Biden Administration Blames Hackers Tied to China for Microsoft Cyberattack Spree.

By Clinton Pownall
 President & CEO
 Computer Business

“Biden Administration Blames Hackers Tied to China for Microsoft Cyberattack Spree.” That’s the headline from The Wall Street Journal article on the Biden administration publicly blaming hackers affiliated with China’s main intelligence service for a far-reaching cyberattack on Microsoft Corp. email software this year. “The United States and countries around the world are holding the People’s Republic of China (PRC) accountable for its pattern of irresponsible, disruptive, and destabilizing behavior in cyberspace, which poses a major threat to our economic and national security,” Secretary of State Antony Blinken is quoted as saying. Blinken continued, The Ministry of State Security (MSS), aka Guoanbu—the civilian intelligence, security and secret police agency China—had “fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain.” The article notes: “The U.K. and European Union joined in the attribution of the Microsoft email hack, which rendered an estimated hundreds of thousands of mostly small businesses and organizations vulnerable to cyber intrusion.”

U.S. Announces $10 Million Reward for Cybercriminals. The New York Times reports that the Biden administration is making a new push to disrupt ransomware attacks on American companies, offering a $10 million reward for information that leads to the arrest of the gangs behind the extortion schemes and attempting to make it easier to trace and block cryptocurrency payments. “The White House is also organizing a task force to deal with ransomware, combining the resources of intelligence agencies, the Treasury Department, the F.B.I. and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency,” the article reports. The White House has also announced the launching of the website to provide one-stop location for reporting attacks and learning about enhancing security to nullify attacks

“China Wants a Chip Machine from the Dutch. The U.S. Said No.” That’s a recent headline in The Wall Street Journal about U.S. efforts to ensure the Dutch government doesn’t allow China to purchase a machine called an “extreme ultraviolet lithography system” that is essential to making advanced microprocessors. “China wants the $150-million machines for domestic chip makers, so smartphone giant Huawei Technologies Co. and other Chinese tech companies can be less reliant on foreign suppliers. But ASML hasn’t sent a single one because the Netherlands—under pressure from the U.S.—is withholding an export license to China,” the paper reports. The article notes: “The Biden administration has asked the government to restrict sales because of national security concerns, according to U.S. officials. The stance is a holdover from the Trump White House, which first identified the strategic value of the machine and reached out to Dutch officials.”

“Business Email Compromise (BEC) Attacks Take Phishing to the Next Level.” CSO Online carries that headline about the recurring and extremely serious problem of organizations being hacked after an employee is duped into opening an attachment, clicking on a link, or in some other way unwittingly launching a hacker’s virus onto corporate networks—or wiring funds to a fraudulent account. “Despite recent headlines being dominated by ransomware, it’s important not to forget about the security threat still posed by BEC attacks,” Jed Kafetz, head of penetration testing at Redscan, said in the article. “They remain a highly popular vector used by cybercriminals and are increasingly challenging to detect.” The article notes that the aim of many BEC attacks is to deceive people into thinking they have received a legitimate business-related email and convince them to doing something they believe is good or necessary for the company. This can mean sending a phony e-mail to finance employees that appears to be coming from the CEO or other C-level executive, which will often ask for an immediate transfer of funds (to what turns out to be a criminal’s account.) Jack Chapman, vice president of threat intelligence at Egress, says criminals are getting better at mining publicly available data, and using automated attack tools. Chapman is quoted as saying: “This powerful combination enables hackers to create automated email campaigns that utilize personal information and social engineering tactics to create devastating and highly sophisticated attacks on organizations and the individuals in them.”

“How to Attract More Computer Science Grads to the Cybersecurity Field. That headline in Dark Reading caught my eye, as I’ve long been a voice calling for more people—young and old—to enter the field of cybersecurity. Talk about job security: “The US Bureau of Labor Statistics predicts ‘information security analyst’ will be the tenth-fastest-growing occupation over the next decade, with an employment growth rate of 31% (compared to the 4% average growth rate for all occupations),” the article reports. “Cybersecurity career and workforce resource CyberSeek reports there are 465,000 cybersecurity job openings in the United States, up from nearly 302,000 in its 2017 survey.” The article criticizes colleges for not placing more emphasis on training students in cybersecurity. It notes that employers should also do a better job of hiring into these positions and then providing the ongoing training required to keep up with the unrelenting attacks of bad actors. So, if you know a student—or a mid-career adult—looking for rewarding work with a vast realm of unfilled jobs, suggest they look into a career in cybersecurity.

Clinton A. Pownall is the President & CEO of Computer Business Consultants and has been in the IT field since 1990. Pownall served in the U.S. Navy for six years as a Weapons Systems Technician and has a Bachelor of Science in Computer Engineering. Through Computer Business, he was one of the first to pioneer VoIP technology using satellite communications. He is a member of the Florida Police Chiefs Association, and advises law enforcement agencies on cybersecurity. Pownall serves on several boards and committees and has a strong affiliation with various arts and education groups, local school districts, and served in regional efforts of the Bill & Melinda Gates NextGen Foundation. He’s served as a Vice President of the Board of Director for the Orlando Shakes Theater and is actively involved in the South Lake Chamber of Commerce, West Orange Chamber of Commerce, and the Orlando Economic Partnership.