The Effective Answer to the Ransomware Pandemic in 2021
On March 10 2021, the UN General Assembly held a conference where the field of information and telecommunications in the context of international security was discussed as it became highly relevant in spite of the recent supply chain attack on SolarWinds and breaches of Microsoft Exchange as well as the changing threat landscape caused by the coronavirus pandemic. In this publication, we would like to discuss the key ideas proposed by the United Nations in the area of cybersecurity that were denoted in the newly published report.
The main purpose of the conference was to discuss information and communications technologies (ICTs) in the context of its positive influences on peace, security, human rights and developments on one hand, and also negative aspects such as their malicious use by governments and cyber criminals. ICTs should be protected through the improved international law, confidence-building measures (CBMs), capacity building, and international cooperation.
Evolving Threat Landscape in the COVID-19 Era
Another related problem is the COVID-19 pandemic that continues its march around the world affecting the usual way of life, killing people and undermining the economy. Due to the pandemic, corporations saw a 605% increase in potential vulnerability of remote devices in Q2 2020. The amount of cyber attacks again increased by 240% in Q3 and 114% in Q4. Trend Micro cybersecurity firm estimates that attacks on home networks in 2021 grew by 210% to nearly 2.9 billion affecting about 15.5% of routers. 73% of these attacks used brute force technique to gain control over routers or smart home appliances.
COVID-19 also became the popular topic of phishing scams during 2020. For example, the government of North Rhine-Westphalia, a province in western Germany, is believed to have lost up to one hundred million of euros as a result of a phishing attack on a website created for distributing coronavirus aid funding. NRW officials reported that up to 4,000 fake requests have been granted that resulted in $109 million mistakenly sent to scammers.
Navigating the Recent Ransomware Incidents
According to the statistics collected by the anti-malware firm Emsisoft, 113 governments and agencies, 560 healthcare facilities, and 1,681 schools, colleges, and universities have been affected by another dangerous threat – ransomware – during the past year in the US.
Garmin WastedLocker Ransomware Attack
On July 23, 2020, Garmin, a well-known US-based GPS and fitness-tracker manufacturer, was attacked with WastedLocker ransomware that led to shutting down the company’s cloud-based services and, as a result, affected millions of users who use Garmin’s devices in their everyday life. WastedLocker is allegedly operated by the Evil Corp group headed by a famous Russian hacker Maksim Yakubets, who is known to be connected to the Zeus and Dridex campaigns. The FBI offers a reward of up to $5 million for information leading to his arrest. The criminals have managed to successfully attack at least 31 US-based corporations since May 2020, including Garmin. According to unconfirmed information, the attackers initially asked for $10 million as a ransom. A few days later, Garmin somehow obtained a decryptor and got Garmin Connect back up and running on July 27, according to their official Twitter account.
Canon Maze Ransomware Attack
On July 30, 2020, Canon was attacked using Maze ransomware affecting internal applications, email servers, Microsoft Teams, and their US website. For six days the image cloud service was inaccessible until the problem was resolved on August 4. Canon released a message saying it was investigating the situation, but failed to admit that a Maze ransomware attack caused the outage.
The archive with 5% of stolen data has been published by criminals at the Maze ransomware data leak site.
Düsseldorf University Hospital DopplePaymer Ransomware Attack
On September 9, 2020, the Düsseldorf University Hospital in Germany was attacked by criminals using DopplePaymer ransomware, making IT systems inoperable at night. As a result, one woman died as she was sent to another hospital 20 miles away. As it turned out, the criminals targeted the nearby university and stopped the attack after the police informed them that they hit the medical facility.
On March 9, 2021, the attackers used the recently discovered zero-day vulnerabilities in Microsoft Exchange to install DearCry ransomware in corporate networks that we have recently written about.
Ransomware Attacks Targeting Critical Infrastructure
It is worth also noting the outstanding cyber attacks that affected critical infrastructure in the past such as Stuxnet, BlackEnergy, LockerGoga, and NotPetya malware. These attacks pursued two goals: extortion and IT/OT infrastructure disruption. In case of extortion cyber attacks, the attackers can demand the ransom payments up to $50 million in exchange for a decryptor that unlocks IT systems.
Acting against COVID-19 ‘Infodemic’
To address the ICT threats, the UN established The Open-ended Working group (OEWG), pursuant to General Assembly resolution 73/27 that had the goal to create groups of government experts (GGFs) to investigate existing and potential threats in the information security sphere.
Government Behavior Guidelines
The first thing that was noticed was the existence of rules, norms and principles for responsible state behaviour. It provides additional specific guidance on what constitutes responsible government behavior in the use of ICTs. The main challenge here is to achieve end-user confidence in the security of ICT products, prevent the spread of malware and the use of malicious hidden functions in case of supply-chain attacks, and lastly, to encourage responsible reporting of vulnerabilities.
The principles of international law can help to regulate international relations in cyberspace. So far, the largest cyber attacks were aimed not only at the personal data of ordinary users, but at government services, law enforcement agencies, and big enterprises such as the well-known supply-chain attack that helped the attackers, supposedly Russian state-sponsored APT29 group, to get into more than 200 organizations in the US including FireEye and Microsoft through the backdoors embedded into SolarWinds Orion Platform . Exchanging views on improving ICTs in terms of capacity building in international law as well as national legislation and policy will also help to control the situation.
Confidence-building Measures (CBMs)
The next issue mentioned in the report is confidence-building measures (CBMs). CBMs include transparency, cooperative, stability and are a concrete expression of international cooperation. They are needed to prevent emotional instability and misunderstandings, but the main thing is CBMs can strengthen the overall security, resilience and peaceful use of ICTs. At the meeting it was noted that the OEWGs are in itself a confidence-building tool, as participants share views on perceptions of cyber threats and vulnerabilities.
Computer Emergency Response Teams (CERTs)
The OEWGs stated that building adequate resources and capacities such as national Computer Emergency Response Teams (CERTs)  are essential to ensure that CBMs can be used for their intended purpose. Computer Incident Response Teams (CIRTs) or Computer Security Incident Response Teams (CSIRTs) are groups of technical cybersecurity professionals who aid large organizations, such as enterprises, governments, or entire nations in preventing, detecting, responding to and recovering from cybersecurity incidents. It helps create a peaceful international environment, eliminate mistrust and expand additional agreements in the future.
Capacity-building and regular institutional dialogue
Capacity-building and regular institutional dialogue are two factors that also affect ICTs from a security perspective according to the UN. Three principles for capacity-building were mentioned in the report: purpose and process, partnership, and people. The UN members should pay attention to the development of national cyber security strategies, access to relevant technologies, supporting CERTs, and establish specialized training such as “training the trainer” programs and professional certifications.
The regular institutional dialogue is also an important part of improving international security that helps to share information about ongoing cyber attacks and preferable mitigation techniques in terms of threat intelligence.
The Battle Against Ransomware
To sum up, the UN emphasized the raised concern from governments regarding the malicious use of ICT, including critical infrastructure not only by criminal cyber gangs but also by nation-state actors who use ICT for military purposes. And this affects international peace, security, and human rights in spite of the growing trend of digitalization in the world.
The UN also concluded that a lack of security awareness and adequate capacities in detecting and responding to malicious ICT activities may lead to an increase in the number of cyber attacks that can be amplified in times during the crisis period such as COVID-19 pandemic when many have been forced to move to the distance way of working. The rise of targeted ransomware attacks can support this assumption, for instance.
In the absence of all these measures, countries cannot avoid the growth of cyber threats that arise due to vulnerabilities and the lack of awareness of the states about the situation with their ICTs. Only for the last year, according to McAfee the number of Powershell threats have grown by 208%; new malware samples – by 10%, averaging 648 new threats per minute; the number of new ransomware samples have increased by 69%; mobile malware – by 118%. McAfee observes 3.1 million external attacks on cloud user accounts and it is only one of many areas of concern .
Therefore, it is essential for both organizations and individuals to take measures to protect their data on local devices as well as in the cloud against the modern types of threats such as ransomware, phishing, and rouge applications that can be turned into backdoors some day. The governments should respond to this through developing cyber insurance, privacy, and risk management strategies.
Defending against Ransomware
As Ransomware continues to evolve with Ransomware attacks on businesses and government organizations have been skyrocketing, it is wise to remember that an ounce of prevention is worth a pound of cure.
Proactively helping companies assess and understand their overall cyber risk as of recently, Spin.ai has released new features that help to protect and enhance the capabilities and protection offered to your cloud SaaS environment. What are these?
Spin.ai cloud SaaS cybersecurity and ransomware protection new features
- Billing: Archive licenses for Google Workspace
- New Blocklist/Allowlist features for Third-party apps protection
- Storage protection location based on each Google Workspace OU
- New Custom storage for backups
- New UI changes in Microsoft Office 365
- Improved slack notifications
- More ransomware variations and file modifications introduced.