In a new post Steve King of CyberEd.io summarizes the first half of 2021. There has been an explosion of ransomware and new extortion methods targeting critical infrastructure business operations.
There has been an increase in four techniques:
- Local denial of access.
- Leaked extortion - "name and shame" victims.
- Distributed denial of service.
- Leveraging a victim's customers.
For ransomware, "to pay or not to pay" is still the question (apologies to Hamlet).
Federal agencies recommend segmenting systems to minimize ransomware impact; good logging systems to detect anomalous network behavior; backups and playbooks to strengthen resilience. The reality is that especially in industrial operating systems preventative measures are not in place. Few companies keep logs beyond 90 days; most small and medium size businesses have no incident response plans; and getting a competent CISO outside a major urban center is not easy.
Plant operators with unsupported legacy systems will have to shut down in order to install needed detection and prevention.
President Biden's executive order makes recommendations but needs to be enforced or present conditions will continue.
In King's view, this should be treated as a national emergency.