Blog

Thought Leadership

Ransomware

The elevation of cyber-crime to terrorism threat status

The elevation of cyber-crime to terrorism threat statusDefault blog imageDefault blog image
01
Jul 2021
01
Jul 2021

Prior to the late ’90s, terrorist groups were most often viewed through the lens of law enforcement and crime, not as a national security priority. Their pursuit was led by the FBI and international police efforts, with input from dedicated units sprinkled around the intelligence community.

The September 11 attacks changed everything. Terrorism was elevated to a significant national security threat, and this new status brought with it an unprecedented package of measures: new strategies, tactics, resources, technologies, and legislation.

Today, we are seeing a similar shift in the way the government is treating cyber-crime. The Department of Justice has declared that ransomware will now be treated with the same level of vigilance as terrorism. FBI Director Christopher Wray recently compared the current cyber-threat landscape to the challenge posed by the 9/11 aftermath, and several officials have followed suit in their declarations.

During his confirmation hearing for the new position of National Cyber Director, Chris Inglis – arguably the most senior individual for combatting state and non-state cyber actors – said the US government must “seize back the initiative that has too long been ceded to criminals and rogue nations… and bring to bear consequences on those who hold us at risk.”

This novel sense of urgency extends across all national security power centers, particularly the intelligence community. In turn, it will change the risk calculations made by cyber-criminals, as well as their ability to operate freely.

As for the strategic approach, the counterterrorism playbook fits well: go after the money, infiltrate and influence communications, and finally, put pressure on any and all safe havens, both online and geographic.

It is hoped that ransomware gangs will be disrupted in three key ways:

  • They will start to lose confidence in their payment mechanisms, and/or will require more steps and administration, which will divert attention from conducting their operations.
  • They will start to distrust their networks or believe they have been infiltrated, and subsequently spend more time vetting contacts and swapping out communications rather than conducting operations.
  • They will regularly have to change physical locations or rebuild confiscated infrastructure, making it harder to conduct operations.

However, the full force of the Department of Justice is not enough to dismantle cyber-crime. The intelligence collection and analysis required for these investigations cannot be turned on in an instant, and will come at a cost – intelligence officers, experts, and technical resources are already spread too thin. Determining where non-state cyber actors now rank within the “highest priorities” of government will be a major challenge for the Biden administration.

Instead, it will take a broader effort to stop ransomware and its future iterations. A campaign of pursuit must be coupled with an even greater defensive effort by public and private sectors, to rob ransomware actors of the operational wins that fund their activity. Director Wray recently made this point when he stressed there is “a shared responsibility” to combat cyber-crime. While offensive actions and intelligence operations can put pressure on ransomware groups, advantage in this battle is truly won on defense.

Perimeter breaches are inevitable. The organizations which are tackling ransomware well are those that recognize they will be infiltrated, and instead focus their efforts on understanding behavior in their own systems. The difference between becoming a ransomware victim and disrupting an attack is the capability to immediately detect and respond to malicious actions internal to the corporate environment. Artificial intelligence-driven security technology has shown itself to be effective in this regard, by interrupting threats in a targeted way, avoiding costly system shutdowns.

It is encouraging to see the US administration elevate cyber-crime to a national security priority, but they cannot tackle it alone. As the intelligence community starves these gangs of resources, better defenses will make it more difficult to extort payments in the first place. We need all parties to step up on their collective defense, stopping these groups from inflicting meaningful damage – even when they manage to break in.

More in this series:

No items found.

Like this and want more?

Receive the latest blog in your inbox
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
INSIDE THE SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
AUTHOR
ABOUT ThE AUTHOR
Marcus Fowler
SVP, Strategic Engagements and Threats

As SVP of Strategic Engagements and Threats, Marcus works closely with senior security leaders across industries on cyber security strategy and business resilience, including across Darktrace’s Federal Division. Marcus focuses his research and analysis around emerging and next generation cyber threats, trends, and conflicts. Prior to joining Darktrace in 2019, Marcus spent 15 years at the Central Intelligence Agency developing global cyber operations and technical strategies. He has led cyber efforts with various US Intelligence Community elements and global partners. Prior to serving at the CIA, Marcus was an officer in the United States Marine Corps. Marcus has an engineering degree from the United States Naval Academy and a Masters’ Degree in International Security Studies from The Fletcher School. He also completed Harvard Business School’s Executive Education Advanced Management Program.

share this article
COre coverage
No items found.
This Article
The elevation of cyber-crime to terrorism threat status
Share
Twitter logoLinkedIn logo

Good news for your business.
Bad news for the bad guys.

Start your free trial

Start your free trial

Flexible delivery
You can either install it virtually or with hardware.
Fast install
Just 1 hour to set up – and even less for an email security trial.
Choose your journey
Try out Self-Learning AI wherever you most need it — including cloud, network or email.
No commitment
Full access to the Darktrace Threat Visualizer and three bespoke Threat Reports, with no obligation to purchase.
For more information, please see our Privacy Notice.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get a demo

Flexible delivery
You can either install it virtually or with hardware.
Fast install
Just 1 hour to set up – and even less for an email security trial.
Choose your journey
Try out Self-Learning AI wherever you most need it — including cloud, network or email.
No commitment
Full access to the Darktrace Threat Visualizer and three bespoke Threat Reports, with no obligation to purchase.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Check out this article by Darktrace: The elevation of cyber-crime to terrorism threat status