Thoughts on the Civil Cyber Fraud Initiative

The US Federal Government continues to push ahead with cyber initiatives, including an announcement of the new Civil Cyber-Fraud Initiative by Deputy Attorney General Lisa O. Monaco.

“For too long, companies have chosen silence under the mistaken belief that it is less risky to hide a breach than to bring it forward and to report it,” said Deputy Attorney General Monaco. “Well, that changes today. We are announcing today that we will use our civil enforcement tools to pursue companies, those who are government contractors who receive federal funds, when they fail to follow required cybersecurity standards — because we know that puts all of us at risk. This is a tool that we have to ensure that taxpayer dollars are used appropriately and guard the public fisc and public trust.” You can find out more about this by reading the press release.

Similarly, organizations need to prioritize the guidelines initially outlined in President Biden’s cybersecurity executive order as more attacks are being brought to light, and are causing major disruptions across multiple industries. Recently there was was a security alert for on-prem users of the popular Confluence application. This alert was for a remote code execution vulnerability that was tracked as CVE-2021-26084 (CVSS score: 9.8). Unfortunately, this CVE was exploited in the wild and used by attackers to install web shells, that threat actors ultimately used to deploy cryptominers.

Organizations need to prioritize strengthening their cybersecurity postures, and ensure they prepared for a cyberattack. All this planning should all start before your organization experiences an incident.

Additionally, it was understood early in the pandemic that remote work would expose vulnerabilities for those not well-equipped for the immediate switch to the cloud. For example, legacy on-prem SWG appliances were never designed to support a workforce that was not in a physical office. All organizations – including federal agencies — need to take critical steps to ensure their infrastructure can support employees regardless of location. This means instituting cloud-based solutions that improve cybersecurity postures and keep their networks safe.

For those interested in following threat trends, Microsoft and VirusTotal released compelling reports. Microsoft released its Digital Defense Report which covers many threat classifications. Virus Total produced a more focused report discussing its analysis of 80 million ransomware samples which can be access here.


Blog post authored by Jim Gogolinski, VP of Research and Threat Intelligence at iboss.