web analytics

As lawmakers mull outlawing poor security, what can they really do to tackle online gangs? – Source: go.theregister.com

as-lawmakers-mull-outlawing-poor-security,-what-can-they-really-do-to-tackle-online-gangs?-–-source:-gotheregister.com
Rate this post

Source: go.theregister.com – Author: Team Register

Comment In some ways, the ransomware landscape in 2023 remained unchanged from the way it looked in previous years. Vendor reports continue to show a rise in attacks, major organizations are still getting hit, and the inherent issues that enable it as a business model remain unaddressed.

Yet what 2023 may be remembered for is how law enforcement (LE) bookended it with a showing of progress and intolerance, making good on promises to bring down gangs that were once showpieces for the cybercriminal world.

Lawyers with laptop

Lawyer guilty of arrogance after ignoring tech support

READ MORE

The demise of RagnarLocker and Qakbot followed that of Hive at the start of the year, and partial success was enjoyed in the attempts to end AlphV/BlackCat in December. While the latter still lives on and has continued to breach victims, LE was able to release a decryptor for hundreds of previous cases, and that alone shouldn’t detract from what has been a huge year for counter-ransomware ops.

AlphV/BlackCat might have squirmed their way out of authorities’ clutches for now, but the action from national security agencies this year has given the industry reasons to be cheerful after a barren year for good news on this front.

2022 saw a rare drop in ransomware attacks but it was short-lived and still plagued by major incidents, even if there weren’t quite as many of them. LE also failed to register a single significant bust, with the previous one being REvil’s shuttering in late 2021.

Conti died off, but only its brand. And LE had no hand in the matter. The group ravaged organizations and governments for years before splitting off into smaller cells.

Indeed, 2023 was something of a statement sent by authorities. For years, various agencies repeated renditions of ‘ransomware can no longer be tolerated’, but the disruptions from the past 12 months feel like genuine steps in the right direction.

However, there are still missing pieces of the puzzle, and the lack of arrests remains a concern. Dismantling an operation is no mean feat and should be commended, however, in the grand scheme of things, it stops essentially nothing if the criminals continue to run free.

The need for robust intervention here is undeniable. LE’s takedowns are impactful but not preventative. The industry needs governments to insert themselves into the crisis and take decisive action to stop ransomware from becoming even more out of hand than it already is.

Take AlphV/BlackCat, for example. It was arguably the scummiest of all the ransomware groups in 2023. In the space of 12 months, its leaders – believed to be based in Russia – signed off on some of the worst acts ever seen in ransomware, including the leaking of breast cancer patients’ nudes. Despite being known for freely targeting hospitals, charities, schools, and other similarly sensitive targets, the attack on Lehigh Valley Health Network was a new low.

The crew also continued to push the boundaries of extortion, even going so far as to weaponize the Securities and Exchange Commission (SEC). In November it allegedly filed a regulatory complaint over a target’s failure to report a breach within the mandated four-day window. It then repeated the trick in December. Both were brazen attempts to hurry along ransom payment negotiations. No wonder the feds tore it down.

If the authorities are serious about disrupting ransomware for good, and ensuring criminals like those behind the worst operations are left without a job, then the approach must change. If takedowns alone aren’t working, and they aren’t working, other solutions are required. 

Governments will have crucial roles in the fight against ransomware. Industry will no doubt pray that 2024 will be the year in which state influence finally exerts itself into cybercrime in the way it needs to. Introducing impactful legislation, however, will be far from straightforward.

Step up, lawmakers

It goes without saying that the private sector must do better while it waits for higher powers to enact the required change. Building better, more secure products will ease the burden of applying the countless patches released every month – a relentless function of security gigs that shouldn’t be as disruptive as it is.

Law enforcement is doing a solid job at disrupting ransomware within its powers, and cybersecurity awareness in organizations is increasing gradually to mitigate the threat. The next step in the fight against ransomware, however, must come from the legislature. 2024 can and should be the year that’s remembered not just for the biggest takedowns, but for the impactful policy decisions that help quell the threat for good.

That said, there aren’t any perfect solutions here. There are a few schools of thought when it comes to combating ransomware through legislation, the most prominent of which is to ban ransom payments entirely, both from the public and private sectors.

Politicians have wrestled with implementing a ransom ban for years, but have taken no serious steps to introduce one. The closest we’ve come on a global scale is with the International Counter Ransomware Initiative’s (CRI) pledge to refuse ransom payments, but without any private sector implications, it means fairly little.

Despite it being a solution that would almost certainly deliver the desired outcome in the long term, the short-term consequences of banning ransom payments would likely be dire. The organizations hit with ransomware in the first months, years, or however long it takes for ransomware gangs to abandon their craft, after such a law’s enactment will have their futures jeopardized. There is also the genuine possibility that the hard work infosec has done to promote a culture of transparency is wholly undone. Attacks could once again be hidden from the public and authorities, and payments continue to flow, but more quietly.

Another approach is to outlaw poor security practices. The idea is that organizations which leave themselves open to targeting by cybercriminals ensure there are always individuals willing to exploit them, perpetuating the issue.

Neither this approach, nor one that involves a ban on payments, is actually ideal or even productive when we consider potential victims like hospitals. These types of underfunded institutions that provide critical services cannot afford any downtime, let alone a SOC staffed with world-class talent. When they get hit, the only priority is to get systems back online so people don’t die. Do we punish the overstretched hospital IT teams here?

An area to explore further is placing greater responsibilities on organizations involved in the trading of cryptocurrencies to disrupt the flow of funds to known cybercrime rings. It’s one of the intentions of the CRI and can already be seen in action today. 

The UK’s Financial Conduct Authority (FCA), for example, already has the power to audit crypto firms, like exchanges, for anti-money laundering (AML) and terrorist procedures. Part of the CRI’s pledge is to also implement the Financial Action Task Force (FATF)’s Recommendation 15, which essentially stipulates that similar checks should be carried out at the government level across all 50 of its members.

However, given that I’ve been requesting briefings with the FCA to discuss this very matter, and its plans to stem the flow of illicit funds, for months now, only for it to ignore every contact, I have little confidence this is considered a priority at the regulatory level.

Ensuring the legislative approach that’s taken is both effective and doesn’t threaten the futures of organizations is going to be a difficult task. What’s incontrovertible though is that legislation is required in some capacity.

What we have seen in the past year though is Western governments’ willingness to keep fighting and refusal to back down against the threat. The concrete action of LE in 2023 not only delivers admirable disruption to cybercrime but serves as a constant reminder that ransomware will never be accepted, even though it has become somewhat normalized.

It’s a precarious road ahead but here’s hoping 2024 builds on the progress of 2023. ®

Original Post URL: https://go.theregister.com/feed/www.theregister.com/2024/01/04/feds_stole_the_ransomware_limelight/

Category & Tags: –

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

NIST
Digital Forensics and Incident Response (DFIR) Framework for Operational Technology (OT) by NIST – Eran Salfati and Michael Pease
Digital Forensics and Incident Response...
SALT
State of the CISO – a global report on priorities , pain points, and security gaps 2023 by SALT
State of the CISO –...
Nathalie Cole
How Much 10 Companies Paid Their Virtual CISO Service in 2022 Benchmark by Nathaniel Cole
How Much 10 Companies Paid...
Codrut Andrei
Secure Software Development Lifecycle Fundamentals by Codrut Andrei
Secure Software Development Lifecycle Fundamentals...
Tushar Subhra Dutta
Top 10 Cyber Attack Maps to See Digital Threats 2022 by Tushar Subhra Dutta – Cyber Security News.
Top 10 Cyber Attack Maps...
ACSC Australia
Personal Cyber Security First Steps by Australian Government – ACSC
Personal Cyber Security First Steps...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...
Forrester - Allie Mellen
Adapt Or Die: XDR Is On A Collision Course With SIEM And SOAR – EDR Is Dead, Long Live XDR by Allie Mellen – Forrester
Adapt Or Die: XDR Is...
CYBER LEADERSHIP INTITUTE
CISO PLAYBOOK: FIRST 100 DAYS Setting the CISO up for success
CISO PLAYBOOK: FIRST 100 DAYS...

LASTEST PUBLISHED POSTS

National Security Agency
CSI Cloud Top10 Key Management
CSI Cloud Top10 Key Management
CSA Cloud Security Alliance
Defining the Zero TrustProtect Surface
Defining the Zero TrustProtect Surface
HANIM EKEN
CONTAINER SECURITY INTERVIEW QUESTIONS ANSWERS
CONTAINER SECURITY INTERVIEW QUESTIONS ANSWERS
CNIL
PRACTICE GUIDE GDPR – SECURITY OF PERSONAL DATA Version 2024
PRACTICE GUIDE GDPR – SECURITY...
PWNED LABS
Cloud Security Engineer Roadmap
Cloud Security Engineer Roadmap
tutorialspoint.com
Cloud Computing Tutorial Simply Easy Learning
Cloud Computing Tutorial Simply Easy...
SMITHA SRIHARSHA
CISSP Preparation Notes
CISSP Preparation Notes
CISSP Mind Map: All Domains
CISSP Mind Map: All Domains
Lansweeper
CIS 18 CRITICAL SECURITY CONTROLS CHECKLIST
CIS 18 CRITICAL SECURITY CONTROLS...
Semaphore
CI-CD with Docker and Kubernetes
CI-CD with Docker and Kubernetes
EC-MSP
BUSINESS CONTINUITY PLAN & DISASTER RECOVERY PLAN TEMPLATE
BUSINESS CONTINUITY PLAN & DISASTER...
PWC
Building a risk-resilient organisation
Building a risk-resilient organisation

More Latest Published Posts

40 under 40
40 under 40 in CyberSecurity 2024
40 under 40 in CyberSecurity 2024
HADESS
40 Days in DeepDark Web About Crypto Scam
40 Days in DeepDark Web About Crypto Scam
Everbridge
8 Principles of Supply Chain Risk Management
8 Principles of Supply Chain Risk Management
CHAOSSEARCH
Threat Hunter’s Handbook – Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment
Threat Hunter’s Handbook – Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment
ENDGAME
The Hunters Handbook Endgame’s Guide to Adversary Hunting
The Hunters Handbook Endgame’s Guide to Adversary Hunting
THE EU’S MOST THREATENING by EUROPOL
THE EU’S MOST THREATENING by EUROPOL
National Cyber Security Centre
Responding to a cyber incident – a guide for CEOs
Responding to a cyber incident – a guide for CEOs
IGNITE Technologies
CREDENTIAL DUMPING
CREDENTIAL DUMPING
HADESS
Pwning the Domain Lateral Movement
Pwning the Domain Lateral Movement
Jorgen Lanesskog
PING Basic IP Network Troubleshooting
PING Basic IP Network Troubleshooting
TELESOFT
Layer 7 Visibility What are the Benefits?
Layer 7 Visibility What are the Benefits?
TIGERA
Introduction to Kubernetes Networking and Security
Introduction to Kubernetes Networking and Security
Department of Defense's (DoD)
Defense Industrial Base Cybersecurity Strategy 2024
Defense Industrial Base Cybersecurity Strategy 2024
Dummies
Zero Trust Access for Dummies Fortinet
Zero Trust Access for Dummies Fortinet
Homeland Security
Zero Trust Implementation Strategy
Zero Trust Implementation Strategy
National Australia Bank Limited
Your Business and Cyber Security
Your Business and Cyber Security
CYFIRMA
Xeno RAT- A New Remote Access Trojan
Xeno RAT- A New Remote Access Trojan
IGNITE Technologies
Windows Persistence COM Hijacking MITRE T1546 015
Windows Persistence COM Hijacking MITRE T1546 015
IGNITE Technologies
Windows Exploitation Rundll32
Windows Exploitation Rundll32
IGNITE Technologies
Windows Exploitation Msbuild
Windows Exploitation Msbuild
HADESS
Web LLM Attacks
Web LLM Attacks
HADESS
Trended Protocols for Security Stuff
Trended Protocols for Security Stuff
Red Iberoamericana de Protección de Datos
Transferencia Internacional de Datos Personales – Guia de Implementación
Transferencia Internacional de Datos Personales – Guia de Implementación
CYFIRMA
TRACKING RANSOMWARE January 2024
TRACKING RANSOMWARE January 2024
https://www.linkedin.com/in/harunseker/
TOP Cyber Attacks Detected by SIEM Solutions
TOP Cyber Attacks Detected by SIEM Solutions
TRAVARSA
Top 100 Cyber Threats and Solutions 2024
Top 100 Cyber Threats and Solutions 2024
Top 50 Cybersecurity Threats
Top 50 Cybersecurity Threats
OWASP
Top 10 Considerations for Incident Response
Top 10 Considerations for Incident Response