The US government’s response to the huge surge in ransomware is long overdue, but is it too late? With more priority set to be placed on ransomware attacks and the consequential investigations, we’re in a prime position to make strides in preventing these attacks.
We heard from top ransomware experts across the cybersecurity industry to get their views on how the government responded, what can be done to combat ransomware, and if there is an end in sight.
Kunal Anand, Chief Technology Officer, Imperva
"It's highly unlikely that the majority of enterprises and small businesses in the U.S. will be able to do anything with the guidance from [the] White House memo. It assumes that every business has the technical acumen to understand these concepts and the resources to implement these guidelines. The Federal government needs to step up – more than ever – to help businesses that are vulnerable and unaware of how to protect themselves from the growing volume of ransomware attacks and other cyber-attack risks.
Instead of focusing on defensive and reactive measures, the Biden administration needs to take a more effective position – aimed at providing tactical support and resources. The U.S. government should be looking at setting up departments that can help the private sector, or an Emergency Cybersecurity Center for broadcasting threats and attacks to everyone. At a time when the nation is under siege by ransomware attacks that are disrupting daily life, the U.S. Government needs to ask industry leaders to donate their time – whether it’s helping provide recommendations, setting up resource groups, etc. This should be seen as a patriotic duty."
Chuck Everette, Director of Cybersecurity at Deep Instinct
"Major flaws in vital US infrastructure have been well documented by the government itself and 3rd party investigations, and these reports have all identified key vulnerabilities in vital infrastructure that malicious actors have and will continue to exploit. These attacks have taken advantage of common security gaps that were created when companies started leveraging automation for data analytics, operations and management. The primary thinking around leveraging automation was “ease of use” and lowering of operating costs. Unfortunately security was not a consideration in these strategies, nor did it appear on the long-range radar of companies. Now, years later and after several attacks on US infrastructure, we’re paying the price of these vulnerabilities and security gaps are being investigated in earnest.
Prosecution after the fact is not solving the issue. Companies need to stop being reactive and move to being proactive and should be looking for solutions to prevent these attacks, not reacting after the fact.
Predictive deep learning has proven to prevent these types of ransomware and next-gen zero days threats – months to even years before the threats were even conceptualized, much less leveraged in attacks. In practical testing just this week, we saw success in preventing new variants such as those used in the attack against JBS (REvil), Washington D.C. Police (Babuk), and last month at CNS Financial (Phoenix Locker/Hades). These attacks, and the other highly publicized attacks in recent months, all would have been stopped before they made it into a customers’ network. In the era of Snake, Maze, DoopelPaymer, Hades, ReEvil, DarkSide, and others, this means companies would not be impacted by these growing and sophisticated threats."
Sebastien Goutal, Chief Science Officer, Vade
"The top priority should be given to malware attacks targeting key infrastructures such as the Colonial Pipeline. There is a major security concern regarding SCADA systems which control critical infrastructures such as electric grids, water treatment plants, oil and gas infrastructures. Any attack on one of these infrastructure can impact millions of people with many side effects – and that’s what happened with the Colonial Pipeline. Malware targeting SCADA systems can also be used in the context of cyberwarfare – remember Stuxnet that targeted the Natanz uranium enrichment plan in 2010. Phishing attacks targeting individuals are less critical."
Dirk Schrader, Global Vice President, Security Research at New Net Technologies (NNT)
"A new aspect of ransomware attacks seems to establish itself, which is the ‘out of an abundance of caution’ notion. Companies detecting a likely ransomware attack are shutting down entire global IP networks, which is a tell-tale for the structure of those and the trust the companies have in their abilities to detect a potential attack early and to contain it within certain parts of their networks, to limit its spread. Security professionals have heard this statement, ‘we operate a rather flat network’, facing the issue of managing, of improving the security such a setup with their limited resources. It is also an indicator of the old ‘fortify the parameter’ paradigm still being widely in use."
###