08.07.2021 – 15:32
“Will they act?” President Biden asked after his meeting with President Vladimir Putin in Geneva whether the Russian government would finally crack down on pirate gangs.
His answer to his question: “We will find out.” We have now discovered it.
A massive attack by the piracy group REvil hit up to 1,500 businesses in the United States, Europe and Asia late last week – reportedly the single largest such salvo in history, and only the latest in a series of breaches by collectives based or otherwise affiliated with Russia.
Thankfully, the breakdown of software firm Kaseya appears to have caused less damage and disruption to the critical industry than the recent compromises this spring between food processor JBS and the Colonial Pipeline oil transportation network.
But that the incursion has taken place is a disturbing sign that Putin has not listened to Biden’s push to stop cybercriminals currently operating in his country from wreaking havoc around the world.
The White House is running into a strategy for ransomware, malware that targets systems and information until it’s paid – with hijackers sometimes also threatening to release sensitive data if their demands are not met.
Such a strategy is definitely needed: It should include discouraging ransom payments, regulating cryptocurrency exchanges to expand your client recognition requirements and money laundering, and mandating minimum security standards along with other practices. best for strengthening defense.
But Kaseya breach is a derogatory reminder that companies can never defend themselves perfectly.
The firm was aware of the vulnerability that hackers exploited and was working to fix it; the problem was that the hackers got there first.
Protection, in other words, is not enough.
Work is also needed. And the most effective offense could come from Putin if he had any interest in running a show.
Many cybercriminals based in Russia cooperate directly with the regime and its security services.
Others act in accordance with what they believe to be the official wish, knowing that this is a ready guarantee against punishment.
The Kremlin is very effective in enforcing the law, or its version of the law, when it wants to be: Just ask the imprisoned opposition leader Alexei Navalny.
Does anyone really believe that the same institution is incapable of doing anything about even the most prominent hackers within its borders?
Biden should not believe it.
Putin will not act in the absence of credible consequences for inaction and is now in the White House to make clear what those consequences could be.
These should not simply include the typical menu of sanctions, asset freezes or trade restrictions, and not merely attempts to disable any criminal infrastructure, including cloud-based services, outside Russia.
The consequences must also include the aggressive disruption of these gangs wherever they are: in Russia, on its Internet, in all the cyberspace over which it claims sovereignty.
The least acceptable answer is to wait longer to “discover” what everyone already knows.
Translated and adapted by The Washington Post / konica.al