Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/21/2021
10:00 AM
Bill Harrod
Bill Harrod
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Are Ransomware Attacks the New Pandemic?

Ransomware has been a problem for decades, so why is government just now beginning to address it?

Ransomware attacks are the new pandemic, threatening the US economy, commerce, and the flow of goods to market. First, there was the Colonial Pipeline shutdown, then JBS USA. However, those were not even close to being the first; ransomware attacks have been around for decades.

Related Content:

Ransomware Is Not the Problem

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: 11 Cybersecurity Vendors to Watch in 2021

Some of the earliest attacks were in healthcare facilities, in part due to their reliance on hard-to-update IT infrastructure and vulnerable operating systems as well as the critical and even life-threatening impact of a network outage in a hospital. Over the years, ransomware attacks have shown up in TV episodes and received broad coverage in the media.

If this is the case, why is the federal government only now weighing in on addressing these attacks? Three factors come to mind:

  • The impact on the US economy and literal flow of goods (gas and meat are just the latest) at this critical juncture, just as the US economy is recovering from the COVID-19 pandemic
  • The weaponization of ransomware attacks and the involvement of foreign governments in the disruption of the economy and the escalation of attacks
  • A general erosion of confidence in the cybersecurity of IT infrastructure, on which so much of daily life now depends

The SolarWinds attack — while not a ransomware attack — demonstrated the fragility of our IT infrastructure and the interdependencies of our networks. Additionally, if you recall the ice storm that disrupted the electric grid and water supplies in Texas and Mississippi early this year, we clearly see the impact of outages to our critical infrastructure. Couple these observations with the recognition that adversarial nation-state governments are now harnessing software supply chain and ransomware attacks to methodically undermine confidence in and actual operations of the US economy, power, water, and financial systems.

When ransomware attacks were thought to be crimes of opportunity and cryptocurrencies were both the "getaway car" and the financial instrument of the benefit, common best practices were considered adequate defenses. Those best practices included addressing vulnerabilities, automating patching — especially of critical servers and applications, leveraging multifactor authentication and eliminating passwords, employing anti-phishing and anti-ransomware solutions on mobile devices and user endpoints, and implementing a zero-trust architecture framework.

The same best practices are useful in mitigating the more sophisticated ransomware attack landscape that we now find ourselves facing. However, the combination of the software supply chain attack vector and the ransomware attack vector complicate how we combat these attacks. The nation-state nexus changes the motivation from monetary reward to intelligence gathering and operational disruption. The typical ransomware attack is based on a near-term time horizon and ability to cash in on the attack, yet intelligence gathering and maximizing the disruptive potential (and, in parallel, camouflaging its presence) may be components of a nation-state attack.

At the federal level, we need to address the pervasive fear when cyberattacks are reported. This is not to discount the actual impact and disruption caused by the SolarWinds attack or the loss of millions of identities in the Office of Management and Budget data breach several years ago — but we need to balance the reports of data loss with clear descriptions of how the attacks were perpetrated, how they were discovered, and what is being done to remediate and prevent future events.

Recall the fear-induced stockpiling of toilet paper, meat, and gasoline where there was little if any actual shortage; disruptions were caused by the fear of the shortage rather than any actual shortage. This tendency carries over to insecurities in financial systems — potentially one of the underlying factors in the early successes of cryptocurrency — and in the supply distribution networks for everything from personal protective equipment to water and electricity. The federal government needs to assure its citizens that physical, technical, and supply distribution-channel infrastructures are all protected, resilient, and have well-constructed contingencies.

Yes, ransomware attacks have the potential to be the new pandemic — but they don't have to be. We can be more resilient and better prepared with adequate preparation and leadership.

Bill Harrod is the Federal CTO at Ivanti. He is an accomplished information security executive and cybersecurity professional with experience managing cybersecurity risk and designing and delivering security solutions to federal agencies and Fortune 500 companies. He is an ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-42258
PUBLISHED: 2021-10-22
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include ...
CVE-2020-28968
PUBLISHED: 2021-10-22
Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field.
CVE-2020-28969
PUBLISHED: 2021-10-22
Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file.
CVE-2020-36485
PUBLISHED: 2021-10-22
Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.
CVE-2020-36486
PUBLISHED: 2021-10-22
Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling.