August 19, 2022

😎 TGIF, everyone. Welcome back to Codebook. If you’re one of the handful of readers who demanded photos of my cat assistants after our first edition Tuesday, I’ve got the goods here.

Today's newsletter is 1,320 words, a 5-minute read.

1 big thing: Crypto collapse isn't solving the ransomware problem

Illustration: Sarah Grillo/Axios

It’s going to take more than a months-long cryptocurrency free fall to squash the mounting ransomware problem, cyber incident responders and threat analysts tell Axios.

Why it matters: Companies have been struggling to fight off an abundance of ransomware hackers in recent years, but recent optimism over a crypto-crash-fueled drop in attacks might be short-lived.

  • During a ransomware attack, hackers gain access to a company's network (often through phishing links in emails), infect them with malware that encrypts the entire organization's files, and then demand payment to unlock the system.
  • Ransomware hackers typically specify payment in crypto to keep transactions anonymous and difficult to trace.

State of play: Since November, the cryptocurrency market has lost at least $1 trillion in value. Some cybercrime experts and recent reports have been optimistic that the crash and increased U.S. government focus on the ransomware ecosystem could turn the tide against these attacks.

  • The thinking goes, if crypto doesn't have as much value, hackers might not get as much money and might turn to other cybercrimes.
  • Some researchers and analysts also have attributed a recent dip in ransomware attacks to the crypto decline.

The intrigue: Even with crypto's decline, most companies are still facing the same steady number of attacks and paying up, according to negotiators, incident responders and threat analysts who spoke with Axios.

  • A Sophos report released in April found that 46% of companies paid ransoms in 2021, up from 32% in 2020.
  • Victims are mostly paying up when faced with a ransomware technique known as “double extortion,” where hackers threaten to leak any stolen company information from the attack unless paid, says Drew Schmitt, an analyst at cyber consulting firm GuidePoint Security.

Between the lines: Crypto is still hackers’ best bet for pseudonymous transactions, and volatility has yet to dissuade them from relying on the currencies for payment.

  • Ransomware gangs only rely on crypto for anonymity and easy money laundering — not because they see crypto as a great investment — so the exact price of bitcoin doesn't matter much to them.
  • Chester Wisniewski, a principal research scientist at Sophos, says that before the crypto crash, hackers were already expecting to either lose or gain 10% during the weeks it takes them to launder ransom funds through crypto exchanges.

Yes, but: Experts who help companies navigate these attacks have limited information on the broader ransomware ecosystem and whether it is truly on the decline or actually seeing an upswing.

  • One example: It took analysts at least a year to determine that hackers’ double-extortion technique was a permanent fixture in their attacks, Wisniewski says.

The bottom line: Ransomware isn't going anywhere.

  • But defenses like implementing two-factor authentication, limiting access to sensitive company files to a small group of employees, and reporting phishing emails all make ransomware attacks much harder to pull off.

2. The threat of back-to-school cyberattacks

Illustration: Sarah Grillo/Axios

Add cyberattacks to the laundry list of issues teachers and school administrators are facing as they prepare to open their classrooms for a new year.

Why it matters: Back-to-school season is a prime time for hackers to target schools, as a flurry of activity creates opportunities for malicious online activity.

  • While teachers and administrators prop up lesson plans for a new wave of students, they also face phishing emails that try to trick them into downloading viruses and malware, ransomware attacks that lock up their files, and other data breaches that expose students' personal data.

By the numbers: Ransomware attacks, email phishing campaigns and data breaches targeting K-12 schools have started to rise again in recent months after a brief reprieve in 2021.

  • Education and research organizations faced an average of 2,297 attacks each week in the first half of 2022 — a 44% increase from the same time last year, according to Check Point Research.
  • At least five K-12 schools have publicly reported a cyberattack so far this month, according to Doug Levin, national director of the K12 Security Information eXchange.

Driving the news: The superintendent of the Cedar Rapids Community School District in Iowa told parents this week that the district paid a ransom to hackers last month to regain access to its systems.

Between the lines: No national cybersecurity standards exist for K-12 schools, and each school approaches the issue differently.

  • Some schools are only adopting stronger cybersecurity practices, such as multifactor authentication, at the request of their cyber insurance providers — or else they won’t receive a policy.

What’s next: In September, the Cybersecurity and Infrastructure Security Agency is expected to release a highly anticipated, congressionally mandated report detailing cyber threats facing K-12 schools that will provide recommendations on how federal and state resources should be allocated, Levin says.

3. Pentagon aids Croatia in Russia cyberattacks

Gen. Paul Nakasone, head of the U.S. Cyber Command, delivers remarks to Congress in March. Photo: Jabin Botsford/Washington Post via Getty Images

The U.S. Cyber Command, the country's military combatant cyber force, is slowly but surely starting to share more details about its European operations during the war in Ukraine.

Driving the news: Cyber Command said Thursday it recently finished a previously unreported mission in Croatia.

  • This was the command's first mission in the Central European country.

Why it matters: Little is known about how the U.S. has helped Central and Eastern European allies prepare their cybersecurity for Russian cyber threats tied to the war in Ukraine.

Flashback: Daniel Markic, head of Croatia's cybersecurity agency, said in May that Russia had increased its cyberattacks against Croatia's government offices.

  • Cyber Command officials have said they've sent teams to Lithuania and Ukraine to help prepare their cybersecurity.
  • NATO members, including the U.S., have been on high alert about Russian cyber threats during the nearly six-month-long conflict.
  • Russia has an extensive history of launching destructive cyber operations against other nations, even before the war — fueling fears of similar attacks during the conflict.

Details: In Croatia, a team of U.S. military and civilian staffers worked with officials to help them figure out the best way to mitigate threats and detect malicious activity on their networks.

  • These efforts were limited to "prioritized networks of national significance," according to a press release.
  • The two sides also swapped information about the hacking tactics, techniques and procedures they've seen in the wild to help each other detect any potential state-sponsored hacking attempts.

4. Catch up quick

@ D.C.

🪖 The Pentagon's requirement that staff members rotate through different teams every four years is hampering the U.S. Cyber Command's ability to retain top talent. (CyberScoop)

💡 The U.S. Department of Energy is giving $45 million to up to 15 projects creating cyber tools to protect the power grid as it transitions to clean energy sources. (DOE)

🏛 Democratic Reps. Jerrold Nadler and Bennie Thompson sent letters to seven law enforcement agencies requesting details about their alleged purchases of Americans' personal data from outside sources. (Gizmodo)

@ Industry

💼 Author and security expert Chris Hadnagy is suing DEFCON, a world-renowned hacker conference, over the event's decision to permanently ban him following harassment complaints. (The Verge)

🗂 Insurance company Lloyd’s of London will start excluding state-backed hacks from its standalone cyber insurance policies starting next year. (Wall Street Journal)

😕 Cybersecurity company Malwarebytes laid off 125 employees, or 14% of its global workforce. (TechCrunch)

@ Hackers and hacks

📱 Apple disclosed two critical security vulnerabilities in iPhones, iPads and Macs that could allow a hacker to impersonate someone's device and run any software they want. (Associated Press)

🧐 A Vice cybersecurity reporter said hackers were able to send and receive messages from his phone number on encrypted chat service Signal for 13 hours after they got his information from Twilio's wide-reaching hack earlier this month. (Motherboard)

🇰🇵 Researchers at cybersecurity company ESET warned that North Korean state hackers have developed a new malware that can target Mac systems. (SecurityWeek)

5. 1 fun thing

Screenshot: @runasand/Twitter

Another week, another new meme making its way around the internet — and cyber pros had a lot of fun with this one.

See y'all on Tuesday! ☀️