Biden Admin officials urge U.S. companies to brace for yet another cyber threat 

by mcardinal

Chris Lange, FISM News


Senior Biden cybersecurity officials on Thursday issued another warning to corporate executives and business leaders that hundreds of millions of devices are at risk across the globe due to a newly-discovered software vulnerability, as reports of cyberattacks continue to rise. National Cyber Director Chris Inglis and Anne Neuberger, the national security advisor for Cyber and Emerging Technology, sent a joint letter to business leaders and corporate executives urging them to be on high alert against anticipated cyberattacks ahead of Christmas and New Year’s Day, according to a Fox Business report.

“The holidays are an opportunity to spend time with our loved ones and enjoy some well-earned rest,” Inglis and Neuberger wrote. “Unfortunately, malicious cyber actors are not taking a holiday – and they can ruin ours if we’re not prepared and protected.”

The two officials cited “numerous recent events that highlight the strategic risks we all face because of the fragility of digital infrastructure and the ever-present threat of those who would use it for malicious purposes,” and are urging organizations to shore up vulnerable systems and authentication procedures for processing sensitive data. Frequent data backups and increased employee cyber awareness training were also recommended.

“In many cases criminals plan and actually begin an intrusion before the holiday itself – they infiltrate a network and lie in wait for the optimal time to launch an attack,” the letter read. “It is therefore essential that you convene your leadership team now to make your organization a harder target for criminals.”

The warning is the latest in a trio of alerts issued by the White House this year, with similar letters sent ahead of Labor Day weekend and Thanksgiving week. Recent trends point to an increase in cyberattacks surrounding U.S. holidays, during which time many businesses are short-staffed.

FISM previously reported an alarming uptick in cybercrime in recent months affecting U.S. government agencies and large corporations. Colonial Pipeline was hit with a cyberattack just before Mother’s Day, disrupting fuel supplies in the East Coast, while hackers targeted meat producer JBS USA during Memorial Day weekend. Nearly 1,500 companies were impacted as a result of an attack perpetrated on IT company Kaseya over the Fourth of July holiday. Just last week, separate ransomware attacks in Virginia crippled operations of its General Assembly and halted payroll services for the Department of Behavioral Health and Development Services. Meanwhile, the phones of at least nine U.S. State Dept. officials in Uganda were compromised earlier this month by cyber criminals using sophisticated spyware. 

Thursday’s warning is part of a global response by cybersecurity experts who last week discovered a key vulnerability in log4j, an Apache logging package, which has left multiple worldwide organizations at risk for cybercrime. Their research points to hackers based in China and Iran, among other nations, whom they say are exploiting the vulnerability to perpetrate attacks. Russia is also suspected of being behind some of the breaches, though President Vladimir Putin has previously denied any involvement.

The FBI on Wednesday issued a statement urging affected organizations to report cyberattacks but cautioned the agency “may be unable to respond to each victim individually.”

Inglis and Neuberger said that, while there have been some advancements in cyber protections, more must be done. 

“All of us can, and must, play a part to improve the Nation’s cybersecurity,” they wrote. “The U.S. government and the private sector have accomplished much together in the past year, and we have much more to do in 2022 and beyond.”

The White House in July established President Biden’s Cyber Security Initiative, a joint effort between the federal government and vital infrastructure entities to develop and implement systems and technology to detect cyber threats.