichael Thomas McCaulSenate passes key cyber bill cementing cybersecurity agency at DHS Hillicon Valley: Trump stuns with election interference claim against China | FCC limits fees for 5G | Uber reaches 8M settlement over breach | Fox sells Sky stake to Comcast | House passes bills to fix cyber vulnerabilities Sessions calls on former colleagues to send drone legislation to Trump's desk MORE (R-Texas), by a voice vote Monday evening. 

The bill would reorganize the National Protection and Programs Directorate (NPPD) at Homeland Security, elevating it into its own operational agency. NPPD is responsible for securing federal networks and U.S. critical infrastructure from cyber and physical threats.
Homeland Security's cybersecurity efforts have attracted particular attention this year, as officials at the department have taken the lead on reaching out to state and local officials to protect voter databases and other election infrastructure from cyberattack.

Officials in both the Obama and Trump administrations have voiced the need for an overhaul at NPPD, which is currently a component within Homeland Security headquarters.

The legislation would rename NPPD as the Cybersecurity and Infrastructure Security Agency, a standalone agency to handle cyber and critical infrastructure protection.

The legislation is the result of months of discussions between lawmakers on Capitol Hill and U.S. officials about a prospective NPPD overhaul. McCaul introduced similar legislation last Congress, but it never advanced to the floor for a vote. At the time, there were disagreements between lawmakers and officials around how the new operational agency should be organized.

During a markup of the bill over the summer, McCaul said the legislation "will allow [the agency] to become more streamlined and effective in carrying out existing authorities while achieving the department's goal of creating a stand-alone operational organization focusing on and elevating the vital cybersecurity and infrastructure security missions."

The bill's pathway in the Senate is uncertain; currently, no companion legislation has been offered.

To read the rest of our piece, click here. 



Is 'Green Monday' Cyber Monday 2.0?



RANSOMWARE TARGETING BUSINESSES SKYROCKETS: Ransomware attacks targeting businesses have increased by nearly 2,000 percent since 2015, according to research released late last week from Malwarebytes, a firm that produces anti-malware technology. According to the research, the number of ransomware detections tallied through October 2017 surpassed the total detections for the previous year by 62 percent. The research chronicles the rise in cybercrime perpetrated by traditional cyber criminals, state-sponsored hackers, ideological hackers and "hackers-for-hire." The researchers found that the monthly average count of attacks in 2017 increased by nearly a quarter over the previous year.

To read more details from the report, click here.


WHAT'S IN THE SPOTLIGHT: RANSOMWARE THREAT TO LOCAL GOVERNMENTS: Computers hackers are increasingly targeting local governments with cyberattacks for financial gain.

Hackers last week successfully infected government servers with malware in North Carolina, locking Mecklenburg County officials out of their systems and slowing its operations to a crawl.

Hackers demanded $23,000 in exchange for unlocking the stolen files. Officials are refusing to pay--meaning they will need to rebuild their systems from scratch.

The ransomware attack is just the latest assault by hackers on local communities and organizations that lack the funding and resources of corporate America to defend against sophisticated cyber threats.

"It has a hugely disruptive impact on the operation of local government," Ryan Kalember, senior vice president for cybersecurity strategy at Proofpoint, said of the attacks.

Ransomware, which has been on the rise since 2015, is a type of malware delivered through a malicious link, email or other means that takes over a victim's computer and encrypts the data, locking the user out of his system. The perpetrator then demands payments to unlock the data, usually made in bitcoin, a type of digital currency that has skyrocketed in value in recent months.

The threat gained massive public attention in early 2016, when Hollywood Presbyterian Medical Center paid $17,000 to hackers in order to unlock its networks.

Hospitals have become a popular target for criminal hackers looking for a quick payday, and recent events also point to local governments as a prime target.  

In September, officials in Montgomery County, Ala., paid hackers more than $40,000 in bitcoin to recover large amounts of stolen data a week after its networks were hit with ransomware.

"You don't think about these things till they happen," Elton Dean, the county commission chair, told the Montgomery Advertiser at the time. "When you are talking about losing about $5 million worth of files, that's kind of like an emergency situation."

Local school districts have also been victims.

A school district in Dorchester County, S.C., found its servers infected with ransomware over the summer, which forced officials to pay a $2,900 ransom to recover stolen information.   

The attacks are garnering attention on Capitol Hill.

"These have become preferred weapons of our adversaries to adversely affect Americans at home," Sen. Steve DainesSteven (Steve) David DainesTrump administration could use military bases to export coal, gas McConnell: No one is going to beat Murkowski in Alaska Murkowski brushes off GOP backlash: 'I'm good with' Kavanaugh vote MORE (R-Mont.) said during a Senate Homeland Security hearing on Wednesday. "We had a cyberattack on a Montana school in Columbia Falls by an overseas actor. It forced the closure of several schools. It affected over 15,000 students."

To read the rest of our piece, click here.



'Links from our blog, The Hill, and around the Web.

German spy chief warns of Chinese cyber infiltration effort. (The Hill)

Bangladesh asks NY Fed to join lawsuit for cyber heist, report says. (The Hill)

Apple to purchase Shazam. (The Hill)

OP-ED: We must reconcile privacy and safety in the digital era. (The Hill)

OP-ED: Bitcoin is a Ponzi scheme, and it will collapse like one. (The Hill)

Former CIA director calls Russian cyberattacks against the election an 'intelligence failure.' (Politico)

Google releases a new tool to help security researchers hack the iPhone. (Motherboard)

The Trump administration rejected a Russian proposal to end election meddling. (BuzzFeed)

NATO, EU discuss deepening cyber cooperation. (NATO)

A Russian hacker confessed that the FSB directed his cyberattacks against the DNC, Russian website says. (Fortune)

Kaspersky Lab closes its office in Washington, D.C. (Bloomberg)

OPM gives agencies until April 2018 to identify critical cyber role gaps. (FedScoop)

If you'd like to receive our newsletter in your inbox, please sign up here.