While Russians and Chinese make little attempt to cover their broad forays into military-backed cyber-attacks the Israelis and Americans make their cyber intentions clear albeit presented in more nuanced terms. All the while, European players sit under the radar, biding their time between the next cyber defense and a strategic cyber intervention on par with their better publicized cyber advisories.
What all these players have in common is a unifying desire to weaponize cyber to meet their strategic and geopolitical ends. Bringing these strange bedfellows even closer are their increasingly common methods of attack: Ransomware.
Why Ransomware?
With its broad accessibility on the dark web and nearly limitless financial gain potential the reasons for ransomware’s rise begin to come into focus. Compound the cloak of secrecy provided by the blockchain and cryptocurrency and it’s no surprise that ransomware has become the cyber tool of choice to devastate businesses, local governments, and individuals.
By better defining the relationship between ransomware attacks and state-sponsored cyber campaigns, this article intends to highlight the motivations of nation-states to utilize ransomware and identify what factors have enabled ransomware to dominate the headlines and bottom lines of organizations across the globe.
Where are the threats coming from?
Research from the Council on Foreign Relations indicates that “since 2005, thirty-three countries are suspected of sponsoring cyber operations. China, Russia, Iran, and North Korea sponsored 77 percent of all suspected operations. In 2019, there were a total of seventy-six operations, most [considered] acts of espionage.”
Driven by deep pockets and complex strategic aims, state-sponsored hacker networks pose a significant risk. Guided as much by political as economic motivation, state-sponsored cyberattacks have caused untold damage to critical infrastructure and data.
While hacker networks of the past may have focused their efforts on getting a quick buck, today’s military-backed cyber warriors target medical infrastructure to hijack Covid-19 vaccine data or attempt to contaminate national water supplies.
Cost of Ransomware attacks?
Recent research by Cybersecurity Ventures indicates that cybercrime costs “will grow by 15 percent per year to reach US$10.5 trillion by 2025: the third greatest “economy” in the world, after those of the U.S. and China. A big part of this is ransomware, multi-pronged attacks capturing an organization’s data and systems. Since the start of the pandemic, ransomware attacks have increased by nearly 500 percent since the start of the COVID-19 pandemic.”
It’s hard to argue with the sheer gains that have been extorted from local governments and enterprises. Cybercriminals are like bees drawn to honey. And in this case, the sweet payoff (The average ransom payment has risen 43 percent from the last quarter of 2020 to an average of over US$200,000) is often too much to resist.
Streamlining the process, a growing number of organizations, such as the Dark Side, REvil, and others, have franchised their ransomware-as-a-service (RaaS) across the dark web. In this scenario, the would-be attackers are responsible for penetrating the organizations, while the RaaS provider takes over the encryption tools, communications, ransom collection process.
What role does the military play in ransomware attacks?
From assisting non-state actors and originating attacks to reaping the spoils of ill-gotten gain, illicit cyber players and military elites can often come toe-to-toe in the battle for cyber supremacy.
Increasingly, militaries are being tasked with defending national infrastructure and responding with brute force when their domestic populations have been held, hostage to cyber-attacks. There is no way around it. Militaries are egregiously intertwined with the entire ransomware ecosystem from point of contact to final response.
Does the scale of devastation attacks merit military intervention?
FBI Director Christopher Wray thinks that cyber risks are as real as traditional military ones. Wray suggests that the threat of cybercrime presents “a lot of parallels to the threat of terrorism before 9/11, and the [Biden] administration [is] looking at ‘all of the options’ to defend the US against ransomware criminals.”
In practice, the increase of ransomware attacks is reflective of broader trends in which “States are intentionally leaking cyber weaponry to hacker groups, with the anonymity provided by the web ensuring the perfect smokescreen for their actions. As a result, military-grade cyber weapons are increasingly percolating down to the online underworld, giving even the most amateur hackers access to devastating cyber weaponry with the capability to inflict WannaCry level damage.”
How can governments, businesses, and individuals protect against the threat of ransomware?
The threat of ransomware is here to stay. While cybercriminals and state-sponsored cyber warriors will continue to use ransomware to rain devastation down from the heavens, some tangible steps can be taken to mitigate the risk.
- Demand industry-standard security across the supply chain.
You’re only as strong as your weakest link. In cybersecurity, this means every partner, software vendor, and distributor must institute best practices to protect the entire ecosystem from cyber risk.
- Encourage an ‘ask-before-you-click’
Hackers are becoming more sophisticated by the day. As a result, employees and individuals must more carefully evaluate suspicious emails and contact IT teams whenever they have been breached. By publicizing cyber-attacks or suspicious content IT teams can better protect the entire team from threats.
- Create a cyber resilience strategy
A good defense is the best offense. What is true in sports and war also proves effective in building cybersecurity. Rather than waiting for the next cataclysmic attack to damage reputation and secure data organizations must build a cybersecurity culture. Cyber resilience comes as the result of instituting technical solutions and practical policies to stop cyber risk.
- Expand cybersecurity education programs.
Human error is far and away the leading cause of cyber-attacks. According to a recent IBM study, “human error was a major contributing cause in 95% of all breaches.” By creating better informed and cyber aware users, businesses, and government agencies alike are better prepared to prevent avoidable cyber risk.
This article was originally published in The H4unt3d Hacker Newsletter Vol II