DHS Stands up Domestic Terror Intelligence Team | Hackers Find Easy Prey in U.S. | Ransomware Gangs, and more

Among other changes outlined in the memo, “prosecutors must submit for review and approval” to the Justice Department Counterterrorism Section in the National Security Division any charges and associated court filings that link a case to domestic violent extremism. The Counterterrorism Section “in its review shall seek to ensure accuracy and consistency in such descriptions in filings nationwide,” the memo says. The memo also sets out policies for standardizing data collection on domestic terrorism cases.

Meet DarkSide, the Ransomware Gang Blamed for the Colonial Pipeline Attack  (Sean Lyngaas, Cyberscoop)
The cybercriminal syndicate accused of causing one of the largest U.S. pipeline operators to shut down is known for running an enterprise that vets criminal customers and avoids targeting Russian-speaking organizations, according to analysts who have tracked the group.
Since emerging on underground criminal forums in August, the so-called DarkSide malicious software has allegedly been used in dozens of intrusions in the health care, energy and finance sectors. (Ransomware gangs and the software they use often have the same name, but multiple criminal entities sometimes buy access to the same malicious code.) The creators of DarkSide have boasted that their mechanism for encrypting data is the fastest of any, and analysts say the ransomware can encrypt Windows and Linux systems alike.

Lawmakers Eye Tightening Law to Get More Details on Cyberattacks  (Gopal Ratnam, Roll Call)
Legislation would require notification to Congress of major cyberattacks and set up $20 million cyber assistance fund

Colonial Pipeline Didn’t Tell CISA about Ransomware Incident, Highlighting Questions about Information Sharing  (Tim Starks, Cyberscoop)
Colonial Pipeline didn’t notify the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency of its ransomware incident, and CISA still didn’t have technical details about the attack as of Tuesday morning, the agency’s top official told senators.
Acting director Brandon Wales also said he didn’t think Colonial would have reached out to CISA if the FBI hadn’t alerted his agency, he said in testimony before the Homeland Security and Governmental Affairs Committee.

Hackers Find Easy Prey as U.S. Ignores One Warning after Another  (Alyza Sebenius, Jennifer A. Dlouhy, and Brody Ford, Stars and Stripes)
The ransomware attack that shut down the nation’s biggest fuel pipeline prompted an all-too familiar question in the corridors of power in Washington and boardrooms across the country: Can anyone stop debilitating hacks?

Trump’s Acting Attorney General to Affirm There Was No Evidence of Widespread Voter Fraud in 2020  (Katie Benner, New York Times)
The top Justice Department official at the time of the Jan 6. attack on the Capitol is expected to tell lawmakers on Wednesday that the department saw no evidence to undercut President Biden’s election win, even as Republicans continue to question the results and use those doubts to underpin restrictive voting laws.
The Justice Department “had been presented with no evidence of widespread voter fraud at a scale sufficient to change the outcome of the 2020 election,” Jeffrey A. Rosen, who served as the acting attorney general for the final month of the Trump administration, said in a prepared statement to the House Oversight Committee.
The department chose not to participate in legal challenges to the certification of the Electoral College results based on that assessment, his opening statement said, declining to appoint special prosecutors to look into election fraud or to ask state officials to overturn the results.

Four Key Takeaways on the U.S. Government Response to the Pipeline Ransomware Attack  (Zachary Cohen and Geneva Sands, CNN)
Senior cybersecurity officials testified before a key Senate committee on Tuesday after one of the nation’s largest pipeline operators was hit by an ongoing major ransomware attack that forced the company to shut down operations. CNN has learned that federal agencies and private cybersecurity firms are investigating the attack on Colonial Pipeline but lawmakers made clear that the incident only adds to their broader concerns about hackers who are increasingly exploiting vulnerabilities in US infrastructure. Here are some key takeaways from the hearing and CNN’s reporting on the government’s response to the Colonial Pipeline ransomware attack. A top Biden administration cybersecurity official warned the Senate hearing that cyberattacks on the nation’s infrastructure are “growing more sophisticated, frequent and aggressive.” “Malicious cyber actors today are dedicating time and resources towards researching, stealing, and exploiting vulnerabilities, using more complex attacks to avoid detection and developing new techniques to target information and communication technology supply chains,” acting Cybersecurity and Infrastructure Security Agency Director Brandon Wales told the Senate Homeland Committee, whose hearing was focused on a spate of recent incidents impacting the US.