Why ransomware attacks have increased and the FBI’s ‘unprecedented’ measure to prevent them

0


CHICAGO (NewsNation Now) – On April 13, 2021, the federal government took an unprecedented step by breaking into hundreds of private computers to remove malicious code placed during the Microsoft Exchange hack.

While the federal government has limited its efforts to the Exchange vulnerability alone, some cybersecurity experts believe this is just the start of increased federal-private collaboration on cybersecurity.

Georgia Tech School of Cybersecurity and Privacy President Richard DeMillo has compared cloud-based systems like Exchange and Amazon’s Web Services (AWS) to an essential utility that requires federal government involvement.

“Cloud services are starting to look more and more like the old telephone companies in this respect, that it is a private service offered partially over public networks. And we are investing more and more assets in these services. “

President of the Georgia Tech School of Cybersecurity and Privacy, Richard DeMillo

The Exchange flaw was first exposed in January, but its roots can be traced back to a zero-day vulnerability, which means the system has had this flaw built in since its inception.

Between February and April, more than 30,000 systems were made vulnerable to attack due to a weakness in Microsoft Exchange software that businesses around the world use for email, calendars, and other functions.

The Biden administration has issued several statements expressing deep concern over the issue and even created a dedicated multi-agency task force to target the issue.

“This is a significant vulnerability that could have significant impacts. It is above all an active threat, ”White House press secretary Jen Psaki told reporters during a daily press briefing.

Microsoft removed the vulnerability and released fixes, but not all companies have repaired their internal systems. That’s when the federal government stepped in.

The Justice Department received a court order to infiltrate several hundred computers that did not themselves remove the Exchange vulnerability with patches issued by Microsoft.

“And very cleverly, the FBI got in with Microsoft and used their own hacking server to deactivate themselves. They were very clear that they weren’t looking for any other information in these machines, explained David Bader, professor emeritus at the New Jersey Institute of Technology and director of the Institute for Data Science.

“They were also very clear that they were only removing this particular hacking tool, even though there were other zero day exploits on those machines that they were aware of. They didn’t touch them.

David Bader, Professor Emeritus of the New Jersey Institute of Technology and Director of the Institute for Data Science

Bader called it a “one-size-fits-all approach” to spreading vulnerability involving a public-private partnership and the justice system.

“This is the first time we’ve seen the FBI act, really in cyberspace, rather than in the forensic space,” Bader said.

Experts recognize that the public has a right to be concerned about law enforcement access to private IT systems, especially since this is new legal territory.

“At some point, someone’s going to say, well, so how do we know you didn’t go beyond the order? How do you know that other information has not been compromised? And so having a public oversight process to do that, I think that makes a lot of sense, ”DeMillo said.

This public-private pressure will increase as more businesses and critical infrastructure become vulnerable to hacking and ransomware.

“Of course, what has happened over the last few years is that this whole industry has grown, which makes it a very successful company. to third parties. “

GEORGIA TECH SCHOOL OF CYBERSECURITY AND PRIVACY CHAIR RICHARD DEMILLO

The fuel pipeline that supplies 45% of all U.S. fuel is the latest target with operations expected to be affected for at least a week.

Hospital networks, police departments, security camera companies, water treatment facilities and even entire cities have been the victims of high-profile ransomware attacks in recent months.

“We rely on computers for everything. When I go to the bank, I want to make sure my money is there. When I drive my car, I wanted to work without crashing into a bridge. And so, these types of hacks that we’re just seeing emerge are really game-changing when it comes to how we need to respond to them, ”Bader said.

Bader said the frequency and scope of the latest ransomware attacks is a sign that businesses need to take cybersecurity as seriously as they take other security requirements to run a business.

“To have a business is to be operational. And as more and more businesses are closing their doors, because their computer systems are under attack, they will naturally have to upgrade, or they may not be able to function as a business in the future. So, it’s unfortunate, but it’s a cost to do business these days. “

NEW JERSEY INSTITUTE OF TECHNOLOGY DISTINGUISHED PROFESSOR AND INSTITUTE FOR DATA SCIENCE DIRECTOR DAVID BADER

He added, “So I think we are at the point where cybersecurity becomes a first class citizen, when we run our businesses and our governments.”

The two experts plan to see the federal government take a more active role in enforcing cybersecurity best practices for private companies, especially when foreign actors are involved in a hack.

“Beyond a certain scale you can’t rely on individuals to fight the attack on the nation state, for example, you know, if we were to be invaded like England in the Second World War with planes, volunteer citizens with binoculars won’t take you so far, ”DeMillo said. “So at some point you have to have people with guns and bombs doing things and infringing on private rights.”

A 2019 estimate found that the overall cost of ransomware attacks in the United States could reach $ 9 billion per year in terms of recovery and lost productivity, according to cybersecurity firm Emisoft.

DeMillo said there was a lesson to be learned from the Exchange hack and the latest eruption of ransomware attacks.

“There seems to be a general feeling that you can just give people checklists, and they tick off things to do. And somehow it protects them, which it clearly doesn’t. The amount of money spent on the other side is increasing proportionately faster than the amount we are spending on the defensive side, ”DeMillo said.

“It is an arms race that the adversaries are currently winning.”

GEORGIA TECH SCHOOL OF CYBERSECURITY AND PRIVACY CHAIR RICHARD DEMILLO



Source link

Leave A Reply

Your email address will not be published.