Stop pussyfooting with Russia's cyber privateers
President Biden's biggest threat is the Russia-linked cyber criminals who have now demanded $70 million in their boldest hit yet.
Over the weekend, the REvil gang demanded the biggest cyber ransom demand ever: $70 million in cryptocurrency. The gangs are no longer limiting themselves to big companies with deep pockets and cyber insurance carriers backing them. They are now going after large IT infrastructure providers, along with the insurance companies themselves.
This, more than any other threat to America and the free world, should be President Biden’s top security priority. Buried in the press pool report was a question from a reporter about the hack, asked after the president’s visit to a Michigan orchard.
“I directed the intelligence community to give me a — a deep dive on what’s happened, and I’ll know better tomorrow,” Biden said. “And if it is, either with the knowledge of and/or a consequence of Russia, then I told Putin we will respond.”
The attack on IT provider Kaseya affected thousands of customers. The scale was so large that the FBI cautioned victims that the agency and the Cybersecurity Infrastructure Security Agency “may be unable to respond to each victim individually” but to provide all relevant information.
In May, the FBI was able to recover most of the nearly $5 million ransom paid to DarkSide. CNN reported that the FBI had been investigating DarkSide for more than a year. The U.S. government had at some point obtained the private key for the cybercurrency wallet used to funnel about $2.3 million in Bitcoin. Shortly after that, DarkSide announced it would shut down.
The cost of cyber insurance has skyrocketed, and insurance carrier risk has passed the break-even point, with payouts topping 70 percent, according to an April report by Fitch Ratings, a commercial financial analysis firm. CNA Financial limited new cyber insurance policies to 10 percent of the policy limit for paying out ransomware bounties.
The AP reported that CNA had its own network attacked in March, though the company would not confirm it. In the company’s March 31 10-Q SEC report, CNA included some rather chilling language under the “Risk Factors” section. (Bold in original.)
Potential exposures resulting from the March 2021 cybersecurity attack, described in the following risk factor, as well as any future incidents may include substantially increased compliance costs and required computer system upgrades and security-related investments. If our business continuity plans or system security do not sufficiently address these risks, they could have a material adverse effect on our business, results of operations and financial condition.
Based on the information currently known, we do not believe that the March 2021 cybersecurity attack will have a material impact on our business, results of operations or financial condition. However, no assurances can be given, and we may be subject to future incidents that could have a material adverse effect or result in operational impairments and financial losses as well as significant harm to our reputation.
Any significant breach in our data security infrastructure could disrupt business, cause financial losses and damage our reputation, and insurance coverage may not be available for claims related to a breach.
A significant breach of our data security infrastructure may result from actions by our employees, vendors, third-party administrators, or unknown third parties or through cyber attacks. The risk of a breach can exist whether software services are in our data centers or we use cloud-based software services.
AXA, another insurance giant in the cyber realm, announced in May that it is no longer reimbursing ransomware payouts in France, according to the AP. In June, Arthur J. Gallagher, a large insurance broker, issued a statement that the company “detected a ransomware event impacting our internal systems.”
Cutting to the chase here. If cyber insurers cannot bear the risk of ransomware demands, then shaking the money tree for large targets will stop being such a draw, and the crooks, ever greedy, will resort to hitting very large providers that affect many thousands—even millions—of customers. The costs of these attacks will be passed on to the victimized firms, and eventually to us consumers.
It is the responsibility of our federal government to protect our financial and property interests from lawless gangs of criminals given cover and support by foreign governments. President Biden’s first response regarding the latest massive attack was “We’re not sure if it’s the Russians.” I am pretty sure we’re sure it was the Russians, or Russia-linked gangs.
These digital pirates are attacking at will, like the privateers given Letters of Marque by the British government in the War of 1812. They are taking our companies—and those of our allies—prisoner and giving a portion of their bounty to their sponsor. In return, the Russians are using their intelligence and research assets, giving the gangs access to “zero-day” exploits.
A “zero-day” exploit attacks a vulnerability unknown until the first time it’s used “in the wild.” Some of these exploits are quite sophisticated. According to Dutch researchers, REvil, in its hit on Kaseya, used “a number of zero-day vulnerabilities” in the ransomware attacks.
One of the primary reasons the U.S. tends to look reactive versus proactive in fighting the cyber war is to protect our own capabilities, which are undoubtedly formidable. For example, the U.S. was able to attack a nearly impregnable Iranian uranium enrichment facility using multiple stolen digital certificates, custom engineered exploits, and clever packaging in its STUXNET attack, using what Wired Magazine called “the first digital weapon.”
It’s time for President Biden to stop pussyfooting around with Russia-linked cyber criminal gangs. It’s time for the kind of response that Biden took with Syria and Iraq, except in the cyber realm, not with cruise missiles. It’s time to hit the cyber criminals where they live, where their money is held, and maybe, yes, with some drone strikes.
Putin’s cyber privateers have been taking prisoners and waging war against us for too long. If we’re going to have another war against some domestic threat, we need to fight the one that’s already raging, against a very determined and “soulless” foe who wishes us nothing but harm.
If you haven’t subscribed to the Racket yet, click the button below to do so while it’s still free. And remember, with the Racket you get MORE than what you pay for!
You can also find The Racket News (@newsracket) on Twitter and Facebook. Join the discussion online with our Racketeers Facebook group.
Follow The Racketeers on Twitter: Jay, Steve, and David.
As always, we appreciate shares. If you see something here that you like, please send it to your friends and tell them that all the cool kids read the Racket!
Businesses under attack seem to be far less competent than the criminals. They should become more engaged either by hiring in-house expertise or security firms. And, you're right. More firm action by USA is necessary.