{"id":18692,"date":"2021-06-03T21:29:25","date_gmt":"2021-06-03T21:29:25","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/?p=18692"},"modified":"2021-07-23T16:34:55","modified_gmt":"2021-07-23T16:34:55","slug":"white-house-says-take-ransomware-threat-seriously","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/compliance\/white-house-says-take-ransomware-threat-seriously\/","title":{"rendered":"White House to Corporate America: Take Ransomware Threat Seriously"},"content":{"rendered":"

The National Security Council is sending a memo to U.S. companies urging them to take the ransomware<\/a> threat more seriously as the Biden Administration ramps up its responses following recent attacks linked to Russia-based hacker groups on two major corporations.<\/p>\n

In the open letter<\/a> dated June 3, Anne Neuberger, the NSC\u2019s cybersecurity adviser, said that while the federal government is doing what it can to combat the accelerating threat, private sector organizations also play a crucial role.<\/p>\n

\u201cAll organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,\u201d Neuberger wrote. \u201cBut there are immediate steps you can take to protect yourself, as well as your customers and the broader economy. Much as our homes have locks and alarm systems and our office buildings have guards and security to meet the threat of theft, we urge you to take ransomware crime seriously and ensure your corporate cyber defenses match the threat.\u201d<\/p>\n

JBS Foods Part of Escalating Problem<\/h2>\n

The three-page memo comes days after JBS Foods, the world\u2019s largest meat processing company based in Brazil but with a subsidiary in the United States, was hit with a cybersecurity attack that shut down processing plants and threatened the global meat supply. The FBI attributed the attack to REvil, a high-profile cybercriminal group believed to be based in Russia. That attack followed a dramatic ransomware attack on Colonial Pipeline<\/a> that nearly ground the East Coast of the U.S. to a halt.<\/p>\n

REvil hasn\u2019t taken credit for the JBS attack, but according to an NPR report<\/a>, a representative of the group said in an interview in October 2020 that it was turning its attention to the agricultural sector. The ransomware attack impacted servers connected to JBS\u2019 operations in the United States and Australia. Company officials said late Wednesday that they expected to have most operations back up by Thursday.<\/p>\n

Ransomware groups attack companies by seizing their data and encrypting it, then demanding a ransom be paid before they release the key for decrypting the data. More recently, many groups have increased pressure on their victims, threatening to release the data on the web if the ransom isn\u2019t paid.<\/p>\n

It was unclear whether JBS paid a ransom.<\/p>\n

Ransomware Attacks Accelerating<\/h2>\n

Early last month, Colonial Pipeline, the largest U.S. fuel pipeline, was hit by a ransomware attack<\/a> that shut down operations for almost a week, sharply reducing fuel supplies to Southeastern states and resulting in long lines at gas stations. Company officials later admitted that the company paid a $4.4 million ransom \u2013 in about 75 Bitcoin \u2013 to the attackers to get the decryption key. U.S. officials have said that the hacking group DarkSide, which has links to Russia, was responsible for the breach.<\/p>\n

Data breaches, including ransomware, continue to increase, according to a report<\/a> last month by Verizon Business. The company found that the number of breaches in 2020 jumped to 5,258, a third more than the year before, and that phishing scams increased 11 percent year-over-year. The number of ransomware attacks rose 6 percent. The COVID-19 pandemic and remote work<\/a> played a significant role in fueling the increases, the company found.<\/p>\n

The White House and government agencies are stepping up their responses as the number of ransomware incidents not only increase but also continue to target critical infrastructure<\/a>. Industries like healthcare and education have also been high-profile ransomware targets during the pandemic.<\/p>\n

Smaller public and private organizations also are being targeted by bad actors. The Metropolitan Transportation Authority, which operates New York City\u2019s subway system, said this week that its operations were hacked<\/a> in April by cybercriminals suspected of being sponsored by the Chinese government. The Massachusetts Steamship Authority, which operates ferry services between Cape Cod and the islands of Martha\u2019s Vineyard and Nantucket, was hit by a ransomware attack<\/a> this week that affected operations. The FBI is investigating the breach.<\/p>\n

Confronting Russia<\/h2>\n

During a press conference June 2, White House Press Secretary Jen Psaki said that the Biden Administration was “raising this through the highest levels of the U.S. government. The president certainly believes that [Russian] President [Vladmir] Putin has a role to play in stopping and preventing these attacks.”<\/p>\n

Biden is scheduled to meet with Putin in Europe in two weeks and has said he will bring up Russia\u2019s relationships with cybercriminals when they speak.<\/p>\n

Just after the Colonial Pipeline attack became public, the U.S. Cybersecurity and Infrastructure Agency (CISA) and FBI issued an alert outlining guidance<\/a> based on the MITRE ATT&CK framework for protecting critical infrastructure from ransomware. Soon afterward the Biden Administration issued an executive order<\/a> aimed at reviewing and improving the federal government\u2019s cybersecurity preparedness and response, and the Department of Homeland Security followed last week with cybersecurity requirements<\/a> for critical pipeline owners and operators.<\/p>\n

Steps Companies Should Take<\/h2>\n

In her memo to U.S. companies, the NSC\u2019s Neuberger laid out steps that organizations should take, including implementing the five steps laid out in Biden\u2019s executive order (including using multi-factor authentication<\/a>, endpoint detection and response (EDR)<\/a> technologies and encryption techniques<\/a>), backing up data, system images and configurations, and promptly updating and patching systems<\/a>. She also urged them to test incident response strategies, check the work of security teams and segment networks<\/a>.<\/p>\n

\u201cThe most important takeaway from the recent spate of ransomware attacks on U.S., Irish, German and other organizations around the world is that companies that view ransomware as a threat to their core business operations rather than a simple risk of data theft will react and recover more effectively,\u201d she wrote.<\/p>\n

What Can the Government Do?<\/h2>\n

That said, there are differing opinions in the cybersecurity sector about where the government\u2019s efforts would be most effective. John Bambenek, threat intelligence advisor for cybersecurity firm Netenrich, told eSecurity Planet<\/em> that more than any other threat, non-technical executives are most familiar with ransomware and already are looking for solutions.<\/p>\n

\u201cA letter from a White House official isn\u2019t going to change the game in the slightest,\u201d Bambenek said.<\/p>\n

However, what the administration can do is pressure and punish both governments that ignore the ransomware activities in their countries as well as the perpetrators themselves, he said, adding that the \u201cgovernment needs to focus on their pieces of the solution and the things only they can do.\u201d<\/p>\n

Others were happy to see the Biden Administration taking steps to address the threat, including sending the memo. Vectra President and CEO Hitesh Sheth told eSecurity Planet<\/em> he pictures the government working with private companies to develop effective strategies and that it was good to see the White House underscore the urgency, even though ransomware has been a problem for 15 years.<\/p>\n

\u201cThe difference in 2021 is the more ambitious choice of targets: critical food and fuel supply lines and transport systems,\u201d Sheth said. \u201cWhen our enemies set their sights higher, so must we.\u201d<\/p>\n

Putting Plans in Place<\/h2>\n

Setu Kulkarni, vice president of strategy at application security vendor WhiteHat Security, said the advice in the White House memo is important, particularly testing incident response plans and penetration testing.<\/p>\n

\u201cOften organizations treat their incident response plan like they treat their business continuity plan \u2013 it is there and documented for compliance,\u201d Kulkarni told eSecurity Planet<\/em>. \u201cWe need to make a change here to treat the incident response plan much like a fire drill or an earthquake drill, so that when the inevitable breach happens, the entire organization is clear on the first few steps and that will give them the time they need to counter the threat effectively rather than scrambling at the nth minute.\u201d<\/p>\n

There are other steps businesses can take. Traditional security measures won\u2019t always work against these fast-evolving modern threats, and right now the core issue at most organizations is unauthorized access, particularly given the high level of remote work, according to Lookout CEO Jim Dolce. Given that, instituting zero-trust frameworks<\/a> will be key, as will implementing practices and tools on all corporate endpoints to mitigate the risk of attacks.<\/p>\n

In addition, security teams shouldn\u2019t \u201cuse ransomware as a \u2018fear, uncertainty, and doubt\u2019 strategy to bend your business to your will,\u201d said Rick Holland, chief information security officer and vice president of strategy at Digital Shadows. \u201cThe FUD approach is destined to fail. Instead, take a measured, non-hyperbolic approach in explaining the threat and risks to your executive leadership.\u201d<\/p>\n

Holland said \u201cthe current state of enterprise networks is analogous to patients with chronic illnesses like heart disease; it has taken years to get to this state. There isn’t a magical intervention that will mitigate the risk overnight. We have to address the root causes of the illness, not just the symptoms. The White House’s suggestions aren’t cheap and will take time to implement; there is a very long tail to addressing the extortion threat.\u201d<\/p>\n\n\n

\n \n\n \n\n
\n \n <\/path>\n <\/svg>\n <\/div>\n \n
\n
\n

\n Get the Free Cybersecurity Newsletter <\/h3>\n \n \n

\n Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday <\/p>\n <\/div>\n\n

\n
\n \n Email Address\n <\/label>\n \n <\/div>\n\n
\n
\n \n \n By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time. <\/label>\n <\/div>\n <\/div>\n \n