Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Fintech at SaaS Speed
Webinar: Navigating scale and security challenges
Encrypted Traffic Strategies
Webinar: Best practices for enterprise net traffic
Omdia's On-Demand Webinars
Omdia's On-Demand Cybersecurity Webinars
// // //
7/23/2021
02:50 PM
Tanner Johnson
Tanner Johnson
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv

Biden Administration Responds to Geopolitical Cyber Threats

In response to growing concerns regarding the recent uptick in large-scale, nation-state-backed ransomware attacks on critical infrastructure, the Biden administration is taking new action to tackle the evolving challenges posed by ransomware attacks.

When considering the cybersecurity CIA triad of confidentiality, integrity, and availability, each component is essential to the secure operation of every organization. 

Related Content:

Data Security Accountability in an Age of Regular Breaches

Manchester United Cyberattack Highlights Controversy in Paying Ransomware Attackers

Maersk CISO Says NotPetya Devastated Several Unnamed U.S. Firms

However, when the consistent and reliable availability of necessary data is lost as a result of a ransomware incident, it is perhaps the most crippling of the three. Denial of access to data can cripple operations and bring everything to a grinding halt. To add insult to injury, the absolute urgency and panic that system denial creates in victims only exacerbates the challenge of responding to a ransomware attack.

Adversaries now commonly use ransomware to quickly and efficiently steal victims' access to valuable data. The ransomware "industry" has matured in several ways: through the anonymity provided via the anonymity granted through the Internet and digital currency, combined with the low-risk/high-reward mechanics involved with ransoming a victim’s files, plus the evolution and increasing monetization of ransomware-as-a-service (RaaS). All "flavors" of customizable ransomware toolkits can be found for sale on the Dark Web. While already a troubling concept to consider, such offerings have facilitated the fast and massive global proliferation of ransomware toolkits.

Task Force Takes All-Hands-on-Deck Approach
As a result of the growth and development of sophisticated, technically knowledgeable, well-funded, and often nation-state-backed ransomware gangs, developing and deploying any lasting and comprehensive countermeasures will require a herculean effort. 

Given the increased frequency of the attacks, combined with the severity of consequences that stem from a successful strike, no single entity can possibly hope to coordinate such a large-scale disruption of these ransomware campaigns alone. A truly extensive response requirement will demand international cooperation from government organizations, private entities, and defense agencies worldwide.

In light of the significant national security implications surrounding repeated ransomware strikes against critical infrastructure, the Biden administration recently announced plans for the deployment of a cross-government ransomware task force. This task force, composed of an interagency group of senior security officials, will help to further facilitate defensive capabilities to protect against attacks by promoting data security resilience among critical infrastructure entities. 

The task force will seek to coordinate with US allies to direct any offensive responses against evolving attack campaigns, while simultaneously working to disrupt ransom payments proffered on various cryptocurrency platforms.

Additionally, the US Department of Justice announced plans to elevate ransomware investigations to the same level of priority as terrorist attacks, granting greater access to government resources to assist in mitigation efforts.

Administration officials are increasingly concerned now that ransomware attacks frequently exploit various supply chain vulnerabilities as a preferred method of compromise. Attacks such as these target popular software solutions to reach a larger pool of potential victims. Challenges surrounding these supply chain attacks plague government agencies and private sector companies alike. While many organizations are still recovering from the SolarWinds breach that occurred at the end of 2020, the recent ransomware strike against popular vendor Kaseya shows that such threats are likely to continue in the absence of a coordinated response.

Security Concerns Spark Geopolitical Tensions
Many recent ransomware attacks are believed to have originated in countries that are adversarial to the US. This poses additional challenges. The very clandestine nature of the attacks, in addition to the anonymity surrounding payment, make any kind of accountability difficult to impose. For example, the FBI claimed that the culprits of the Colonial Pipeline attack, a ransomware network known as DarkSide, are based in Russia and are operating with Russian President Vladimir Putin's full knowledge. As expected, Putin has dismissed accusations against Moscow as unfounded. However, several US government officials have commented that even as Putin is more than likely completely aware of the criminal activity stemming from within his country’s borders, these gangs are so autonomous that Putin himself may be powerless to truly disrupt them. 

Furthermore, the Biden administration has also accused the Chinese government of helping to facilitate various cyberattacks including ransomware, extortion, theft, and even crypto-jacking. The administration alleges that China’s Ministry of State Security (MSS) was also responsible for an attack on Microsoft's Exchange email server earlier this year that compromised more than 30,000 organizations that rely on this service to facilitate daily operations. The Department of Justice has gone one step further with China, and has officially charged four Chinese nationals with illicit computer network exploitation activities, as part of a Chinese advanced persistent threat (APT) group known as APT40.

However, there are growing concerns regarding any kind of official US retaliation against either Russia or China. Officials have expressed considerable concern regarding any form of cyber standoff that may manifest between the US and an adversarial leader or nation. There are considerable fears that any kind of retaliatory action from the US could further escalate into even more orchestrated attacks against the US, its interests, and its allies.

Only time will tell if the geopolitical posturing between these superpowers will result in a digital détente.

Tanner Johnson is a cybersecurity analyst focused on IoT and transformative technologies at Omdia. His coverage is focused on examining the various threats that occupy the IoT technology domain, as well as opportunities and strategies that are emerging as data connectivity ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Incorporating a Prevention Mindset into Threat Detection and Response
Threat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time. The report covers areas enterprises should focus on: What positive response looks like. Improving security hygiene. Combining preventive actions with red team efforts.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-1678
PUBLISHED: 2022-05-25
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.
CVE-2021-32966
PUBLISHED: 2022-05-25
Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP s...
CVE-2021-32989
PUBLISHED: 2022-05-25
When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting.
CVE-2021-32997
PUBLISHED: 2022-05-25
The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and 3500/22M Firmware, Part No. 288055-01 ver...
CVE-2021-35487
PUBLISHED: 2022-05-25
Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user, dat...