RSA 2022: NSA Warns of Potential Ransomware Spillover from Ukraine War
Despite some successes against overseas ransomware groups, US intel agency expects morphing threat in months ahead
NSA Director of Cybersecurity, Rob Joyce came to the RSA 2022 conference with a warning about ransomware, that bears repeating: if you think it’s bad now, just wait. Broadcom Software agrees that this is an important message.
Joyce, who took over as NSA cyber chief last year, expects cyber spillover from the war in Ukraine as the Russian government leans on ransomware attackers to find ways to burrow past Western cyber defenses.
“One concern we have is that with the ongoing war in Ukraine, it could prompt Russian officials to turn to those same [ransomware] actors for cyberattack assistance,” he said during a presentation at the RSA 2022 conference on the current state of cybersecurity. “One thing to recognize about the ransomware ecosystem is that it's becoming increasingly sophisticated through specialization.”
One scenario could involve state-sponsored ransomware actors who put their technical skills to work in order pave the way for further infiltration by hackers more directly associated with Russia’s government to carry out espionage or other missions.
In the last several years, ransomware has turned into a major security challenge, moving from being a “lucrative, but niche area of cybercrime to probably the most dangerous threat facing enterprises.” Indeed, according to research by the Symantec Threat Hunter Team at Broadcom Software, organizations are facing an unprecedented level of danger from targeted ransomware attacks.
And as Joyce underscored in his presentation, ransomware now qualifies as a daunting national security threat, looming large in the Colonial Pipeline shutdown, which caused significant disruption and prompted concerns about the nation’s fuel supplies. Ransomware similarly featured in other major cyberattacks. In the same month as the Colonial Pipeline shutdown, an attack on Ireland’s national health service, forced it to cancel thousands of appointments and initiate a recovery operation.
Meanwhile, there’s growing concern that technical savvy displayed by ransomware hackers could soon wind up being put at the disposal of hostile governments.
“There are groups out there and all they do is seek initial access,” according to Joyce. “They're rattling doorknobs to try to break open the door. And then their job is done,” he said.
At that point, he said these same groups might sell these initial exploits to agencies within the Russian government to try and gain access “for the things they need.”
“And that's a real worry,” Joyce said.
Some Good News
Meanwhile, he disclosed that the US and its allies have fought back and successfully imposed “some costs” on malicious actors in Russia that sponsor ransomware attacks. Without offering more details, Joyce said the NSA has been able to eavesdrop on ransomware groups complaining that sanctions have blocked their ability to access their funds to build up their technical capabilities.
“They're finding it difficult to extract funds and get them converted...to buy the infrastructure they need to operate,” he said. “Now, that's not going to last….they'll adapt and they'll find new ways. But it does show that there are levers that can be applied to this problem. And over time, it's going to be those creative solutions across multiple layers that work against ransomware. So, is that a death blow to the ransomware actors in Russia? Definitively not. But we did impair them for a period of time.”
Ransomware is now a transnational threat beyond Russia and Joyce raised the prospect of other foreign threat actors working out of North Korea and China might be emboldened to try their hand at replicating the early successes enjoyed by Russian hacker groups.
“The concern now is that these state-sponsored actors watched that and said, “Can I get low hanging fruit like that?” he said.
Joyce said the future depends on how well government and the private sector can collaborate to make it harder on ransomware operations.
“This is financially motivated crime,” he said. “If you can prevent the extraction of their wealth, you can actually hurt their operations.”
To learn more on how Broadcom Software can help you modernize, optimize and protect your enterprise, contact us here.
We encourage you to share your thoughts on your favorite social platform.