Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Fintech at SaaS Speed
Webinar: Navigating scale and security challenges
Encrypted Traffic Strategies
Webinar: Best practices for enterprise net traffic
Omdia's On-Demand Webinars
Omdia's On-Demand Cybersecurity Webinars
// // //
02:50 PM
Tanner Johnson
Tanner Johnson
Connect Directly
E-Mail vvv

Biden Administration Responds to Geopolitical Cyber Threats

In response to growing concerns regarding the recent uptick in large-scale, nation-state-backed ransomware attacks on critical infrastructure, the Biden administration is taking new action to tackle the evolving challenges posed by ransomware attacks.

When considering the cybersecurity CIA triad of confidentiality, integrity, and availability, each component is essential to the secure operation of every organization. 

Related Content:

Data Security Accountability in an Age of Regular Breaches

Manchester United Cyberattack Highlights Controversy in Paying Ransomware Attackers

Maersk CISO Says NotPetya Devastated Several Unnamed U.S. Firms

However, when the consistent and reliable availability of necessary data is lost as a result of a ransomware incident, it is perhaps the most crippling of the three. Denial of access to data can cripple operations and bring everything to a grinding halt. To add insult to injury, the absolute urgency and panic that system denial creates in victims only exacerbates the challenge of responding to a ransomware attack.

Adversaries now commonly use ransomware to quickly and efficiently steal victims' access to valuable data. The ransomware "industry" has matured in several ways: through the anonymity provided via the anonymity granted through the Internet and digital currency, combined with the low-risk/high-reward mechanics involved with ransoming a victim’s files, plus the evolution and increasing monetization of ransomware-as-a-service (RaaS). All "flavors" of customizable ransomware toolkits can be found for sale on the Dark Web. While already a troubling concept to consider, such offerings have facilitated the fast and massive global proliferation of ransomware toolkits.

Task Force Takes All-Hands-on-Deck Approach
As a result of the growth and development of sophisticated, technically knowledgeable, well-funded, and often nation-state-backed ransomware gangs, developing and deploying any lasting and comprehensive countermeasures will require a herculean effort. 

Given the increased frequency of the attacks, combined with the severity of consequences that stem from a successful strike, no single entity can possibly hope to coordinate such a large-scale disruption of these ransomware campaigns alone. A truly extensive response requirement will demand international cooperation from government organizations, private entities, and defense agencies worldwide.

In light of the significant national security implications surrounding repeated ransomware strikes against critical infrastructure, the Biden administration recently announced plans for the deployment of a cross-government ransomware task force. This task force, composed of an interagency group of senior security officials, will help to further facilitate defensive capabilities to protect against attacks by promoting data security resilience among critical infrastructure entities. 

The task force will seek to coordinate with US allies to direct any offensive responses against evolving attack campaigns, while simultaneously working to disrupt ransom payments proffered on various cryptocurrency platforms.

Additionally, the US Department of Justice announced plans to elevate ransomware investigations to the same level of priority as terrorist attacks, granting greater access to government resources to assist in mitigation efforts.

Administration officials are increasingly concerned now that ransomware attacks frequently exploit various supply chain vulnerabilities as a preferred method of compromise. Attacks such as these target popular software solutions to reach a larger pool of potential victims. Challenges surrounding these supply chain attacks plague government agencies and private sector companies alike. While many organizations are still recovering from the SolarWinds breach that occurred at the end of 2020, the recent ransomware strike against popular vendor Kaseya shows that such threats are likely to continue in the absence of a coordinated response.

Security Concerns Spark Geopolitical Tensions
Many recent ransomware attacks are believed to have originated in countries that are adversarial to the US. This poses additional challenges. The very clandestine nature of the attacks, in addition to the anonymity surrounding payment, make any kind of accountability difficult to impose. For example, the FBI claimed that the culprits of the Colonial Pipeline attack, a ransomware network known as DarkSide, are based in Russia and are operating with Russian President Vladimir Putin's full knowledge. As expected, Putin has dismissed accusations against Moscow as unfounded. However, several US government officials have commented that even as Putin is more than likely completely aware of the criminal activity stemming from within his country’s borders, these gangs are so autonomous that Putin himself may be powerless to truly disrupt them. 

Furthermore, the Biden administration has also accused the Chinese government of helping to facilitate various cyberattacks including ransomware, extortion, theft, and even crypto-jacking. The administration alleges that China’s Ministry of State Security (MSS) was also responsible for an attack on Microsoft's Exchange email server earlier this year that compromised more than 30,000 organizations that rely on this service to facilitate daily operations. The Department of Justice has gone one step further with China, and has officially charged four Chinese nationals with illicit computer network exploitation activities, as part of a Chinese advanced persistent threat (APT) group known as APT40.

However, there are growing concerns regarding any kind of official US retaliation against either Russia or China. Officials have expressed considerable concern regarding any form of cyber standoff that may manifest between the US and an adversarial leader or nation. There are considerable fears that any kind of retaliatory action from the US could further escalate into even more orchestrated attacks against the US, its interests, and its allies.

Only time will tell if the geopolitical posturing between these superpowers will result in a digital détente.

Tanner Johnson is a cybersecurity analyst focused on IoT and transformative technologies at Omdia. His coverage is focused on examining the various threats that occupy the IoT technology domain, as well as opportunities and strategies that are emerging as data connectivity ... View Full Bio
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-03-27
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.
PUBLISHED: 2023-03-27
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.
PUBLISHED: 2023-03-27
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.
PUBLISHED: 2023-03-27
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
PUBLISHED: 2023-03-27
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.