Global Ransomware Surge Leads To Calls For New Answers
Dan Lohrmann
Cybersecurity Leader | CxO Advisor | Bestselling Author | GT Blogger: 'Lohrmann on Cyber' | Global Keynote Speaker | CISO Mentor
Global leaders want to carve out specific areas of critical infrastructure to be protected under international agreements from cyber attacks. But where does that leave others?
"There are ‘four or five steps you could take that could significantly mitigate this risk,’ Falk said. These are patching, multifactor authentication and all the stuff in the Australian Signals Directorate's Essential Eight baseline mitigation strategies. …
Back in April of this year, a BBC News headline read, "The ransomware surge ruining lives."
And that was before the cyber attacks on critical infrastructure sectors like Colonial Pipeline, meat-processing giant JBS, the Irish Health Service and so many others.
And when President Biden met with Russian President Putin last month in Geneva, he declared that certain critical infrastructure should be “off-limits” to cyberattacks.
“We agreed to task experts in both our countries to work on specific understandings about what is off-limits,” Biden said. “We’ll find out whether we have a cybersecurity arrangement that begins to bring some order.”
As an initial positive step forward, this cyber defense policy makes sense. In fact, most global experts applaud these moves and efforts to better protect and clarify international crimes in cyberspace.
Previous administrations going back to George W. Bush have taken aggressive steps to ensure critical infrastructure is protected in the U.S. and around the world through actions involving people, process and technology, both offline and online. The 16 critical infrastructure sectors identified by DHS/CISA can be found here.
Still, many questions remain regarding this new policy: Will all global governments actually agree on the wording? More importantly, even if they do agree, how will the agreements be enforced? Also, what happens if some countries continue to allow criminals to attack these critical infrastructure sectors from their soil?
And my main question goes further: Even if all of these agreements and actions are 100 percent agreed upon and enforced, which most people don’t believe will happen, does this imply that every organization not covered under these 16 critical infrastructure sectors can be openly attacked without a response? Is this giving into cyber criminals for everyone else?
For example, would K-12 schools or small businesses be “fair game” and not off limits? Could this actually increase attacks for any organization not considered on the CISA list?
No doubt, some will say that schools are a part of government, and yet there are private schools. In addition, if we do cover all others somehow, perhaps as a supplier of these 16 sectors, doesn’t that make the “off-limits” list essentially meaningless?
Essentially, where is the line? Who is included, and what happens when some nation or criminal group crosses the line?
These questions became more than an intellectual thought exercise recently when the Kaseya ransomware attack impacted more than 1,500 businesses, without, in their words, impacting critical infrastructure.
CBS News reports, “Still, Kaseya says the cyber attack it experienced over the July 4th weekend was never a threat and had no impact on critical infrastructure. The Russian-linked gang behind the ransomware had demanded $70 million to end the attack, but CNBC reported that the hackers reduced their demands to $50 million in private conversations.
"The Miami-based company said Tuesday that it was alerted on July 2 to a potential attack by internal and external sources. It immediately shut down access to the software in question. The incident impacted about 50 Kaseya customers.”
领英推荐
OTHER RECENT RANSOMWARE NEWS
Meanwhile, in a bit of a surprise, ransomware group REvil disappeared from the Internet this past week, when its website became inaccessible.
As Engadget reported, “According to CNBC, Reuters and The Washington Post, the websites operated by the group REvil went down in the early hours of Tuesday. Dmitri Alperovitch, former chief technology officer of the cyber firm CrowdStrike, told The Post that the group's blog in the dark web is still reachable. However, its critical sites victims use to negotiate with the group and to receive decryption tools if they pay up are no longer available. Visitors to those websites now see a message that says ‘A server with the specified host name could not be found.’"
CNBC reported: “There are 3 main possibilities for the criminal gang’s disappearance — each of which carries good and bad news for U.S. efforts to combat the ransomware scourge emanating from Russia.
? The Kremlin bent under U.S. pressure and forced REvil to close up shop.
? U.S. officials tired of waiting for Kremlin cooperation and launched a cyber operation that took REvil offline.
? REvil’s operators were feeling the heat and decided to lay low for awhile.
"This situation may send a message to some of the players that they need to find a less-aggressive business model, which could mean avoiding critical infrastructure, or it could mean avoiding U.S. targets.”
Also, the Biden administration announced several other measures to combat ransomware: “The Biden administration will offer rewards up to $10 million for information leading to the identification of foreign state-sanctioned malicious cyber activity against critical U.S. infrastructure — including ransomware attacks — and the White House has launched a task force to coordinate efforts to stem the ransomware scourge.
"It is also launching the website stopransomware.gov to offer the public resources for countering the threat and building more resilience into networks, a senior administration official told reporters.”
And yet, many experts are still predicting that ransomware will continue to grow in the near future. For example, TechHQ wrote that “identifying the culprits often isn't as big an obstacle as apprehending them.”?
To show recent growth of ransomware attacks, Fox Business offered details on a Check Point report this past week that “ransomware attacks surge, growing 93 percent each week.”
Also: “'The ransomware business is booming. We’re seeing global surges in ransomware across every major geography, especially in the last two months,' said Lotem Finkelstein, head of threat intelligence at Check Point Software. 'We believe the trend is driven by scores of new entrants into the ransomware business.'"
For more background on this hot topic, a few weeks back I appeared on MiTech News to discuss the ransomware crisis. Here is that video:
I also wrote this blog on the Colonial Pipeline ransomware in May and this blog on NATO and cyber attack responses in June.
For final thoughts on this topic and the rest of the original article, please visit: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/as-ransomware-surge-continues-where-next-for-government?
Great read, Dan Lohrmann! There’s nuance in the view you’re presenting, and I think it’s important that we understand that nuance.
Privacy and Cybersecurity Partner at Seyfarth Shaw LLP
3 年There are ‘four or five steps you could take that could significantly mitigate this risk,’ Falk said. These are patching, multifactor authentication and all the stuff in the Australian Signals Directorate's Essential Eight baseline mitigation strategies. …
I.t support officer - Service Desk
3 年Again and again I answer this question. It's lack of training Users clicking links and open attachments in phishing emails Lack of knowledge in computer security Users, using the computers for personal use Users handing over usernames and passwords Not following basic security rules Users attitude of I don't care or want to learn it "Cybersecurity professionals" limited knowledge of technical skills. Administrators, it's all we'll and good handing someone a test, what Users need is training where you have someone compitant in showing then how these hacks work, what to look out for, and that they can ask questions. Lack of skill to carry out site security Lack of skill to carry out penertation testing Untrained service desk staff resetting a password because the caller is showing from a number they recognise, yes it's happening in companies. No backups, it's eventual to have a backup and done daily, but also another backup, so you need to backup twice. Cybersecurity is everyone's responsibility unless this changes you can guarantee to be a "victim" of a cyber attack. So put that money to investment of training rather than give it to ruthless criminals the choice is yours.
Product Marketing Manager | Driving Go-to-Market Strategies & Digital Transformation in G2C & B2B Solutions | Identity Verification & Biometrics experience | Web3 & Blockchain Enthusiast
3 年Businesses and governments are obviously failing to protect against cyber-attacks and quantum hacking will create havoc! IronCAP X can protect you NOW and in the quantum future. IronCAP X is the only quantum-safe, end-to-end email encryption solution available. It stops #phishing.?Thanks to the powerful combination of end-to-end encryption and digital signatures. Checkout: https://www.ironcap.ca/ironcap-x/
Content That Generates Leads
3 年Thanks, great post. We're at war and most people don't know!!