When Countries Are Attacked: Making the Case for More Private-Public Cooperation

The increased sophistication of cyberattacks makes them more widely damaging and difficult to prevent.

Derek Manky, Chief Security Strategist & VP Global Threat Intelligence, FortiGuard Labs

August 17, 2022

4 Min Read
Globe with a digital shield around it
Source: NicoElNino via Alamy Stock Photo

The Russian-supported Conti group's recent attack against Costa Rica led the country to declare a national emergency. The attack impacted the country's Ministry of Finance and many other government institutions, affecting — at minimum — payroll schedules and the nation's foreign trade. Conti not only doubled its ransom demand but also stated its intention to overthrow the government by means of a cyberattack.

This incident has demonstrated the massive implications that attacking an entire nation can have. It's a stark example of the risks affecting critical infrastructure — and it must be a reminder of how essential it is to strengthen cybersecurity postures. But it also further underscores the importance of public-private partnership. When entire countries are affected by cyberattacks, it's a clear sign that no person (or nation) is an island — we must work together.

Growth of Attacks Against Critical Infrastructure

That is just the latest example of attacks against critical infrastructure. There have been a number of attacks — for example, against Ukraine and oil loading facilities in Europe. The US has also suffered, with the targeting of the Colonial Pipeline being just one prominent example. That's not to mention the countless hospitals, water treatment plants, and other critical infrastructure that have been hit by ransomware in the past year. Satellite communications, wind turbines, and even medical institutions have been targeted.

These attacks are being made possible by the increased sophistication of criminal technologies. In the public sector, there's a convergence of advanced persistent threats (APT) and cybercrime. Cybercriminals are investing more in the reconnaissance and weaponization phases of an attack.

Another worry for the public sector in 2022 is aggressive attack code. Ransomware is one example, and another is wiper malware, which is being added to ransomware campaigns. These attack strategies previously affected IT, but now they're also starting to affect OT and the public sector.

With today's IT/OT convergence, there's no longer an air gap between IT and OT — areas that were once inaccessible are now open to risk. Government organizations may think they don't have OT, but they need to consider devices like security cameras, sensors linked to the HVAC system, smart buildings, and other OT with an IoT footprint.

Cybercriminals also are going after critical infrastructure directly these days — more so than we've seen before — and we're seeing cybercriminals adopting the playbooks of nation-state actors, which means more sophisticated and destructive attacks.

The Need for Public-Private Partnership

Cybercrime is playing an increasing role in geopolitical conflict, and as attacks proliferate against critical infrastructure, it can put lives at risk. We cannot afford to wait and see.

Fighting cybercrime is a team effort, with law enforcement, cybersecurity specialists, and legislators collaborating with businesses and the general public to combat cybercrime using cyber threat intelligence.

Threat intelligence includes dynamic technology that uses data collection and analysis gathered from threat history to block and remediate cyberattacks. Threat intelligence is based on cybercriminals' tactics to develop crucial procedures for an organization's overall security architecture.

Working together is the only way to stay ahead of today's cyber threats, which are becoming more complex and aggressive — for example, ransomware attacks migrating to an affiliate-based, as-a-service model. Furthermore, the cybercrime supply chain has mushroomed, and there are so many moving parts and actors at each step that tracking them down and stopping them requires serious, worldwide, joint efforts.

One example is the World Economic Forum's Partnership against Cybercrime. This international, multistakeholder collaboration has united many leading organizations from numerous sectors, both private and public, to address the growing challenge of cybercrime.

Signs of Success

We've seen some great successes come from these collaborative efforts. The Department of Justice led a coordinated international law enforcement action to disrupt NetWalker ransomware, resulting in the arrest of a NetWalker affiliate who received a seven-year jail sentence. The DoJ also arrested two people for conspiring to launder at least $3.6 billion worth of cryptocurrency stolen from a virtual currency exchange.

Collaboration led to the takedown of Emotet, one of the most prolific malware operations in recent history. And Interpol's partnership with private sector companies led to the recent takedown of a business email compromise (BEC) scam ring in Nigeria that attacked thousands of companies around the world. These examples are just the beginning. More work and constant vigilance and innovation are needed.

Act Together, Act Now

In today's threat environment, where whole countries can be hamstrung by well-constructed cyberattacks, security cannot succeed if each entity hoards its cybersecurity information. Recent examples demonstrate the need for global threat intelligence — and that there's no time to waste. Shared data and partnership can lead to more effective responses and help partners more accurately predict future techniques to deter criminals' efforts. Now is the time to join with law enforcement and other entities to present a united defense to protect critical infrastructure against cybercrime.

About the Author(s)

Derek Manky

Chief Security Strategist & VP Global Threat Intelligence, FortiGuard Labs

As Chief Security Strategist & VP Global Threat Intelligence at FortiGuard Labs, Derek Manky formulates security strategy with more than 15 years of cybersecurity experience. His ultimate goal is to make a positive impact toward the global war on cybercrime. Manky provides thought leadership to the industry, and has presented research and strategy worldwide at premier security conferences. As a cybersecurity expert, his work has included meetings with leading political figures and key policy stakeholders, including law enforcement, who help define the future of cybersecurity. He is actively involved with several global threat intelligence initiatives, including NATO NICP, Interpol Expert Working Group, the Cyber Threat Alliance (CTA) working committee, and FIRST, all in an effort to shape the future of actionable threat intelligence and proactive security strategy.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights