100 Days Down, 1,360 Days of Nation-State Cybersecurity Threats to Go

This week marks the milestone of the Biden Administration’s first 100 days. It is somewhat arbitrary to expect an incoming president to achieve significant progress in just 100 days, or to judge success or failure based on such a small span of time.

However, it does provide a glimpse into the vision and direction of the administration, and so far it seems like President Biden is preparing to address the growing cybersecurity threat from our adversaries. 

Earlier this month, President Biden signed an executive order leveling sanctions against Russia. The executive order cites efforts by Russia to undermine free and fair elections in the United States and its allies, as well as malicious cyber activities by Russian attackers targeting the United States and its allies among other things. The White House also officially declared the Russian Foreign Intelligence Service (SVR) responsible for the massive SolarWinds breach discovered late last year. 

Russia is not the only culprit, though. The HAFNIUM attacks against zero day vulnerabilities in Microsoft Exchange Server have been attributed to China. We are also under siege from North Korea, Iran, and other adversaries. It is a serious issue that we need to address. I spent years on the other side—working as a nation-state hacker for the West—so I have a firsthand perspective of how nation-state attackers think and what it takes to defend against them.

President Biden hits his 100 days milestone this week, but the topic isn’t new for me. I have been paying attention to how the White House responds to the rising threat of nation-state cyber attacks, and how we can do better for some time. In early March, Cybereason hosted a virtual roundtable titled “Restoring National Cybersecurity: A Look into the First 100 Days of the New Administration.

I participated on the panel, along with  Theresa Payton, former White House CIO and CEO of Fortalice SolutionsCorey Thomas, CEO of Rapid7 and a board member of the Cyber Threat Alliance, and Michael Daniel, president and CEO of the Cyber Threat Alliance. We discussed the challenges facing the public and private sectors and shared insights and recommendations to create a cybersecurity action plan for the Biden Administration. 

One of the primary threats we need to address at the government and private sector levels is the surge in ransomware. We saw a dramatic rise in ransomware attacks over the last year. The chaos and confusion as the world went into quarantine and tried to get the COVID-19 pandemic under control presented an opportunity for attackers to capitalize on—and the stakes have increased in 2021.

Part of the challenge is that legacy and next-gen tools are not equipped to defend against these attacks. Ransomware attacks are often complex and mult-faceted, so organizations need the ability to view the entire malicious operation in order to effectively detect and respond to attacks.

Acer was reportedly compromised in March by a double-extortion ransomware attack with a $50 million ransom demand, and last week we learned that Apple is being extorted for $50 million as well after one of its trusted suppliers was hit by ransomware. The problem for both Acer and Apple--and any other company hit by a double-extortion ransomware attack--is that it is a no-win situation.

You only have two choices and they’re both bad. You can pay the exorbitant ransom or you can ignore the demand and have sensitive, confidential data exposed publicly or sold on the Dark Web to the highest bidder. The only good option when it comes to ransomware is to avoid getting compromised in the first place. 

Because of the serious and growing threat from ransomware, I am inspired by the news that the Department of Justice is creating a Ransomware Task Force. Marshalling the resources of the US government, combined with the collective knowledge and skills of the cybersecurity industry is a great step in the right direction.

It won’t be an easy problem to solve, but recognizing the gravity of the threat and working together to find, develop, and implement effective solutions is exactly what we need from the Biden Administration. 

I have been encouraged by the bold and aggressive action by the Biden administration in the first 100 days. The threats we face will continue to expand, so it is imperative that the US government work cooperatively with the cybersecurity industry to effectively protect our critical infrastructure, as well as private sector companies of all sizes and across all industries that are indirectly targeted or become collateral damage in the escalating cyber “Cold War” between nation-state adversaries.

Lior Div
About the Author

Lior Div

Lior Div, CEO and co-founder of Cybereason, began his career and later served as a Commander in the famed Unit 8200. His team conducted nation-state offensive operations with a 100% success rate for penetration of targets. He is a renowned expert in hacking operations, forensics, reverse engineering, malware analysis, cryptography and evasion. Lior has a very unique perspective on the most advanced attack techniques and how to leverage that knowledge to gain an advantage over the adversary. This perspective was key to developing an operation-centric approach to defending against the most advanced attacks and represents the direction security operations must take to ensure a future-ready defense posture.

All Posts by Lior Div