CS Jan-Feb 2024
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
ansomware<br />
Raja Patel - Sophos: cybersecurity<br />
defences need to be dynamic and<br />
foresightful.<br />
Ilia Kolochenko, ImmuniWeb: the risk of<br />
getting caught - despite several prominent<br />
operations by law enforcement agencies in<br />
2023 - are still infinitesimal.<br />
enjoy the fruits of their crimes. In <strong>2024</strong>, we<br />
will likely see even more victims of ransomware<br />
that is gradually dethroning other - less<br />
profitable and more risky - types of cyberattacks."<br />
INVERTING THE PRINCIPLE<br />
In a bizarre twist to the principle of behaving<br />
with all due probity in this murky world, it has<br />
recently emerged that the ALPHV/BlackCat<br />
ransomware operation (widely accredited as<br />
being the first ransomware group to create<br />
a public data leaks website on the open<br />
internet) has filed a US Securities and<br />
Exchange Commission complaint against one<br />
of its alleged victims for not complying with<br />
the four-day rule to disclose a cyber-attack.<br />
Kolochenko, also adjunct professor of Cybersecurity<br />
& Cyber Law at Capitol Technology<br />
University, comments: "Misuse of the new SEC<br />
rules to make additional pressure on publicly<br />
traded companies was foreseeable. Moreover,<br />
ransomware actors will likely start filing<br />
complaints with other US and EU regulatory<br />
agencies when the victims fail to disclose a<br />
breach within the timeframe provided by law."<br />
Having said that, not all security incidents are<br />
data breaches and not all data breaches are<br />
reportable data breaches, he points out.<br />
"Therefore, regulatory agencies and<br />
authorities should carefully scrutinise such<br />
reports and probably even establish a new<br />
rule to ignore reports uncorroborated with<br />
trustworthy evidence, otherwise, exaggerated<br />
or even completely false complaints will flood<br />
their systems with noise and paralyse their<br />
work."<br />
REVISION TIME<br />
Kolochenko also suggests that victims of data<br />
breaches should urgently consider revising<br />
their digital forensics and incident response<br />
(DFIR) strategies by inviting corporate jurists<br />
and external law firms specialised in cybersecurity<br />
to participate in the creation, testing,<br />
management and continuous improvement<br />
of their DFIR plan. "Many large organisations<br />
still have only technical people managing the<br />
entire process, eventually triggering such<br />
undesirable events as criminal prosecution of<br />
CISOs and a broad spectrum of legal<br />
ramifications for the entire organisation.<br />
Transparent, well-thought-out and timely<br />
response to a data breach can save millions."<br />
ENHANCED EXTORTION<br />
Thomas Barton, who is senior IR analyst at<br />
Integrity360, addresses the very same issue:<br />
"This shows that ransomware operations are<br />
beginning to reach a maturity level where the<br />
responsible threat actors are fully aware of<br />
regulations affecting their target sector and<br />
are able to use regulatory bodies to enhance<br />
the threat of extortion. This highlights the<br />
importance of engaging experienced legal<br />
and cybersecurity profess-ionals before,<br />
during and after an incident who can assist in<br />
navigating the complex challenges that such<br />
an attack can present."<br />
Finally, and according to a new report by<br />
MIT professor Stuart Madnick, there were<br />
more ransomware attacks reported during<br />
the first nine months of 2023 than in the<br />
whole of 2022. It points to a stark increase in<br />
cyberattacks, impacting as many as 360<br />
million people up to and including August.<br />
One reason for the jump, according to<br />
Madnick, is that ransomware groups are<br />
becoming far more organised, operating<br />
as gangs and targeting organisations with<br />
critical user data, such as government and<br />
healthcare facilities.<br />
The other cause for the jump, he points out,<br />
is that cybercriminals are increasingly using<br />
secondary vendors to gain access to their main<br />
targets. "In today's interconnected world,<br />
virtually every organisation relies on a wide<br />
range of vendors and software. As a result,<br />
hackers only need to exploit vulnerabilities in<br />
third-party software or a vendor's system to<br />
gain access to the data stored by every<br />
organisation that relies on that vendor."<br />
26<br />
computing security <strong>Jan</strong>/<strong>Feb</strong> <strong>2024</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk