Last year, near about the same time , we saw ‘Resurgence of Ransomware and State Nation Funded Attacks on Global Cis and ICTs’ coinciding at the peak of the pandemic for various nefarious purposes. While 2020 saw maximum number of Ransomware attacks in any recent year, the Maze ransomware attack on Cognizant has been stated to have cost the firm between 50-73 million dollars . Cognizant CEO Details Ransomware ‘Perfect Storm’ (secureworldexpo.com)
Last few months alone have seen some of the largest Cyber Attacks and of these the two most notable events are Solarwinds Supply Chain Attacks where it was detected in December of 2020 that in a sustained and targeted manner, over past several months, numerous American Government , IT and Security companies were breached and in turn a number of high profile client enterprises were also compromised. What You Need To Know About the SolarWinds Supply-Chain Attack | SANS Institute This event has been dubbed as Pearl Harbor of American IT and is considered to be one of the largest sustained Cyber Adversary Campaign in the recent memory.
Just last weekend , The US government declared a regional emergency on Sunday as the largest fuel pipeline system in the United States remained largely shutdown, two days after a major ransomware attack was detected. Colonial Pipeline cyberattack – Wikipedia . The Colonial Pipeline Company ships gasoline and jet fuel from the Gulf Coast of Texas to the populous East Coast through 5,500 miles (8,850 Kms) of pipeline, serving 50 million consumers.
Since the start of 2021, we see a continued attention Ransomware continues to get with various state governments their efforts including National Ransomware Strategy by Australian Govt and US House Committee on Homeland Security calling out Ransomware as a top national threat.
US Govt Executive Order of May 2021
US President Joe Biden signed an executive order on Wednesday Executive Order on Improving the Nation’s Cybersecurity | The White House that advances federal cybersecurity capabilities and encourages improvements in digital security standards across the private sector which has been hit by a spate of cyberattacks.
As we anticipate similar directives being reinforced in other digital economies, its important to understand the key callouts in the Executive order:
· A stronger Public Private partnership and continuous assessment of new threats
· Significant upshifts and not incremental improvements; Deploy full scope of its authorities and resources to protect it’s systems
· All federal systems to meet or exceed standards and requirements for cybersecurity
· Removing present contractual barriers which limit sharing of threat and incident information
· Special Strengthening of Sourcing processes, detection / reporting processes , comprehensive software supply chain security standards, IOT consumer labelling , Cloud security governance and standards and labelling and protecting classified data.
Implications and opportunities for Service providers:
· Within 60 days of the executive order, Office of Mgmt and Budget will review Federal Acquisition Regulation (FAR) and supplement contract requirements and language for contracting with IT and OT providers
· Service providers expected to collect, preserve, and report information relevant for prevention, detection, and response of Cyber Incidents.
· Expected implementation within 120, requiring all service providers to start sharing data with agencies CISA and FBI as necessary
· Heads of Federal agencies to submit in 60 days, plans to modernize Cyber Security for federal systems. Plan to implement Zero Trust architecture has been called out explicitly and is expected to gain more traction
· While adaption of Cloud for federal systems is encouraged, it is expected that in 90 days the agencies shall develop Federal Cloud Security Strategy. This will be supplemented buy more guidelines for Cloud Security Governance and Data classification
· Secy of Commerce acting thru Director of NIST will implement IOT cybersecurity criteria and consumer labelling program
And many more steps to bolster the Cybersecurity posture of Critical Infrastructure and OT / IT systems can be found in the link above in this section .
Global Ransomware Task Force & A Holistic Approach
Institute for Security & Technology (IST) has taken a global position on this key risk. As this is not a problem that any one entity can solve alone. Over 60 experts from industry, government, law enforcement, civil society, and international organizations have worked together to produce a comprehensive framework, which breaks down siloed approaches and advocates for a unified, aggressive, comprehensive, public-private anti-ransomware campaign. Combating Ransomware – A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force
Key message and takeaways from this report which nicely summarize extent of this problem and efforts needed to tackle this are:
· Ransomware is no longer just a financial crime; it is an urgent national security risk that threatens nation state critical infrastructure, hospitals, businesses, and governments across the globe.
· Most ransomware criminals are based in nation-states that are unwilling or unable to prosecute this cybercrime, and because ransoms are paid through cryptocurrency, they are difficult to trace. This global challenge demands an “all hands on deck” approach, with support from the highest levels of government.
The aim thus is not only to help the world better understand ransomware, but to proactively and relentlessly disrupt the ransomware business model through a series of coordinated actions, This will be an extremely important measure in the series of efforts
Key steps as the framework calls out are:
· Coordinated, international diplomatic and law enforcement efforts must proactively prioritize ransomware through a comprehensive, resourced strategy, including using a carrot-and-stick approach to direct nation-states away from providing safe havens to ransomware criminals.
· The United States should lead by example and execute a sustained, aggressive, whole of government, intelligence-driven anti-ransomware campaign, coordinated by the White House. In the U.S., this must include the establishment of 1) an Interagency Working Group led by the National Security Council in coordination with the nascent National Cyber Director; 2) an internal U.S. Government Joint Ransomware Task Force; and 3) a collaborative, private industry-led informal Ransomware Threat Focus Hub.
· Governments should establish Cyber Response and Recovery Funds to support ransomware response and other cybersecurity activities; mandate that organizations report ransom payments; and require organizations to consider alternatives before making payments.
· The cryptocurrency sector that enables ransomware crime should be more closely regulated. Governments should require cryptocurrency exchanges, crypto kiosks, and over-the-counter (OTC) trading “desks” to comply with existing laws, including Know Your Customer (KYC), Anti-Money Laundering (AML), and Combatting Financing of Terrorism (CFT) laws.
Insurers Response – a positive first step
One of the largest Insurers AXA, at the request of French government has pledged to stop reimbursing ransom money to victims of ransomware attacks. AXA pledges to stop reimbursing ransom payments for French ransomware victims | ZDNet This is a good positive enforcement as until now insurers were also known to prefer the route of ransom payouts as these were often less expensive and long drawn as the costs associated with litigations, recoveries and various other technical restoration etc.
Conclusion – Your Support In This Endeavour
A multi-pronged approach to countering ransomware, will be crucial for organizations across sectors to work together and act immediately to tackle this challenge. Make no mistake: reducing the ransomware threat will not be easy, and it will not be accomplished by any individual government or organization alone; this effort will require coordination, collaboration, and investment of time and resources
The persistence of safe harbors and the challenge of tracing transactions through cryptocurrencies, combined with the complexity of attribution and prosecution, stack the odds in ransomware criminals’ favor
Yet failing to act is not an option. Allowing the ransomware challenge to go unchecked could have disastrous consequences
The good news is that there is a greater than ever resolve to fight this menace back with all might. Many of the measures listed out above in this section are already seeing an adaption in various forms across most leading nations.
We need to continue this effort by supporting organizations developing practical and secure operations capabilities, increase knowledge and prioritization to afford right security investments within your leadership teams , comply with information security standards , guidelines and actively engage with security teams on identifying and acting on areas which need to be prioritized and do everything possible as a leader to financially incentivize adaption of Ransomware mitigants.
(Image Courtesy: www.gtri.gatech.edu)
(This is an authored article by Jaspal Singh Sawhney, Global Chief Information Security Officer at Tata Communications)