US The next big cyberthreat isn't ransomware. It's killware. And it's just as bad as it sounds.
NSA director expects to be facing ransomware attacks 'every single day' in five years
National Security Agency (NSA) Director Paul Nakasone predicted Tuesday that the rate of ransomware attacks will not slow down in the next five years, and said efforts to counter those threats must remain constant as well. "Every single day," Nakasone said when asked how often the U.S. would face ransomware attacks in five years, during a conversation at cybersecurity firm Mandiant's Cyber Defense Summit Tuesday. "We are persistently engaged,"Every single day," Nakasone said when asked how often the U.S. would face ransomware attacks in five years, during a conversation at cybersecurity firm Mandiant's Cyber Defense Summit Tuesday.
Even as most Americans are still learning about the hacking-for-cash crime of ransomware, the nation’s top homeland security official is worried about an even more dire digital danger: killware, or cyberattacks that can literally end lives.
The Colonial Pipeline ransomware attack in April galvanized the public’s attention because of its consumer-related complications, including long lines at gas stations, Homeland Security Secretary Alejandro Mayorkas said in an interview with USA TODAY's Editorial Board last week.
But, "there was a cyber incident that very fortunately did not succeed," he added. "And that is an attempted hack of a water treatment facility in Florida, and the fact that that attack was not for financial gain but rather purely to do harm.”
Democrats urge federal agencies to address use of cryptocurrencies for ransomware payments
A group of Democrats on Friday urged the Biden administration to do more to confront the growing use of cryptocurrency markets in ransomware attacks, which have become an increasing national security threat over the past year. Sens. Ed Markey (D-Mass.), Sheldon Whitehouse (D-R.I.), and Reps. Jim Langevin (D-R.I.) and Ted Lieu (D-Calif.) sent a letter to the leaders of the Homeland Security, Justice, State and Treasury departments on Friday asking them to pursue "stronger coordination" between the agencies on the issue of cryptocurrency.
That attack on the Oldsmar, Florida, water system in February was intended to distribute contaminated water to residents "and that should have gripped our entire country,” Mayorkas said.
It’s no surprise that it didn’t. USA TODAY and others reported on that hack, but it came amid a flurry of reports of other, bigger cyberattacks such asof U.S. government agencies, technology firms like Microsoft and cybersecurity companies. .
But Mayorkas and other cybersecurity experts say the Oldsmar intrusion was just one of many indications that malicious hackers increasingly are targeting critical parts of the nation's infrastructure – everything from hospitals and water supplies to banks, police departments and transportation – in ways that could injure or even kill people.
US talks global cybersecurity without a key player: Russia
WASHINGTON (AP) — Amid an epidemic of ransomware attacks, the U.S. is sitting down to talk cybersecurity strategy this week with 30 countries while leaving out one key player: Russia. The country that, unwittingly or not, hosts many of the criminal syndicates behind ransomware attacks was not invited to a two-day meeting starting Wednesday to develop new strategies to counter the threat. The virtual discussions will focus in part on efforts to disrupt and prosecute ransomware networks like the one that attacked a major U.S. pipeline company in May, a senior administration official said.
“The attempted hack of this water treatment facility in February 2021 demonstrated the grave risks that malicious cyber activity pose to public health and safety," Mayorkas told USA TODAY in a follow-up exchange. "The attacks are increasing in frequency and gravity, and cybersecurity must be a priority for all of us.”
Like Mayorkas, private-sector computer security experts recently have begun issuing warnings that so-called cyber-physical security incidents involving a wide range of critical national infrastructure targets could potentially lead to loss of life. Those include oil and gas manufacturing and other elements of the energy sector, as well as water and chemical systems, transportation and aviation and dams.
And with the rise of consumer-based products like smart thermostats and autonomous vehicles, Americans are now living in a “ubiquitous Cyber-Physical Systems world” that has become a potential minefield of threats, said Wam Voster, senior research director at the security firm Gartner Inc.
Hillicon Valley — Presented by LookingGlass — Congress makes technology policy moves
Today is Thursday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.Thursday was a busy day for Capitol Hill technology policy after a relatively quiet handful of months. First, a surprisingly large group of senators from both sides of the aisle got together to announce that a self-preferencing bill is coming next week. Next, the top four Democrats on the House Energy and Commerce committee introduced their proposal to go after "malicious" algorithms by amending everyone's favorite 26 words, Section 230 of the Communications Decency Act.
Init was seeing enough evidence of increasingly debilitating and dangerous attacks that by 2025, “cyber attackers will have weaponized operational technology environments to successfully harm or kill humans.”
“The attack on the Oldsmar water treatment facility shows that security attacks on operational technology are,” Voster wrote in an accompanying article.
Another example, Voster wrote, was the Triton malware that was first identified in December 2017 on the operational technology systems of a petrochemical facility. It was designed to disable the safety systems put in place to shut down the plant in case of a hazardous event.
“If the malware had been effective, then loss of life was highly likely,” Voster wrote. “It is not unreasonable to assume that this was an intended result. Hence ‘malware’ has now entered the realm of ‘killware.'"
A frightening target: Hospitals
So far, few incidents have come to light in which hackers succeeded in shutting down parts of the nation’s critical infrastructure in ways that might have contributed to someone’s death or serious injury.
Agencies say agriculture groups being targeted by BlackMatter ransomware
A trio of federal agencies on Monday sounded the alarm about critical infrastructure groups, particularly agricultural organizations, being targeted by a prolific ransomware group.The FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) put out a joint advisory warning of targeting by "BlackMatter ransomware," connecting the group to previous attacks this year. "Since July 2021, BlackMatterThe FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) put out a joint advisory warning of targeting by "BlackMatter ransomware," connecting the group to previous attacks this year.
However, U.S. officials are especially concerned about the rash of ransomware attacks on hospitals, which have had to divert patients and cancel or defer critical surgeries, tests and other medical procedures, as was the case in a nationwide, one of the nation's largest health care providers, in September 2020.
In hospital hacks, patients could die or suffer life-threatening complications but it would be nearly impossible to find out unless medical centers willingly offered that information, said a senior Department of Homeland Security official speaking on the condition of anonymity because he was not authorized to discuss ongoing security concerns.
A year ago, the FBI, DHS and the Department of Health and Human Serviceson hospitals, describing the tactics, techniques, and procedures used by cybercriminals to infect systems with ransomware for financial gain.
“CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers,” the alert said. “CISA, FBI, and HHS are sharing this information to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.”
It's Your Week. The Great Resignation is upon us.
In this edition, we reflect on Colin Powell's legacy, talk Surfside revelations and dig into The Great Resignation.I'm Alex, and welcome to Your Week — a newsletter that rounds up the top stories you can't miss. Your subscription powers our journalism, and we can't thank you enough.
Authorities believe the problem may be significantly larger than has been reported, in part because private companies and even government agencies often don’t report ransomware hacks of their operational systems. Failure to report such attacks fuels the fast-growing criminal market in ransomware attacks, which can bring hackers millions in payouts, the DHS official said, "and it doesn’t help us learn the latest techniques and tactics used by the hackers."
In Alabama, a woman sued a local hospital earlier this year, alleging that its failure to disclose a cyberattack on its systems resulted in diminished care that caused her baby’s death.
Last year, an apparently misguided hacker attack caused the failure of information technology systems at a major hospital in Germany. That forced a woman who needed urgent admission to be taken to another city for treatment, where she died.
In both cases, the hospitals and doctors involved have denied allegations that they were responsible and no proven link between the hacks and the deaths were made.
Liability for loss of life
Cybersecurity experts have begun warning government and corporate leaders that they could be held financially or even legally liable if breaches of computerized systems they oversee are found to have had a human impact.
“In the U.S., the FBI, NSA and Cybersecurity and Infrastructure Security Agency (CISA) have already increased the frequency and details provided around threats to critical infrastructure-related systems, most of which are owned by private industry,” Katell Thielemann, research vice president at Gartner said in a report in September 2020. “Soon, CEOs won’t be able to plead ignorance or retreat behind insurance policies.”
Russia deconstructs Biden's ransomware delusion
How Vladimir Putin must laugh. © Provided by Washington Examiner President Joe Biden entered office pledging to strengthen allies against Russian aggression and to deter further Russian hostility. Instead, Biden has played near pitch perfectly into Putin's hands. On Wednesday, Bloomberg reported that EvilCorp, a major Russian ransomware outlet, is believed by U.S. officials to be behind last week's ransomware hack of Sinclair. A major broadcasting conglomerate, Sinclair's news, sports, and advertising programming has been disrupted across the nation.
The firm estimated that the financial impact of cyber-physical security attacks resulting in fatal casualties will reach over $50 billion within a few years.
“Even without taking the actual value of a human life into the equation,” Gartner concluded, “the costs for organizations in terms of compensation, litigation, insurance, regulatory fines and reputation loss will be significant.”
Who are the hackers?
While ransomware attacks continue to dominate the headlines, Mayorkas has quietly begun sounding the alarm about cyber intrusions like the one in Florida in which money wasn’t the primary motive.
U.S. cybersecurity officials have long known that water facilities and other critical infrastructure have been vulnerable for many, many years,” a senior DHS official said. “What made this one different was that there was an intruder who consciously exploited that vulnerability with malicious intent.”
“It is also significant because it is one of the few incidents where malicious cyber activity is crossing the line and can actually threaten the lives of people,” the official said, for instance by increasing the level of potentially toxic chemicals in the water supply. He said Mayorkas has mentioned the attack in meetings with state and local security officials.
Homeland Security officials would not comment on who might have been behind the Florida attack, including whether it was linked to a foreign power.
Several nations, including Iran, Russia and China have penetrated key elements of U.S. critical infrastructure, but there have been few instances of them taking any action.
U.S. officials believe more and more foreign governments and non-state actors are engaging in malicious cyber-activity – sometimes together – in ways that make it nearly impossible to attribute the attacks, or to determine whether they were driven by profit, political motives or both.
In 2015, an Iranian hactivist group claimed responsibility for a cyberattack two years earlier that gave it access to the control system for a dam in the suburbs of New York. In alater said that seven Iranian hackers penetrated the computer-guided controls of the dam on behalf of that country’s military-affiliated Revolutionary Guards Corps as part of a broader cyberattack against 46 of the United States’ largest financial institutions.
DHS officials told USA TODAY that the water treatment facility indicated that the malicious actor attempted to change chemical mixtures to unsafe levels as part of the water treatment process. An operator detected the changes and corrected the system before it affected the water supply, those officials said.
“Independent of who was behind it, the fact that someone decided to exploit that vulnerability and was able to do it means that other attackers would be able to do it as well,” the DHS official said.
This article originally appeared on USA TODAY:
How government and industry are failing in battle against ransomware attacks .
Right now, paying the ransom may be the only reasonable option, and I say this as a former FBI official tasked with combatting cybercrime. Here's why:First, victims typically can't get help from the government in a ransomware attack. That's not because government leaders don't want to help. Rather, it's because government lacks the manpower and the resources to deal with the growing number of attacks.Our understanding of the scope of the problem is incomplete because many companies don't report when they've been hacked. But what we do know is troubling, with the Department of Justice reporting that U.S.