Contextualizing the impending cyber attack threat that looms over the US
On July 27, US President Joe Biden made a speech at the Office of the Director of National Intelligence (ODNI). Addressing 120 Central Intelligence Agency officials, Biden warned that if the United States ended up at war with major global powers, it would be the result of a cyber attack.
The very next day after this statement, President Biden signed a national security memorandum catered to improving cybersecurity for critical infrastructure control systems.
The national security memorandum contains a detailed set of directives for all federal departments to protect themselves against cyber attacks. It emphasizes the need for all federal departments to examine what occurred during any major cyber incident and apply lessons learned to any future attacks.
In June 2021, Biden met Russian President Vladimir Putin and shared a list of 16 critical infrastructure that the U.S. considers off-limits for cyber attacks by Russian cybercriminals. He also discussed the cybersecurity concerns with Putin over a phone call in July.
“I made it very clear to him that the United States expects when a ransomware operation is coming from his soil, even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is,” says Biden.
The need for cybersecurity
This rising concern for cybersecurity comes after the recent high-level cyberattacks on several major companies in the US such as Solar Winds, The Colonial Pipeline Company and Kaseya. Let’s take a quick look at each one.
In early 2020, the network management company SolarWinds underwent a cyber attack. The hackers broke into the Orion software system created by SolarWinds, which is used by many other companies to manage their IT resources.
SolarWinds, much like any other software provider, sends regular software updates to their customers. These updates unknowingly carried the malicious code from SolarWinds to all those companies that used their software.
33,000 customers of SolarWinds use Orion for their respective companies. The company confirmed in a statement that 425 of the fortune 500 companies used Orion. By attacking SolarWinds, hackers also gained access to the computers of multiple US government departments including the US Treasury and Commerce, the Pentagon and the Department of Homeland Security.
Tom Bossert, a former Homeland Security officer says that the attack could destroy and alter data and even impersonate real people. US Intelligence services and cybersecurity experts attribute this attack to Russia’s Foreign Intelligence Service. Russia has however denied any involvement.
The Colonial Pipeline Company
In May 2021, a hacking group called DarkSide with alleged ties to Russian criminals, launched a ransomware attack on The Colonial Pipeline Company which is the largest American petroleum pipeline.
The company’s petroleum pipeline carries 2.5 million barrels of gasoline, diesel, heating oil and jet fuel a day on its 5,500-mile route from Texas to New Jersey. The hack forced the company to take some of its systems offline which disabled the pipeline. Following the attack, the petrol prices reached over US$3 for the first time since 2014.
To re-gain access to their systems, Colonial Pipeline was forced to pay US$5million worth of Bitcoin to the hacker group. The US Department of Justice was able to recover US$2.3 million of it. Since the attack, DarkSide has claimed that it has attacked three more companies, one in the US, one in Brazil and one in Scotland.
In July 2021, Kaseya Corporation, a US-based IT firm, became a victim of a massive ransomware attack. This ransomware attack is attributed to the Russia-based hacker group called REvil gang. Following the attack, the hackers seized a large amount of the company’s customer data and demanded US$70 million to release it as payment in Bitcoin.
Much like SolarWinds, Kaseya regularly pushes out software updates to its customers which ended up pushing out malicious software instead. Between 800 to 1500 businesses were affected by the cyber attack. To prevent the further spread of the attack, Kaseya shut down its servers.
Weeks after the attack, the company acquired a third-party tool to help its customers regain access to their data.
The future of cybersecurity
According to Sonic Cyber Threat Report 2021, there have been 2.5 million Malware attacks in this year, which is a 151% increase in cyber attacks as compared to 2020. The pandemic, which has resulted in more and more people working from home, has increased companies’ exposure to cyber threats.
In his speech to ODNI, President Biden said that, “If we end up in a war, a real shooting war with a major power, it’s going to be as a consequence of a cyber breach of great consequence. And it’s increasing exponentially — the capabilities.” He emphasized that the US needed to stay on top of the latest advancements in science and technology.
The United States is extremely vulnerable to cyber-attacks because of widespread digitization. Most of the country’s critical digital infrastructure is owned by companies that have not made sufficient investments in protecting themselves against cyber attacks.
The US government believes that any future action on cyber threats has to be a collaborative effort between government bodies and the private sector. “The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace,” reads a statement from the White House.
Header Image courtesy of The Pavlovic Today