The Atlanta Journal-Constitution
Key points about rising threat of cyberattacks
Experts stress focus on better security as issues continue.
A cybersecurity expert warned U.S. lawmakers last week that the world was on the cusp of a “pandemic of a different variety.”
Christopher Krebs, who formerly headed the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security, testified last Wednesday before the House Committee on Homeland Security that a form of malware called ransomware has become more prevalent than ever before.
Given an ever-widening criminal enterprise and vulnerable digital landscape, he said, critical infrastructure is at risk of debilitating attacks.
Two days later, Colonial Pipeline, a major fuel pipeline connecting the East Coast, was hit in the largest-known hack on U.S. energy infrastructure.
The incident, which instigated a shutdown of the pipeline, a panic-buying spree for gas and a price jump at the pump, is one of the latest in crippling ransomware attacks orchestrated by extortionary criminal organizations that mostly operate in foreign safe havens outside the grasp of America’s criminal justice system.
Experts say continued ransomware threats are inevitable, calling on businesses and governments to ramp up efforts to secure their online networks.
“Cybercriminals have been allowed to run amok while governments have mainly watched from the sidelines, unclear on whether cybercrime is a national security-level threat,” Krebs told lawmakers. “If there was any remaining doubt on that front, let’s dispense with it now: too many lives are at stake.”
Q: What’s a ransomware attack?
A: Ransomware, a malicious computer code that hackers deploy to block an organization’s access to their own computer network to extort a ransom, is one of the most common forms of malware, experts say.
Hackers may barrage employees with phishing emails, convincing the user to download a file or visit an infected website, unleashing the hostile malware.
Once they have seized control of the network, the criminals provide a deadline to make a payment, and if it is not met, they can lock the network from their target or publicly share sensitive data.
Such attacks have reached a record high recently, with nearly 400 assaults on critical infrastructure in 2020, according to data compiled by Temple University.
Q: Why is our infrastructure vulnerable to attacks?
A: Much of America’s aging infrastructure was built long before online networks used today came into existence, resulting in vulnerabilities as existing organizations go digital.
“The underlying enabling factors for this cybercrime explosion are rooted in the digital dumpster fire of our seemingly pathological need to connect everything to the internet combined with how hard it is to actually secure what we have connected,” Krebs said in his testimony.
In addition, local governments, school districts, small businesses and others have limited responses to shore up cybersecurity in the face of a threat.
With the advent of cryptocurrency and expanding network of criminal groups like Darkside, ransomware is a burgeoning enterprise, outpacing the development of protective measures.
Cryptocurrency, a form of digital cash, is unregulated or underregulated in some jurisdictions, making it more difficult to track.
Hackers have even developed customer hotlines for their targets, streamlining the nefarious process.
“Ransomware-as-a-service is big business and we are not surprised groups like Darkside are capitalizing on extortion techniques that are quickly becoming a hallmark for many ecrime actors,” Matt Trushinski, technical director of cybersecurity firm Arctic Wolf, wrote in an email.
Q: How much could ransomware attacks cost?
A: Given the far-reaching consequences of the onslaughts, it is difficult to fully grasp the economic toll ransomware attacks take, although one firm calculated that the cost exceeds billions of dollars.
Victims can be anyone, including entire cities. In 2020, 113 federal, state and local governments and agencies reported they were struck, costing about $915 million, according to one estimate by Emsisoft, a cybersecurity company.
Hacker gangs can demand any sum of money they believe a company or government will pay to get back online.
FBI Special Agent Jonathan Holmes said at a CISA cybersecurity summit last year that ransomware attacks began to pop up almost a decade ago.
“Back in 2013, only your one computer would be affected by ransomware. Fast forward to 2015 - we began to see ransomware actors targeting enterprise computer networks,” Holmes said.
Q: What can be done about ransomware attacks?
A: The best strategy against ransomware is to stay ahead of the competition when updating security measures, Forrester analyst Allie Mellen said in an interview. A firm with less-stringent cybersecurity is likely to be targeted.
Put simply: “Outrun the guy next to you,” she said.
Among the list of “quick wins,” Mellon advises strengthening passwords, testing the response plan in case of an emergency, and implementing multifactor authentication, which requires two or more levels of verification before a user can sign on to the company’s network.
“Make sure you’re following the basics, and that’s what you can do right now in order to make sure that this attack doesn’t happen to you in the next week or two weeks,” Mellen said. “From there, it’s obviously very critical to take further steps.”