US sanctions Iranian groups for crackdown
The United States Treasury Department last Wednesday sanctioned two Iranian officials, a major cybersecurity training school and an Iranian company for their role in the country’s digital crackdown during protests following the September death of Mahsa Amini. . Sahab Pardaz, a company that runs many Iranian social media filtering services, was sanctioned for social media censorship and internet shutdowns, and Ravin Academy, a cybersecurity training school, because its hackers disrupted communications of those who protest against the Iranian regime. and the organizations are part of a larger group of fourteen individuals and three entities sanctioned in response to the Iranian government’s violent actions and crackdown on protesters. Ravin Academy published a statement denying allegations of involvement in the crackdown. At least 277 people have been killed in the protests since they began in September, according to Iran Human Rights.
Mondelez and Zurich American Insurance Reach Settlement in NotPetya Payment Case
Food company Mondelez International and insurance company Zurich American Insurance Co. reached a settlement last Thursday in a lawsuit stemming from the 2017 NotPetya cyberattacks. NotPetya caused approximately $10 billion in damages in the world and has been widely attributed to Sandworm, a threat actor associated with the Russian military intelligence agency GRU, although the Kremlin continues to deny any involvement. Zurich refused to cover Mondelez International’s damages after the attack because of the “warlike” nature of NotPetya and because it was being carried out by a “government or sovereign power”. According to court documents, Mondelez International lost more than 1,700 servers and 24,000 laptops to NotPetya, which erased the affected systems and rendered them unusable. Insurance companies are changing their cover policies in the wake of the NotPetya attack, and earlier this year Lloyd’s of London required cyber insurance to include an exemption for catastrophic state-sponsored attacks. It remains unclear what constitutes a state-sponsored or catastrophic attack under Lloyd’s policy.
US Hosts Global Ransomware Summit
Technology and innovation
The White House this week hosted thirty-six countries and representatives from the European Union (EU) for the second summit of the International Ransomware Initiative to discuss how to prevent ransomware attacks from disrupting businesses. critical infrastructure of nations. Participants included countries such as Israel, Ukraine and India. Russia, North Korea and Iran, main havens for ransomware gangs, were not invited. The summit, which also included companies such as Siemens, Microsoft and Crowdstrike, focused on collaboration between the public and private sectors, combating the use of cryptocurrency by cybercriminals and holding security actors accountable. the threat for ransomware attacks. Ransomware remains a potent threat to the United States, according to a new report released earlier this week by the U.S. Financial Crimes Enforcement Center (FinCEN), which shows ransomware gangs have stolen more than $1.2 billion dollars over the past year.
Red Cross proposes to add the digital emblem to medical systems
The International Committee of the Red Cross (ICRC) has published a new report on the possibility of adding a digital emblem to certain medical and ICRC systems to warn hackers that they are attacking non-combatants. The ICRC proposed several mechanisms to create the emblem, including an addition to the Domain Name System (DNS) or an IP-based emblem. A red cross has long been a symbol that a building, vehicle or person is involved in medical activity. The ICRC said the emblem provides a clear boundary for cyber attackers operating on critical infrastructure networks. Hospitals have been frequently targeted by ransomware attackers over the past five years, with 66% reporting some sort of ransomware incident in 2021, and the ICRC’s own systems compromised by an advanced persistent threat at the beginning of this year.
EU Digital Markets Act comes into force
The recent EU Digital Markets Act entered into force on Wednesday 1 November. The Digital Markets Act targets the unfair practices of “gatekeepers” such as Amazon, Google and Meta. Companies must meet several standards to be considered gatekeepers. An access control company has more than forty-five million active end users and ten thousand business users, or has a turnover of $7.5 billion in the European Union or $75 billion in the world. Gatekeepers will no longer be allowed to prioritize their own apps or payment systems over the platforms they own and will be forced to allow third-party companies better access to the platform’s internal tracking systems. Businesses are expected to comply with the Digital Markets Act by March 2024. The EU has launched a new internet governance model over the past decade, and the DMA is the latest addition to this framework.
Technology and innovation