Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

// // //
6/21/2021
10:00 AM
Bill Harrod
Bill Harrod
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv

Are Ransomware Attacks the New Pandemic?

Ransomware has been a problem for decades, so why is government just now beginning to address it?

Ransomware attacks are the new pandemic, threatening the US economy, commerce, and the flow of goods to market. First, there was the Colonial Pipeline shutdown, then JBS USA. However, those were not even close to being the first; ransomware attacks have been around for decades.

Related Content:

Ransomware Is Not the Problem

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: 11 Cybersecurity Vendors to Watch in 2021

Some of the earliest attacks were in healthcare facilities, in part due to their reliance on hard-to-update IT infrastructure and vulnerable operating systems as well as the critical and even life-threatening impact of a network outage in a hospital. Over the years, ransomware attacks have shown up in TV episodes and received broad coverage in the media.

If this is the case, why is the federal government only now weighing in on addressing these attacks? Three factors come to mind:

  • The impact on the US economy and literal flow of goods (gas and meat are just the latest) at this critical juncture, just as the US economy is recovering from the COVID-19 pandemic
  • The weaponization of ransomware attacks and the involvement of foreign governments in the disruption of the economy and the escalation of attacks
  • A general erosion of confidence in the cybersecurity of IT infrastructure, on which so much of daily life now depends

The SolarWinds attack — while not a ransomware attack — demonstrated the fragility of our IT infrastructure and the interdependencies of our networks. Additionally, if you recall the ice storm that disrupted the electric grid and water supplies in Texas and Mississippi early this year, we clearly see the impact of outages to our critical infrastructure. Couple these observations with the recognition that adversarial nation-state governments are now harnessing software supply chain and ransomware attacks to methodically undermine confidence in and actual operations of the US economy, power, water, and financial systems.

When ransomware attacks were thought to be crimes of opportunity and cryptocurrencies were both the "getaway car" and the financial instrument of the benefit, common best practices were considered adequate defenses. Those best practices included addressing vulnerabilities, automating patching — especially of critical servers and applications, leveraging multifactor authentication and eliminating passwords, employing anti-phishing and anti-ransomware solutions on mobile devices and user endpoints, and implementing a zero-trust architecture framework.

The same best practices are useful in mitigating the more sophisticated ransomware attack landscape that we now find ourselves facing. However, the combination of the software supply chain attack vector and the ransomware attack vector complicate how we combat these attacks. The nation-state nexus changes the motivation from monetary reward to intelligence gathering and operational disruption. The typical ransomware attack is based on a near-term time horizon and ability to cash in on the attack, yet intelligence gathering and maximizing the disruptive potential (and, in parallel, camouflaging its presence) may be components of a nation-state attack.

At the federal level, we need to address the pervasive fear when cyberattacks are reported. This is not to discount the actual impact and disruption caused by the SolarWinds attack or the loss of millions of identities in the Office of Management and Budget data breach several years ago — but we need to balance the reports of data loss with clear descriptions of how the attacks were perpetrated, how they were discovered, and what is being done to remediate and prevent future events.

Recall the fear-induced stockpiling of toilet paper, meat, and gasoline where there was little if any actual shortage; disruptions were caused by the fear of the shortage rather than any actual shortage. This tendency carries over to insecurities in financial systems — potentially one of the underlying factors in the early successes of cryptocurrency — and in the supply distribution networks for everything from personal protective equipment to water and electricity. The federal government needs to assure its citizens that physical, technical, and supply distribution-channel infrastructures are all protected, resilient, and have well-constructed contingencies.

Yes, ransomware attacks have the potential to be the new pandemic — but they don't have to be. We can be more resilient and better prepared with adequate preparation and leadership.

Bill Harrod is the Federal CTO at Ivanti. He is an accomplished information security executive and cybersecurity professional with experience managing cybersecurity risk and designing and delivering security solutions to federal agencies and Fortune 500 companies. He is an ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1172
PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
CVE-2023-1469
PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
CVE-2023-1466
PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
CVE-2023-1467
PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
CVE-2023-1468
PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...