Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Tough Fight Looms Against Ransomware ‘Epidemic’

The latest wave of ransomware attacks hitting the United States and globally portends a difficult battle against hackers, even as government and the private sector ramp up defenses.

The latest wave of ransomware attacks hitting the United States and globally portends a difficult battle against hackers, even as government and the private sector ramp up defenses.

The attacks hitting the Colonial Pipeline and the major JBS meatpacking operations are examples of a burgeoning cybercrime industry with the potential to inflict pain and extract profits by impacting “critical” networks, experts say.

Other recent targets include local governments, hospitals, insurers, a ferry system and others in the United States and globally, with many of the attacks attributed to Russia-based hackers operating with at least tacit approval from the Kremlin.

At least $18 billion was paid to ransomware attackers last year, according to the security firm Emsisoft, which found “tens of thousands” of victims so far in 2021.

“Ransomware is hitting epidemic proportions and business as usual isn’t going to cut it,” said Frank Cilluffo, director of Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security.

Parham Eftekhari, chairman of the Institute for Critical Infrastructure Technology, a thinktank focused on cybersecurity, noted that a rush to digitization of more systems has opened up more avenues for hackers.

“We are prioritizing speed to market, functionality, profits and business objectives over security,” Eftekhari said.

US officials in recent days have signaled a stepped-up effort on ransomware, calling these investigations a “top priority” and comparing the effort to the post-September 11 attacks fight against terror.

– Covert US response –

The Justice Department said Monday it recovered more than half of the $4.4 million ransom paid by Colonial Pipeline, in a rare success story.

“The recovery of the ransom is, obviously, a positive as it signals to cybercriminals that their ill-gotten gains are not necessarily beyond the reach of law enforcement,” said Brett Callow, analyst at the security firm Emsisoft.

But Callow said ransomware remains a scourge because “the financial rewards are huge (and) the chances of being caught are near-zero… we still have a very, very long way to go before the ransomware problem will be solved.”

Following sanctions imposed on Moscow, US officials have said little about future responses, but analysts believe there is considerable activity under the radar.

“The US government appropriately responds sometimes in a covert manner,” said Eftekhari.

“We have the greatest cyber offensive and defensive abilities on the planet.”

But security specialists say cyber defense is complex and requires actions across the board, including training for employees to avoid mistakes that let malicious actors into networks.

Security firm Proofpoint found in a recent survey that two-thirds of computer security officers acknowledge they are unprepared to cope with a future cyberattack, noted Proofpoint’s Lucia Milica.

“Human error is one of the biggest vulnerabilities and we’ve seen that remote work has made networks more vulnerable,” Milica said.

– Line in the sand? –

The latest attacks, on the heels of big data breaches affecting Microsoft email servers and the widely deployed SolarWinds security software, raise questions about protecting 16 “critical infrastructure” sectors including energy, utilities, defense, food and manufacturing.

James Lewis, head of technology policy at the Center for Strategic and International Studies, said these sectors have been victimized frequently but that successes are obscured by high-profile hacks.

“We probably need to rethink what critical infrastructure is,” Lewis said, suggesting that the label be used for public safety and national security.

Lewis said one lesson from the recent pipeline attack was panic buying of gasoline, which made the situation worse.

Making cryptocurrency transactions easier to trace could aid the fight against ransomware by curbing anonymous transactions, some analysts say.

Lewis said this is a good idea but that “a more sophisticated approach would be for central banks to issue their own digital currencies, which could dry up the market for cryptocurrencies.”

Cilluffo said the fight against ransomware will require a broad array of weapons.

“You really need to bring all instruments of power to bear: covert, diplomatic, military, sanctions,” he said.

A summit next week with President Joe Biden and Russian counterpart Vladimir Putin offers a key moment for Washington to “draw a line” against Moscow for providing a haven for hackers, said Cilluffo.

“Cyber has to be items one, two and three,” he said. “Having a president put markers in the silicon around cyber behavior is important because it comes with the full weight of the federal government.”

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.