The Effective Answer to the Ransomware Pandemic in 2021
On March 10, 2021, the UN General Assembly held a conference where the field of information and telecommunications in the context of international security was discussed as it became highly relevant despite the recent supply chain attack on SolarWinds and breaches of Microsoft Exchange as well as the changing threat landscape caused by the coronavirus pandemic. In this publication, we would like to discuss the key ideas proposed by the United Nations in cybersecurity denoted in the newly published report.
The main purpose of the conference was to discuss information and communications technologies (ICTs) in the context of their positive influences on peace, security, human rights, and developments on the one hand, and also negative aspects such as their malicious use by governments and cybercriminals. ICTs should be protected through improved international law, confidence-building measures (CBMs), capacity building, and international cooperation.
Evolving Threat Landscape in the COVID-19 Era
Another related problem is the COVID-19 pandemic that continues its march around the world, affecting the usual way of life, killing people, and undermining the economy. Due to the pandemic, corporations saw a 605% increase in the potential vulnerability of remote devices in Q2 2020. The number of cyberattacks again increased by 240% in Q3 and 114% in Q4. Trend Micro cybersecurity firm estimates that attacks on home networks in 2021 grew by 210% to nearly 2.9 billion, affecting about 15.5% of routers. 73% of these attacks used brute force techniques to gain control over routers or smart home appliances.
COVID-19 also became the popular topic of phishing scams during 2020. For example, the government of North Rhine-Westphalia, a province in western Germany, is believed to have lost up to one hundred million euros due to a phishing attack on a website created for distributing coronavirus aid funding. NRW officials reported that up to 4,000 fake requests had been granted that resulted in $109 million mistakenly sent to scammers.
Navigating the Recent Ransomware Incidents
According to the statistics collected by the anti-malware firm Emsisoft, 113 governments and agencies, 560 healthcare facilities, and 1,681 schools, colleges, and universities have been affected by another dangerous threat – ransomware – during the past year in the US.
Garmin WastedLocker Ransomware Attack
On July 23, 2020, Garmin, a well-known US-based GPS and fitness-tracker manufacturer, was attacked with WastedLocker ransomware that led to shutting down the company’s cloud-based services and, as a result, affected millions of users who use Garmin’s devices in their everyday life. WastedLocker is allegedly operated by the Evil Corp group headed by a famous Russian hacker Maksim Yakubets, who is connected to the Zeus and Dridex campaigns. The FBI offers a reward of up to $5 million for information leading to his arrest. The criminals have managed to successfully attack at least 31 US-based corporations since May 2020, including Garmin. According to unconfirmed information, the attackers initially asked for $10 million as a ransom. A few days later, Garmin somehow obtained a decryptor and got Garmin Connect back up and running on July 27, according to their official Twitter account.
Canon Maze Ransomware Attack
On July 30, 2020, Canon was attacked using Maze ransomware, affecting internal applications, email servers, Microsoft Teams, and their US website. For six days, the image cloud service was inaccessible until the problem was resolved on August 4. Canon released a message saying it was investigating the situation but failed to admit that a Maze ransomware attack caused the outage.
The archive with 5% of stolen data has been published by criminals at the Maze ransomware data leak site.
Düsseldorf University Hospital DopplePaymer Ransomware Attack
On September 9, 2020, the Düsseldorf University Hospital in Germany was attacked by criminals using DopplePaymer ransomware, making IT systems inoperable at night. As a result, one woman died as she was sent to another hospital 20 miles away. As it turned out, the criminals targeted the nearby university and stopped the attack after the police informed them that they hit the medical facility.
On March 9, 2021, the attackers used the recently discovered zero-day vulnerabilities in Microsoft Exchange to install DearCry ransomware in corporate networks that we have recently written about.
Ransomware Attacks Targeting Critical Infrastructure
It is worth noting the outstanding cyber attacks that affected critical infrastructure in the past, such as Stuxnet, BlackEnergy, LockerGoga, and NotPetya malware. These attacks pursued two goals: extortion and IT/OT infrastructure disruption. In extortion cyber attacks, the attackers can demand ransom payments up to $50 million in exchange for a decryptor that unlocks IT systems.
Acting against COVID-19 ‘Infodemic’
To address the ICT threats, the UN established The Open-ended Working group (OEWG), according to General Assembly resolution 73/27 that had the goal to create groups of government experts (GGFs) to investigate existing and potential threats in the information security sphere.
Government Behavior Guidelines
The first thing that was noticed was rules, norms, and principles for responsible state behavior. It provides additional specific guidance on what constitutes responsible government behavior in the use of ICTs. The main challenge here is to achieve end-user confidence in the security of ICT products, prevent the spread of malware and the use of malicious hidden functions in case of supply-chain attacks, and lastly, to encourage responsible reporting of vulnerabilities.
The principles of international law can help to regulate international relations in cyberspace. So far, the largest cyber attacks were aimed not only at the personal data of ordinary users but at government services, law enforcement agencies, and big enterprises such as the well-known supply-chain attack that helped the attackers, supposedly Russian state-sponsored APT29 group, to get into more than 200 organizations in the US including FireEye and Microsoft through the backdoors embedded into SolarWinds Orion Platform . Exchanging views on improving ICTs in terms of capacity building in international law as well as national legislation and policy will also help to control the situation.
Confidence-building Measures (CBMs)
The next issue mentioned in the report is confidence-building measures (CBMs). CBMs include transparency, cooperation, stability and are a concrete expression of international cooperation. They are needed to prevent emotional instability and misunderstandings, but the main thing is CBMs can strengthen the overall security, resilience, and peaceful use of ICTs. At the meeting, it was noted that the OEWGs is a confidence-building tool, as participants share views on perceptions of cyber threats and vulnerabilities.
Computer Emergency Response Teams (CERTs)
The OEWGs stated that building adequate resources and capacities such as national Computer Emergency Response Teams (CERTs)  are essential to ensure that CBMs can be used for their intended purpose. Computer Incident Response Teams (CIRTs) or Computer Security Incident Response Teams (CSIRTs) are technical cybersecurity professionals who aid large organizations, such as enterprises, governments, or entire nations in preventing, detecting, responding to, and recovering from cybersecurity incidents. It helps create a peaceful international environment, eliminate mistrust and expand additional agreements in the future.
Capacity-building and regular institutional dialogue
Capacity-building and regular institutional dialogue are two factors that also affect ICTs from a security perspective, according to the UN. Three principles for capacity-building were mentioned in the report: purpose and process, partnership, and people. The UN members should pay attention to developing national cyber security strategies, access to relevant technologies, supporting CERTs, and establish specialized training such as “training the trainer” programs and professional certifications.
The regular institutional dialogue is also an important part of improving international security that helps share information about ongoing cyberattacks and preferable mitigation techniques in threat intelligence.
The Battle Against Ransomware
To sum up, the UN emphasized the raised concern from governments regarding the malicious use of ICT, including critical infrastructure not only by criminal cyber gangs but also by nation-state actors who use ICT for military purposes. And this affects international peace, security, and human rights despite the growing trend of digitalization in the world.
The UN also concluded that a lack of security awareness and adequate capacities in detecting and responding to malicious ICT activities might lead to an increase in the number of cyber attacks that can be amplified in times during the crisis period such as the COVID-19 pandemic when many have been forced to move to the distance way of working. The rise of targeted ransomware attacks can support this assumption, for instance.
In the absence of all these measures, countries cannot avoid the growth of cyber threats that arise due to vulnerabilities and the lack of awareness of the states about the situation with their ICTs. Only for the last year, according to McAfee, the number of Powershell threats have grown by 208%; new malware samples – by 10%, averaging 648 new threats per minute; the number of new ransomware samples has increased by 69%; mobile malware – by 118%. McAfee observes 3.1 million external attacks on cloud user accounts, which is only one of many areas of concern .
Therefore, both organizations and individuals need to take measures to protect their data on local devices and in the cloud against the modern types of threats such as ransomware, phishing, and rogue applications that can be turned into backdoors someday. The governments should respond to this by developing cyber insurance, privacy, and risk management strategies.
Defending against Ransomware
As Ransomware continues to evolve, with Ransomware attacks on businesses and government organizations have been skyrocketing, it is wise to remember that an ounce of prevention is worth a pound of cure.
Proactively helping companies assess and understand their overall cyber risk as of recently, Spin.ai has released new features that help to protect and enhance the capabilities and protection offered to your cloud SaaS environment. What are these?
Spin.ai cloud SaaS cybersecurity and ransomware protection new features
- Billing: Archive licenses for Google Workspace
- New Blocklist/Allowlist features for Third-party apps protection
- Storage protection location based on each Google Workspace OU
- New Custom storage for backups
- New UI changes in Microsoft Office 365
- Improved slack notifications
- More ransomware variations and file modifications were introduced.
Ideas to improve your cybersecurity leadership
- Alarming Ransomware Facts & Stats You Need to Know in 2021
- SecOps Management: Challenges and Best Practices 2021
- SaaS Security Governance & Compliance | CISO Guide
- Why Microsoft Native Cloud Security Capabilities Aren’t Enough
- SaaS Security Management: A CISO Guide
- Ransomware – CISO’s worst nightmare: Detect, Block, Prevent