Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

5/19/2021
10:00 AM
Charles Herring
Charles Herring
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

How Ransomware Encourages Opportunists to Become Criminals

And what's needed to stop it: Better information sharing among private organizations and with law enforcement agencies.

"I don't have to be faster than the bear, I just have to be faster than the slowest runners," commented a cybersecurity executive to me over lunch last month. This philosophy of not being an easy target has been the cornerstone of many successful cybersecurity practices over the last two decades. It has been highly effective for organizations that have the skill and funding to outpace their peer organizations and has delayed inevitable consequences to their organizations.

Cybercriminals have historically been opportunists playing a numbers game. Mass attacks with low success rates have long provided sustainable streams of ill gotten revenue. While opportunistic crimes are very common, there is an uptick in targeted, thoughtful attacks that read like the plot to Ocean's 11

Related Content:

Look to Banking as a Model for Stopping Crime-as-a-Service

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: 11 Reasons Why You Sorta Love Passwords

In March, The Record interviewed Unknown from the REvil/Sodinokibi group, which offers ransomware-as-a-service to criminals to carry out extortion, data theft, and system destruction attacks to gain money from victims and/or buyers. In response to the question of whether it targets those carrying cybersecurity insurance policies, Unknown responded, "Yes, this is one of the tastiest morsels. Especially to hack the insurers first — to get their customer base and work in a targeted way from there. And after you go through the list, then hit the insurer themselves."

Not long after, Chicago-based commercial insurer CNA got hit with a ransomware attack. The latest update from CNA in April confirms a "sophisticated ransomware" attack occurred. It has also committed that "once our investigation is complete, we will notify any impacted parties as appropriate."

What we know at this point is criminals have developed sophisticated tactics (the ransomware), distribution mechanism (like REvil), and patience for bringing down bigger prey (like CNA.) The ability to breach one of the largest organizations that exist to underwrite cybersecurity risk is compelling evidence that the bear is now chasing the faster, tastier runners. If the criminal networks possess a listing of companies insured and the amount that they are insured for, they have created a menu of the tastiest morsels to target.

With criminals developing appetites for the fast runners of the past, the individualism of private organizations must transform into a collaborative herd community to survive this evolutionary change in the predators. The well-funded and less-funded organizations need to develop sustainable methods for sharing information with each other and collaborating with law enforcement to increase painful deterrence for the criminals.

In the past, well-funded organizations in most industries have had little motivation to help less-funded peer organizations. An exception to this has been between financial institutions. In the "2020 FBI Internet Crime Report," the agency recovered more than 82% of the $462 million in losses from financial institutions. This industry invested early in collaboration mechanisms and protocols between one another and law enforcement and serves as a prototype as an effective collaborative herd. 

Cybercrime is a subtype of crime, and lessons we have learned in reducing crime rates in the physical world apply in the cyber world. Private organizations need to work with law enforcement agencies to establish workflows and communication tactics akin to neighborhood watches. Establishing sustainable methods for private organizations to communicate with each other and with law enforcement agencies is critical to improving arrest and conviction rates.

In the case of the CNA breach, it is my hope that CNA, its insured, and law enforcement already have vigilant safeguards and surveillance in place to produce the evidence needed to prosecute these crimes and make future crimes less attractive. 

As cybercriminals evolve, corporate and private citizenry must also change. We must be ready and able to look beyond our singular interests and invest in the protection of our entire community. As we work to protect the common good, the fast and the slow both become safer.

Charles' dedication to maturing the craft of InfoSec is built on a diverse career path across the industry. He started his career in InfoSec in the US Navy in 2002 serving as the Network Security Officer at the US Naval Postgraduate School. After leaving active duty, he was a ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3904
PUBLISHED: 2021-10-27
grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3906
PUBLISHED: 2021-10-27
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
CVE-2021-3903
PUBLISHED: 2021-10-27
vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-41191
PUBLISHED: 2021-10-27
Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add `@require_apikey` in `BOT/lib/cogs/website....
CVE-2021-1115
PUBLISHED: 2021-10-27
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs, where an attacker with local unprivileged system access may cause a NULL pointer dereference, which may lead to denial of service in a component beyond the vulnerable co...