At a glance.
- A joint warning about Conti ransomware.
- Calls for an assertive response to ransomware gangs.
- The commercial sector is quick to pivot in response to regulatory action.
CISA issues a warning about Conti ransomware.
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a new warning (with the FBI and NSA) against Conti ransomware. Conti will exploit common vulnerabilities to gain access to its targets, but most of its infestations can be traced to some variety of social engineering. CISA and its partners in the FBI and NSA recommend certain familiar best practices as mitigations. That they're familiar doesn't mean they aren't valuable, and worth any organization's consideration.
Robert Golladay, EMEA and APAC Director at Illusive, wrote about the unsurprising rise of Conti:
“The escalation in Conti ransomware attacks isn’t surprising. We continue to see it distributed through TrickBot infections. Threat-actors are constantly stepping up their game and improving their tools to increase their success rate. And then sharing what works - they effectively operate a ‘GitHub’ for attackers, sharing code once they've been successful with a technique. Once an attacker is in the network, which inevitably will happen, it won’t take them long to move laterally to target ‘crown jewels.’ At this point it’s too late for companies to save their valuable data and assets. Along with implementing zero-trust, network segmentation and updating operating systems and software, companies should be deploying an ‘Active Defense,’ including deception technology, to catch attackers moving across the network. Any ‘undetected’ movement through the systems will be caught and stopped mid-tracks. This is the most secure way to keep company assets protected and prevent any large scale attacks.”
Calls for an assertive response to ransomware.
Silverado Policy Accelerator Chairman Dmitri Alperovich writes in the New York Times that the Biden Administration should bolster its offensive strategy against cybercriminals and their host countries. Modeled after the US’ 2015 Task Force ARES campaign against ISIS, which weaponized disinformation and disrupted the threat actors’ digital assets, such a strategy should go after gangs’ personnel, servers, crypto wallets, code, and data. Ramped up sanctions, digital currency regulations, and enforcement action could seal the deal—without much risk of escalation, if history is instructive.
With its thousands of operatives and billions of dollars, Alperovich tells MSNBC, CyberCom has more than sufficient capacity to take on criminals, but traditionally directs its attention towards terrorists and countries. Since hoods are now setting the rules of the road, and asking President Putin “nicely” to intervene didn’t bear fruit, Alperovich thinks it’s “long past time to take matters into our own hands.”
Regulatory action and commercial response.
Industry response to regulatory moves can be surprisingly swift. Before the ink on the US Treasury Department’s SUEX sanctions dried, ransomware remediation firm BreachQuest began advertising the legal exposure angle of its anti-ransomware solutions, PR Newswire reports. BreachQuest wards off fines by helping organizations find and mitigate system vulnerabilities and compliance shortfalls, and generally mature their cybersecurity strategies.
BreachQuest co-founder Jake Williams calls Treasury’s advisory “a final warning for companies to get their security operations in order," on the knowledge that most attacks are “trivially preventable” and sloppy security begets more breaches. “With this new advisory,” he explains, “organizations may lose the ability to pay attackers to recover, making it even more critical that they do what they can now.”