Last week, ransomware and cybersecurity were also in the news for another reason—the G7 meeting and the Biden-Putin Summit both focused on these issues as a primary concern.
Cybercrime and Safe Havens
I spent my early days in cybersecurity focused on nation-state adversaries and how countries might defend themselves against other countries. The G7 committed to hold nations accountable for harboring cybercriminals—and specifically called out Russia, which is believed to be a base of operations for many ransomware groups--but what does that really mean? I think it is a good start. It was good to see cybersecurity and the ransomware crisis play a central role and it’s important to send a message that state ignored attacks will not be tolerated.
President Biden also addressed the escalation in ransomware and cybercrime attacks with Putin when they met face-to-face. Biden and Putin reportedly discussed rules of engagement, so to speak—identifying specific industries or entities deemed as critical infrastructure and establishing that those should be off limits for cyber attacks.
Only time will tell how successful these meetings have been, or what happens if they have not been successful. What sanctions or actions are the G7 prepared to take against nations that do not cooperate with efforts to deal with cybercrime and ransomware groups (still looking at you, Russia)?
What is the Biden administration and the United States willing to do in retaliation for attacks against the 16 areas designated as critical infrastructure? Will that now be elevated to a more direct act of war status—something that warrants a physical response?
It also seems like there is some sort of tacit agreement that cybercrime and ransomware will continue—just not against specific targets. Establishing rules of engagement is very different from agreeing to a truce or vowing to work together to end the threat globally. It simply means that ransomware groups and cybercriminals will double down on targets that are within the rules of engagement.
I think it is good for everyone if we can agree not to shut down fuel or electricity, or taint water supplies, or impact air or rail travel—things that average citizens depend on and that could result in catastrophic and potentially deadly consequences. That seems like a step in the right direction.
Lior Div, CEO and co-founder of Cybereason, began his career and later served as a Commander in the famed Unit 8200. His team conducted nation-state offensive operations with a 100% success rate for penetration of targets. He is a renowned expert in hacking operations, forensics, reverse engineering, malware analysis, cryptography and evasion. Lior has a very unique perspective on the most advanced attack techniques and how to leverage that knowledge to gain an advantage over the adversary. This perspective was key to developing an operation-centric approach to defending against the most advanced attacks and represents the direction security operations must take to ensure a future-ready defense posture.