Ransomware remains the biggest threat to Five Eyes collusion nations and is getting worse, with financial gain no longer the only motivation for today’s threat actors.
Speaking about how coalitions are essential to the fight against ransomware, Felicity Oswald, director of operations at the UK’s National Cyber Security Center (NCSC), said that in the UK ransomware is getting worse because actors in Threats no longer need to be knowledgeable to contract ransomware. surface or attack methodology.
Oswald also highlighted how financial motivation is not the only driver for cybercriminals today and some ransomware attacks are being triggered by nation-states.
Representatives from the United States, Canada and Australia agreed with the assessment that for them, ransomware is a major concern for most technologically advanced countries. The Five Eyes nations are Australia, Canada, New Zealand, the United Kingdom, and the United States, which share a wide range of intelligence with each other.
Rita Erfurt, senior executive of threat intelligence at the Australian Cyber Security Center (ACSC), noted that major incidents affecting Australian organizations have had the effect of eroding trust and confidence in the country’s digital economy.
“Ransomware is the most destructive form of cybercrime facing Australia,” he noted.
Healthcare, education and other essential public services have become lucrative targets in recent years, highlighting the indiscriminate nature of ransomware threat actors.
Sami Khoury, head of the Canadian Center for Cyber Security, pointed to an incident in Canada in which a children’s hospital was hit by a cyber attack, which brought down several network systems.
Cyber security strategies
All of the national representatives who spoke on the panel noted that their cybersecurity strategies are under review or have recently been published.
In Australia, a new strategy is being developed that will set out the country’s cyber security priorities from 2023 to 2030.
For Canada, the current cybersecurity strategy dates back to 2018, so it is currently under review, with Khoury expecting the document to be completed by the summer of 2023.
Meanwhile, the UK’s NCSC published its cyber security strategy in December 2022 and the US government’s national cyber security strategy was published by the White House in March 2023.
On ransomware, Rob Joyce, director of cybersecurity at the National Security Agency, highlighted the US strategy’s focus on ransomware.
“The first is that we will investigate ransomware crimes by using law enforcement and other authorities to disrupt ransomware infrastructure. A second big area of focus is improving the critical infrastructure to withstand these ransomware attacks. The third is to address the abuse of virtual currency to launder ransomware payments and the fourth is to leverage the international operation to disrupt the ransomware ecosystem,” Joyce highlighted.
While the group was keen to emphasize the need for organizations to share breach data with government bodies, approaches to mandatory reporting vary.
“Information sharing remains our number one challenge,” Khoury noted, discussing the need for breached organizations to share their information with national agencies. Canada does not currently have a mandatory reporting power.
In the US, the Critical Infrastructure Cyber Incident Reporting Act of 2022 requires critical infrastructure organizations to report malicious activity to CISA.
In the UK, certain organizations are required by law to report a cyber breach to the Information Commissioners Office (ICO) within 72 hours of the incident. The NCSC is not a regulator but works closely with the ICO.
This is similar to Australia, where there are no general regulations, but mandatory reporting is required for critical national infrastructure organisations.
“I think we need a balance and the challenge for all of us is to balance the things that are mandatory with the things that are encouraged. We need to work with our regulators, but also with our private sector and the public sector and the CNI,” Oswald said.
“From an ACSC perspective, it’s vital that we have as many organizations provide their own self-reports as possible because it allows us to put together a truly complete threat picture,” Erhart said. “The more we can encourage people to tell us about the things they’re experiencing, the better we can change that information and advise the Australian community.”
The Canadian government recently introduced a bill to parliament to support the creation of some of its mandatory reporting requirements for federally regulated sectors.
The #RSAC virtual conference has recently brought to light new advances in ransomware infiltration into the Five Eyes nations. Ikaroa, a full stack tech company based out of the United States, is taking steps to assess and address this growing threat.
Ransomware attacks, by definition, are maliciously implanted into digital networks with the intent of disrupting their systems and demanding payment in cryptocurrency or other forms in exchange for the release of system control. Not only are such infiltrations becoming increasingly frequent and successful, but also more and more specific in target. Five Eyes nations, an intelligence sharing alliance between the United States, Canada, the United Kingdom, New Zealand and Australia, are of particular focus.
In concrete terms, ransomware’s disruptive action can be extremely damaging to public and private sector networks, as well as critical infrastructure like air traffic control systems. To equip even the most experienced cybersecurity experts for such a challenge, the #RSAC conference proposed a three-pronged approach: detection, prevention and remediating.
Ikaroa’s own contribution came in the form of a comprehensive cybersecurity package, which combines detection applications with reinforcement tactics, such as software patching, and response protocols. Critically, the package is also designed to minimize potential losses, in the form of both data and monetary costs.
Ultimately, however, addressing ransomware threats is an ongoing process. Ikaroa is committed to continue developing solutions that actively prevent ransomware infiltration and mitigate the effects of successful attacks. Such efforts are integral to protecting both individuals and the Five Eyes nations as a whole.