Ransomware is not a new issue by any means, but the attack on the Colonial Pipeline thrust the issue into mainstream media. The United States Government is now working to address cybersecurity shortcomings in the nation’s critical infrastructure. Two bills have been introduced to combat these shortcomings. The Pipeline security Act would codify into law the roles the Transportation Security Administration and the Cybersecurity and Infrastructure Security Agency (CISA) play in securing gas and oil pipelines. Meanwhile the CISA Cyber Exercise Act would create a program in which government and companies would test their IT infrastructure. Binary Defense analysts will continue to monitor this legislation for updates and changes.
Combating ransomware has become a priority for law enforcement agencies and government officials. Many ransomware gangs have gone quiet on criminal forums and the dark web in hopes to disassociate themselves from the added pressure. A major Russian speaking criminal forum, XSS, banned all discussions of ransomware in hopes they will not be shutdown. Some criminal groups are exploiting the situation to establish themselves as a more prominent ransomware group by mocking those groups that have taken a back seat in the current climate. To combat ransomware, organizations must take a wholistic view of security controls, awareness, monitoring and response. Organizations must ensure employees are properly trained on best security practices. Employees must understand how ransomware gangs gain initial access into a company. Binary Defense’s Security Operations Task Force monitors clients’ workstations and servers 24/7 to detect attacks based on possible attacker behaviors and prevents intrusions in the early stages to keep companies from suffering major damage.