President Biden recently met with his top security advisors after the latest ransomware attack against Kaseya led to approximately 1,500 organizations becoming infected with ransomware. The ransomware attack is believed to have had originated from Russia, just three weeks after Biden had a one-on-one meeting with Putin in Geneva. During this meeting, President Biden provided a list of the 16 U.S. critical infrastructures and claimed if any of those sectors were to be hit, it would result in an “in-kind” action against Russia. Fast forward three weeks, and cyber criminals based out of Russia were back at it, distributing REvil across the globe.
The U.S. Administration reported in the Russian attack on Kaseya, American businesses faired quite well. Perhaps that is why retaliation measures have not taken place? I wonder if Leonardtown, Maryland would agree? Their systems were completely shut down after the Kaseya infection.
The 16 Critical Sectors
The critical infrastructures outlined by the Department of Homeland Security include the following sectors:
- Chemical
- Commercial Facilities
- Communications
- Critical Manufacturing
- Dams
- Defense Industrial Base
- Emergency Services
- Energy
- Financial Services
- Food and Agriculture
- Government Facilities
- Healthcare and Public Health
- Information Technology
- Nuclear Reactors, Materials, and Waste
- Transportation Systems
- Water and Wastewater Systems
Now, that covers a vast majority of large scale businesses, and all are indeed critical for Americans. However, why are we now threatening retaliation? The transportation systems were hit with ransomware this week in Joplin, Missouri. The Albany airport was hit with ransomware in 2020, and in 2016 San Francisco’s public transportation, referred to as the Muni, was rendered useless after ransomware infected the network. But wait, there’s more….
Earlier this year, a water facility in Florida was hit with ransomware, with the ultimate goal of poisoning the water supply. In 2013, a New York dam was infiltrated. Luckily the release gates were offline for maintenance. Stillwater Medical was infected with ransomware in June of this year, and is still recovering from the aftermath. Just a few days after the Stillwater attack, St. Joseph’s/Candler Hospital was taken offline by cyber criminals as well. Back in 2018, the Michigan Medical Facility was hit with ransomware too.
The list can go on and on. The point is — ransomware has been a threat for years. However, now that it is being defined as a matter of national security, and eyes are no longer “wide-shut” about the issue. Hopefully, entities will begin taking a more proactive approach to their cybersecurity infrastructure.
Proactive Security
Oftentimes cybersecurity best practices and solutions focus on post-infection efforts. Meaning, how can they get the networks operational again after an attack and reduce the spread. This is important because if malware of any sort, including ransomware, gets into the network, having a plan to stop the spread and restore is important. However, it is just as important to focus on preventing the attack in the first place. What measures are in place to prevent the attack? One of the easiest, and most effective ways to enhance an organization’s security posture is to add an application whitelist layer of security on top of their existing security stack.
Application whitelisting is the gold standard for prevention. Here’s why…
The blacklist (a list of all known bad software) is what many vendors use to detect malware. If it’s not known bad, it’s allowed to run. Alternatively, by using a whitelist (a list of all known good software) only good programs can run. If you’re blocking the bad with a blacklist, one may think that is enough; however, the issue is new malware variants are classified as “unknown” until they are proven bad. Because they are unknown, the blacklist allows them to run. The whitelist would not permit it to run until it has been tested and proven safe. Fortunately, there are whitelist solutions that run in conjunction with blacklisting programs — covering all of your bases.
Will The U.S. Retaliate Against Russia?
It isn’t as black and white as some may think. The United States of America should be a no-nonsense kind of country. Meaning, if you mess with us we will trump you, every time. In many instances, it is. However, when it comes the the integrity of our digital infrastructure, there is some serious work to do. By retaliating against our cyber enemies, we will only put a larger target on our backs for escalated, more targeted attacks. Is this a cyber war the U.S. is equipped for? We have proven that our cybersecurity hygiene isn’t up to snuff. Why poke the bear, when it could lead to far more detrimental impacts? What are your thoughts? Comment below!