Cyber conflict overshadowed a major government ransomware alert
As the cyber dimension of the Ukraine conflict erupted, demonstrating the ungoverned and unstable nature of full-on cyberwar, a parallel ransomware alert from the US government got comparatively scant coverage. But it, too, merits attention.
The alert served as a reminder of the two species of cyber threat: the unpredictable, spinning-pinball threats that can lurch out of control and pulverize innocents in random fashion — and the intricately designed, coolly targeted threats meant to ransack a particular organization’s servers and perhaps its bank account.
The Ukraine clash may generate plenty of damage of the first type. Indeed, it may already be doing so. But while that conflict progresses, the second type of threat, epitomized by ransomware, is taking no holidays.
A Formal Alarm
Issued in February, days before hostilities broke out between Russia and Ukraine, the Joint Cybersecurity Advisory from the FBI, CISA (the Cybersecurity and Infrastructure Security Agency), and the NSA sounded a formal alarm about “an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally.”
Attack targets are no longer predictably the biggest, richest organizations, according to the report. Ransomware groups have learned to infiltrate enterprise SaaS platforms and exploit them as hubs for firing off waves of malevolent executables at scale, victimizing platform clients, both large and small. According to the advisory, the FBI in 2021 “observed some ransomware threat actors redirecting ransomware efforts away from ‘big-game’ and toward mid-sized victims to reduce scrutiny.” The FBI’s counterpart agencies in the UK and Australia, the National Cyber Security Centre (NCSC-UK) and Australian Cyber Security Centre (ACSC), concurred that organizations “of all sizes” suffered ransomware attacks throughout the year.
On the one hand, in this national security sphere, any additional recognition or investment at the top of government is overdue and cannot hurt. On the other, recognition does not mean the government has the reach or means to protect you — something the two species of cyber threat have in common.
Who’s in Charge?
One early, grim lesson of the Ukraine cyberwar is that no authority is firmly in charge and no government agency can consistently shield its citizens from blowback. Governments aren’t even supervising some of the cyber combatants: freelance hacktivists like Anonymous, jamming Russian broadcast channels and the Kremlin website, answer to their own moral code, not a central command in Kyiv. And Ukraine’s own “I.T. Army” is a barely directed worldwide corps of digital adepts connecting via Telegram to wreak cyber havoc.
To read the complete article, visit Dark Reading.