North America News

The Senate on Tuesday passed major cybersecurity legation, moving one step closer toward forcing critical infrastructure companies to report cyberattacks and ransomware payments. The passage comes as federal officials have repeatedly warned of the potential for Russian cyberattacks against the United States amid the escalating conflict in Ukraine. The legislation, which still has to pass in the House, would require critical infrastructure owners and civilian federal agencies to report to the Cybersecurity and Infrastructure Security Agency within 72 hours if they experience a substantial cyberattack.   Read more about it here.

After months of political infighting, a landmark cybersecurity provision requiring critical infrastructure providers to report security incidents and ransom payments has passed both chambers of Congress and now heads to President Joe Biden's desk. The provision, originally authored by leaders of the Senate Homeland Security and Governmental Affairs Committee - Sens. Gary Peters, D-Mich., and Rob Portman, R-Ohio - will require critical infrastructure owners and operators to report to the Cybersecurity and Infrastructure Security Agency if they experience a substantial cyberattack (report due within 72 hours of the attack) or if they make a ransomware payment (report dues within 24 hours of the payment). Read more about it here.

A NetWalker affiliate who was sentenced in Canada last month to seven years in prison was extradited Wednesday to the US, where he will face multiple charges related to his alleged participation with the ransomware group, the US Department of Justice announced today. Sebastien Vachon-Desjardins, a 34-year-old from Gatineau, Quebec, is accused of conspiracy to commit computer fraud and wire fraud, intentional damage to a protected computer, and transmitting a demand in relation to damaging a protected computer. He made his initial federal court appearance today in Tampa, at the US District Court for the Middle District of Florida, according to the Justice Department.   Read more about it here.

LockBit ransomware gang claimed to have compromised the network of Bridgestone Americas, one of the largest manufacturers of tires, and stolen data from the company. The Bridgestone Americas family of enterprises includes more than 50 production facilities and 55,000 employees throughout the Americas. On February 27, some company employees at Bridgestone’s La Vergne plant reported being sent home due to a possible cyber attack. Bridgestone launched an investigation into the incident and hired a prominent consultant firm to understand the full scope and nature of the incident. Read more about it here. 

This year's Super Bowl was not very exciting. The game was low-scoring, and the halftime show was lackluster. The only interesting thing that happened on Super Bowl Sunday is the San Francisco 49ers, who wasn't even in the game, confirmed it got hacked. Over the weekend, the BlackByte ransomware group's dark web blog touted that it had CYBER THREAT INTELLIGENCE –NEWSLETTER – 2022/02/16 hacked servers belonging to the San Francisco 49ers and encrypted them. It wants $530 million for the key. The post contains a file called "2020 Invoices" to prove it has company data. Ars Technica notes that the cache holds hundreds of billing statements to entities including AT&T, Pepsi, and the city of Santa Clara.   Read more about it here.

Sportswear manufacturer Puma was hit by a data breach following the ransomware attack that hit Kronos, one of its North American workforce management service providers, in December 2021. The data breach notification filed with several attorney generals' offices earlier this month says the attackers also stole personal information belonging to Puma employees and their dependents from the Kronos Private Cloud (KPC) cloud environment before encrypting the data. Right after the attack, a Kronos customer impacted in the incident told BleepingComputer that they had to go back to using paper and pencil to cut checks and monitor timekeeping.   Read more about it here.