www.washingtonpost.com Open in urlscan Pro
2.19.32.96  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Accessibility statementSkip to main content

Democracy Dies in Darkness

Subscribe

Sign in


Advertisement


Close
The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Subscribe to the newsletterAdd



THINK RANSOMWARE GANGS WON'T THRIVE THIS YEAR? THINK AGAIN, EXPERTS SAY

Analysis by Tim Starks

with research by David DiMolfetta

March 30, 2023 at 6:52 a.m. EDT

A newsletter briefing on cybersecurity news and policy.

Add
Sign upfor The Cybersecurity 202 newsletter
Comment on this storyComment5

Gift Article

Share

Welcome to The Cybersecurity 202! And greetings from (just outside of) San
Francisco, one of my favorite few cities. As I type this, I have a splendid view
of the Golden Gate Bridge. 

Reading this online? Sign up for The Cybersecurity 202 to get scoops and sharp
analysis in your inbox each morning.



WpGet the full experience.Choose your planArrowRight


Below: The U.S. sends cybersecurity aid to Costa Rica, and a possible North
Korean-linked cyberattack could have thousands of victims. First:

BIG MAJORITY OF THE NETWORK EXPECTS RANSOMWARE TO BE MORE DANGEROUS IN 2023 THAN
IN 2022


Two-thirds of experts said that they believed the threat posed by ransomware
will increase this year. (Chris Ratcliffe/Bloomberg)

There were signs that ransomware gangs might — key word, “might” — have been on
the run in 2022.

But experts from The Cybersecurity 202 Network are far from confident that the
trend, if real, will continue in 2023. A big majority of the expert group, 67
percent, expected ransomware to take off again in this calendar year.

Another 23 percent anticipated that the threat ransomware poses will stay the
same, compared to last year. And only 10 percent thought the threat would
decrease.


DECREASE

U.S. government officials believe they’ve made a dent in these cybercrime gangs.

Advertisement

Story continues below advertisement



“I am heartened by the success we've seen on ransomware,” Deputy Attorney
General Lisa Monaco said Wednesday at the Aspen Verify conference in San
Francisco. “What I think we've shown is that we are determined to use every tool
that we can to get after this problem.”

Bruce Schneier, a lecturer and fellow at Harvard University and chief of
security architecture at Inrupt, backed up Monaco’s take.

“Law enforcement's ability to track, and in some cases recover, payments is
making this a less profitable crime,” he answered. “Also, we are finally
engaging the international community in disrupting the infrastructure used by
ransomware gangs.”

Schneier said the turmoil affecting the value of cryptocurrency has hampered
ransomware gangs because that’s how they demand payment from victims. It’s an
idea seconded by John Pescatore, director of emerging security trends at the
SANS Institute, who added that many companies have shored up their defenses
against these kinds of attacks.

Advertisement

Story continues below advertisement



The improved defenses were a factor that Shane Huntley, the director of Google’s
Threat Analysis Group, also cited. “Ransomware will continue to be a significant
risk but one that is more manageable,” he said, adding that the war in Ukraine
has diluted the focus of Russian ransomware operators.

INCREASE

Yet some of those same factors — the strength of cyberdefenses and what’s
happening with cryptocurrencies — were cited by the experts who expected the
ransomware threat to rise in 2023.

“True, we’ve had success in recapturing ransom payments, disrupting the
ransomware gangs, and improving cyberdefenses, but the fact remains that it’s an
awfully easy crime to commit,” said Glenn Gerstell, a senior adviser at the
Center for Strategic and International Studies who is a former general counsel
of the National Security Agency. “Even though many big networks are better
fortified and backed up, ransomware criminals will have no trouble finding
lucrative targets at minimal cost and risk.”

Advertisement

Story continues below advertisement



And that crypto turmoil?

“Cybercriminals have learned where the money is, and no amount of government
sanctions or cryptocurrency market volatility can change that in the near term,”
said Jay Kaplan, chief executive and co-founder of Synack. “Ransomware criminals
keep moving to softer targets as they try to squeeze money out of schools and
hospitals. Attackers haven’t run out of targets yet as the same exploitable
vulnerabilities keep cropping up in their victims’ networks.”

Several Network members expect artificial intelligence to improve ransomware
gangs’ fortunes.

 * “ChatGPT can already write great emails and pass many standardized tests,”
   said Betsy Cooper, the founding director of the Aspen Tech Policy Hub and a
   senior adviser at Albright Stonebridge Group. “I expect hackers to find ways
   in 2023 to exploit this technology to tailor targeted phishing scams so they
   are even harder for humans to spot.”
 * “The use of these simple to use, but powerful AI engines will improve at
   least exponentially the ability of criminals/nation-state actors to craft
   lures that are more accurate, on target, victim specific, and error free,”
   said Rodney Joffe, a cybersecurity consultant.
 * “The growth of Ransomware-as-a-Service (renting software, sometimes on a
   franchise business model) had already reduced the barriers to entering the
   ransomware field, since skill in writing code was no longer needed to launch
   a malware campaign,” answered Jim Richberg, field chief information security
   officer at the cybersecurity firm Fortinet. “The growing popularity of OpenAI
   engines is likely to accelerate this trend.”

And a couple experts said they thought the numbers aren’t telling the whole
picture.

Story continues below advertisement


 * “The threat will increase, whether it will be observed through official
   reporting and other analytic tools may not,” wrote Megan Stifel, chief
   strategy officer for the Institute for Security and Technology. “Despite
   reports of payments declining, we know there are gaps in actual ransomware
   incidents vs. the number reported to law enforcement.”
 * “While the sheer number of attacks may be down, the threat continues to
   grow,” said Allan Liska, senior security architect at the cybersecurity firm
   Recorded Future. “Overall, the intensity of attacks has increased, with
   ransomware groups now disrupting entire countries with their attacks and
   using increasingly repulsive extortion tactics against their victims. In
   addition, we now see ransomware being used by nation-state actors such as
   China, Russia and Iran.”

STAY THE SAME

The murkiness of the numbers was a frequent factor among those who answered that
they thought the threat of ransomware would stay the same in 2023.

Advertisement


“Overall ransomware attack numbers are somewhat hard to quantify due to lack of
visibility and reporting, but what we have seen recently is more targeted and
thoughtful attacks,” said Lesley Carhart, a principal incident responder at the
industrial cybersecurity company Dragos. “It is not unreasonable to expect less
overall haphazard and ineffective attacks, and more concentration on critical
industry and less defended targets.”

The balance of good work to counter ransomware and persistent vulnerability led
Chris Wysopal, chief technology officer at Veracode, to argue the threat would
stay the same.

Story continues below advertisement



“There have been some concerted efforts to diminish the impact of ransomware
against critical infrastructure and disrupt the ecosystem, but there are no
fundamental changes in the underlying vulnerable technology and protections most
organization use,” he said. “We still have a stockpile of kindling spread
throughout small and medium organizations, which should keep the ransomware
operators well fueled.”

Advertisement


Correction: A previous version of this newsletter included an incorrect title
for Lesley Carhart. This version has been updated.

THE NETWORK

A few more answers:

 * Increase: “C-suite distractions of the latest financial headlines coupled
   with shrinking security team staff and budget resources creates a perfect
   storm for increased ransomware attack impact,” wrote Elizabeth Wharton, vice
   president for operations at Scythe.
 * Increase: “It's a growth industry,” said Tor Ekeland, managing partner for
   Tor Ekeland Law. “Bad infosec will never die.”
 * Decrease: “It appears that the rapid rise of ransomware has lost some steam,
   but this problem isn’t going away,” said John Hultquist, vice president at
   Mandiant Threat Intelligence. “Russian and North Korean actors are still at
   it, safely carrying out attacks from their sanctuary states. Attacks on
   critical infrastructure are once again on the rise from actors with little to
   fear.”
 * Stay the same: “Just as covid isn’t going away or even abating worldwide,
   most organizations have accepted they will eventually fall victim to
   ransomware at some point, and they are not taking sufficient preventative
   measures because they likely believe they will emerge healthy enough after a
   ’mild’ ransomware infection,” said Katie Moussouris, founder and CEO of Luta
   Security.

THE KEYS

U.S. COMMITTING $25 MILLION TO COSTA RICA AMID HISTORY OF RANSOMWARE ATTACKS



The U.S. State Department is sending $25 million to Costa Rica to strengthen the
nation’s cybersecurity posture amid a swarm of ransomware attacks that have
plagued the country over the past year, according to a senior administration
official.

Story continues below advertisement



The official, who spoke on background to provide the information to reporters,
said the funding was provided “in response to a direct request from President
Chaves to President Biden.” 

The money will help Costa Rica’s Ministry of Science, Innovation, Technology and
Telecommunications build a security operations center for detecting, responding
to and preventing cyberattacks. Funds will also be dedicated to technical
support and training, as well as hardware and software provisions. 

Advertisement

 * The official added that the Central American nation applied to join the
   U.S.-led Counter Ransomware Initiative, a group of 37 governments dedicated
   to fighting worldwide ransomware threats.

Costa Rica declared a national emergency following an attack from the
Russian-linked Conti ransomware group that crippled the nation’s tax and pension
systems, as we reported last year.

POSSIBLE NORTH KOREAN-LINKED SUPPLY CHAIN CYBERATTACK COULD HAVE THOUSANDS OF
VICTIMS



A large-scale supply chain attack that modified enterprise installation software
is said to have stolen credentials from companies worldwide, AJ Vicens reports
for CyberScoop, citing findings from SentinelOne.

Story continues below advertisement



“This sort of large-scale attack that takes advantage of a company’s supply
chain — similar to how attackers leveraged a flaw within a SolarWinds product
update to install back doors inside its customers’ networks — can be difficult
to defend against and could lead to devastating consequences for victims,”
Vicens writes, adding that such attacks are typically linked to nation-state
hackers.

Advertisement


SentinelOne traced the malicious installation software to 3CX, an online
conferencing tool provider.

The attack has not been traced directly to a group, though the story says there
is budding evidence it may have originated from Lazarus Group, an entity that
the U.S. government has linked to hacking operations in North Korea.

RUSSIAN-LINKED GROUP EXPLOITING VULNERABILITY TO STEAL U.S., EUROPEAN EMAIL DATA



A Russian-linked hacking group has been targeting American and European
government officials’ email accounts, according to new findings from Proofpoint.

Story continues below advertisement



The entity, known as TA473 or Winter Vivern, appears to side with Russian and
Belarusian geopolitical views in Moscow’s war on Ukraine, the report says. Since
early February, it has been leveraging a vulnerability in email software
platform Zimbra that allowed the group to access inboxes of government
officials.

Advertisement


“This actor has been tenacious in its targeting of American and European
officials as well as military and diplomatic personnel in Europe,” said Michael
Raggi, a threat researcher at Proofpoint, adding that the group has “invested an
ample amount of time” studying the mail portals of officials closely involved in
political affairs and the war in Ukraine.

GOVERNMENT SCAN

FCC proposes rules to reassess foreign-owned US telecom services authority
(Reuters)

White House takes spyware efforts to the international stage (Nextgov)

SECURING THE BALLOT

Online voting provider paid for academic research in attempt to sway U.S.
lawmakers  (CyberScoop)

INDUSTRY REPORT

How TikTok built a ‘team of Avengers’ to fight for its life (Politico)

Arrests spotlight online threats, harassment in hacker community (Bloomberg
News)

GLOBAL CYBERSPACE

Hackers used spyware made in Spain to target users in the UAE, Google says
(TechCrunch)

CYBER INSECURITY

Exxon’s climate opponents were infiltrated by massive hacking-for-hire operation
(The Wall Street Journal)

Lumen Technologies says ransomware attack disrupted call centers (Cybersecurity
Dive)

Microsoft patched Bing vulnerability that allowed snooping on email and other
data (The Wall Street Journal)

ENCRYPTION WARS

Free AI programs prone to security risks, researchers say (Bloomberg News)

PRIVACY PATCH

The DEA bought customer data from rogue employees instead of getting a warrant
(Motherboard)

DAYBOOK

 * Rep. Jim Himes (D-Conn.), the top Democrat on the House Permanent Select
   Committee on Intelligence, has a fireside chat at the State Department’s
   Summit for Democracy, with sessions kicking off at 12:30 p.m.

SECURE LOG OFF



Thanks for reading. See you tomorrow.

5 Comments
GiftOutline
Gift Article




Subscribe to comment and get the full experience. Choose your plan →


View more

Loading...
Advertisement


Advertisement

TOP STORIES
Travel
Local guides, travel tips and the latest industry news
‘Hateful’ laws may make Florida unsafe for travel, LGBTQ advocates say


Bunk beds are coming to a plane near you


Advice|8 hilarious but true wildlife tips from the National Park Service


Refresh
Try a different topic

Sign in or create a free account to save your preferences
Advertisement


Advertisement

Company
 * About The Post
 * Newsroom Policies & Standards
 * Diversity and Inclusion
 * Careers
 * Media & Community Relations
 * WP Creative Group
 * Accessibility Statement

Get The Post
 * 
 * Become a Subscriber
 * Gift Subscriptions
 * Mobile & Apps
 * Newsletters & Alerts
 * Washington Post Live
 * Reprints & Permissions
 * Post Store
 * Books & E-Books
 * Newspaper in Education
 * Print Archives (Subscribers Only)
 * Today’s Paper
 * Public Notices

Contact Us
 * Contact the Newsroom
 * Contact Customer Care
 * Contact the Opinions team
 * Advertise
 * Licensing & Syndication
 * Request a Correction
 * Send a News Tip
 * Report a Vulnerability

Terms of Use
 * Digital Products Terms of Sale
 * Print Products Terms of Sale
 * Terms of Service
 * Privacy Policy
 * Cookie Settings
 * Submissions & Discussion Policy
 * RSS Terms of Service
 * Ad Choices

washingtonpost.com © 1996-2023 The Washington Post
 * washingtonpost.com
 * © 1996-2023 The Washington Post
 * About The Post
 * Contact the Newsroom
 * Contact Customer Care
 * Request a Correction
 * Send a News Tip
 * Report a Vulnerability
 * Download the Washington Post App
 * Policies & Standards
 * Terms of Service
 * Privacy Policy
 * Cookie Settings
 * Print Products Terms of Sale
 * Digital Products Terms of Sale
 * Submissions & Discussion Policy
 * RSS Terms of Service
 * Ad Choices









THE WASHINGTON POST CARES ABOUT YOUR PRIVACY

We and our partners store and/or access information on a device, such as unique
IDs in cookies to process personal data. You may accept or manage your choices
by clicking below, including your right to object where legitimate interest is
used, or at any time in the privacy policy page. These choices will be signaled
to our partners and will not affect browsing data.


WE AND OUR PARTNERS PROCESS DATA TO PROVIDE:

Actively scan device characteristics for identification. Select basic ads. Store
and/or access information on a device. Create a personalised ads profile. Select
personalised ads. Create a personalised content profile. Select personalised
content. Measure ad performance. Measure content performance. Apply market
research to generate audience insights. Develop and improve products. View list
of partners

I accept Disable all Manage cookies