This week at the annual RSA Conference, we will hear from industry leaders on a wide range of issues, from the supply chain security crisis to breach disclosure notifications. While it’s important to talk about where we have been and what is happening in the industry right now, it is equally as important to think about where we need to go.
The hacker ring’s ransom note appeared on the company’s computer screens this past Monday. “Your computers and servers are encrypted, backups are deleted,” it said. “We use strong encryption algorithms, so you cannot decrypt your data.”
Globally, ransomware increased 148 percent [PDF] from 2019 to 2020, and last year the FBI reported [PDF] nearly $25 million in losses, which is likely just a small fraction of the total cost. These are large numbers but they fail to capture the societal impacts that ransomware wreaks upon communities. Local governments oversee water utilities, airports, schools, health care facilities, and other services that people tend to take for granted, and cyber criminals are all too aware of our dependency on these services. 2,400 U.S.-based governments, health-care facilities, and schools were victims of ransomware in 2020. These attacks disrupted medical treatment during a global pandemic, interrupted remote learning, and disabled public transportation.
Fuel deliveries to the east coast of the United States have been brought to a standstill by cybercriminals that have gained access to Colonial Pipelines’ networks and forced the company to shut down its distribution system. This attack comes on top of a ransomware attack on natural gas infrastructure last year and an explicit warning [PDF] from the Director of National Intelligence in 2019 that China had the ability to disrupt our pipeline infrastructure.
The UK’s cybersecurity agency has taken down more scams in the last year than in the previous three years combined, with coronavirus and NHS-themed cybercrime fuelling the increase.
InternetNZ Thursday publicly disclosed a vulnerability against authoritative DNS servers such as the ones run by top-level domain (TLD) operators, like .nz. This vulnerability could be exploited to carry out Denial-of-Service (DoS) attacks across the world.
Russia’s campaign to control the Internet isn’t just a secret intelligence gambit any longer. It’s an explicit goal, proclaimed by Russian President Vladimir Putin as a key element of the Kremlin’s foreign policy.
At a conference of chief technology officers in 2016, General Michael Hayden, former head of, at different times, both the NSA and the CIA, told the audience, “Cyberwar isn’t exactly war, but it’s not not-war, either.”
The FBI’s Internet Crime Complaint Center has released its annual report. The 2020 Internet Crime Report includes information from 791,790 complaints of suspected internet crime—an increase of more than 300,000 complaints from 2019—and reported losses exceeding $4.2 billion. State-specific statistics have also been released and can be found within the 2020 Internet Crime Report and in the accompanying 2020 State Reports.
Tech executives revealed that a historic cybersecurity breach that affected about 100 US companies and nine federal agencies was larger and more sophisticated than previously known.