Cyberattacks against Governments and official dependencies are increasingly common. To mention only a handful of cases, this week, PAMI had to cancel its online services due to ransomware, a type of virus that encrypts information in order to demand a ransom in return. Two months ago, INTA and ANMAT were also attacked. And the National Senate suffered last year a massive leak of internal documents.
The data is compelling: threat analysis companies such as CheckPoint Research show higher figures than in previous years. In its recent Global Cyber Attack Report, published during the second quarter of 2023, it was found that weekly attacks grew 8% compared to the same period of the previous year. Just taking CheckPoint detections into account, this means that there are 1,258 cyberattacks per week.
Due to this worrying scenario, various organizations are trying to provide tools: not only Argentina, but many governments, they are not prepared for a computer attack.
“One of the problems is that everything that is cyberthreat is not taken seriously enough in terms of resources and priority. Many senior government officials say ‘Cybercrime? I don’t understand any of that.’ And the reality is that you don’t have to be an expert or a programmer to understand the costs that cybercrime and cybersecurity can cost,” explains Chris Painter, president of the “Global Forum on Cyber Expertise” (GFCE)an entity created in 2015 and based in The Hague, the Netherlands, to assist entities against cyberattacks.
“The challenge is that some countries they do not have the institutions to deal with these problemsthey don’t have trained law enforcement officers, let alone a nationwide computer emergency response team: they don’t have a national strategy and they are not organized”, he adds.
Painter participated this week in the Second Summit Conference on Cyber Affairsa convention that took place Wednesday and Thursday at the UCA (Puerto Madero), where experts from various official spheres, with a strong presence of Ministry of National Security and Security Forces, presented on issues related to cybersecurity.
The expert has a prolific 32-year career in the field, from different positions: trained as a lawyer, became a federal prosecutor in Los Angeles and specialized in cybercrime. For this, prosecuted Kevin Mitnickfor many “the most famous hacker in the world” -who died about 2 weeks ago-. In addition, he was the one who received the first cases of manipulations in stock prices and prosecuted Mafia Boy, a teenager who carried out one of the first denial-of-service attacks.
Later he was deputy deputy director of the FBI’s Cyber Division, later jumping to the White House, under the Barack Obama administration, to build a cybersecurity policy. Currently, he is fully focused on the GFCE.
Talked with Clarion.
An entity to help governments
─What does the GFCE do?
─One of the things that we’ve noticed over the years in my career, and I think others have as well, is that many countries need help preparing for cybercrime. This is becoming a big problem: it is already a political, security and economic issue. But many countries do not know where to turn for help. So the Global Forum on Cyber Experience was created to bring together countries, civil society and the private sector, in what we call a “multi-stakeholder approach”, because none of those people can do it all to collaborate and coordinate capacity development.
─ How do they work, specifically?
─We work in particular areas such as cybercrime, training and cybersecurity awareness. We created working groups around that. We have a portal called Civil Portal where there are over 800 different “best practice” resources. It is publicly available to people.
─What is it that governments usually lack in terms of cybersecurity?
─Have a national strategy. That is where we have to intervene the most, helping them with that as a first step, supporting them to have a national computer emergency response team, helping them to have cybercrime laws. We help countries design these programs and share information.
─CISA, the Cybersecurity and Infrastructure Security Agency, is very active in the United States. Is it a way to go?
─In my experience, each country is organized differently and there is no universal solution. I worked in the White House and we coordinated all the different agencies, Department of Homeland Security, Justice and State and Congress. The most important thing is that all these agencies cooperate and work together. A cyberattack is not just a technical problem: It’s a broader issue and I think countries that understand this have made a lot of progress in recent years.
The current state of ransomware
─A few years ago only experts knew what ransomware was. Has that changed lately?
─One of the things I did apart from the Global Forum is that I was co-chair of an investigative working group on ransomware whose report came out a week before the big attack against the Colonial Pipeline in the United States (IST, see here). That was something that shook the industry, because when people couldn’t get fuel, when hospitals ran out no power and so on, that makes it a much more tangible problem: It stops being ethereal, it appears in newspaper headlines and people become more aware of this extortion problem.
─Industries, experts explain, are far behind in terms of computer security. What is known about this?
─Yes, the sector of the industry (OT, Operational Technology) it is usually handled with very old systems and this is very dangerous because they handle critical infrastructure and it is called that for a reason: life is much more difficult without it. And cybercriminals know it. Even small vulnerabilities are exploited by very clever hackers. There is a detail that is not minor: the vast majority of ransomware attacks exploit known vulnerabilities. This means that security patches exist, but users do not apply them.
─Why?
─Because basic “cyber hygiene” is not applied. It’s important to do that basic cyber hygiene, but it’s also important modernize our systems to make sure we are in control of the situation. We have many systems that are still very vulnerable to already reported vulnerabilities.
─Several surveys have detected a strange trend: ransomware ransom payments are falling, but the number of attacks is growing. How do you read this?
─I’ve seen the reports of ransomware payments going down. But one of the things that she would say is that We don’t quite know what’s going on. These are underrepresented numbers: many people still do not report these attacks, they are worried and they just pay the ransom and continue. And they run the risk of falling back into the hands of an extortion group. To tell the truth, I don’t know if we still have the full picture.
─Have there been advances against ransomware groups or are they always one step ahead?
─We have taken some steps in the last two years. To go after these groups, the United States has dismantled groups [como Hive a principios de año]has issued sanctions, has limited other countries, because some of the ransomware actors are in uncooperative nations. It’s become a priority for the last two years, so I think that’s helpful.
─The Clop cybercriminal group has already affected 590 organizations and almost 40 million individuals, according to Emsisoft.
─Precisely because of these data, this has to be a priority for the next 5 or 10 years. We’re going to do things to make it harder for criminals. They will turn to other resources, they are continually raising the bar.
─ “The prey has to escape every day, the hunter has to catch it only once”, they say.
─Exactly: that’s the problem with offense and defense, that you have to pay for a good defense all the time, but you only have to play a little to a good offensive to be successful. And that is a concern.
─What would you say is the biggest challenge, globally, for the work of the GFCE?
─I return to this concern of the cooperation. Considering that there are countries that do not cooperate in the prosecution of cybercrime, this is an obstacle. Some countries are simply not willing, either because of politics or because they are implicated in corruption cases, or who knows. But they are providing a safe haven for cybercriminals and this allows them to act with impunity. Especially since they may not be attacking you today, but they are attacking others and, eventually, they will come for you.
