The U.S. government is starting to offer million-dollar rewards to catch hostile groups attacking its infrastructure and businesses. Some warn that this aggressive response could shift the cyberattacks map to Europe and Asia
A picture is worth a thousand words. That of thousands of angry East Coast citizens queuing for miles to get fuel for their cars could precipitate a major shift in the cybersecurity universe. Global. A redrawing of the cyberattacks map worldwide.
It all started at the end of May. A ransomware group known as DarkSide (one of the youngest in the cybercrime world) apparently unintentionally disabled the Colonial pipeline.
They had just wreaked havoc. With their attack, they knocked out of service a critical infrastructure for the world’s leading power. A pipeline that supplies almost half of the fuel consumed on the East Coast of the country.
The consequences were not long in coming. Thousands of citizens crowded into gas stations to hunt for fuel, gas stations without reserves… A nonsense.
So much so that President Joe Biden had no choice but to take action and declare a state of emergency in up to 18 states. Some as important as New York, Washington DC or Florida.
In those days, according to some of the most prestigious U.S. media, Biden became truly aware of the problem. And he got down to work.
The president had already been shocked by the repercussions of the cyberattack on SolarWinds at the end of 2020. That an agency as critical as the NNSA, which controls the nuclear arsenal, was affected by the incident was telling.
But it was the images of the fuel shortages on the country’s major television stations that triggered their reaction. This couldn’t be allowed.
His decisions since then could redraw the cyberattacks map globally. Washington has activated an unprecedented package of actions against cybercrime.
Rewards of up to $10 million for information on ransomware and similar groups, creation of a White House working group to implement measures against these incidents…
The web for whistleblowers
The Biden Executive has ordered the US Secret Service and the FBI to make the fight against cybercrime one of their priorities. It has even created a website, Stopransomware, to follow up on complaints and tip-offs, protecting the sources.
That is to say, those who put on the trail of hostile actors can receive a juicy reward (which can even be cashed in cryptocurrencies) without their identity being revealed.
After the attack on Colonial, Biden in parallel urged the country’s technology companies to put all the means at their disposal to contain these threats. And once again the response has been unanimous.
Ten of the most important tech companies, including Microsoft, Google and Amazon, have begun to collaborate in the cause.
How? By participating in a strategy led by the Infrastructure Security and Cybersecurity Agency (CISA) to facilitate information sharing between the public and private sector to detect and neutralize any ransomware attack.
The latest pillar of Washington’s strategy to curb this problem has been to put the ball in the court of third countries, mainly Russia and China. In recent weeks, Joe Biden has directly and bluntly accused the governments of both powers of sponsoring the cybercriminals behind these assaults.
And it has threatened to take action, including sanctions programs, if they persist in this behavior. Moscow and Beijing are keeping a low profile for the moment. But it seems unlikely that they would want to confront a power like the US in the protection of groups that, although useful for some purposes, are really beyond their strict control.
In this context, some voices argue that the pressure Biden has begun to exert to contain this phenomenon could change the cyberattacks map at a global level.
Other territories, different targets
In what way? On the one hand, by focusing on territories that are less belligerent for the moment against ransomware groups. Europe or Asia, for example. On the other hand, by changing the targets. The targets to attack.
In recent years, government agencies and critical infrastructures in many countries have been targeted. But it’s becoming increasingly clear that the repercussions of these incidents are taking on much greater media and political relevance.
José Lancharro, the director of BlackArrow, the offensive and defensive services division of Tarlogic Security, explains it graphically: «It’s not the same for a ransomware to get into a company that lives on information as it’s for a power plant or a water treatment plant, which manage critical services for society. The consequences are very different», he says.
Lancharro is one of those who believes that «attacking critical systems is becoming an increasingly delicate issue because you can wake up the beast and the effort will be very costly». Metaphorically speaking, that beast today would be Biden and the U.S. Administration.
But also Russia, which has taken measures to protect its strategic infrastructures.
As things stand, it does not seem unreasonable to think that hostile actors could start to take aim at new targets to circumvent government pressures. And the easiest targets, as of today, are companies, especially those in areas that are more lukewarm in the fight against cybercrime, such as the Old Continent or Asian countries.
«It’s obvious -Lancharro maintains- that malicious code is going to go where the money is. And that’s why we suspect that these ransomware groups might go more towards Europe or Asia».
In recent months, there have been some signs that point in this direction. Several recently published reports indicate that mass attacks are no longer the main strategy of cybercriminals, who are now more focused on more targeted attacks on very specific architectures or victims.
Golang and the cyberattacks map
The appearance of ransomware created with Golang, some of them targeting industrial systems, would point to some worrying movements: the possibility that attacks on more specific systems and all types of architectures are beginning to flourish.
With this new cyberattacks map on the table, European companies will have little choice but to make a move. They must actively protect themselves and have advanced cybersecurity services in place to contain the ever-growing threats.
Over the next few years, companies will need to put in place high-level protections to deal with a phenomenon which, far from losing intensity, is still in full emergency mode.
The time to prepare for war has come.