According to Treasury Secretary Janet L. Yellen, “Ransomware and cyber-attacks are victimizing businesses large and small across America and are a direct threat to our economy. We will continue to crack down on malicious actors. As cyber criminals use increasingly sophisticated methods and technology, we are committed to using the full range of measures, to include sanctions and regulatory tools, to disrupt, deter, and prevent ransomware attacks.”
The twelfth installment in the cyber events series published by the NATO Cooperative Cyber Defence Center of Excellence (CCDCOE) and designed for military and national security decision-makers focuses on a global ransomware attack (Kaseya), spyware controversy (Pegasus), two cyberattacks (South Africa and South Korea), and a Microsoft Exchange compromise (China).
Every large corporation and organization today face the significant threat of cybersecurity incidents. However, most practitioners who handle litigation and investigation matters are unfamiliar with the basics of responding to cybersecurity incidents and the challenges associated with incident response and post-data breach requirements.
This paper evaluates attack methodologies of a ransomware attack: the underlying file deletion and file-encryption attack structures. In the former, the authors uncover the data recovery-prevention techniques and in the latter, they uncover the associated cryptographic attack models. The deeper comprehension of potential flaws and inadequacies exhibited in these attack structures form the basis of the overall objective of this paper. The deeper comprehension also enables the provision of enough technical information to guide decisions by victims before making hasty decisions to pay a ransom which might result into not only financial loss but loss of access to the attacked files if decryption is not possible by the attacker.
In this paper, the authors focus on ransomware, which is a type of digital crime that is essentially theft of information followed by demanding a ransom from the victim to regain access. They recommend a paradigm change, akin to the ARPANET project, with regards to a broadly deployed network storage system. The intent is to find a solution which addresses: 1) the financial incentive for ransomware attacks and 2) the difficulty of securing a system from an ever-evolving social/technical attack matrix. In addition, the authors take into account the restraint that any solution must be cost-effective.
Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. In some instances, attackers may also steal an organization’s information and demand an additional payment in return for not disclosing the information to authorities, competitors, or the public. This Ransomware Profile identifies the Cybersecurity Framework Version 1.1 security objectives that support preventing, responding to, and recovering from ransomware events.
According to an announcement from the Data Protection Commission of Ireland (DPC), on 28 July 2021, the European Data Protection Board (EDPB) adopted a binding decision and this decision was notified to the DPC. This decision contained a clear instruction that required the DPC to reassess and increase its proposed fine on the basis of a number of factors contained in the EDPB’s decision and following this reassessment the DPC has imposed a fine of €225 million on WhatsApp.
According to the new European Union Agency for Cybersecurity (ENISA) report – Threat Landscape for Supply Chain Attacks, which analyzed 24 recent attacks, strong security protection is no longer enough for organizations when attackers have already shifted their attention to suppliers.
Generative adversarial networks (GANs) are a deep-learning model first described by Ian Goodfellow in 2014. GANs use two neural networks – one that creates content and one that analyses it – in a pseudo-game-like adversarial process. According to Goodfellow’s counterfeiter analogy, the generative model can be thought of as analogous to a team of counterfeiters, trying to produce fake currency and use it without detection, while the discriminative model is analogous to the police, trying to detect counterfeit currency. Competition in this game drives both teams to improve their methods until the counterfeits are indistinguishable from the genuine articles.
According to this new Tallinn Paper from the NATO Cooperative Cyber Defence Centre of Excellence, public attribution of state-sponsored offensive cyber operations is complex and has political, technical and legal aspects. States can use attribution as a vehicle to advance their political goals, but there is often a risk involved in making a public attribution. Any response from the attacked party, such as attribution or a hack-back, must be carefully considered before being undertaken due to the political implications that such a response would cause.