The US head of the US National Security Agency (NSA), Cyber Command says the US will continue to battle ransomware for many years into the future. Some of the highest-ranking cybersecurity officials in the US government discussed the pervasive threat of ransomware on 05 October 2021, comparing it to an issue of national security with the ability to inflict measurable damage on major world powers.
Speaking at security firm Mandiant's Cyber Defense Summit, the deputy national security adviser for cyber and emerging technology in the Biden administration, and the commander of US Cyber Command and director of the NSA, outlined the current threat landscape, highlighting the ability of malicious actors to penetrate federal and corporate networks. Both federal officials underscored the threat of ransomware on everyday commerce and its ability to alter and shape foreign policy. Asked to predict whether network defenders will be forced to combat ransomware five years down the road, the government answered frankly, "Every day."
The current US administration is touting the president's "aggressive yet achievable" modernization of the government's IT systems announced via executive order in May 2021 and his focus on dismantling the infrastructure that props up ransomware gangs. "Today, more than ever, modernizing our nation's defense is a national security imperative," they said at a recent conference. "And the administration's aggressive agenda on cybersecurity reflects that understanding, and our commitment has been buttressed by the lessons we've learned in the first nine months of this administration through a number of incidents."
The three prongs of Biden's cybersecurity strategy:
• Modernizing U.S. defenses.
• Leveraging international partnerships.
• Ensuring the nation can compete in cybersecurity and in key emerging technologies from 5G to artificial intelligence to microelectronics and quantum computing.
In discussing the president's May 2021 executive order on cybersecurity, which they said includes five areas that will "dramatically reduce the risk of a cyberattack include:
• Multifactor authentication.
• Data encryption.
• Endpoint detection
• Having a fully managed security operations center.
• Logging to detect anomalous activity.
The US executive branch intends to use the buying power of the federal government to "lift all boats," and "fundamentally make technology more defensible. The executive order requires that all software bought by the federal government be developed using secure practices in a secure development environment." Also referenced was Biden's August summit with leading technology executives from across the country, which aimed to identify how the nation can build more defensible technology.
The deputy national security advisor indicated that ransomware "is a transnational issue" due to the nature of threat actors and their illicit use of cryptocurrency to bankroll their operations. It is the president's aim, she continued, to disrupt ransomware's financial infrastructure and hold countries harboring ransomware actors accountable. Biden pushed this message, she said, during a bilateral summit with Russian President Vladimir Putin in June. Biden reportedly told Putin to act against ransomware gangs operating within his borders, or the US reserved the right to do so.
Later this month, the deputy national security adviser said, the US will host 30 countries for a "counter ransomware initiative," which will tackle different elements, including the use of cryptocurrency, resilience, disruption, and diplomacy.
Later asked about proposed incident reporting language recently introduced in Congress, the deputy director - who didn't endorse a specific bill - noted: "If companies have to come forward and say, 'There was a risk to this customer's data,' or risk to critical services the country relies on, and be more forthcoming, that will drive that accountability and the investments we all need in cybersecurity, to really have a more defensible infrastructure.”
As the administration postures to compete in cybersecurity and emerging technologies, the use of cryptocurrency remains an area of focus. The administration noted that it aims to "truly understand the virtual currency ecosystem and how [to] separate illicit use from all [of its] innovative, licit use." She referenced the US Department of Treasury's blacklisting of Russia-based cryptocurrency exchange Suex this month as one effort to dismantle ransomware's global infrastructure. Forty percent of the company's dealings, she indicated, were deemed illicit.
In his keynote address, the general who heads US Cyber Command and the NSA warned of increasingly sophisticated threats from nations such as China and Russia. "[They] have expansive computer network exploitation programs. Their tools, tactics, techniques, and tradecraft have evolved, along with the scope, scale, and sophistication of their cyber campaigns," he warned. "Russia is a persistent, disruptive force interfering with democratic processes, and leveraging proxy actors to conduct influence operations … with the power of social media," the four-star general continued. "Russia has waged a disinformation campaign often using US infrastructure and technology to sow division into our society." He referenced damage of the SolarWinds incident, a Russian foreign intelligence espionage campaign that ultimately impacted 100 organizations worldwide and involved follow-on attacks on nine federal agencies, along with the Microsoft Exchange exploitation at the hands of the Chinese - in which vulnerable servers were compromised and backdoors could have been leveraged for ransomware attacks as stark reminders of rising sophistication.
"When ransomware starts impacting our critical infrastructure, it's significant," the general continued. "And so … ransomware is a national security issue. I firmly believe that. And that's [why] I announced we have a surge going on right now across both the agency and the command in terms of understanding the threats that ransomware poses, understanding the tactics, understanding how we get after the adversaries, and how we partner better."
The military leader also highlighted the importance of the NSA's relationship with the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), saying that the 50-plus joint advisories on tactics and techniques of the nation's cyber adversaries that have been released "enable network defenders to prioritize mitigation and patching efforts to counter the vulnerabilities adversaries are currently exploiting in the wild."
The following is what Red Sky Alliance recommends as quick security tips:
• All data in transmission and at rest should be encrypted.
• Proper data back-up and off-site storage policies should be adopted and followed.
• Implement 2-Factor authentication-company-wide.
• For USA readers, join and become active in your local Infragard chapter, there is no charge for membership. www.infragard.org
• Update disaster recovery plans and emergency procedures with cyber threat recovery procedures. And test them.
• Institute cyber threat and phishing training for all employees, with testing and updating.
• Recommend/require cyber security software, services, and devices to be used by all at-home working employees and consultants.
• Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.
• Ensure that all software updates and patches are installed immediately.
• Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, with having to connect to your network.
• Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
• Reporting: https://www.redskyalliance.org/
• Website: https://www.wapacklabs.com/
• LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/3702558539639477516
Comments