A cybersecurity supervisor said to me at lunch last month: “I don’t have to be faster than the bear, I must be faster than the slowest runner.” In the past two decades, this type of attack is not easy to target. Philosophy has always been the cornerstone of many successful cybersecurity practices. This is very effective for organizations that have sufficient skills and funds to exceed the equivalent organization and delay the inevitable consequences for the organization.
Cybercriminals have always been opportunists who play digital games. For a long time, large-scale attacks with low success rates have provided a continuous source of unhealthy income.Although opportunistic crimes are very common, targeted and thoughtful attacks are on the rise, similar to Ocean 11.
In March of this year, The Record interviewed Unknown of the REvil/Sodinokibi group, which provides ransomware as a service to criminals for extortion, data theft and system sabotage attacks to make money from victims and/or buyers. In answer to the question whether it is aimed at those who have a cybersecurity insurance policy, Unknown replied: “Yes, this is one of the most annoying things. Especially invading insurance companies in the first place-in order to build a customer base and Work in a targeted manner. Then, after you carefully check the list, go to the insurer yourself.”
Soon after, CNA, a commercial insurance company based in Chicago, was attacked by ransomware. The latest update released by CNA in April confirmed the occurrence of a “complex ransomware” attack. It also promised: “Once our investigation is completed, we will notify any affected parties as appropriate.”
At this point, what we know is that criminals have developed sophisticated strategies (ransomware), distribution mechanisms (such as REvil), and patiently overwhelm larger prey (such as CNA). Being able to disrupt one of the largest existing organizations to underwrite cybersecurity risks is strong evidence that this bear is chasing faster and more delicious runners. If the criminal network has a list of insured companies and the number of insured companies, then they have created a menu of the most delicious food for the target.
With criminals’ appetite for the fast-forwarders of the past, the individualism of private organizations must be transformed into a collaborative herd community to survive this evolutionary change of predators. Both well-funded and underfunded organizations need to develop sustainable methods to share information with each other and cooperate with law enforcement agencies to increase the deterrence of criminals.
In the past, well-funded organizations in most industries had little incentive to help underfunded peer organizations. There is an exception among financial institutions. In the “2020 FBI Internet Crime Report”, the agency recovered more than 82% of the US$462 million lost by financial institutions. The industry has made early investments in collaboration mechanisms and agreements between each other and law enforcement agencies, and served as a prototype for effective collaboration groups.
Cybercrime is a subtype of crime, and the lessons we have learned in reducing the crime rate in the physical world are applicable to the cyber world. Private organizations need to cooperate with law enforcement agencies to establish workflows and communication strategies similar to neighborhood surveillance. A sustainable method for private organizations to connect with each other and communicate with law enforcement agencies is essential to increase the rate of arrests and convictions.
In the event of a CNA violation, I hope that CNA, its insured and law enforcement agencies have taken vigilant protective measures and surveillance measures to provide the evidence needed to prosecute these crimes and reduce the attractiveness of future crimes.
With the development of cybercriminals, corporate citizens and private citizens must also change. We must be prepared and able to exceed our vital interests and invest in protecting the entire community. In our process of protecting public goods, both fast and slow become safer.
Charles is committed to the maturity of InfoSec’s technology, which is built on the diverse career paths of the entire industry. He started serving at InfoSec in the U.S. Navy in 2002 and served as a cyber security officer at the U.S. Naval Graduate School. After leaving active duty, he was a soldier.