AUKUS Partners Call on Organisations to Bolster Cyber Defences Against Ransomware

Australia, U.S., and UK authorities have issued guidelines encouraging individuals and organizations to reinforce their cyber defences against global ransomware threats, cyber criminals-for-hire, and attacks on critical infrastructure. The joint advisory was published on Feb. 9 from the U.S.’s Federal Bureau of Investigation, National Security Agency, and the Cybersecurity and Infrastructure Security Agency (CISA), along with the UK’s National Cyber Security Centre, and the Australian Cyber Security Centre, designed to provide “essential guidance” and how to strengthen cyber defences. Over 2021, around 14 of the United States’ 16 critical infrastructure sectors were hit by cyberattacks, including the defence, emergency services, food and agriculture, government, and information technology sectors. Australia, meanwhile, has seen attacks targeting the healthcare sector, financial services, higher education, and energy. At the same time, the UK has attacks targeting the legal profession, charities, and businesses. Cybersecurity authorities observed hackers gain access to networks via phishing, stolen Remote Desktop Protocols credentials, and even through brute force. “Once a ransomware threat actor has gained code execution on a device or network access, they can deploy ransomware,” the advisory stated (pdf). “These infection vectors likely remain popular because of the increased use of remote work and schooling starting in 2020 and continuing through 2021.” Ransomware attacks involve freezing or encrypting a victim’s files until a ransom is paid, often in the millions. Several high-profile attacks have occurred in recent years targeting major organizations such as the Colonial Pipeline Company, JBS Foods, SolarWinds, and Kaseya Limited. In the United States, targeting of “big game” organizations has lessened somewhat, with hackers switching their focus to small and medium-sized targets. However, in Australia and the UK, threat levels remain the same across all organization sizes. Further, the market for ransomware has also become more “professional” and well established over 2021. “In addition to their increased use of ransomware-as-a-service (RaaS), ransomware threat actors employed independent services to negotiate payments, assist victims with making payments, and arbitrate payment disputes between themselves and other cybercriminals,” the advisory said. Jen Easterly, director of CISA, said that while steps have been taken to raise awareness of cybersecurity threats, more work was needed. “We urge organizations to review this advisory, visit ‘stopransomware.gov’ to take action to strengthen their cybersecurity posture, and report unusual network activity or cyber incidents to government authorities,” she said in a statement. Australia’s Assistant Minister of Defence Andrew Hastie warned against complacency with cyber threats. “The (Australian) prime minister in 2020 warned that post-COVID our world will be more dangerous and more disorderly,” he said in a statement. “We are seeing that playing out with authoritarian governments threatening conflict to achieve political aims—the rise of cybercrime and grey zone tactics like ransomware attacks are now a feature of our current security landscape.” “Together with our AUKUS partners, our respective cyber agencies are striking back.” Some immediate actions recommended by the advisory include timely patches of operating software, training staff to recognize suspicious emails, monitoring remote desktop protocols, and maintaining backups. For more information in the United States, visit: www.StopRansomware.gov Australia: https://www.cyber.gov.au/ransomware/protect-yourself-against-ransomware-attacks United Kingdom: https://www.ncsc.gov.uk/news/joint-advisory-highlights-increased-globalised-threat-of-ransomware. Follow Daniel Y. Teng is based in Sydney. He focuses on national affairs including federal politics, COVID-19 response, and Australia-China relations. Contact him at [email protected]

AUKUS Partners Call on Organisations to Bolster Cyber Defences Against Ransomware

Australia, U.S., and UK authorities have issued guidelines encouraging individuals and organizations to reinforce their cyber defences against global ransomware threats, cyber criminals-for-hire, and attacks on critical infrastructure.

The joint advisory was published on Feb. 9 from the U.S.’s Federal Bureau of Investigation, National Security Agency, and the Cybersecurity and Infrastructure Security Agency (CISA), along with the UK’s National Cyber Security Centre, and the Australian Cyber Security Centre, designed to provide “essential guidance” and how to strengthen cyber defences.

Over 2021, around 14 of the United States’ 16 critical infrastructure sectors were hit by cyberattacks, including the defence, emergency services, food and agriculture, government, and information technology sectors.

Australia, meanwhile, has seen attacks targeting the healthcare sector, financial services, higher education, and energy. At the same time, the UK has attacks targeting the legal profession, charities, and businesses.

Cybersecurity authorities observed hackers gain access to networks via phishing, stolen Remote Desktop Protocols credentials, and even through brute force.

“Once a ransomware threat actor has gained code execution on a device or network access, they can deploy ransomware,” the advisory stated (pdf). “These infection vectors likely remain popular because of the increased use of remote work and schooling starting in 2020 and continuing through 2021.”

Ransomware attacks involve freezing or encrypting a victim’s files until a ransom is paid, often in the millions. Several high-profile attacks have occurred in recent years targeting major organizations such as the Colonial Pipeline Company, JBS Foods, SolarWinds, and Kaseya Limited.

In the United States, targeting of “big game” organizations has lessened somewhat, with hackers switching their focus to small and medium-sized targets. However, in Australia and the UK, threat levels remain the same across all organization sizes.

Further, the market for ransomware has also become more “professional” and well established over 2021.

“In addition to their increased use of ransomware-as-a-service (RaaS), ransomware threat actors employed independent services to negotiate payments, assist victims with making payments, and arbitrate payment disputes between themselves and other cybercriminals,” the advisory said.

Jen Easterly, director of CISA, said that while steps have been taken to raise awareness of cybersecurity threats, more work was needed.

“We urge organizations to review this advisory, visit ‘stopransomware.gov’ to take action to strengthen their cybersecurity posture, and report unusual network activity or cyber incidents to government authorities,” she said in a statement.

Australia’s Assistant Minister of Defence Andrew Hastie warned against complacency with cyber threats.

“The (Australian) prime minister in 2020 warned that post-COVID our world will be more dangerous and more disorderly,” he said in a statement.

“We are seeing that playing out with authoritarian governments threatening conflict to achieve political aims—the rise of cybercrime and grey zone tactics like ransomware attacks are now a feature of our current security landscape.”

“Together with our AUKUS partners, our respective cyber agencies are striking back.”

Some immediate actions recommended by the advisory include timely patches of operating software, training staff to recognize suspicious emails, monitoring remote desktop protocols, and maintaining backups.

For more information in the United States, visit: www.StopRansomware.gov

Australia: https://www.cyber.gov.au/ransomware/protect-yourself-against-ransomware-attacks

United Kingdom: https://www.ncsc.gov.uk/news/joint-advisory-highlights-increased-globalised-threat-of-ransomware.


Follow

Daniel Y. Teng is based in Sydney. He focuses on national affairs including federal politics, COVID-19 response, and Australia-China relations. Contact him at [email protected]