December 9, 2021

News

News Network

Ukrainian Arrested and Charged with Ransomware Attack on Kaseya

21 min read
<div>Today, the Justice Department announced recent actions taken against two foreign nationals charged with deploying Sodinokibi/REvil ransomware to attack businesses and government entities in the United States.</div>
Today, the Justice Department announced recent actions taken against two foreign nationals charged with deploying Sodinokibi/REvil ransomware to attack businesses and government entities in the United States.

More from: November 8, 2021
More from Area Control Network
1. Global Warming Network
2. Christians Online
3. Put your website in the archives
4. Area Control Network News

News Network

  • Critical Infrastructure Protection: TSA Is Taking Steps to Address Some Pipeline Security Program Weaknesses
    In U.S GAO News
    What GAO Found Protecting the nation's pipeline systems from security threats is a responsibility shared by both the Transportation Security Administration (TSA) and private industry stakeholders. Prior to issuing a cybersecurity directive in May 2021, TSA's efforts included issuing voluntary security guidelines and security reviews of privately owned and operated pipelines. GAO reports in 2018 and 2019 identified some weaknesses in the agency's oversight and guidance, and made 15 recommendations to address these weaknesses. TSA concurred with GAO's recommendations and has addressed most of them, such as clarifying portions of its Pipeline Security Guidelines improving its monitoring of security review performance, and assessing staffing needs. As of June 2021, TSA had not fully addressed two pipeline cybersecurity-related weaknesses that GAO previously identified. These weaknesses correspond to three of the 15 recommendations from GAO's 2018 and 2019 reports. Incomplete information for pipeline risk assessments. GAO identified factors that likely limit the usefulness of TSA's risk assessment methodology for prioritizing pipeline security reviews. For example, TSA's risk assessment did not include information consistent with critical infrastructure risk mitigation, such as information on natural hazards and cybersecurity risks. GAO recommended that TSA develop data sources relevant to pipeline threats, vulnerabilities, and consequences of disruptions. As of June 2021, TSA had not fully addressed this recommendation. Aged protocols for responding to pipeline security incidents. GAO reported in June 2019 that TSA had not revised its 2010 Pipeline Security and Incident Recovery Protocol Plan to reflect changes in pipeline security threats, including those related to cybersecurity. GAO recommended that TSA periodically review, and update its 2010 plan. TSA has begun taking action in response to this recommendation, but has not fully addressed it, as of June 2021. TSA's May 2021 cybersecurity directive requires that certain pipeline owner/operators assess whether their current operations are consistent with TSA's Guidelines on cybersecurity, identify any gaps and remediation measures, and report the results to TSA and others. TSA's July 2021 cybersecurity directive mandates that certain pipeline owner/operators implement cybersecurity mitigation measures; develop a Cybersecurity Contingency Response Plan in the event of an incident; and undergo an annual cybersecurity architecture design review, among other things. These recent security directives are important requirements for pipeline owner/operators because TSA's Guidelines do not include key mitigation strategies for owner/operators to reference when reviewing their cyber assets. TSA officials told GAO that a timely update to address current cyber threats is appropriate and that they anticipate updating the Guidelines over the next year. Why GAO Did This Study The nation's pipelines are vulnerable to cyber-based attacks due to increased reliance on computerized systems. In May 2021 malicious cyber actors deployed ransomware against Colonial Pipeline's business systems. The company subsequently disconnected certain systems that monitor and control physical pipeline functions so that they would not be compromised. This statement discusses TSA's actions to address previous GAO findings related to weaknesses in its pipeline security program and TSA's guidance to pipeline owner/operators. It is based on prior GAO products issued in December 2018, June 2019, and March 2021, along with updates on actions TSA has taken to address GAO's recommendations as of June 2021. To conduct the prior work, GAO analyzed TSA documents; interviewed TSA officials, industry association representatives, and a sample of pipeline operators selected based on type of commodity transported and other factors; and observed TSA security reviews. GAO also reviewed TSA's May and July 2021 Pipeline Security Directives, TSA's Pipeline Security Guidelines, and three federal security alerts issued in July 2020, May 2021, and June 2021.
    [Read More…]
  • 3 Things We’ve Learned From NASA’s Mars InSight
    In Space
    Scientists are finding [Read More…]
  • Former State Department Employee Sentenced to Prison for Trafficking in Counterfeit Goods from U.S. Embassy
    In Crime News
    A former U.S. Department of State employee and his spouse were sentenced today for their roles in a conspiracy to traffic hundreds of thousands of dollars in counterfeit goods through e-commerce accounts operated from State Department computers at the U.S. Embassy in Seoul, Republic of Korea.
    [Read More…]
  • Federal Reserve Lending Programs: Credit Markets Served by the Programs Have Stabilized, but Vulnerabilities Remain
    In U.S GAO News
    What GAO Found The Board of Governors of the Federal Reserve System (Federal Reserve) authorized 13 lending programs—known as facilities—to ensure the flow of credit to various parts of the economy affected by the COVID-19 pandemic. The last of the nine facilities supported through CARES Act funding ceased purchasing assets, such as corporate bonds, or extending credit by January 8, 2021. As of September 1, 2021, the CARES Act facilities held about $19 billion in assets. The Federal Reserve oversight reviews completed in December 2020 identified opportunities to enhance certain areas, including internal process and controls. These reviews also identified areas for continued monitoring, such as cybersecurity and conflicts of interest. GAO found that Federal Reserve's plans for ongoing monitoring of the facilities align with federal internal control standards for ongoing monitoring of an entity's internal control system. Available indicators suggest the facilities helped improve access to credit and liquidity in the corporate and municipal credit markets. For example, corporate bond spreads (which reflect borrowing costs) have remained low, and municipal spreads have decreased to prepandemic levels. Also, officials from state and local entities that participated in the Municipal Liquidity Facility (which targeted the municipal bond market) generally said the facility was beneficial and helped restore investor confidence in the municipal bond market. However, corporate and municipal credit markets remain vulnerable. For corporate credit markets, corporate bonds outstanding remain elevated and the high level of debt leaves businesses vulnerable to distress. Municipal credit markets also remain vulnerable because of the pandemic's extended duration, which may adversely affect local economies. According to surveys of small and independent businesses and lenders, access to credit has improved, but recovery remains slow, including for businesses in the services sector. Loans made under the Main Street facilities (which targeted small and mid-sized businesses and nonprofits) were concentrated among small for-profit businesses in certain economic sectors, such as restaurants. According to GAO's generalizable survey of Main Street borrowers, an estimated 88 percent said that the program was “very important” in helping them maintain operations. Women-owned businesses participated at lower rates compared to their representation among U.S. businesses. Although estimates of veteran- and minority-owned business participation were somewhat lower compared to their representation among U.S. businesses, the differences were not statistically significant (see figure). Estimated Participation of Business Types in the Main Street Lending Program Why GAO Did This Study On July 30, 2021, the last of the 13 Federal Reserve lending facilities stopped purchasing assets or extending credit. However, some of these facilities, including facilities that were supported through Department of the Treasury funding appropriated under section 4003(b)(4) of the CARES Act, continue to hold outstanding assets and loans. The Federal Reserve will continue to monitor and manage the facilities until these assets and loans are no longer outstanding. The CARES Act included a provision for GAO to periodically report on section 4003 loans, loan guarantees, and investments. This report examines the Federal Reserve's continued oversight and monitoring of the CARES Act facilities; what available evidence suggests about the facilities' effects on corporate credit markets, states and municipalities, and small businesses; and the characteristics of Main Street Lending Program participants, among other things. GAO reviewed applicable laws and agency and Federal Reserve Bank documentation; analyzed agency and other data on the facilities and credit markets; interviewed Federal Reserve and Treasury officials and representatives of state and local governments; and conducted a generalizable survey of for-profit Main Street borrowers. For more information, contact Michael E. Clements at (202) 512-8678 or clementsm@gao.gov.
    [Read More…]
  • Joint Statement Calling for a Ceasefire in Nagorno-Karabakh
    In Crime Control and Security News
    Office of the [Read More…]
  • Aruba National Day
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • United States Condemns Violence Against Peaceful Protesters in Sudan
    In Crime Control and Security News
    Ned Price, Department [Read More…]
  • VA Health Care: Actions Needed to Improve Oversight of Graduate Medical Education Reimbursement
    In U.S GAO News
    The Department of Veterans Affairs' (VA) Veterans Health Administration (VHA) provides training to more than 45,000 medical and dental residents annually through its Graduate Medical Education (GME) program. VHA has established policy for its GME program that details many roles and responsibilities for overseeing VA medical facilities' reimbursements to affiliated academic institutions for residents' salaries and benefits. However, this policy does not define key roles and responsibilities for VHA's central office components, its regional networks, or its medical facilities. For example, VHA's regional networks do not have defined roles and responsibilities for overseeing GME disbursements—contributing to noninvolvement or inconsistent involvement in disbursement agreement oversight. VHA officials reported that they are in the process of updating disbursement agreement policy, but did not indicate if the updates would address all identified concerns. While VHA officials said that VHA's two disbursement agreement oversight mechanisms—facility periodic audits and the Resident Disbursement Audit Process (ReDPro) checklist—are meant to have distinct but complementary purposes, GAO found that VHA policy, guidance, and the tools distributed for these oversight mechanisms did not reflect the distinct purposes officials described. VHA officials said that periodic audits are intended to be a first level of defense and to review actual payments to affiliates, whereas the ReDPro checklist is intended to be a second level of defense, aimed at reviewing the process to see if the rules related to disbursement agreements are being followed by VA medical facilities. However, the ReDPro checklist tool and VHA's recommended periodic audit tool have numerous areas of overlap, including duplicative questions. This overlap causes inefficiencies and unnecessary burden on VA medical facility staff. GAO also found additional weaknesses in the tools, guidance, and training for the two oversight mechanisms. For example, GAO found an unclear ReDPro checklist tool, along with insufficient guidance and training related to conducting the ReDPro reviews. Officials from eight of 13 facilities in GAO's review indicated that the ReDPro checklist instructions were unclear regarding appropriate supporting documents for checklist responses. These weaknesses contributed to errors and inconsistencies in ReDPro responses. the lack of a standard audit tool, and inadequate guidance and training for periodic audit teams that contributed to problematic inconsistencies in the methodologies used by the audit teams and deficiencies in some of the audits conducted. Officials from 10 of 13 facilities in GAO's review indicated that they would benefit from more tools, guidance, or training related to conducting periodic audits. These weaknesses limit the effectiveness of VHA's oversight mechanisms, and put VHA at increased risk of both not being able to identify and correct facilities' lack of adherence to disbursement agreement policy and of possible improper payments to GME affiliates. Under VHA's GME program, VA medical facilities use disbursement agreements to reimburse affiliated academic institutions for residents' salaries and benefits. VHA developed policy related to establishing and administering disbursement agreements, but audits have found that facilities have not always adhered to VHA policy—resulting in improper payments to affiliates. GAO was asked to review VHA policies and procedures related to reimbursements to affiliates for GME. This report examines (1) oversight roles and responsibilities for GME disbursement agreements and (2) VHA's mechanisms for ensuring VA medical facilities adhere to policy. GAO reviewed relevant VHA documents and federal internal control standards and interviewed VHA officials. GAO also reviewed ReDPro checklist responses and documentation from 13 VA medical facilities—selected based on factors including geographic variation, GME program size, and number of affiliates. GAO also visited four of the 13 facilities and interviewed officials at the other nine facilities. GAO is making seven recommendations to VA to define key roles in policy, reduce overlap between the ReDPro checklist and facility periodic audits, and improve the oversight mechanisms' tools, guidance, and training. VA concurred with GAO's recommendations. For more information, contact Sharon M. Silas at (202) 512-7114 or silass@gao.gov.
    [Read More…]
  • Military Operations: DOD Needs to Address Contract Oversight and Quality Assurance Issues for Contracts Used to Support Contingency Operations
    In U.S GAO News
    The Department of Defense (DOD) uses contractors to meet many of its logistical and operational support needs. With the global war on terrorism, there has been a significant increase in deployment of contractor personnel to areas such as Iraq and Afghanistan. In its fiscal year 2007 report, the House Appropriations Committee directed GAO to examine the link between the growth in DOD's operation and maintenance costs and DOD's increased reliance on service contracts. GAO determined (1) the extent to which costs for selected contracts increased and the factors causing the increases, (2) the extent to which DOD provided oversight for selected contracts, and (3) the reasons for DOD's use of contractors to support contingency operations. To address these objectives, GAO reviewed a nonprobability sample of seven DOD contracts for services that provide vital support to contingency operations in Iraq and Afghanistan. GAO reviewed contract requirements, funding documents and DOD guidance for these contracts and interviewed DOD and contractor personnel.Costs for six of the seven contracts GAO reviewed increased from an initial estimate of $783 million to about $3.8 billion, and one consistent and primary factor driving the growth was increased requirements associated with continued military operations in Iraq and Afghanistan. For example, the Army awarded a $218.2 million task order for equipment maintenance and supply services in Kuwait in October 2004. Since then, approximately $154 million of additional work was added to this task order for vehicle refurbishment, tire assembly and repair, and resetting of prepositioned equipment. Other factors that increased individual contract costs include the use of short-term contract extensions and the government's inability to provide contractually required equipment and services. For example, in three of the contracts GAO reviewed, short-term contract extensions (3 to 6 months) increased costs because the contractor felt it was too risky to obtain long-term leases for vehicles and housing. The actual cost of one contract we reviewed did not exceed the estimated cost for reasons such as lower than projected labor rates. GAO has frequently reported that inadequate staffing contributed to contract management challenges. For some contracts GAO reviewed, DOD's oversight was inadequate because it had a shortage of qualified personnel and it did not maintain some contract files in accordance with applicable guidance. For five contracts, DOD had inadequate management and oversight personnel. In one case, the office responsible for overseeing two contracts was short 6 of 18 key positions, all of which needed specialized training and certifications. In addition, for two other contracts, proper accounting of government owned equipment was not performed because the property administrator position was vacant. Second, DOD did not always follow guidance for maintaining contract files or its quality assurance principles. For four contracts, complete contract files documenting administration and oversight actions taken were not kept and incoming personnel were unable to determine how contract management and oversight had been performed and if the contractor had performed satisfactorily prior to their arrival. In addition, oversight was not always performed by qualified personnel. For example, quality assurance officials for the linguist contract were unable to speak the language so they could not judge the quality of the contractor's work. Without adequate levels of qualified oversight personnel, proper maintenance of contract files, and consistent implementation of quality assurance principles, DOD may not be able to determine whether contractors are meeting their contract requirements, which raises the potential for waste. DOD used contractors to support contingency operations for several reasons, including the need to compensate for a decrease in force size and a lack of capability within the military services. For example, an Army contract for linguist services had a requirement for more than 11,000 linguists because DOD did not have the needed linguists. According to Army officials, the Army phased out many interpreter positions years ago and did not anticipate a large need for Arabic speakers.
    [Read More…]
  • Briefing With Senior Administration Officials on Counselor Derek Chollet and an Interagency Delegation’s Upcoming Travel to Thailand, Singapore, and Indonesia
    In Crime Control and Security News
    Office of the [Read More…]
  • Solomon Island Travel Advisory
    In Travel
    Reconsider travel to the [Read More…]
  • Justice Department Finds that Alameda County, California, Violates the Americans with Disabilities Act and the U.S. Constitution
    In Crime News
    The Justice Department concluded today, based upon a thorough investigation, that there is reasonable cause to believe that Alameda County is violating the Americans with Disabilities Act (ADA) in its provision of mental health services, and that conditions and practices at the county’s Santa Rita Jail violate the U.S. Constitution and the ADA.
    [Read More…]
  • Three New Views of Mars’ Moon Phobos
    In Space
    Taken with the infrared [Read More…]
  • Montserrat Travel Advisory
    In Travel
    Reconsider travel to [Read More…]
  • Former Supervisory Corrections Officer Sentenced for Repeatedly Tasing Restrained Detainee
    In Crime News
    Former supervisory corrections officer Mark Bryant, 42, was sentenced today to 5 years in prison for repeatedly tasing a restrained pretrial detainee inside the Cheatham County Jail in Tennessee. In January 2020, a jury in the Middle District of Tennessee convicted Bryant of two counts of violating Title 18, U.S. Code, Section 242, for using excessive force while acting under color of law. 
    [Read More…]
  • Secretary Antony J. Blinken to State Department Employees
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • 2020 Indo-Pacific Business Forum Promotes Free and Open Indo-Pacific
    In Crime Control and Security News
    Office of the [Read More…]
  • Championing America’s First Freedom
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Contract Rehabilitation Therapy Providers Agree to Pay $8.4 Million to Resolve False Claims Act Allegations Relating to the Provision of Medically Unnecessary Therapy Services
    In Crime News
    Select Medical Corporation and Encore GC Acquisition LLC have agreed to pay $8.4 million to resolve allegations that Select Medical Rehabilitation Services Inc. (SMRS) violated the False Claims Act by knowingly causing 12 skilled nursing facilities (SNFs) in New York and New Jersey to submit false claims to Medicare for rehabilitation therapy services that were not reasonable,
    [Read More…]
  • Secretary Michael R. Pompeo Briefing with the Traveling Press
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
Network News © 2005 Area.Control.Network™ All rights reserved.