theDocumentId => 1341275 Are Ransomware Attacks the New Pandemic?

Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/21/2021
10:00 AM
Bill Harrod
Bill Harrod
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Are Ransomware Attacks the New Pandemic?

Ransomware has been a problem for decades, so why is government just now beginning to address it?

Ransomware attacks are the new pandemic, threatening the US economy, commerce, and the flow of goods to market. First, there was the Colonial Pipeline shutdown, then JBS USA. However, those were not even close to being the first; ransomware attacks have been around for decades.

Related Content:

Ransomware Is Not the Problem

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: 11 Cybersecurity Vendors to Watch in 2021

Some of the earliest attacks were in healthcare facilities, in part due to their reliance on hard-to-update IT infrastructure and vulnerable operating systems as well as the critical and even life-threatening impact of a network outage in a hospital. Over the years, ransomware attacks have shown up in TV episodes and received broad coverage in the media.

If this is the case, why is the federal government only now weighing in on addressing these attacks? Three factors come to mind:

  • The impact on the US economy and literal flow of goods (gas and meat are just the latest) at this critical juncture, just as the US economy is recovering from the COVID-19 pandemic
  • The weaponization of ransomware attacks and the involvement of foreign governments in the disruption of the economy and the escalation of attacks
  • A general erosion of confidence in the cybersecurity of IT infrastructure, on which so much of daily life now depends

The SolarWinds attack — while not a ransomware attack — demonstrated the fragility of our IT infrastructure and the interdependencies of our networks. Additionally, if you recall the ice storm that disrupted the electric grid and water supplies in Texas and Mississippi early this year, we clearly see the impact of outages to our critical infrastructure. Couple these observations with the recognition that adversarial nation-state governments are now harnessing software supply chain and ransomware attacks to methodically undermine confidence in and actual operations of the US economy, power, water, and financial systems.

When ransomware attacks were thought to be crimes of opportunity and cryptocurrencies were both the "getaway car" and the financial instrument of the benefit, common best practices were considered adequate defenses. Those best practices included addressing vulnerabilities, automating patching — especially of critical servers and applications, leveraging multifactor authentication and eliminating passwords, employing anti-phishing and anti-ransomware solutions on mobile devices and user endpoints, and implementing a zero-trust architecture framework.

The same best practices are useful in mitigating the more sophisticated ransomware attack landscape that we now find ourselves facing. However, the combination of the software supply chain attack vector and the ransomware attack vector complicate how we combat these attacks. The nation-state nexus changes the motivation from monetary reward to intelligence gathering and operational disruption. The typical ransomware attack is based on a near-term time horizon and ability to cash in on the attack, yet intelligence gathering and maximizing the disruptive potential (and, in parallel, camouflaging its presence) may be components of a nation-state attack.

At the federal level, we need to address the pervasive fear when cyberattacks are reported. This is not to discount the actual impact and disruption caused by the SolarWinds attack or the loss of millions of identities in the Office of Management and Budget data breach several years ago — but we need to balance the reports of data loss with clear descriptions of how the attacks were perpetrated, how they were discovered, and what is being done to remediate and prevent future events.

Recall the fear-induced stockpiling of toilet paper, meat, and gasoline where there was little if any actual shortage; disruptions were caused by the fear of the shortage rather than any actual shortage. This tendency carries over to insecurities in financial systems — potentially one of the underlying factors in the early successes of cryptocurrency — and in the supply distribution networks for everything from personal protective equipment to water and electricity. The federal government needs to assure its citizens that physical, technical, and supply distribution-channel infrastructures are all protected, resilient, and have well-constructed contingencies.

Yes, ransomware attacks have the potential to be the new pandemic — but they don't have to be. We can be more resilient and better prepared with adequate preparation and leadership.

Bill Harrod is the Federal CTO at Ivanti. He is an accomplished information security executive and cybersecurity professional with experience managing cybersecurity risk and designing and delivering security solutions to federal agencies and Fortune 500 companies. He is an ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32790
PUBLISHED: 2021-07-26
Woocommerce is an open source eCommerce plugin for WordPress. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce plugin between version 3.3.0 and 3.3.6. Malicious actors (already) having admin access, or API keys to the WooCommerce site can exploit vulnerable endpoi...
CVE-2021-32791
PUBLISHED: 2021-07-26
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV ...
CVE-2021-32792
PUBLISHED: 2021-07-26
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePos...
CVE-2021-25801
PUBLISHED: 2021-07-26
A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.
CVE-2021-25802
PUBLISHED: 2021-07-26
A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file.