Skip to content

Illustration by Security Management

From Ransomware Payments to Fake Apps Catching Crooks to, Yes, Nuns: The Week in Security News

It’s been a heavy news week in security-related developments. To catch you up, here’s a rundown of several stories of interest to security leaders.

Some ransom recovered, but the wave of ransomware continues to be lucrative for criminals. When DarkSide penetrated the systems of Colonial Pipeline last month leading to the shutdown of a major East Coast pipeline, the event highlighted how vulnerable infrastructure can be. The FBI announced it was able to recover $2.3 million in Bitcoins, which was reportedly a bit more than half of the ransom the company paid. The recovery was hailed as a reason for businesses to share information with federal authorities as early as possible in the process.

In the other recent high-profile ransomware attack, global meatpacking company JBS announced it paid $11 million to the criminals holding its systems ransom. Andre Nogueira, CEO of JBS USA, said in an announcement: “This was a very difficult decision to make for our company and for me personally. However, we felt this decision had to be made to prevent any potential risk for our customers.”

Elite German police unit shutdown over extremism fears. The police unit in Frankfurt was disbanded because authorities suspect as many as 20 officers in the unit were active participants in right-wing extremism online groups that included Nazi symbolism and inciteful content. Supervisors in the unit are being condemned for ignoring the conduct. Right-wing extremism has been escalating worldwide for a few years now, and it shows no signs of abating.

Biden Administration revokes and replaces orders targeting TikTok and WeChat. When he was president, Donald Trump issued executive orders attempting to ban Chinese-owned social media apps TikTok and WeChat over concerns about the data the apps collect on U.S. citizens. This week, President Joe Biden revoked those orders and issued new, broader orders that will review security threats posed by apps controlled by foreign adversaries. Courts had blocked the Trump Administration orders, and the new orders are designed to pave the way for actions that can be enforced.

Amazon technology to open consumers’ home Internet connection to anyone nearby. Amazon’s always-on devices, such as Echo and Ring, have a capability that allows them to share the Internet connection they use with others. The feature is called Sidewalk, and was latent in these devices until it was turned on by Amazon earlier this week. Sidewalk is designed to pull a small portion of an Internet connection’s bandwidth to create a neighborhood network that allows Amazon devices to have a wider range. The development has raised security and privacy concerns, and several articles describe the not-so-obvious process consumers need to use to turn the feature off.

Joint operation uses stealthy app to catch criminals. The FBI partnered with Australia to discreetly launch an app promising an encrypted messaging capability and planting the app in criminal networks. The ploy worked spectacularly and led to the seizure of eight tons of cocaine, guns, and $48 million, much of it in cryptocurrency. More than 300 criminal syndicates in 100 countries were caught up in the operation.

Pandemic updates: G7 countries to pledge one billion vaccine doses; U.S. OSHA issues guidance for workplaces keeping a narrow scope; and the CDC updates international travel guidance. Earlier this week, President Biden said the United States would donate 500 million vaccine does to the World Health Organization’s COVAX alliance. Several world leaders attending the G-7 Conference hailed the announcement with their own similar announcements, with the expected total number of pledged doses to reach one billion.

OSHA released its long-delayed guidance on how workplaces can open safely in light of the risks posed by COVID-19. The guidance specifies standards for healthcare facilities, but the guidance for other employers is nonbinding.

Finally, the CDC updated its international travel guidance to include separate guidance for vaccinated and unvaccinated individuals, and changed the risk level designations of several countries.

FBI completes probe of workplace shooting that occurred in 2019. Two years ago, a disgruntled city employee killed 12 people at the Virginia Beach Municipal Center. The FBI analysis of the gunmen’s motives show he harbored workplace grievances for years.

TC Energy abandons long struggle to build Keystone XL Pipeline. For 12 years and through three different U.S. presidential administrations, TC Energy has been attempting to build a pipeline that would bring Canadian oil to U.S. refineries. The plans and construction were frequent targets of environmental protests. The Obama Administration slowed its construction for years, the Trump Administration embraced the project, and finally the Biden Administration revoked border-crossing permits, prompting the project’s final cancellation. The victory for the environmentalists may embolden ongoing and future environmental activism.

El Salvador embraces Bitcoin, China does not. In El Salvador, the U.S. dollar has been the official currency for years. Earlier this week, the country became the first to designate Bitcoin as an official currency. Critics point to the currency’s volatility as a high risk if the country’s population begins to rely on Bitcoin.

On the other side of the spectrum, China sees cryptocurrency as primarily a money-laundering tool, and earlier this week authorities arrested more than 1,100 people suspected of using digital currency for laundering money from telephone and Internet scams.

Contributing to the week of hardened criminal news is a nun in California. A retired nun, to be precise, who the Justice Department said will plead guilty for stealing $835,339 from the Catholic elementary school at which she was the principal. She reportedly used the money to support a gambling habit.