The latest wave of ransomware attacks hitting the United States and globally portends a difficult battle against hackers, even as government and the private sector ramp up defenses.

The attacks hitting the Colonial Pipeline and the major JBS meatpacking operations are examples of a burgeoning cybercrime industry with the potential to inflict pain and extract profits by impacting "critical" networks, experts say.

Other recent targets include local governments, hospitals, insurers, a ferry system and others in the United States and globally, with many of the attacks attributed to Russia-based hackers operating with at least tacit approval from the Kremlin.

At least $18 billion was paid to ransomware attackers last year, according to the security firm Emsisoft, which found "tens of thousands" of victims so far in 2021.

"Ransomware is hitting epidemic proportions and business as usual isn't going to cut it," said Frank Cilluffo, director of Auburn University's McCrary Institute for Cyber and Critical Infrastructure Security.

Parham Eftekhari, chairman of the Institute for Critical Infrastructure Technology, a thinktank focused on cybersecurity, noted that a rush to digitization of more systems has opened up more avenues for hackers.

"We are prioritizing speed to market, functionality, profits and business objectives over security," Eftekhari said.

US officials in recent days have signaled a stepped-up effort on ransomware, calling these investigations a "top priority" and comparing the effort to the post-September 11 attacks fight against terror.

- Covert US response -

The Justice Department said Monday it recovered more than half of the $4.4 million ransom paid by Colonial Pipeline, in a rare success story.

"The recovery of the ransom is, obviously, a positive as it signals to cybercriminals that their ill-gotten gains are not necessarily beyond the reach of law enforcement," said Brett Callow, analyst at the security firm Emsisoft.

But Callow said ransomware remains a scourge because "the financial rewards are huge (and) the chances of being caught are near-zero... we still have a very, very long way to go before the ransomware problem will be solved."

Following sanctions imposed on Moscow, US officials have said little about future responses, but analysts believe there is considerable activity under the radar.

"The US government appropriately responds sometimes in a covert manner," said Eftekhari.

"We have the greatest cyber offensive and defensive abilities on the planet."

But security specialists say cyber defense is complex and requires actions across the board, including training for employees to avoid mistakes that let malicious actors into networks.

Security firm Proofpoint found in a recent survey that two-thirds of computer security officers acknowledge they are unprepared to cope with a future cyberattack, noted Proofpoint's Lucia Milica.

"Human error is one of the biggest vulnerabilities and we've seen that remote work has made networks more vulnerable," Milica said.

- Line in the sand? -

The latest attacks, on the heels of big data breaches affecting Microsoft email servers and the widely deployed SolarWinds security software, raise questions about protecting 16 "critical infrastructure" sectors including energy, utilities, defense, food and manufacturing.

James Lewis, head of technology policy at the Center for Strategic and International Studies, said these sectors have been victimized frequently but that successes are obscured by high-profile hacks.

"We probably need to rethink what critical infrastructure is," Lewis said, suggesting that the label be used for public safety and national security.

Lewis said one lesson from the recent pipeline attack was panic buying of gasoline, which made the situation worse.

Making cryptocurrency transactions easier to trace could aid the fight against ransomware by curbing anonymous transactions, some analysts say.

Lewis said this is a good idea but that "a more sophisticated approach would be for central banks to issue their own digital currencies, which could dry up the market for cryptocurrencies."

Cilluffo said the fight against ransomware will require a broad array of weapons.

"You really need to bring all instruments of power to bear: covert, diplomatic, military, sanctions," he said.

A summit next week with President Joe Biden and Russian counterpart Vladimir Putin offers a key moment for Washington to "draw a line" against Moscow for providing a haven for hackers, said Cilluffo.

"Cyber has to be items one, two and three," he said. "Having a president put markers in the silicon around cyber behavior is important because it comes with the full weight of the federal government."

ANOM global phone sting: What we know
Sydney (AFP) June 8, 2021 - Law enforcement agencies from three continents on Tuesday revealed a vast FBI-led sting operation that sold thousands of supposedly encrypted mobile phones to criminal organisations and intercepted their messages for years.

Police accounts and unsealed US court documents, first cited by Vice News, reveal an ambitious worldwide plot that was years in the making.

What is ANOM?

ANOM was billed as a fully secure encrypted mobile phone that promised the user total secrecy in communications.

Essentially it was a jailbroken handset that used a modified operating system -- removing any of the normal text, phone or GPS services that would make it trackable and traceable.

On the surface, the device would look like a normal mobile phone, but it contained a "secure" messaging service hidden behind a functioning calculator app.

In theory, the phone operated on a closed network -- ANOM phones could only communicate with other ANOM phones using "military grade" encryption that transferred data via secure proxy servers.

The phones also contained a kill switch to delete contacts or any other data stored locally.

Similar services like Phantom Secure, Sky Global, Ciphr, and EncroChat have for years been used by criminal networks for planning and communication -- and many have been exploited by law enforcement.

Where did the FBI come in?

In March 2018 Phantom Secure's CEO Vincent Ramos was indicted by grand jury and along with colleagues would eventually plead guilty to a raft of charges related to drug trafficking.

Shortly after that, an unnamed "confidential human source" presented the FBI with a next-generation encrypted device -- that would be dubbed ANOM -- which was designed to replace discredited, defunct or infiltrated systems.

The same source agreed to disseminate the now FBI-compromised devices among a network of blackmarket distributors who had sold Phantom Secure to carefully vetted or vouched-for individuals, usually members of organised criminal gangs.

Why did criminals buy it?

Initially, 50 ANOM phones were distributed in a test run, mostly to members of Australian organised criminal gangs.

But through word of mouth they gained in popularity with criminal underworld figures, who reportedly recommended them to friends.

Interest in ANOM exploded in 2020 when European authorities rolled up EncroChat, with dozens arrested, and after Sky Global CEO Jean Francois Eap was detained.

In the end, the FBI, Australian authorities and an unnamed "third country" were able to access more than 20 million messages from 11,800 devices in 90 countries.

They were most popular in Germany, the Netherlands, Spain, Australia and Serbia.

Why did the operation stop?

There is no clear rationale given about why the operation stopped now. However a mixture of suspicions, legal hurdles and strategy may have contributed.

Law enforcement did not have real-time access to phone activity but instead, all sent messages were blind copied or 'BCCed' to FBI servers where they were decrypted.

One server was in a third country where the warrant was due to expire on June 7, 2021.

But even ahead of that deadline, suspicions were being raised.

In March "canyouguess67" posted on WordPress that ANOM was a "scam" and that a device he had tested was "in constant contact with" Google servers and relayed data to non-secure servers in Australia and the United States.

"I was quite concerned to see the amount of IP addresses relating to many corporations within the 5 eyes Governments (Australia, USA, Canada, UK, NZ who share information with one another)," the post said before it was deleted.

In addition, one stated aim for "Operation Trojan Shield" was to undermine trust in encrypted devices, a goal that could only be widely achieved when the operation was made public.

Related Links
Cyberwar - Internet Security News - Systems and Policy Issues

Tweet

Thanks for being here; We need your help. The SpaceDaily news network continues to grow but revenues have never been harder to maintain. With the rise of Ad Blockers, and Facebook - our traditional revenue sources via quality network advertising continues to decline. And unlike so many other news sites, we don't have a paywall - with those annoying usernames and passwords. Our news coverage takes time and effort to publish 365 days a year. If you find our news sites informative and useful then please consider becoming a regular supporter or for now make a one off contribution.
SpaceDaily Contributor $5 Billed Once credit card or paypal		SpaceDaily Monthly Supporter $5 Billed Monthly paypal only

Multi-nation BALTOPS 50 exercise includes defensive cyber warfare for first time
Washington DC (UPI) Jun 7, 2021
The Baltic Region's maritime-focused exercise BALTOPS 50, which includes defensive cyberwarfare tactics for the first time, has launched, the U.S. Navy said. Air and maritime assets from 18 NATO allies and partner nations will participate in BALTOPS 50's live training events, which kicked off on Sunday and will go through June 18, the U.S. Navy announced. Participating nations include Belgium, Canada, Denmark, Estonia, Finland, France, Germany, Italy, Latvia, Lithuania, the Netherlands, ... read more