Cyberattacks in the US have significantly increased over the past year, with the healthcare system and other critical sectors being attacked as the threat of malware like ransomware and foreign spyware continues to evolve. During 2022, US government officials and lawmakers renewed their focus on cyber security and sought to secure the country’s critical sectors from rising cyber threats. This issue will increase in 2023, as many of those threats are still escalating while the cyber sector is confronting an ongoing workforce shortage in its efforts to bolster the US’s digital defenses.
In addition to deploying ransomware, the threat actors have used “double extortion” techniques, whereby they exfiltrate data and demand a ransom payment to decrypt it, then threaten to expose the data if a ransom payment is not made. Often the cyber threat actors collect the ransom, continue to sell the data on the dark web, and refuse to reply with a key. The financial, energy, and healthcare sectors are all facing an ever-increasing number of attacks. Cyberattacks had robbed companies in those industries of hundreds of millions of dollars, exposed data, and even disrupted essential services, as when a ransomware attack forced the Colonial Pipeline to shut down in 2021, causing gas shortages in several states.[1]
See: https://redskyalliance.org/xindustry/us-pipeline-attacked-with-ransomware
The healthcare sector, in particular, has seen a rise in cyberattacks in the last few years, particularly ransomware attacks targeting hospitals to gain access to sensitive information like patient data or medical research and technology. In Washington, Senator Mark Warne, chairman of the Senate Intelligence Committee, has warned that cyberattacks could lead to delays in treatment and even patient deaths.
US officials have already increased their efforts to protect critical sectors from those evolving threats and have indicated that doing so will remain a top priority this year. Securing critical infrastructure like the energy and healthcare sectors is vital in mitigating cyber risks.
During recent years have been a dramatic spike in ransomware attacks, mainly targeting the healthcare and financial sectors. In 2022, ransomware groups caused outages in multiple hospital systems, temporarily closed schools in parts of the US, carried out multimillion-dollar hacks on several companies, and drove Costa Rica to declare a state of emergency in May as a barrage of attacks impacted its government services.
Tackling ransomware at home and abroad is also expected to take precedence this year as the US and its allies have come together to counter the heightened threat. In 2021, the Biden administration and several other countries launched their first annual initiative to counter ransomware globally. In November 2022, the White House held its 2nd International Counter Ransomware Initiative Summit, inviting more than 30 countries to discuss steps they can take to curb the rise of ransomware globally. “Ransomware is a pocketbook issue that impacts thousands of companies and individuals every year globally,” the White House said in a press release.
During the summit, the countries laid out several initiatives, including establishing an international counter-ransomware task force, actively sharing information between the public and private sectors, and taking joint steps to stop ransomware actors from using the crypto-currency system. The ransomware task force, led by Australia, is expected to become operational in January 2023.
It is up to all organizations to take steps and adopt procedures to protect themselves from ransomware attacks. No government can stop these attacks except for the counties sponsoring or benefitting from the ransom payments.
The following is what Red Sky Alliance recommends:
- All data in transmission and at rest should be encrypted.
- Proper data backup and off-site storage policies should be adopted and followed.
- Implement a 2-Factor authentication-company wide.
- For USA readers, join and become active in your local Infragard chapter; there is no charge for membership. infragard.org
- Update disaster recovery plans and emergency procedures with cyber threat recovery procedures. And test them.
- Institute cyber threat and phishing training for all employees, with testing and updating.
- Recommend/require cyber security software, services, and devices to be used by all at-home working employees and consultants.
- Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.
- Ensure that all software updates and patches are installed immediately.
- Enroll your company/organization in RedXray for daily cyber threat notifications directed at your domains. RedXray service is $500 a month and provides threat intelligence on ten (10) cyber threat categories, including Keyloggers, with having to connect to your network.
- Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://www.cybersecurityintelligence.com/blog/2023---cyber-threats-to-us-infrastructure-6726.html
Comments