Today’s ransomware could become tomorrow’s security nightmare
- By Mark Testoni
- Feb 14, 2017
When ransomware attacks target our critical infrastructure, we’re all at risk.
Late last year, guests at a luxury resort in Austria found they couldn’t get into their rooms. Frantic inquiries revealed the hotel had been hacked -- cybercriminals penetrated the key card system, locking guests out of their rooms, and demanded ransom to open the doors. The hotel paid up.
Now, why should officials in public-sector agencies care about what is fast becoming a global, routine IT scam? Doesn’t ransomware target companies that won’t flinch at paying to avoid further disruption?
If only it were as simple as that.
The unfortunate reality is that any weak link breached by ransom-seeking hackers can also be exploited by bad actors with more malicious goals. Today’s ransomware scam could become tomorrow’s full-blown security nightmare.
Target: Public sector
It’s no surprise that this blip on the threat matrix is spreading to other sectors. Hacks on small and mid-sized businesses have moved to focused assaults on municipal and state entities, even public schools. Ransomware attacks are also getting more sophisticated, more robust and more common, with increasing numbers of targeted raids on major cloud deployments being reported.
In late November 2016, during a busy shopping weekend, some commuters using San Francisco's light rail system got an unexpected gift: The trip was free. That’s because cybercriminals had breached a part of the infrastructure and wanted money, specifically 100 Bitcoins (about $73,000), to turn the ticketing system back over to the city. The San Francisco Municipal Transportation Agency opted not to pay the ransom and kept the trains running, even though it couldn’t charge for the service. The agency’s IT team restored the system later that weekend.
In Washington D.C., just days before the presidential inauguration, the city’s closed-circuit TV network was infected with ransomware. It was reported that the hack compromised the devices used to store video footage and related data from the city’s surveillance cameras. Current reports estimate that 123 of the 187 network video footage recorders inside the CCTV devices were unable to function. No ransom was paid. Fortunately, the video capabilities were restored in 48 hours, but losing this capacity at any time in a large city like Washington limits law enforcement’s efficiency.
More to the point, these are just two recent episodes that we know about. In these instances, there was a profit motive. What will the goal be next time?
Our best defense? Innovation, education and collaboration
We can only defeat the schemes of these hackers by the combined forces of innovation, education and stakeholder collaboration. Dazzling mobile capabilities, highly flexible open source data and a host of other advances mandate new rules and newer strategies. There’s no simple, single answer to the problem, but some combinations and collaborations are vital.
First, data from human sources and ISR (intelligence, surveillance and reconnaissance) systems must be blended in real time. Similarly, human analysis and insights from artificial intelligence must work in harmony to analyze every potential threat. One cannot be an effective substitute for the other. Meanwhile, new innovations in breach prevention must be matched with reactive strategies to create a cohesive defense. Fortunately, we are seeing some significant advances in this area with developments in malware analysis, emulation, sandboxing and even machine learning.
However, technologies are only as effective as the people who use them; solid training and policy enforcement are mandatory for thorough protection. Too many end users still fall for spearphishing emails, voluntarily give up sensitive information or let viruses into the infrastructure. In the event of a hack, ransomware or otherwise, agencies should know that there are options available. Rather than succumb to blackmail, organizations can call the FBI, which has strategies in place to restore functionality and track down the source.
Ultimately, cooperation is key: Private-sector entities must work with the government to maintain and protect critical networks. Because they test and deploy new technologies important to national security, commercial enterprises are on the front lines of a modern-day defense strategy. A strong partnership between the public and private sector will ensure the best security for all.
Mark Testoni is president and CEO of SAP National Security Services (NS2).