ON 8 NOVEMBER 2021, the US Justice Department announced the arrest of several members of the Russian-speaking REvil ransomware group, in a large-scale operation involving US allies in Europe and around the globe. The REvil group, who have since been charged, have been deploying ransomware attacks against American targets including the software provider Kaseya in July 2021. Furthermore, the State Department added REvil to a bounty programme that offers up to US$10 million for information on the REvil leaders.

These efforts followed the two-day virtual international summit on ransomware hosted by the Biden administration on 13-14 October. This summit included 30 countries and was a decisive step towards building a coalition against ransomware attacks. It was acknowledged by all countries that ransomware posed a global and national security threat. Russia ─ as well as China, Iran, and North Korea ─ was not invited.

Read the rest at RSIS

The nation spends billions of dollars on cybersecurity measures, and yet we seem unable to get ahead of this problem. Why are our computers so hard to protect? An experience with a house cat provided insights. I am allergic to cats. My daughter came home, cat in hand, and I had to find a way of confining Pounce to a limited area. Everything I tried to confine Pounce worked for a little while but eventually failed as he found a way past my newest security barrier — just as hackers eventually find their way through the cybersecurity barriers erected to stop them.

Read the rest at Los Angeles Times

Herbert Lin, a senior research scholar for cyber policy and security at Stanford University, told RFE/RL that conference participants need to focus on how to interfere with cryptocurrency payments.

Ransomware will become less attractive if cybercriminals can't turn the cryptocurrency payments into cash, he said.

Read the rest at RadioFreeEurope

Read the rest at The Jerusalem Press Club

The oldest information system the government operates might also be the most crucial one. No, not the IRS master file system. It’s the technology that controls nuclear weapons. It dates to the 1950s. Yet imagine if the control systems were online in the age of ransomware. Our guest has thought about exactly that. A long time scholar and researcher in cybersecurity, he’s written a book called Cyber Threats and Nuclear Weapons. Stanford University Fellow Dr. Herb Lin joined Federal Drive with Tom Temin.

Read the rest at Federal News Network

In 2018, U.S. Cyber Command (USCC) released its Command Vision statement for the organization, advancing officially for the first time “defend forward” and “persistent engagement” as new elements in the United States’ approach to advancing its security interests in and through cyberspace. Since then, much debate has ensued about the pros and cons of these concepts. But this debate has not included much discussion of one key aspect—what would be the impact of other cyber powers adopting these concepts in pursuing their own security interests?

Read the rest at Lawfare

Emerging and disruptive technologies spell an uncertain future for second-strike retaliatory forces. New sensors and big data analysis may render mobile missiles and submarines vulnerable to detection. I call this development the “standstill conundrum”: States will no longer be able to assure a nuclear response should they be hit by a nuclear first strike. If the nuclear weapons states can manage this vulnerability, however, they might be able to escape its worst effects. “Managing” could mean shoring up nuclear deterrence; it could mean focusing more on defenses; or it could mean negotiating to ensure continued viability of second-strike deterrent forces.

Read the rest at Texas National Security Review

They have the sort of names that only teenage boys or aspiring Bond villains would dream up (REvil, Grief, Wizard Spider, Ragnar), they base themselves in countries that do not cooperate with international law enforcement and they don’t care whether they attack a hospital or a multinational corporation. Ransomware gangs are suddenly everywhere, seemingly unstoppable – and very successful.

Read the rest at The Guardian

A problem for investors is that companies don’t have proper incentives for preventing attacks. Herb Lin, cyber policy and security scholar at Stanford University’s Hoover Institution, said companies spend too much energy avoiding responsibility for attacks, rather than preventing them. As a result, manufacturers don’t take responsibility for fully protecting themselves from security breaches, he said.

Kaseya’s end-user agreement largely absolves it of breaches that compromise customers’ data unless there was gross negligence or misconduct.

A Kaseya spokeswoman said in an email that their agreement’s language is “standard for our industry.”

According to Lin, widespread use of such agreements is precisely the problem.

“Companies go out of their way to say we’re not liable for any consequences of this type of attack,” he said, pointing to user agreements pre-emptively absolving themselves of responsibility, and seemingly catastrophic events without lasting harm to companies’ stock prices.

Read the rest at Barron's

This interview with CISAC Affiliate Christopher Painter was originally produced by Jen Kirby. The complete article is available at Vox.

The frequency, scope and scale of ransomware attacks against public and private systems is accelerating. In the latest incident, the ransomware group REvil has demanded $70 million to unlock the systems of the software company Kaseya, an attack that affects not only Kaseya, but simultaneously exploits all of the company’s clients.

The REvil, JBS meatpacking and Colonial Pipeline attacks have abruptly raised the profile of ransomware from a malicious strand of criminality to a national security priority. These are issues that Christopher Painter, an affiliate at the Center for International Security and Cooperation (CISAC), has worked on at length during his tenures as a senior official at the Department of Justice, the FBI, the National Security Council and as the world's first top cyber diplomat at the State Department.

Jen Kirby, a reporter for Vox, interviewed Painter to discuss how cybercrimes are evolving and what governments should do to keep ransomware attacks from escalating geopolitical tensions online and off.

Jen Kirby:
I think a good place to start would be: What are “ransomware attacks”?

Christopher Painter:
It is largely criminal groups who are getting into computers through any number of potential vulnerabilities, and then they essentially lock the systems — they encrypt the data in a way that makes it impossible for you to see your files. And they demand ransom, they demand payment. In exchange for that payment, they will give you — or they claim, they don’t always do it — they claim they’ll give you the decryption keys, or the codes, that allow you to unlock your own files and have access to them again.

That is what traditionally we say is “ransomware.” That’s been going on for some time, but it’s gotten much more acute recently.

There is another half of that, which is that groups don’t just hold your files for ransom, they either leak or threaten to leak or expose your files and your information — your secrets and your emails, whatever you have — publicly, either in an attempt to embarrass you or to extort more money out of you, because you don’t want those things to happen. So it’s split now into two tracks, but they’re a combined method of getting money.

Jen Kirby:
We’ve recently had some high-profile ransomware attacks, including this recent REvil incident. Is it that we’re seeing a lot more of them, or they’re just bigger and bolder? How do you assess that ransomware attacks are becoming more acute?

Christopher Painter:
We’ve seen this going on for some time. I was one of the co-chairs of this Ransomware Task Force that issued a report recently. One of the reasons we did this report was we’re trying to call greater attention to this issue. Although governments and law enforcement were taking it seriously, it wasn’t being given the kind of national-level priority it deserved.

It was being treated as more of an ordinary cybercrime issue. Most governments’ attention is focused on big nation-state activity — like the SolarWinds hack [where suspected Russian government hackers breached US government departments], which are important, and we need to care about those. But we’re very worried about this, too.

It’s especially become more of an issue during the pandemic, when some of the ransomware actors were going after health care systems and health care providers.That combined with these big infrastructure attacks — the Colonial Pipeline clearly was one of them. Another one was the meat processing plants. Another one was hospital systems in Ireland. You also had the DC Police Department being victimized by ransomware. These things are very high-profile. When you’re lining up for gas because of a ransomware attack, and you can’t get your food because of a ransomware attack, that brings it home as a priority. And then, of course, you have what happened this past weekend. So ransomware has not abated, and it continues to get more serious and hit more organizations.