The surprising relationship between Bitcoin and ransomware is being examined at the White House summit
Join us on the 9th. November to learn how to successfully innovate and achieve efficiencies by upskilling and scaling citizen developers at the Low-Code/No-Code Summit. Register here.
Bitcoin has brought with it many advantages: availability, liquidity, anonymity, independence from central authority, high return potential.
All this is a boon for cybercriminals, especially those who work across borders.
“When Bitcoin became more widespread, we saw a big jump in ransomware because it was the way to move money across borders,” a spokesperson identified only as a senior administration official said in a press briefing ahead of an international cybersecurity summit in Washington. week.
“It is a borderless threat and we have to deal with it in a borderless way,” the official said. In particular, when it comes to the illegal use of crypto, “the threat has clearly evolved.”
To coordinate and strengthen partnerships and more effectively counter ransomware threats to critical infrastructure, the Biden administration this week brought together leaders from 36 countries and the European Union.
“As we know, ransomware is a problem that knows no borders and affects each of the Counter Ransomware Initiative countries — our businesses, our critical infrastructure and our citizens — and it’s only getting more challenging,” the senior White House official said House.
Sharing progress, inviting the private sector
The White House launched the Counter Ransomware Initiative (CRI) last year during a virtual global summit to “bring together allies and partners to counter the shared threat of ransomware,” the senior administration said. The initiative has five working groups.
With this year’s event, the aim was to come together to discuss what these working groups have achieved throughout the year.
CRI partners focused on the five task force themes and also heard from US government leaders including FBI Director Chris Wray; Deputy Minister of Finance Wally Adeyemo on Countering Illegal Use of Cryptocurrency; Deputy Secretary of State Wendy Sherman; and National Security Adviser Jake Sullivan.
Officials were given a detailed threat briefing by the ODNI, FBI and CISA. This included a chart capturing 4,000 cyber attacks in the last 18 months outside the US
The summit also invited 13 private companies from around the world. These companies focused on three questions:
- What should the authorities do?
- What should the private sector do?
- What can they do together?
“This is just a first round to get the companies’ perspectives to make sure we’re not doing this in the traditional government way, which is just government to government,” the senior administration said. “We draw in the private sector because of their unique visibility, capacity and insight into it.
How organizations can protect themselves until a solution is found
Business leaders who weighed in at the summit praised the collective governments for addressing the issue, while stressing the importance of organizations proactively protecting themselves.
“Ransomware has become a serious problem on a global scale, so it’s no surprise that so many nations continue to band together to address the threat,” said Erich Kron, security awareness attorney at KnowBe4.
With ransomware gangs targeting sectors such as hospitals, which can lead to loss of life, “there is only greater urgency to find a solution to the problem,” he said.
Until there is one, he said, organizations must concentrate on training employees to quickly and accurately detect and report phishing attacks and secure remote access portals with multi-factor authentication (MFA). They must also ensure that software vulnerabilities are patched and networks are segmented, while implementing strong data loss prevention (DLP) controls.
In addition, increasing amounts of zero-day attacks and common vulnerabilities and exposures (CVEs) should be top of mind, said Jeff Williams, co-founder and CTO of Contrast Security.
As he explained, ransomware typically results from a malicious actor exploiting known CVEs. As such, entire classes of vulnerabilities should be eliminated by improving software defenses and using technologies such as runtime application self-protection (RASP).
“Additionally, we need to push back on industry when it tries to hide the visibility of weak security practices and technologies with claims that it will compromise intellectual property (it won’t) or make it easier for attackers (it won’t),” said Williams.
Strong public-private partnerships are important for cybersecurity transparency, he said, especially in software development and supply chain processes.
“We need far more insight into how the software we trust with the most important things in our lives has been secured,” Williams said.
As he pointed out, there’s very little an attacker can’t do after a successful breach: steal and sell data, interrupt service, corrupt records, and more.
“We need to get better at preventing attackers from taking control of our digital infrastructure,” Williams said.
National state actors must be stopped – and punished
Other business leaders emphasized the importance of targeting and preventing nation-state actors, such as Russian-speaking cartels with a Pax Mafiosa with the Russian regime.
“They not only offset economic sanctions, but act as cyber militias against Western targets in times of geopolitical tension,” said Tom Kellermann, CISM and SVP of Cyber Strategy at Contrast Security.
Forfeiture laws must be expanded to allow for greater seizure of assets held by cybercriminals, including Bitcoin and other cryptocurrencies, said Kellermann, who also served on the Commission on Cybersecurity for President Barack Obama’s administration.
And any exchange that does not embrace the tenants of the Financial Action Task Force (FATF) and is “obviously involved” in laundering the proceeds of cybercrime should be shut down through online means, he said. Their assets should be seized and used for the protection of critical infrastructure.
Finally, insurance companies should be barred from paying ransoms, as these violate the sanctions imposed on Russia and North Korea, Kellermann said.
Reduplication of work, systematization of information sharing
Progress has been made globally over the past year, the top administration said.
In particular, CRI’s Resilience Working Group held two threat exercises in 2021 to ensure that CRI members, regardless of time zone, could participate and learn from each other in implementing best practices to counter an attack.
The official also recognized India and Lithuania for resilience, Australia for disruption. Singapore and the UK for virtual currency, Spain for public-private partnerships, and Germany for diplomacy.
Meanwhile, the Treasury has been hosting workshops to help countries learn how to track illegal use of Bitcoin and other crypto. Treasury also leads the FATF, which has been looking to put in place “Know Your Customer” rules for cryptocurrency exchanges and the various parts of the crypto infrastructure.
CRI is building a new information sharing platform for any country to ask if others have seen certain ransomware attacks. Countries can then share information about what they have learned and how they fought the attack, the official explained.
“We really want to redouble our work, deepen the partnership — since it’s a borderless problem, so fundamentally no country can take it on alone — and put in place ways to systematize information sharing,” the official said.
VentureBeat’s mission will be a digital town square for technical decision makers to gain knowledge about transformative business technology and transactions. Discover our orientations.
