Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

4/1/2015
05:00 PM
100%
0%

Obama Signs Executive Order For Sanctions Against Cybercriminals, Cyberspies

President cites International Emergency Economic Powers Act to allow feds to blacklist foreign individuals or entities behind 'significant malicious cyber-enabled activities'

President Obama today announced yet another weapon for the US to fight back against the wave of cyber attacks plaguing US businesses, organizations, and individuals: a new Executive Order authorizing the Secretary of Treasury, in consultation with the Attorney General and Secretary of State, to institute sanctions against entities behind cybercrime, cyber espionage, and other damaging cyberattacks.

"I’m for the first time authorizing targeted sanctions against individuals or entities whose actions in cyberspace result in significant threats to the national security, foreign policy, economic health or financial stability of the United States," the President wrote today. "Our primary focus will be on cyber threats from overseas. In many cases, diplomatic and law enforcement tools will still be our most effective response. But targeted sanctions, used judiciously, will give us a new and powerful way to go after the worst of the worst."

The US now has the power to freeze assets of attackers who disrupt US critical infrastructure, or steal trade secrets from US businesses or profit from theft of personal information.

"While we’re focused on the supply side of this problem — those who engage in these acts — we’ll also go after the demand side — those who profit from them. As of today, there’s a new deterrent because I’m also authorizing sanctions against companies that knowingly use stolen trade secrets to undermine our nation’s economic health," Obama wrote.

The EO, while not surprising, was mostly welcomed by the security industry, although questions remain on how the feds will properly identify attackers given the difficulty of attribution.

Stephen Cobb, a security researcher with ESET, says it's a solid move to put the squeeze on attackers.  "Many companies in the U.S. are spending a lot of money to improve their IT security and the security awareness of their employees in response to the seemingly relentless tide of cybercrime; but it is clear that these private sector efforts alone will not solve the cybercrime problem," Cobb says. "Coordinated government action, both nationally and internationally, is urgently needed to attack those elements of the global cybercrime infrastructure that only persist due to the complicity of corrupt officials and unscrupulous businesses that turn a blind eye to cybercrime.”

Read President Obama's announcement of the new Executive Order here

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4147
PUBLISHED: 2019-09-16
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
CVE-2019-5481
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-15741
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-16370
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.