The TechnologIST | IST at the International Counter Ransomware Initiative
Institute for Security and Technology (IST)
Uniting technology and policy leaders to create actionable solutions to emerging security challenges
Welcome back to The TechnologIST. I'm Sophia Mauro , IST's Director of Communications. In this month's edition of The TechnologIST:?
+ Learn about the Ransomware Task Force's ongoing support for the International Counter Ransomware Initiative
+ Listen to new Hack the Plan[e]t episodes?
+ Check out some of the ISTeam's recommended reading from this month
Q&A: Ransomware attacks are on the rise. How are global efforts countering the threat??
Ransomware attacks, according to a map of global incidents published by the Ransomware Task Force a few weeks ago, show no sign of slowing down. In fact, according to data leak site source ecrime.ch, 2023 saw a 73% year-over-year increase in attacks. What does this increase mean for 2024 and beyond? And what should private and public sector stakeholders be doing to tackle the threat??
Just this month, the international community came together for the 2024 International Counter Ransomware Initiative (CRI), the fourth annual gathering of over 70 member states and entities, including the European Union, the Organization for American States, and INTERPOL, to bolster collective resilience to ransomware. As the inaugural Ransomware Task Force report emphasized, globally-coordinated efforts to deter ransomware attacks, disrupt the ransomware business model, help organizations prepare, and respond to attacks more effectively are crucial. The CRI is one such initiative to coordinate these efforts on a global scale.?
IST was honored to participate in the CRI Summit as a member of the newly-launched Public-Private Sector Advisory Panel, to convene a panel discussion for member states on information sharing in the ransomware payment ecosystem, and to co-host with the Center for Cybersecurity Policy and Law a day of industry dialogue on the sidelines. In this month’s edition of The TechnologIST, we chat with Ransomware Task Force colleagues Future of Digital Security Associate Trevaughn Smith, Deputy Director for Digital Security Taylor Grossman, Senior Director for International Cyber Engagement Elizabeth Vish, and Chief Strategy Officer and RTF Executive Director Megan Stifel to learn more.?
“Industry is a critical partner to the CRI in achieving its objectives. They should leverage the Public-Private Sector Advisory Panel and its members to share their perspectives on how ransomware is evolving and areas in which industry may have the upper hand in thwarting ransomware actors’ criminal activities."
- Megan Stifel, IST Chief Strategy Officer and Ransomware Task Force Executive Director?
Q: As one of the co-authors of the Ransomware Task Force’s global incident map, can you set the stage for me? What is the state of the ransomware threat, how has the ecosystem changed since 2022, and what are the main trends you’re seeing?
Trevaughn Smith : “In 2022, several international incidents, such as Russia’s invasion of Ukraine, likely led to a decrease in ransomware activity. But that dip is officially over. Looking at the 2023 data we analyzed from ecrime.ch, we observed 6,670 ransomware incidents in 117 countries. Some ransomware gangs, like 8Base, rely on typical phishing and business email compromise strategies to launch ransomware attacks. Others, like CL0P, use zero-day vulnerabilities that carry high risk yet offer high reward, as demonstrated by their devastating MOVEit hack in 2023, which compromised dozens of businesses and exposed the sensitive data of millions of people.”
Q: As a co-author of the 2023 global incident map, what do you think we should be looking for in 2024 and beyond? Have government actions – disruption efforts, response capabilities, preparation resources – made an impact??
Taylor Grossman : “For 2024, we’re very interested in looking at the effects of major multilateral disruptions, such as the Operation Cronos targeting of LockBit. Although LockBit was the most consistent and stable of any group we tracked from 2023, Operation Cronos appears to have had some impact on the group’s ability to act and on its broader credibility within the RaaS community. The efficacy of law enforcement takedowns is a major point of debate among ransomware researchers; it will be important to see the full data from this year to track the effects of this particular operation.?
We also continue to support ransomware prevention methods, such as adoption of the Blueprint for Ransomware Defense, which we developed together with the Center for Internet Security based on their Critical Security Controls. Ultimately, I think that efforts to implement secure by design architecture will be among the most robust long-term solutions to combating ransomware.”
Q: IST has participated in the International Counter Ransomware Initiative for three years now, providing research, analysis, and support to CRI members. Can you tell me about the CRI’s progress over the last three years??
Elizabeth Posegate Vish : “During the three years that IST has participated, there have been dialogues between members on challenges like cyber incident reporting and reducing the laundering of ransomware payments in and out of cryptocurrencies. However, there has been less progress in facilitating collaboration between private industry and the CRI members (though of course many members have direct collaboration). Under the CRI and in partnership with the Global Forum on Cyber Expertise and with the support of the Spanish and U.S. governments, IST conducted research into effective public-private partnerships to combat ransomware and we are really pleased that the findings of that research have been incorporated into the Initiative’s? efforts to engage industry and civil society moving forward.”
Q: At this year’s CRI gathering, IST was announced as a member of the newly-launched Public-Private Sector Advisory Panel, led by Canada. What does this Advisory Panel seek to accomplish? And how will IST and the Ransomware Task Force play a role??
Elizabeth: “Many RTF members have indicated a desire to contribute to the CRI’s efforts—a real ‘put me in, coach’ attitude! The Public-Private Sector Advisory Panel, convened by Canada with support from other CRI members, brings together six private entities to provide advice, guidance, and recommendations to CRI members. We are hoping that this is a start that will continue to grow and expand after this initial year one group.”?
Q: Tell me more about the joint IST-CCPL event on the sidelines of the CRI to spotlight the crucial role of industry. What were some of your key takeaways?
Megan S. : “Outside the limited-participation CRI plenary sessions that select industry partners were invited to join, this was the first substantive opportunity for the two communities to engage under the CRI tent. The ‘put me in, coach’ theme Elizabeth noted was quite evident at the Thursday event and participants expressed an interest in additional areas for conversation and collaboration. As conveners of the RTF and a critical action think tank, we want those engagements to be as action-oriented as possible. So we are actively exploring ways to bring together CRI member countries and industry partners, including through table top exercises and country- and region-specific RTF studies.
领英推荐
Q: Now that the four-day meeting has come to an end, member states will work to advance the policies and commitments made during the ICRI. How should industry be involved in advancing these commitments?
Megan: “Since the first CRI we joined in the fall of 2022, we have been adamant that industry is a critical partner to the CRI in achieving its objectives. Industry should leverage the Public-Private Sector Advisory Panel and its members to share their perspectives on how ransomware is evolving and areas in which industry may have the upper hand in thwarting ransomware actors’ criminal activities. Information sharing with and among industry is still a nascent issue for many CRI members; industry has a great opportunity to shine the spotlight on how partnering with them is a win-win for CRI members and their citizens.”
Elsewhere at IST
AI, Therefore I Am: Exploring Cognition in the Age of GenAI
IST's Generative Identity Initiative (GII) is exploring the impact of GenAI, particularly conversational agents, on social cohesion. In the first installment in a series of blogs, IST Policy Analyst for Technology and Society Gabrielle Tran lays out key cognitive implications that the GII Working Group members identified as central to GenAI's impact on social cohesion. "Advanced chatbots are challenging our perceptions of learning, relationships, and even the boundaries between life and death,” she wrote.
Decrypting Iran’s AI-Enhanced Operations in Cyberspace
As part of IST’s ongoing efforts to identify and diagnose malicious use of AI, IST Senior Associate for AI Security Policy Mariami Tkeshelashvili and Adjunct Cybersecurity and AI Policy Fellow Tiffany Saade explore Iran’s use of AI in information operations and domestic surveillance, make predictions about what might come next, and identify several risks established in IST’s report, A Lifecycle Approach to Risk Reduction, that reflect Iran's established pattern of behavior and its apparent intentions
IST in the News
Josh Corman emphasizes outsize consequences of attacks on hospitals
IST Executive in Residence for Public Safety & Resilience Joshua Corman spoke to WIRED ’s Andy Greenberg about recent criminal charges leveled against a Sudanese hacker allegedly behind a rash of cyber attacks on hospitals. Even small hacks can have big impacts, Josh said: “Denial-of-service attacks can degrade and deny patient care to cause loss of life…It could be heartening to see that we understand the outsize consequences of these attacks.”
Michael McNerney weighs in on proposed executive action
IST Board Chair Michael McNerney spoke to NBC Bay Area on the reasoning behind a Biden administration proposal to stop the import of internet-connected cars with components from Russia or China: "If you have foreign components in your car, particularly hardware or software, if they're manufactured in a country that is adversarial to the United States, now you have potentially a foreign power that is able to eavesdrop on hundreds or thousands of cars," he said.?
Conversations on Critical Infrastructure
the latest from Hack the Plan[e]t
Hack the Plan[e]t, hosted by IST Senior Adjunct Advisor Bryson Bort, explores the critical infrastructure systems that we rely on every day, asking whether connecting these systems to the Internet leaves us more vulnerable to attacks by our enemies. In its fourth season, IST is excited to produce the podcast alongside ICS Village!
Episode 37: The Case for a Cyber Force
For three years, Mark Montgomery served as Executive Director of the Cyberspace Solarium Commission, created by congressional mandate to develop strategic approaches to defending against cyber attacks. Now, he directs CSC 2.0, an initiative that works to implement the recommendations of the Commission. In this episode, Bryson and Mark talk about Mark’s time at the Commission, his pitch for a Cyber Force, and the politics of cybersecurity and the latest cyber policy.
Episode 38: Securing Embedded Systems
For nearly 20 years, Niyo Little Thunder Pearson has been at the forefront of protecting critical infrastructure systems, including co-founding MITRE EMB3D, a groundbreaking global threat network aimed at enhancing the security of embedded devices. In this episode, Bryson and Niyo cover what MITRE EMB3D is, the industry he’s trying to serve, the problems he’s trying to solve, and more.
Want more tech and security content? Check out some of the ISTeam's favorite pieces from the past month: