Join us on November 9 to learn how to successfully innovate and achieve efficiency by upskilling and scaling citizen developers at the Low-Code/No-Code Summit. Register here.
Bitcoin has brought with it many benefits: accessibility, liquidity, anonymity, independence from central authority, high-return potential.
All of which are a boon to cybercriminals, especially those working across national borders.
“When Bitcoin became more widely used, we saw a huge jump in ransomware because it was the way to move money across borders,” a spokesperson only identified as a senior administration official said in a press briefing prior to an international cybersecurity summit in Washington this week.
“It’s a borderless threat, and we have to tackle it in a borderless way,” said the official. Particularly when it comes to illicit use of crypto, “the threat has clearly evolved.”
Learn how to build, scale, and govern low-code programs in a straightforward way that creates success for all this November 9. Register for your free pass today.
To coordinate and strengthen partnerships and more effectively counter ransomware threats on critical infrastructure, the Biden administration this week brought together leaders from 36 countries and the European Union.
“As we know, ransomware is an issue that knows no borders and affects each of the Counter Ransomware Initiative countries — our businesses, our critical infrastructure, and our citizens — and it’s only getting more challenging,” said the White House senior official.
Sharing progress, inviting private sector
The White House launched the Counter Ransomware Initiative (CRI) last year during a virtual global summit to “rally allies and partners to counter the shared threat of ransomware,” said the senior administration official. The initiative has five working groups.
With this year’s event, the goal was to come together to discuss what those working groups have accomplished throughout the year.
CRI partners focused on the five working group themes and also heard from U.S. government leaders including FBI Director Chris Wray; Deputy Secretary of the Treasury Wally Adeyemo on the subject of countering illicit use of cryptocurrency; Deputy Secretary of State Wendy Sherman; and National Security Advisor Jake Sullivan.
Officials were provided with a detailed threat briefing by ODNI, FBI and CISA. This included a chart capturing 4,000 cyberattacks over the last 18 months outside the U.S.
The summit also invited 13 private sector companies from around the world. Those companies focused on three questions:
- What should governments be doing?
- What should the private sector be doing?
- What can they do together?
“This is just a first round of getting companies’ perspectives to ensure that we’re not doing this the traditional government way, which is government-to-government only,” said the senior administration official. “We’re pulling in the private sector because of their unique visibility, capability, and insights into it.
How orgs can protect themselves until there’s a solution
Enterprise leaders weighing in on the summit commended the collective governments in addressing the issue, while also emphasizing the importance of organizations proactively protecting themselves.
“Ransomware has become a serious issue on a global scale, so it is no surprise that so many nations continue to band together to deal with the threat,” said Erich Kron, security awareness advocate at KnowBe4.
With ransomware gangs targeting sectors such as hospitals, which could lead to the loss of life, “the urgency to find a solution for the problem is only heightened,” he said.
Until there is one, he said, organizations must concentrate on educating employees to quickly and accurately spot and report phishing attacks and secure remote-access portals with multifactor authentication (MFA). They must also ensure that software vulnerabilities are patched and networks are segmented, while implementing strong data-loss prevention (DLP) controls.
Also, increasing amounts of zero-day attacks and common vulnerabilities and exposures (CVEs) should be top of mind, said Jeff Williams, cofounder and CTO at Contrast Security.
As he explained, ransomware usually results from a malicious actor taking advantage of known CVEs. As such, entire classes of vulnerabilities should be eliminated by enhancing software defenses and using technologies like runtime application self-protection (RASP).
“Additionally, we must push back on the industry when it attempts to obfuscate visibility into weak security practices and technologies with claims that it will compromise intellectual property (it won’t) or make it easier for attackers (it doesn’t),” said Williams.
Strong public-private partnerships are important for cybersecurity transparency, he said, particularly in the software development and supply chain processes.
“We need far more insight into how the software we trust with the most important things in our lives has been secured,” said Williams.
As he pointed out, there’s very little that an attacker can’t do after a successful breach: steal and sell data, interrupt service, corrupt records and more.
“We must be better at preventing attackers from taking control of our digital infrastructure,” said Williams.
Nation-state actors must be stopped — and punished
Other enterprise leaders underscored the importance of targeting and preventing nation-state actors, such as Russian-speaking cartels with a Pax Mafiosa with the Russian regime.
“They not only offset economic sanctions, but act as cybermilitias against western targets during times of geopolitical tension,” said Tom Kellermann, CISM and SVP of cyberstrategy at Contrast Security.
Forfeiture laws must be expanded to allow for greater seizures of assets being held by cybercriminals, including Bitcoin and other crypocurrency, said Kellermann, who also served on the Commission on Cybersecurity for President Barack Obama’s administration.
And, any exchange that does not embrace the tenants of the Financial Action Task Force (FATF) and is “blatantly involved” in laundering the proceeds of cybercrime should be shut down via cyber means, he said. Their assets should be seized and used for critical infrastructure protection.
Finally, insurers should be banned from making ransomware payments, as these violate the sanctions imposed on Russia and North Korea, said Kellermann.
Redoubling work, systemizing information sharing
Progress has been made globally over the last year, said the senior administration official.
In particular, the CRI’s Resilience Working Group held two threat exercises in 2021 to ensure that CRI members, no matter their time zone, could participate and learn from each other in implementing best practices to counter an attack.
The official also recognized India and Lithuania for resilience, Australia for disruption. Singapore and the U.K. for virtual currency, Spain for public-private partnerships, and Germany for diplomacy.
Meanwhile, the Treasury has hosted workshops to help countries learn how to trace illicit use of Bitcoin and other crypto. The Treasury also leads the FATF, which has been looking to put in place “Know Your Customer” rules for cryptocurrency exchanges and the various parts of the crypto infrastructure.
CRI is building a new information-sharing platform for any country to ask whether others had seen certain ransomware attacks. Countries can then share information on what they learned and how they fought the attack, the official explained.
“We really want to redouble our work, deepen the partnership — as it’s a borderless problem, so fundamentally no one country can take it on alone — and put in ways to systemize information sharing,” said the official.