Feb 20, 2020

Axios Codebook


A new study by Axios Codebook shows that, in the week before the RSA conference, 99% of all cybersecurity firms release at least one research study. (At the remaining 1%, the PR person was out sick.)

Today's newsletter is 1,213 words, a 4.5-minute read.

1 big thing: The rise and rise of ransomware

Illustration: Aïda Amer/Axios

Ransomware attacks are becoming smarter, more common, and more dangerous.

What's happening: In ransomware incidents, attackers take systems down and demand payment (usually in bitcoin) to restore access to them.

  • Compared with the political impact of election hacking or the privacy violations of data breaches, ransomware has typically been viewed as the cyber equivalent of hit-and-run robbery.
  • But aggressive new tactics, including threats of massive file dumps, are blurring the lines between ransomware and other attacks, making them a national security issue as well as a business problem.

Driving the news: In the latest indication that ransomware is moving beyond its best-known targets — state and local governments and healthcare systems — a Department of Homeland Security advisory on Tuesday reported a ransomware attack that forced a natural gas compression facility to shut down two days.

  • Analysts at Dragos identified the incident as one reported in December by the Coast Guard.
  • Last month, researchers at Emsisoft warned that ransomware attacks could disrupt the 2020 U.S. elections. "[T]hreat actors could use ransomware to tamper with the 2020 election process by attacking county-level entities and lower-level election officials," according to the Emsisoft report. Attacks could "potentially disrupt local voting infrastructure, stifle access to information, leak voter data and ultimately undermine public trust."
  • The Palm Beach County, Florida, election supervisor told the Palm Beach Post last week that the county had suffered a ransomware attack in September 2016. The county's previous election supervisor, who was in office then, denied the report.

The big picture: A raft of recent ransomware research paints an alarming picture of a threat that's still evolving.

  • The threat analysis firm Recorded Future reports a 20% increase in ransomware incidents affecting state and local governments and healthcare institutions year-to-date for 2020 compared with the same period in 2019.
  • Recorded Future and other analysts note that many ransomware attackers now also seize mountains of data from target networks before shutting them down, then use the threat of publicizing the private documents to demand payment.
  • In another trend, a whole industry of "ransomware as a service" providers is emerging to handle the technical work for would-be ransom takers.
  • IBM reports "high levels of code innovation" in the ransomware realm, and finds that the most common vulnerability exploited by ransomware is a flaw in a part of the Windows operating system called SMB, or "server message block."

Yes, but: The full scope of ransomware activity is tough to gauge because private industry is under no obligation to report incidents — and many affected companies are unlikely to admit they've been had.

  • According to the FBI's Internet Crime report for 2019, the IC3 received 2,047 complaints identified as ransomware last year, with adjusted losses of over $8.9 million.
  • That's compared to a total of 467,361 complaints of all kinds in 2019 — an average of nearly 1,300 every day — with more than $3.5 billion in losses to individual and business victims.
2. Ransomware, by the numbers

Here's more data on ransomware from Emsisoft, as reported by Axios' Orion Rummler:

  • Ransomware incidents cost U.S. companies and organizations roughly $7.5 billion last year, the company estimates.
  • Local governments have succumbed to ransomware at a rate of one incident every other day since the start of 2020, according to Emsisoft estimates. Those attacks have resulted in interrupted 911 emergency services, closed schools, and states left unable to issue or renew driver's licenses.
  • At least 10 police departments were targeted in 2019 and 2020, including the NYPD, as reported in November, whose fingerprint database was hit.
  • Other targets reported this year include the Contra Costa County Library in California, the Albany County Airport Authority in New York, the New Mexico Public Regulation Commission, the Ernest N. Morial New Orleans Convention Center, the North Miami Beach Police Department, and Belvidere City Hall in Illinois.
  • In 2019, courts across Georgia had to reenter civil and criminal records because of an attack. They were among 113 government entities targeted, per Emsisoft.
3. On Huawei, it's Trump vs. Trump

Illustration: Aïda Amer/Axios; Photos: Leon Neal/Getty Staff, Fabrice Coffrini/Getty Contributor

The Trump administration's campaign to keep Chinese tech giant Huawei's equipment out of allies' 5G networks keeps bumping up against confusing messages from the president himself.

Driving the news: A pair of presidential tweets Tuesday seemed to undercut the hard line Trump officials have been taking in urging allies like the U.K. and Germany to bar Huawei products from their 5G build-outs.

"The United States cannot, & will not, become such a difficult place to deal with in terms of foreign countries buying our product, including for the always used National Security excuse, that our companies will be forced to leave in order to remain competitive. We want to sell product and goods to China and other countries.”
— President Trump on Twitter

Trump's messages came after a debate in his administration over whether to allow the sale of GE engines for a Chinese passenger jet to proceed, per Reuters.

Between the lines: The president's statements reinforced an argument administration critics have long made — that the Trump team doesn't really care about the national security case against Huawei, and is mostly interested in using the company as a bargaining chip in his trade dispute with China.

  • "It seems as if the president, at any moment, could overturn whatever decision China hawks in the administration make," the Council on Foreign Relations' Adam Segal told the Washington Post.

Meanwhile: Late Wednesday, the president announced he was appointing Richard Grenell, currently ambassador to Germany, to be acting director of national intelligence.

  • Grenell has been an outspoken proponent of get-tough-on-Huawei policies.
4. Dell sells RSA for $2 billion

Dell has owned the venerable company RSA Security since it acquired RSA owner EMC in 2016. Now Dell is selling RSA to an investor group led by Symphony Technology Group for $2 billion — roughly what EMC had paid for the company back in 2006.

  • The humongous RSA Conference, which kicks off in San Francisco next week, comes with the package.
  • Observers say Dell needs the cash more than it needs RSA's technology.

Flashback: Long before RSA was a conference, it was a company.

  • Before that, it was the initials of three computer scientists — Ron Rivest, Adi Shamir, and Leonard Adleman — who devised a widely used encryption scheme, then founded a company to build a business around it.

RSA Security, the company, dates back to 1982 — the pre-commercial internet era.

  • In the mid-'90s RSA championed widespread use of encryption, which the U.S. government was aiming to restrict.
  • It helped lead the fight against the Clinton administration's Clipper Chip plan, which tried to introduce government-accessible back doors to most digital products. (Attorney General William Barr is backing a similar move once again today.)
  • Nearly two decades later, RSA faced accusations that it had placed back doors for the National Security Agency into its own products.

Our thought bubble: Very few of today's cybersecurity firms are likely to last the nearly 40 years that RSA has been in business.

5. Odds and ends

Have a great week! Or at least an incident-free one.