[ad_1]
DarkSide was a testament to this implementation problem even before the Colonial Pipeline attack. It is aimed almost exclusively at English-speaking organizations and is believed to be a criminal group based in Russia or Eastern Europe. DarkSide malware was built to perform language checks and to shut down if it detects Russian, Ukrainian, Belarusian, Armenian, Georgian, Kazakh, Turkmen, Romanian, and other languages associated with Russian geopolitical interests. The Kremlin has historically allowed cybercriminals to operate indefinitely within its borders, as long as they do not go after their countrymen.
DarkSide’s income-saving business model makes it difficult to determine who is behind the DarkSide attack, with adequate isolation for all involved. And the existence of ransomware rental services shows how well-known and profitable these attacks are. Members of DarkSide steal point-of-sale credit card data and ATM collection attacks years ago, says Adam Meyers, vice president of intelligence for security firm CrowdStrike, which continues under the name DarkSide activity Carbon Spider. “Ransomware has come into play because there’s a lot of money,” Meyers says.
The Biden administration has stated in recent weeks that it intends to address the real threat of ransomware. The White House has hired key cybersecurity policy and response roles and a ransomware public-private team aimed at creating comprehensive recommendations to stop the problem. The Colonial Pipeline event gives the White House a renewed motivation to turn policy proposals into action.
“We are taking a full government and government response to this incident and to the rescue software in general,” Anne Neuberger, deputy national security adviser, said in a statement to the White House on Monday. “We are investigating the incident and its perpetrators in an aggressive manner.”
Neuberger said the administration believes DarkSide is only a criminal actor, but that the intelligence community is exploring the possibility of government ties. On Monday, President Biden called on the Russian government to stop storing cybercriminals.
“I will meet with President Putin,” Biden said. “So far there is no evidence … that our intelligence people are involved in Russia, but they are proving that the rescue software for the actors is in Russia. They have some responsibility to deal with that.”
The question that dogs answer to rescue software is whether governments should make it illegal to pay ransom to victims. In theory, failure to make a rescue payment would not be a further incentive for criminals to continue. But members of the public-private ransomware working group say the group was unable to reach a consensus on firm recommendations for doing so; compensations are not easy to navigate.
Steps that can work in the short term? Rob Knake, a senior official on the Foreign Relations Council and a former director of cybersecurity policy at the National Security Council, says the victims need to be informed of the ransomware incidents and call for the creation of a cyber incident commission in the US. Today most victims keep ransomware attacks silent whenever possible; full accounting for these ongoing crises can generate a response. “Notification is essential because cyber incidents are not like plane crashes; the investigating agency may never know they happened,” Knake says. “So for the cyber incident review committee to be successful, it will have to be informed of the incidents and then have the power to investigate. Volunteering will not work.”
Meanwhile, cybersecurity professionals say they hope the Colonial Pipeline incident will eventually lead to action in the fight against ransomware. Since other serious attacks have failed to act as catalysts, they are committed to being hopeful.
“We are at a time when systemic improvement alone will have a significant impact,” says Crowdstrike’s Meyers. “And organizations don’t have the bandwidth, funding and staff to do that. But this should be a call to wake up any organization: you have to do better or you will suffer the same fate. “
More great KABEKO stories
[ad_2]
Source link
