The past year has seen a number of multi-government cyber takedowns in which different nations have teamed up to tackle global ransomware operations. And today, with the UK and other NATO member countries at high risk of imminent cyber-attack in light of their response to Russia’s invasion of Ukraine, there’s never been a greater need for international collaboration.
Steve Forbes is government cyber security expert at Nominet.
Joint efforts between the governments of allied nations offer a better chance of pre-empting cyber-attacks, mitigating their impact, and effectively taking down global cybercrime networks. However, as recent events have proven, their continued success isn’t guaranteed. While these kinds of attacks remain so potentially lucrative and the leaders of these groups deem the risk of arrest low, the suppression of these criminal groups is likely to be temporary. More comprehensive agreements between nations are required if the culprits behind these malicious threats and their enablers are to be punished, and the UK and its allies better protected from attack.
It’s hard to overstate the significance of the reported multi-country takedown of the ransomware group REvil, responsible for attacks against meatpacking company JBS, and software provider Kaseya among others. A joint operation between US and Russia intelligence agencies forced the group offline in late 2021, hijacking its servers and disrupting its operations.
Yet, while this was certainly a major win in the battle against ransomware, and a prime example of the benefits of inter-governmental cooperation, not all such attempts have been so successful. Ten months after a coordinated operation by global law enforcement agencies disrupted the infrastructure of Emotet, one of the world’s most dangerous botnets, and a notorious vector for ransomware attacks, the malware was once again seen to be infecting computers worldwide.
If anything, this demonstrates that we can’t afford to rest easy. Ransomware attacks such as those carried out by REvil and Emotet can generate significant income, enabling the organizations behind them to rebrand and reinvent themselves many times over. When the ringleaders and masterminds of these criminal organizations are not arrested, the chances are that the groups will quickly spring back into action. What’s important, therefore, is that multi-government law enforcement measures start to make the risk greater than the reward for cyber criminals.
Importance of information sharing
Governments across the globe need to take a collaborative, connected approach toward cybersecurity, bolstering a strong system of defense that will minimize the threat of cyber-attack by rogue operators. A combination of network analysis to identify the tell-tale signs of a ransomware attack, robust back-ups to aid recovery, and cross-country coordinated takedowns will be key to stemming the flow of successful ransomware attacks in the future.
The sharing of information is vital to this approach, maximizing security by pooling threat intelligence by one central body. This means that, if one country’s infrastructure is targeted by a threat actor exploiting a particular vulnerability, other countries could be warned, ensuring they’re better prepared to protect themselves. Armed with critical knowledge received from their allies, they would be able to respond quickly and more effectively to any attack.
It may not guarantee one hundred percent protection, but such an approach will empower governments with a base level of security that allows them to spend more time and resources on more targeted attacks, rather than on a large number of lower-level, and potentially less harmful, threats. Importantly, it will also raise the bar for criminals. By thwarting their more ambitious plans, it will make it as cost-prohibitive as possible for them to carry out further attacks.
Attacking threat actors from a position of greater intelligence will, ultimately, reduce the risk of attack and, in turn, improve a country’s security posture. Most countries will have their own security provisions in place, of course, but the cyber-defense created by pooling resources and insight in this way will be worth far more than the sum of its parts.
A whole of society approach
The UK Government recognizes the importance of this more connected approach to cyber-security. Its first ever National Cyber Strategy, published in December 2021, places cyber power at the heart of the UK’s foreign policy agenda, and recognizes that every part of the strategy depends upon international engagement.
Greater coordination is vital to the strategy, too. In it, the government commits to following the National Cyber Security Centre’s (NCSC) Active Cyber Defence (ACD) program until at least 2030, a significant element of which is the establishment of a new Government Cyber Coordination Centre (GCCC) and a cross-government Vulnerability Reporting Service (VRS), which will enable the government to “defend as one” when managing incidents, vulnerabilities, and threats.
Although this refers predominantly to co-operation and intelligence sharing between various public and private sector organizations, this multi-level, whole-of-society approach will, with additional strategic collaboration, enable the UK to harness its cyber power, defend its citizens and infrastructure, and be a responsible global citizen.
The recent takedown of REvil proved the power of multi-government cyber-security initiatives. But, in an environment in which criminals are able to grow in strength off the back of their ill-gotten gains, and especially given the escalating situation in Ukraine, there’s a need for much closer international relationships and information sharing. On its own, a country’s cyber defense may be strong. Together with other countries, though, they could be impenetrable.