Interpol Calls For New Ransomware Mitigation Strategy
Critical Infrastructure Security
,
Cybercrime
,
Cybercrime as-a-service
The Agency Will Elevate the Role of National Central Bureaus to Fight Cybercrimes
Interpol announced that it will boost the role of country-specific National Central Bureaus to fight ransomware and other cybercrimes. The announcement from the agency comes in the wake of rising ransomware threats to supply chains and critical infrastructure.
See Also: Live Panel | Zero Trusts Given- Harnessing the Value of the Strategy
“A global strategy in response to the threat of ransomware is critical – one where we successfully build trust, see effective exchange of data, and maximize rapid operational assistance to law enforcement agencies,” INTERPOL secretary general Jürgen Stock said during the 16th annual conference for INTERPOL NCBs held virtually last week.
Among the proposed plans to develop a global strategy for countering ransomware threats are expanding Interpol’s secure communications network to assist national police and border control agencies in fighting cybercrime and other security threats. The agency also called for strengthening of regional partnerships to fight cyberthreats globally.
Interpol comprises police networks from 194 member countries, and each of these members hosts an Interpol NCB, which acts as a link between the agency and the law enforcement agencies of each countries.
Ransomware Focus
Ransomware stayed top of the agenda following the July 4th weekend Kaseya supply chain attack that saw Russia-based hacking group REvil compromise the IT management software firm. The attackers carried out a series of deceptions to exploit VSA (an automated software update service) and use it to distribute ransomware to up to 60 of Kaseya’s MSP customers. The ransomware was then distributed to between 800 and 1,500 of those MSPs’ customers, including grocery chains, schools and restaurants (see: Kaseya: Up to 1,500 Organizations Hit in Ransomware Attack).
Following the high-profile supply chain attack, on Friday, U.S. President Biden urged Russian President Vladimir Putin yet again to take action against malicious entities operating out of the country. Biden also added that his government is ready to take “any necessary action to defend its people and its critical infrastructure in the face” of these attacks, according to the official statement posted by the White House (see: Biden Faces Russian Ransomware Curtailment Challenge).
The two leaders had earlier met on June 16 in Geneva to discuss measures to counter ransomware threats. This was following the May ransomware attack of Colonial Pipeline Co. and the REvil attack on meat processor JBS. At the meeting, Biden said 16 sectors of critical infrastructure should be “off-limits” to cyber and other types of attacks.
US Actions
Due to the rising sophistication and proliferation of ransomware, the U.S. government has initiated several steps to counter them.
On Wednesday CISA released its Ransomware Readiness Assessment audit tool to help organizations size up their ability to defend against and recover from attacks (see: CISA Tool Helps Measure Readiness to Thwart Ransomware).).
On May 12, the Biden administration issued its cybersecurity executive order, which aims to address ransomware and other threats to the U.S. (see: Biden’s Cybersecurity Executive Order: 4 Key Takeaways).
At the Information Security Media Group’s Government Cybersecurity Summit to be held July 13, the FBI’s Elvis Chan predicts that this will be a busy summer for ransomware investigations, disruptions and takedowns.
“We have many joint investigations with our foreign partners,” said Chan, who leads the FBI’s cyber division in San Francisco. “Look for this to be a very busy summer for us, with multiple takedowns across different countries.