The first international joint advisory about ransomware was issued last week as concerns mount about a potential Russian invasion of Ukraine.
Tensions rose even higher on Tuesday when Ukraine's defense ministry and two banks were hit by cyber attacks. Ukraine's Center for Strategic Communications and Information Security pointed the finger at Russia.
The advisory, released on Feb. 9 by cybersecurity agencies in the United States, Australia, and the United Kingdom, said that there was an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations.
"These advisories confirm what cybersecurity professionals have been suspecting," said Josh Lospinoso, CEO and co-founder at cybersecurity firm Shift5. "Attacks are accelerating in both scale and scope.”
The effects of cyberattacks against critical infrastructure can be huge, he added. "So it’s a good sign that forward-thinking government officials are focusing their resources here."
Digital warfare
The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the NSA reported attacks against organizations in the defense sector, emergency services, food and agriculture, government facilities, and information technology sectors.
In the advisory, the agencies recommended that “all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets."
"The point here is that these are not isolated events," said Liza Craig, government contracts partner at Reed Smith. "Around the world, bad actors are targeting critical infrastructure methodically and with increasing frequency.”
Data centers are part of the world's critical infrastructure, she added.
"This sector is central to the nation's security, economy, and public health and safety," she told Data Center Knowledge.
And it's not just the largest organizations that are targeted, though they get most of the news headlines.
According to Marjorie Dickman, chief government affairs and public policy officer at BlackBerry, small businesses are facing up to 13 cyberattacks per device per day, more than that at larger companies.
BlackBerry released their annual threat report on Tuesday which covered ransomware attackers and their techniques in great depth.
"Threat actors are increasingly employing off-the-shelf ransomware-as-a-service and malware-as-a-service tools to execute malicious attacks at scale," she told Data Center Knowledge.
Attackers are also escalating their attacks. In addition to ransomware, they're adding a second extortion strategy – exfiltrating data and threatening to leak it. Some also add a third stage, in the form of harassment, and a fourth – disruptive attacks such as denial of service. The goal is to make the attacks as painful as possible so that the victims are more likely to pay up.
"The CISA-FBI-NSA ransomware advisory is spot on," Dickman said.
Global threat, global action
So far this year, organizations hit by ransomware included French aerospace giant Thales Group, the Maryland Department of Health, the Indonesian Central Bank, and the French Ministry of Justice, according to a report by cybersecurity firm BlackFog.
The company estimates 2021 global cybercrime damages to total $6 trillion. If cybercrime was its own country, its GDP would be the third largest in the world, after the U.S. and China.
Two-thirds of organizations have experienced a ransomware attack last year, according to a report by Venafi released at the end of 2021.
"Ransomware took down major critical infrastructure organizations’ operations in 2021 the extent of which we’ve not yet seen in the past," said Dennis Hackney, solutions development director of industrial cybersecurity at ABS Group, a leading global operational risk management company.
What's different now is the general public awareness of deficiencies when it comes to defending our critical infrastructure against ransomware, said Chuck Everette, director of cybersecurity advocacy at Deep Instinct.
National leaders are also aware of the threat, he added, and there is more pressure being put on them to address this risk.
"The days of ignoring gaping holes in our defenses are no longer going to be tolerated without the public demanding action," he told Data Center Knowledge.
What's next?
As with any government advisory, government agencies will now dedicate additional resources to addressing the problem, said Aaron Turner, vice president of SaaS posture at cybersecurity firm Vectra AI.
"Visibility means investment within the government," he said.
Turner was in Washington D.C. last week meeting with government cybersecurity experts.
"In those meetings, they all stated how the impact of ransomware on critical infrastructure has fundamentally reshaped their cyber defense programs," he told Data Center Knowledge.
But ransomware gangs read the news reports, too. And they've now been put on notice, he said.
"So there is likely to be a mad dash to exploit as many opportunities as possible before those meaningful improvements are made," he said. "I would expect to see significant increases in ransomware activity as a result."
However, there's little new in the advisories to help enterprises defend against these attacks.
CISA's advisory includes the standard list of security controls and best practices to prevent ransomware attacks and recommendations for how to respond to them.
"The optimal approaches still rely on excelling at the basics of information security," said Trevin Edgeworth, red team practice director at cybersecurity firm Bishop Fox.
