最后更新于2022年3月17日星期四13:01:34 GMT
在过去的几十年中, attackers breaching systems 和 stealing sensitive information prompted a wave of regulations focused on consumer privacy 和 breach notification. 目前的激增 ransomware攻击 是否促使政策制定者采取新一轮行动. 不像侵犯个人信息所带来的更抽象的危害, 勒索软件会使系统瘫痪, 暂停商业和政府运作,并可能威胁到健康和安全. 对这种形式的网络犯罪的认识发生转变的一个迹象是,拜登总统 解决 勒索软件威胁 多个 次 in 2021.
The increased stakes of 勒索软件威胁 are pushing regulators to take a harder look at whether regulatory requirements for cybersecurity safeguards are effective or if new requirements are needed to help combat the threat. The federal agencies are also stepping up their coordination on information sharing 和 incident 报告ing, the Administration is growing its collaboration with international partners 和 the private sector. 让我们看看最近和正在进行的一些举措.
关键基础设施的网络安全要求
2021年3月, Secretary of Homel和 Security Mayorkas announced a series of initiatives to strengthen cybersecurity for critical infrastructure, 称勒索软件是对国家安全的威胁. 不到两个月后, 殖民管道勒索软件事件 扰乱了东海岸的燃料供应.
在殖民地袭击后不久, the Transportation Security Administration (TSA) exercised its authority to impose security regulations on the pipeline sector. 通过 两个 单独的 规则, TSA要求管道运营商建立事故响应和恢复计划, 实施缓解措施以防范勒索软件攻击, 并接受年度网络安全审计和架构审查, 除此之外.
2021年12月,运输安全管理局还发布了新的航空安全规定, 货运铁路, 客运铁路 行业. The regulations require (除此之外) 报告ing ransomware incidents to CISA 和 maintaining an incident response plan to detect, 减轻, 并从勒索软件攻击中恢复.
Ransomware is a key motivating factor in the sudden tightening of cybersecurity requirements. 此前,管道的网络安全法规是自愿的 宽松的关系 管道运营商和监管机构之间. 政策制定者越来越多地表达了对其他问题的担忧 关键基础设施部门 你的处境相似吗. With basic societal needs at risk when ransomware successfully disrupts critical infrastructure operations, 一些立法者 信号 对为关键部门制定额外的网络安全法规持开放态度.
外国资产控制办公室的制裁
联邦政府也在利用其制裁权力来阻止勒索软件的支付. 根据FinCEN最近的一份报告 报告在美国,报告的勒索软件交易平均金额约为1亿美元 每个月 in 2021. 这些付款鼓励了更多基于赎金的攻击,并为其他犯罪活动提供资金.
外国资产控制办公室(外国资产控制办公室) 发布 指导 warning that paying ransoms to sanctioned persons 和 organizations is in violation of sanctions regulations. 这些违规行为的责任, 外国资产控制办公室的笔记, applies even if the person did not know that the ransomware payment was sent to a sanctioned entity.
Critics of this approach warn that 应用ing sanctions to specific attacker groups is ineffective as the groups can simply rebr和 or partner with other criminal elements to take payments. They add that sanctions 实施 on payments does nothing but further victimize those organizations or individuals being attacked 和 remove their choices for recovery or force them underground. 勒索软件的报道已经严重不足, 批评制裁的人士警告说,制裁可能会导致缺乏透明度.
最近,外国资产控制办公室还发行了虚拟货币 指导 ——针对货币公司, 矿工, 交流, users — emphasizing that the facilitation of ransomware payments to sanctioned entities is 非法. The 指导 also describes best practices for assessing the risk of violating sanctions during transactions. 此外,外国资产控制办公室 实施 sanctions on a Russia-based cryptocurrency exchange for allegedly facilitating financial transactions for ransomware actors — the first sanctions of this kind.
外国资产控制办公室 接着是一个建议 on sanctions 指导 for the virtual currency industry 和 applied sanctions on a cryptocurrency firm that was not doing its due diligence in preventing the facilitation of payments to ransomware criminal gangs.
Ransomware报告
Requirements to 报告 ransomware payments 和 ransomware-related incidents to federal authorities is another area to watch. Incident 报告ing requirements are in place for federal agencies 和 contractors via a Biden Administration 行政命令, but Congress is taking steps to expand these requirements to other private-sector entities.
众议院和参议院都取得了进展 立法 这将要求企业在24小时内报告勒索付款. 报告需要包括付款方式, 付款说明, other details to help federal investigators follow the payment flows 和 identify ransomware trends over time. The 立法 would also require owners 和 operators of critical infrastructure to 报告 substantial cybersecurity incidents (including a disruptive ransomware attack) within 72 hours. 有趣的是, the 立法’s definition of “ransomware” encompasses all extortion-based attacks (such as the threat of 分布式拒绝服务),而不仅仅是在支付赎金之前锁定系统操作的恶意软件.
Although the House 和 Senate 立法 cleared several hurdles, it did not pass Congress in 2021. 然而, 我们预计会再次推动事件报告, 或者其他针对勒索软件的立法, 2022年及以后.
更新-三月. 17, 2022: The Cyber Incident Reporting For Critical Infrastructure Act has been enacted 和 is now law. 欲知详情,请 看看我们的博客.
一种更具协作性、全政府参与的方式
拜登政府 特征 勒索软件作为一个经济和国家安全问题相对较早,并且已经 详细的 许多联邦政府的努力来对抗它. We have also seen a marked increase in both international government 和 law enforcement cooperation, 并确定公私合作, 起诉, 并打击勒索软件罪犯, 找到他们的避风港. 除上述外,最近的努力还包括:
- 2021年4月,美国司法部(DOJ) 创建 一个数字勒索特别工作组,并于6月成立 升高 勒索软件将成为与恐怖主义同等重要的问题.
- 2021年6月,美国政府出席G7峰会,讨论勒索软件问题 承诺 “to work together to urgently address the escalating shared threat from criminal ransomware ne两个rks.” They went on to “call on all states to urgently identify 和 disrupt ransomware criminal ne两个rks operating from within their borders, 让这些网络为他们的行为负责.”
- 同样在2021年6月,勒索软件在 欧盟-美国司法和内政部长会议, with 承诺s made to work together to combat “ransomware including through law enforcement action, raising public awareness on how to protect ne两个rks as well as the risk of paying the criminals responsible, to encourage those states that turn a blind eye to this crime to arrest 和 extradite or effectively 起诉 criminals on their territory.”
- 2021年8月, 网络安全和基础设施安全局(CISA)宣布成立 联合网络防御协作 (JCDC)“整合跨多个联邦机构的独特网络能力”, 许多州和地方政府, 以及无数的私营部门实体.”
- 2021年8月,白宫宣布 自愿工业控制系统网络安全倡议 加强关键基础设施抵御勒索软件的能力.
- 2021年9月,NIST发布了一份 勒索软件风险管理简介 浏览其网络安全架构.
- 2021年10月,白宫举办了一场 反勒索软件倡议会议, bringing together governments from 30 nations around the world “to discuss the escalating global security threat from ransomware” 和 identify potential solutions.
- 同样在2021年10月,a 国际执法机构和私营部门专家小组进行了合作 迫使勒索软件组织REvil下线.
- 2021年11月 美国司法部宣布 逮捕了三名勒索软件攻击者,对第四人提出指控,并“扣押了6美元”.100万美元的资金可以追溯到所谓的赎金支付.” It attributed these successes to “the culmination of close collaboration with our international, 美国政府, 尤其是我们的私营部门合作伙伴.”
- 由多个联邦机构合作制作 StopRansomware 网站, 它提供了什么是勒索软件的基本资源, 如何降低风险, 以及如何报告事件或请求帮助.
- 高级政策制定者正在进行的工作,如 副司法部长丽莎·莫纳科,以及联邦机构,如 CISA和FBI, to keep up a steady flow of timely alerts about the threat of ransomware 和 the need for public 和 private-sector collaboration to fight it.
勒索软件让安全成为人们关注的焦点
多年来,大多数政策制定者没有“明白”网络安全的必要性,这是有争议的. 现在,情况发生了显著变化, 随着勒索软件和民族国家之间的竞争,人们重新产生了紧迫感. 考虑到严重性, 持久性, 以及勒索软件威胁的广泛性, Rapid7支持检测和减轻这些攻击的新措施. 这些趋势似乎不太可能很快减弱, we expect regulatory activity 和 information sharing on cybersecurity to be driven by ransomware for some time to come.
更多阅读:
