New DoJ Strategic Plan Targets Cyberattacks, Ransomware
The United States Department of Justice (DoJ) plans to make the prosecution of cybercriminals and the disruption of ransomware attacks key objectives of its new strategic plan, which includes the enhancement of its own technological and investigative capabilities.
The DoJ outlined key four key strategies for fighting cybercrime and listed a series of key performance indicators to measure success.
The key strategies include the deterrence, disruption and prosecution of cyberthreats, the strengthening of intergovernmental, international and private-sector partnerships to fight cybercrime, more robust safeguarding of Justice Department data and information and an enhancement of cyberresilience within the private sector and other government agencies.
Among the KPIs listed by the DoJ was the percentage of reported ransomware incidents from which cases are opened, added to existing cases or are resolved or into which investigative actions are conducted within 72 hours.
The Best Defense
Joseph Carson, chief security scientist and advisory CISO at Delinea, a provider of privileged access management (PAM) solutions said one of the best ways to deter cybercriminals from carrying out malicious cyberattacks is to show that when they break the law, they will be caught and prosecuted.
“This move and focus are critical,” he said. “However, for it to work, the Department of Justice must demonstrate that they can successfully catch and prosecute some of the most notorious criminal gangs. Unfortunately, many of those criminal gangs operate outside the U.S. which means the only way this can be successful is through extensive international cooperation.”
Carson pointed out this is not just a U.S. issue but a global challenge, which means the entire cybersecurity community must work together to protect the digital world.
From his perspective, the fewer places there are for cybercriminals to hide and operate and the more pressure that is placed on governments who provide safe haven for criminals’ gangs, the more likely it is that the DoJ plan will work.
He added that one major metric is missing: The number of safe places where cybercriminals can operate must be reduced.
“The other metrics are a good starting point, and it is important to have metrics that can be measured,” he said. “However, metrics focus on operational areas; I believe if it is to truly meet the strategy, then it must also focus on the successful prosecution of cybercriminals as a measurement of success.”
Matthew Warner, CTO and co-founder at Blumira, a provider of automated threat detection and response technology, said as attacks against businesses and infrastructure continue to grow, so has the impact of these attacks.
“Ransomware is a systemic risk to all computing at this point, which requires a unique response from governments,” he said. “To do this, however, requires a task force that can respond in a way that we have not seen before in cybersecurity—similar to government and commercial partnership efforts to take down botnets.”
He added that if governments want to defend their and their allies’ infrastructures—commercial or not—reducing ransomware across the globe is paramount.
“Ransomware will only continue to grow, as will new attacks leveraged by ransomware, which means that not only the government but also all private entities must level up quickly to defend properly,” Warner explained.
Transparency Key to Fighting Ransomware
He added the nature of blockchain—and therefore, cryptocurrencies—means that every transaction is available for the world to see.
“While attackers will try to move this money around through tumblers, in the end it must end up somewhere to convert to usable currency,” Warner said. “Government initiatives, such as the DoJ, have the opportunity to track cryptocurrency use and look for clusters of ransomware payments being funneled through the blockchain.”
Warner said if the target wallets and/or transfers in and out of these potential ransomware wallets can be identified, then governments can disrupt the actors by seizing cryptocurrency from them.
“This was seen when the U.S. seized $30 million in crypto from the NetWalker ransomware group in early 2021,” he pointed out.
From the perspective of John Bambenek, principal threat hunter at security and operations analytics SaaS company Netenrich, ransomware has continued and escalated unabated because there are essentially no consequences.
“Until that changes, the prevalence of ransomware will continue,” he said, noting that ultimately, this is an international law enforcement problem.
He noted that while the case agents working these cases are excellent, there are countries that don’t cooperate with the Western world, so even naming these criminals has little impact.
“Without sustained international engagement only so much progress can be made beyond transient disruption,” Bambenek added.
He explained that the faster DoJ responds to these cases, the faster evidence can be collected and analyzed before the criminals delete it—this also enables other support activities.
“For instance, instead of banning ransomware payments, that money can be tracked to feed into investigations that could lead to money being recovered or criminals prosecuted,” he said.
