[ad_1]
The author used to be the head of the MI6 Division of the British Secret Intelligence Agency and the founding partner of Vega Cyber Associates
It’s easy to feel helpless in the face of an amorphous and apparently random threat like ransomware. However, as with all network security issues, this is not so much a technical problem as it is a human problem. This is a problem that humans can solve.
Recent ransomware attacks American colonial pipeline with Irish healthcare system It should be a wake-up call. Things are bad and will get worse, because the motivation for launching such attacks is strong and growing.
There is no panacea that can make this problem go away. However, states, organizations, and individuals can do something together to persuade ransomware participants to use their unquestionable skills elsewhere.
First of all, we must realize that this is not only a criminal issue, but also a national security and geopolitical issue. The people behind these cyber attacks need a place to live and enjoy ill-gotten gains. Most ransomware operators have a “no eating in Russia” policy, which will not escape the attention of many people. The reality is that many people are in Russia, and as long as they don’t interfere in Russia’s interests, they will be isolated. President Vladimir Putin has made it clear that he does not believe that the problem belongs to him.
There are long-term ties between the hacker community and the Russian security services. Although it is untrue to say that the state is behind these attacks, it is clear that if the FSB domestic security department targets them, the perpetrators will not be able to operate like them.
US President Joe Biden said that this issue is the top agenda for his meeting with Putin next week. That is where it should be. He should use a full range of geopolitical carrots and sticks to make the ultimate representative of real politics take this issue seriously.
The FBI successfully obtained Bitcoin wallets used by colonial hackers and recovered most of the ransom, which made me happy. The threat of ransomware has now arrived, and the application of high-end national capabilities is entirely appropriate.
The incentives for such criminal activities should also be resolved. As the head of the Secret Intelligence Service, I have witnessed the impact of the policy of not paying terrorists by the United Kingdom and our allies in the Five Eyes Intelligence Sharing Group. Such a policy is often heartbreaking to implement, but it is the right approach. Another method is to fund the activity you are trying to prevent.
There are reasons to introduce this method into ransomware. Opponents asked whether the prohibition of payment in life-threatening situations could be morally justified. They make sense. However, a partial ban that allows payments in “emergency” situations will only incentivize attackers to create such situations. This will be the worst in all the world.
If people accept that this is a national security issue, then the suggestion that the government should simply leave these decisions to ordinary citizens becomes difficult to defend. As a first step, I believe that public and detailed disclosure of payments should be mandatory. The attacker tried to make payment as a simple option. We must change this.
We also need to consider insurance and moral hazard. Attackers usually obtain insurance policies in advance and know exactly how many insurance policies they can claim. However, insurance companies now want to see evidence of high-quality cybersecurity before starting their business.
Then there is the issue of cryptocurrency. It can be said that if there is no encryption, this problem will not exist, because it allows the payment of the ransom in a way that keeps the receiver anonymous. This is not to oppose the prohibition of such currencies, they will obviously continue to exist. But it is urging the development of strong “know your customer” and anti-money laundering laws suitable for the digital age.
Cryptocurrencies are not untraceable: they are located on the blockchain and are sometimes easier to track than cash. The difficulty faced by law enforcement agencies is to discover the true identity of the recipient or initiator, or at least the true intention. The good news is that data and modern analysis can be combined in such a way to distinguish good deals from bad deals.
Then, an irony. Typically, the software used by attackers is based on code written by penetration testers with the best intentions, and they help organizations detect vulnerabilities in their systems. Although there are significant practical obstacles, we need to use our experience in anti-proliferation licensing technology and determine the ways in which we can limit the use of such code to its intended purpose.
Therefore, the government can and should do more, but it cannot exempt individuals and companies from responsibilities. A large part of it is about mastering the basics of network security correctly.
In the final analysis, this is related to human initiative. Personally, we are easily picky and intimidated. But in general, we are far from helpless. These attackers are bullies. Bullies will come back for more, unless you bully them, preferably in the company. If the recent attack is of any benefit, it will be the day that happened closer.
[ad_2]
Source link
