Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Fintech at SaaS Speed
Webinar: Navigating scale and security challenges
Encrypted Traffic Strategies
Webinar: Best practices for enterprise net traffic
Omdia's On-Demand Webinars
Omdia's On-Demand Cybersecurity Webinars
End of Bibblio RCM includes -->
7/23/2021
02:50 PM
Tanner Johnson
Tanner Johnson
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv

Biden Administration Responds to Geopolitical Cyber Threats

In response to growing concerns regarding the recent uptick in large-scale, nation-state-backed ransomware attacks on critical infrastructure, the Biden administration is taking new action to tackle the evolving challenges posed by ransomware attacks.

When considering the cybersecurity CIA triad of confidentiality, integrity, and availability, each component is essential to the secure operation of every organization. 

Related Content:

Data Security Accountability in an Age of Regular Breaches

Manchester United Cyberattack Highlights Controversy in Paying Ransomware Attackers

Maersk CISO Says NotPetya Devastated Several Unnamed U.S. Firms

However, when the consistent and reliable availability of necessary data is lost as a result of a ransomware incident, it is perhaps the most crippling of the three. Denial of access to data can cripple operations and bring everything to a grinding halt. To add insult to injury, the absolute urgency and panic that system denial creates in victims only exacerbates the challenge of responding to a ransomware attack.

Adversaries now commonly use ransomware to quickly and efficiently steal victims' access to valuable data. The ransomware "industry" has matured in several ways: through the anonymity provided via the anonymity granted through the Internet and digital currency, combined with the low-risk/high-reward mechanics involved with ransoming a victim’s files, plus the evolution and increasing monetization of ransomware-as-a-service (RaaS). All "flavors" of customizable ransomware toolkits can be found for sale on the Dark Web. While already a troubling concept to consider, such offerings have facilitated the fast and massive global proliferation of ransomware toolkits.

Task Force Takes All-Hands-on-Deck Approach
As a result of the growth and development of sophisticated, technically knowledgeable, well-funded, and often nation-state-backed ransomware gangs, developing and deploying any lasting and comprehensive countermeasures will require a herculean effort. 

Given the increased frequency of the attacks, combined with the severity of consequences that stem from a successful strike, no single entity can possibly hope to coordinate such a large-scale disruption of these ransomware campaigns alone. A truly extensive response requirement will demand international cooperation from government organizations, private entities, and defense agencies worldwide.

In light of the significant national security implications surrounding repeated ransomware strikes against critical infrastructure, the Biden administration recently announced plans for the deployment of a cross-government ransomware task force. This task force, composed of an interagency group of senior security officials, will help to further facilitate defensive capabilities to protect against attacks by promoting data security resilience among critical infrastructure entities. 

The task force will seek to coordinate with US allies to direct any offensive responses against evolving attack campaigns, while simultaneously working to disrupt ransom payments proffered on various cryptocurrency platforms.

Additionally, the US Department of Justice announced plans to elevate ransomware investigations to the same level of priority as terrorist attacks, granting greater access to government resources to assist in mitigation efforts.

Administration officials are increasingly concerned now that ransomware attacks frequently exploit various supply chain vulnerabilities as a preferred method of compromise. Attacks such as these target popular software solutions to reach a larger pool of potential victims. Challenges surrounding these supply chain attacks plague government agencies and private sector companies alike. While many organizations are still recovering from the SolarWinds breach that occurred at the end of 2020, the recent ransomware strike against popular vendor Kaseya shows that such threats are likely to continue in the absence of a coordinated response.

Security Concerns Spark Geopolitical Tensions
Many recent ransomware attacks are believed to have originated in countries that are adversarial to the US. This poses additional challenges. The very clandestine nature of the attacks, in addition to the anonymity surrounding payment, make any kind of accountability difficult to impose. For example, the FBI claimed that the culprits of the Colonial Pipeline attack, a ransomware network known as DarkSide, are based in Russia and are operating with Russian President Vladimir Putin's full knowledge. As expected, Putin has dismissed accusations against Moscow as unfounded. However, several US government officials have commented that even as Putin is more than likely completely aware of the criminal activity stemming from within his country’s borders, these gangs are so autonomous that Putin himself may be powerless to truly disrupt them. 

Furthermore, the Biden administration has also accused the Chinese government of helping to facilitate various cyberattacks including ransomware, extortion, theft, and even crypto-jacking. The administration alleges that China’s Ministry of State Security (MSS) was also responsible for an attack on Microsoft's Exchange email server earlier this year that compromised more than 30,000 organizations that rely on this service to facilitate daily operations. The Department of Justice has gone one step further with China, and has officially charged four Chinese nationals with illicit computer network exploitation activities, as part of a Chinese advanced persistent threat (APT) group known as APT40.

However, there are growing concerns regarding any kind of official US retaliation against either Russia or China. Officials have expressed considerable concern regarding any form of cyber standoff that may manifest between the US and an adversarial leader or nation. There are considerable fears that any kind of retaliatory action from the US could further escalate into even more orchestrated attacks against the US, its interests, and its allies.

Only time will tell if the geopolitical posturing between these superpowers will result in a digital détente.

Tanner Johnson is a cybersecurity analyst focused on IoT and transformative technologies at Omdia. His coverage is focused on examining the various threats that occupy the IoT technology domain, as well as opportunities and strategies that are emerging as data connectivity ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-33128
PUBLISHED: 2022-06-25
RG-EG series gateway EG350 EG_RGOS 11.1(6) was discovered to contain a SQL injection vulnerability via the function get_alarmAction at /alarm_pi/alarmService.php.
CVE-2021-40894
PUBLISHED: 2022-06-24
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in underscore-99xp v1.7.2 when the deepValueSearch function is called.
CVE-2022-32997
PUBLISHED: 2022-06-24
The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
CVE-2022-32998
PUBLISHED: 2022-06-24
The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
CVE-2022-32999
PUBLISHED: 2022-06-24
The cloudlabeling package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.