Why ransomware attacks have increased and the FBI’s ‘unprecedented’ measure to prevent them
CHICAGO (NewsNation Now) – On April 13, 2021, the federal government took an unprecedented step by breaking into hundreds of private computers to remove malicious code placed during the Microsoft Exchange hack.
While the federal government has limited its efforts to the Exchange vulnerability alone, some cybersecurity experts believe this is just the start of increased federal-private collaboration on cybersecurity.
Georgia Tech School of Cybersecurity and Privacy President Richard DeMillo has compared cloud-based systems like Exchange and Amazon’s Web Services (AWS) to an essential utility that requires federal government involvement.
The Exchange flaw was first exposed in January, but its roots can be traced back to a zero-day vulnerability, which means the system has had this flaw built in since its inception.
Between February and April, more than 30,000 systems were made vulnerable to attack due to a weakness in Microsoft Exchange software that businesses around the world use for email, calendars, and other functions.
The Biden administration has issued several statements expressing deep concern over the issue and even created a dedicated multi-agency task force to target the issue.
“This is a significant vulnerability that could have significant impacts. It is above all an active threat, ”White House press secretary Jen Psaki told reporters during a daily press briefing.
Microsoft removed the vulnerability and released fixes, but not all companies have repaired their internal systems. That’s when the federal government stepped in.
The Justice Department received a court order to infiltrate several hundred computers that did not themselves remove the Exchange vulnerability with patches issued by Microsoft.
“And very cleverly, the FBI got in with Microsoft and used their own hacking server to deactivate themselves. They were very clear that they weren’t looking for any other information in these machines, explained David Bader, professor emeritus at the New Jersey Institute of Technology and director of the Institute for Data Science.
Bader called it a “one-size-fits-all approach” to spreading vulnerability involving a public-private partnership and the justice system.
“This is the first time we’ve seen the FBI act, really in cyberspace, rather than in the forensic space,” Bader said.
Experts recognize that the public has a right to be concerned about law enforcement access to private IT systems, especially since this is new legal territory.
“At some point, someone’s going to say, well, so how do we know you didn’t go beyond the order? How do you know that other information has not been compromised? And so having a public oversight process to do that, I think that makes a lot of sense, ”DeMillo said.
This public-private pressure will increase as more businesses and critical infrastructure become vulnerable to hacking and ransomware.
The fuel pipeline that supplies 45% of all U.S. fuel is the latest target with operations expected to be affected for at least a week.
Hospital networks, police departments, security camera companies, water treatment facilities and even entire cities have been the victims of high-profile ransomware attacks in recent months.
“We rely on computers for everything. When I go to the bank, I want to make sure my money is there. When I drive my car, I wanted to work without crashing into a bridge. And so, these types of hacks that we’re just seeing emerge are really game-changing when it comes to how we need to respond to them, ”Bader said.
Bader said the frequency and scope of the latest ransomware attacks is a sign that businesses need to take cybersecurity as seriously as they take other security requirements to run a business.
He added, “So I think we are at the point where cybersecurity becomes a first class citizen, when we run our businesses and our governments.”
The two experts plan to see the federal government take a more active role in enforcing cybersecurity best practices for private companies, especially when foreign actors are involved in a hack.
“Beyond a certain scale you can’t rely on individuals to fight the attack on the nation state, for example, you know, if we were to be invaded like England in the Second World War with planes, volunteer citizens with binoculars won’t take you so far, ”DeMillo said. “So at some point you have to have people with guns and bombs doing things and infringing on private rights.”
A 2019 estimate found that the overall cost of ransomware attacks in the United States could reach $ 9 billion per year in terms of recovery and lost productivity, according to cybersecurity firm Emisoft.
DeMillo said there was a lesson to be learned from the Exchange hack and the latest eruption of ransomware attacks.
“There seems to be a general feeling that you can just give people checklists, and they tick off things to do. And somehow it protects them, which it clearly doesn’t. The amount of money spent on the other side is increasing proportionately faster than the amount we are spending on the defensive side, ”DeMillo said.