U.S. Military Sees Ransomware as National Security Threat

For the first time, the U.S. military acknowledged publicly it has taken action against ransomware groups.

In an interview with The New York Times, head of U.S. Cyber Command and Director of the National Security Agency (NSA) General Paul M. Nakasone said, in reference to incidents in the past year targeting U.S. corporations, “Before, during, and since, with a number of elements of our government, we have taken actions and we have imposed costs. That’s an important piece that we should always be mindful of.”

The interview signals a shift in U.S. policy. Previously the government viewed ransomware attacks on corporations as a law enforcement matter and under the purview of the FBI and the Department of Justice. With military involvement, it signifies that the NSA now sees it as a matter of national defense and features a military-law enforcement partnership.

“Take a look at the broad perspective of adversaries that we’ve gone after over a period of five-plus years: It’s been nation-states, it’s been proxies, it’s been criminals, it’s been a whole wide variety of folks that each require a different strategy,” Nakasone said, according to the Times. “The fundamental piece that makes us successful against any adversary are speed, agility and unity of effort. You have to have those three.”

While it is the first time the shift has been discussed openly, the shift has been reported on before. The Washington Post reported early last month on a Cyber Command operation that crippled the ransomware gang known as REvil.

Nakasone indicated in the interview that he thought the United States and other countries had made progress in understanding how cyber criminals operate, but warned that it will be a continuous fight with potentially major implications. From the Times article:

“What we have seen over the past year and what private industry has indicated is that we have seen a tremendous rise in terms of implants and in terms of zero-day vulnerabilities and ransomware,” he said, referring to an unknown coding flaw for which a patch does not exist. “I think that’s the world in which we live today.”

Speaking on a panel at the Reagan Forum, Nakasone said the domain of cyberspace had changed radically over the past 11 months with the rise of ransomware attacks and operations like SolarWinds. He said it was likely in any future military conflict that American critical infrastructure would be targeted.

“Borders mean less as we look at our adversaries, and whatever adversary that is, we should begin with the idea that our critical infrastructure will be targeted,” he told the panel.

As with just about any other day, there are several more major cybersecurity headlines. Here are four important developments.

Companies Linked to Russian Ransomware Hide in Plain Sight

This New York Times article describes the headway U.S. law enforcement has made in tracing the millions of dollars U.S. companies and municipalities have paid to ransomware gangs. A large chunk of it has been traced to Moscow’s Federation Tower East, the tallest building in the city.

Security Experts Question New DHS/TSA Cybersecurity Rules for Rail Companies

This ZDNet report discuss a new rule released by the U.S. Department of Homeland Security requiring freight and passenger railway companies to report cyber incidents. Several transportation experts say the rule is too broad and burdensome and could have the effect of lessening security as companies devote resources to be in compliance.

Microsoft Disrupts Chinese Hacking Group Targeting Organizations in Dozens of Countries

The Hill reported on a Microsoft announcement that a U.S. federal court has granted its request to allow the company to seize websites used by Chinese hacking groups.

FBI: Cuba Ransomware Group Hit 49 Critical Infrastructure Organizations

ZDNet reported on an FBI release from late last week details an operation traced to Cuban ransomware gangs that are targeting financial, government, healthcare, manufacturing, and IT sectors with the Hancitor malware. The FBI said the group had extorted at least $43.9 million so far.