‘The Next Pearl Harbor, The Next 9/11, Will Be Cyber’ — A Cybercrime News Round-Up

July 23, 2021

By a Biometrica staffer

Experts and lawmakers across the country are sounding the alarm over what seems to be a cyber free-for-all on American businesses, infrastructure systems, and industries. President Joe Biden brought the subject up with the Russian government, and various intelligence agencies have issued advisories on how to prepare for, prevent, and deal with cyberattacks.

In May, it was Colonial Pipeline, the largest fuel supply line in the country, that was debilitated by a ransomware strike. The resulting outage caused gas supply shortages all across the south-eastern United States, driving up prices and prompting the president to issue multiple urgent orders to patch up the gaps.

Yesterday, we wrote about how K–12 schools became the number one target for ransomware attacks last year, once learning shifted entirely online, severely straining an already impacted system.

“I believe that the next Pearl Harbor, the next 9/11, will be cyber,” U.S. Senator from Maine Angus King said this week, succinctly describing what can feel like a multi-front assault. 

With seemingly daily attacks on both private and public organizations, it can be hard to keep track of the latest news in the world of cybercrime. Today, we sum up some of the key developments on this front over the last week.

Water Systems

Earlier this week, experts urged the government to turn its eye towards what could be the most vulnerable and worrying sector to be hit with a cyberattack — critical water and wastewater systems. According to one official, the country has 50,000 drinking water and 16,000 wastewater systems dispersed all across the nation. Many of these sites are in rural areas and do not possess the resources or the capabilities to mount an efficient defense against cyberthreats. Increased coordination and budget allocation is required to implement effective security measures.

The risk potential of attacks on water systems are multifaceted. On one hand, such an attack could severely impact already-strained infrastructure and public health sectors. On the other hand, there is a significant chance of a psychological fallout after such an attack, according to one official. When the public learns of drinking water systems becoming compromised, it could lead to widespread panic and fear.

These vulnerabilities seem to have been picked up on by malicious actors as well. Earlier this year, a hacker tried to poison the water supply in a Florida town, albeit unsuccessfully. In January, a different hacker gained access to the systems of a water treatment plant in San Francisco; and just two months later, one person was indicted for breaching the water system of a county in Kansas.

Kaseya Obtains Master Decryption Key

Kaseya, the Florida-based company at the center of a massive ransomware attack over the Fourth of July weekend, announced that it had acquired a universal key that would decrypt all the data that had been hacked and locked in that incident. Kaseya said the key will be provided to all the victims, though it may be too late for many of them, who have likely already used back-ups or have started from scratch to rebuild their systems.

At the time, over 1,000 businesses and public organizations across the world were left reeling as supply-chain, IT, and infrastructure systems were compromised. The Russia-linked group REvil that was behind the attack reportedly became overwhelmed by the number of ransom negotiations it was receiving from across the world, and settled for a $50–$70 million ransom for the master key.

It is unclear how Kaseya got the key; all the company would say is that it had come from “a trusted third party.” Cybersecurity firm Emsisoft verified the authenticity of the key. According to experts, the key could have been provided due to Kaseya or a government paying the ransom, the victims may have come together to pool funds and pay the money, a discontented member of the group may have passed it on as a revenge move, or the Russian government could have seized it from the criminals and turned it over through back-channels.

Cyberattacks Crippling Tribal Casinos

At the National Indian Gaming Commission (NIGC) Tradeshow this week, officials revealed to operators that cyberattacks against tribal casinos have spiked 1,000% since 2019, when there was only one such attack. Since January 2020, however, NIGC has received at least 12 complaints of ransomware attacks.

NIGC Officials are saying they may now require casinos to mandatorily report such attacks. They are also urging operators to invest in cybersecurity to protect their data and customers’ personal information. Apparently, ransom demands have ranged from the low thousands to over $1 million.

In June this year, six tribal casinos in Oklahoma fell victim to malicious cybercriminals, and were forced to close temporarily, significantly affecting an industry already suffering due to Covid-19 lockdowns. Similarly, last year, the Cache Creek Casino Resort in northern California was forced to suspend operations for three weeks after an attack.

Russian Cybercriminal Groups Banding Together

Experts are warning that some of the largest and most notorious Russian cybercriminal gangs — including Wizard Spider, Twisted Spider, Viking Spider, and LockBit — are coming together in one “cartel-like” coalition to share techniques, stolen information, tools, custom malware code, and technology infrastructure, all of which are “limited resources.”

One analyst is warning that this coalition might be the most dangerous form of cybercriminal groups seen to date due to the fact that it is more structured and organized, leading to particularly sophisticated weaponry. In the past, groups have appeared and disappeared without much fanfare in the aftermath of becoming the subject of scrutiny, rebranding and reworking their strategies before popping back up.

New Proposal To Mandate Cyberattack Reporting

A bipartisan group of senators on the Senate Select Committee on Intelligence unveiled on Wednesday, July 21, a proposed Cyber Incident Notification Act that would require federal agencies and contractors, as well as critical infrastructure companies, to tell the Department of Homeland Security if they have been victimized by a cyberattack.

The aim is to increase the speed at which reports are made, allowing the government to respond in an efficacious and expedient manner. Currently, companies are not obligated to report such incidents, which can complicate matters for the federal government, especially if their own systems have also been compromised in the hack.