With nine months into 2021 it may be a little too early for 2022 predictions, but I think it’s fair to assume that both the volume and severity of cyber-attacks will continue to stack up as cyber criminals take advantage of the spate of vulnerabilities that exist – as businesses, governments and everyday people struggle to adapt with the rate of digital transformation that today’s economy requires. Cybersecurity Venture’s Official Annual Cybercrime Report notes that damages from cybercrime are expected to hit $6 trillion this year (up from $3 trillion in 2015), with ransomware playing a major role across the attack surface.
The rise of nation state ransomware
During 2021 we’ve seen too many attacks and data breaches to mention – but a recurring theme is ransomware attacks on critical national infrastructure. Ransomware is the invisible threat that’s impacting companies and governments alike. Hackers have been using methods as simple as phishing emails to steal data, locking computer systems and demanding a ransom. It’s often paired with a threat of releasing the data online if an agency or individual doesn’t comply.
For example, the attack on Colonial Pipeline between 6th May to 12th May shook the United States as hackers attacked an oil pipeline of critical importance. This was a ransomware attack that heavily impacted the computerized equipment managing the pipeline and led to a significant data breach. The attack was so severe a state of emergency was declared by the State governor. Although this has now been resolved, it cost the company $5 million to gain back access to its systems.
Another ransomware attack happened this past June on U.S. meat processor JBS, who was forced to halt all U.S. operations while it scrambled to restore functionality. The attack, like other recent hacks, is believed to have originated in Russia. Not only did the attack disrupt the operations in the U.S., it impacted supply chains as far away as Australia.
UK councils, U.S. state and local governments are generally easy targets, given their outdated, underfunded IT infrastructures. They’ve seen a huge upswing in attacks leading U.S. President Joe Biden to call in big tech.
U.S. President Biden calls for action
All of this had led to U.S. President Biden gathering the top brass from the tech, finance, gas, water and insurance industries in the last few weeks to tackle the challenges of cyber-attacks.
“The reality is most of our critical infrastructure is owned and operated by the private sector, and the federal government can’t meet this challenge alone,” Biden said. “You have the power, capacity and responsibility, I believe, to raise the bar on cybersecurity.”
Some the key goals for the meeting, according to a senior administration official:
- Getting commitments from tech companies to bake more cybersecurity into tech products so consumers don’t have to install an endless string of updates to keep from being hacked.
- Persuading firms in critical sectors such as energy, transportation and manufacturing to upgrade cyber protections so they aren’t hit with economy-shaking ransomware attacks.
- Encouraging a surge in cyber education and training to help fill roughly 500,000 vacant cybersecurity jobs across the nation.
According to The Washington Post, what came out of the summit was a range of initiatives – primarily aimed at boosting the scarce cybersecurity workforce:
- Microsoft will make $150 million available to government agencies to boost their cyber defenses.
- IBM will train 150,000 people in cyber skills and work with historically Black colleges and universities to create cybersecurity centers.
- Google will train 100,000 Americans in fields such as IT and data analytics.
- Amazon will make employees’ cybersecurity training public and offer some cloud customers free authentication devices.
- TIAA announced a partnership with New York University (NYU) to allow employees to get free cyber master’s degrees.
Microsoft also announced a plan to invest $20 billion over five years to strengthen cybersecurity. Google will spend $10 billion over the same period.
Microsoft is also encouraging adoption of common security protocols like DMARC. DMARC is an email authentication, policy, and reporting protocol. Implementing DMARC identifies spoofed phishing emails from cybercriminals by validating the sender’s identity. DMARC allows senders to show that their messages are protected and tells the recipient what to do if an authentication method fails.
Carrot before stick
Given the sensitivity and political fall-out of increasing nation state cyber activity, industry (some of whom are the very same companies who are often suppliers to the government) need to take action to avoid governments imposing security mandates and grant Congress more authority to act.
One example where the US government has implemented more regulatory scrutiny is the military supply chain. It developed a framework of certification called Cybersecurity Maturity Model Certification (CMMC). While it is early days in its implementation, the CMMC is intended to serve as a verification mechanism to ensure that Defence Industrial Base (DIB) companies implement appropriate cybersecurity practices and processes to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within their unclassified networks.
Nation State Defence
Governments are investing heavily in defending their own infrastructure. The UK’s National Cyber Security Centre (NCSC) has its Active Cyber Defence (ACD) – a key part of which is its ‘Protective DNS’ (PDNS) solution.
According to the NCSC, “The Domain Name System (DNS) is the address book of the internet. Your computer relies on DNS to find out exactly where ‘example.com’ (a domain) is located (or its IP address) so it can connect to it. Anyone can register a domain so that everyone else can find the IP address associated with it, to enable them to connect to it. Unfortunately, ‘anyone’ includes those who wish to cause harm. Attackers often use seemingly legitimate domains as part of malware and phishing attacks. PDNS exists to combat that malicious activity for public sector users. PDNS prevents the successful resolution of domains associated with malicious activity, while enabling the rest of the internet to remain accessible.
In 2019, PDNS increased its estimated number of protected UK public sector employees by 57%, from 1.4 million to 2.2 million. In total, the service handled 142 billion queries over the 12-month period, more than double the 68.7 billion queries made in 2018, with a peak query rate of 43,726 queries per second at one point in October. Of the 142 billion queries handled in 2019, NCSC blocked 80 million queries to 175,000 unique domains. When we look closer at these numbers, we find that 25 million blocks were related to algorithmically generated domains (AGDs); 16 million blocks were related to botnet C2; 14,000 for indicators related to exploit kits; and 3,200 for ransomware.”
In 2020, NCSC launched PDNS Digital Roaming to allow those affected by the pandemic to continue working remotely and enjoy PDNS protection outside of the office. Providers to the government – like Nominet, the domain and cyber security company – are helping the UK government and its employees in the health and public sector keep their guard up. The outcomes were clear. PDNS not only protected users from malicious Covid-19 related domains; it identified those who required additional protection; and it is now being used by the majority of NHS organisations across the UK. Plans are also underway to now offer PDNS to the public sector for the first time.
A team effort
As the African proverb goes: “If you want to go fast, go alone. If you want to go far, go together”.
With the shared interest of protecting national infrastructure, preventing mass data breaches and defending against opportunistic or catastrophic nation state threats – industry and governments truly should be working together to prevent future ransomware attacks.