The cybersecurity sector advocates for increased collaboration with public institutions
Despite the increased participation of businesses in supporting law enforcement activities against cybercriminals and state-backed individuals, professionals in the cybersecurity field believe there is room for greater cooperation as threats continue to grow.
Across various nations, law enforcement agencies have reported several successful operations that disrupted cybercriminal activities, notably those of ransomware groups, leading to the arrest of alleged culprits in some instances. While some actions had only short-term effects on the threat landscape, malefactors found ways to resume their operations. Nonetheless, cybersecurity experts acknowledge that such efforts have had an impact.
On occasions, collaborations between private enterprises and law enforcement agencies played a significant role in enhancing the success of these operations through the sharing of information. Although these partnerships are vital, many cybersecurity professionals informed TechTarget Editorial that they could be further developed.
One of the most notable botnet takedowns, known as Operation Endgame, took place in May. This international endeavor led to four arrests, over 100 server confiscations, and the takeover of 2,000 domains. Operation Endgame disrupted numerous malware distributors, such as IcedID, Smokeloader, and TrickBot, which malefactors often utilized to bypass detection mechanisms for deploying ransomware. This operation involved agencies from various countries, along with private sector partners like BitDefender, Proofpoint, and the Shadowserver Foundation.
Randy Pargman, the director of threat detection at Proofpoint, elaborated on the contributions of Proofpoint to the operation. Speaking to TechTarget Editorial, Pargman mentioned that one of Proofpoint’s objectives was to share specific findings with law enforcement agencies, enabling them to take action against threat actors.
“Our threat researchers leveraged their technical proficiency in botnet infrastructure, identifying novel patterns in the server setup by threat actors and preemptively spotting new malware infrastructure during its setup,” quoted Pargman. “We utilized our expertise in dissecting malware to provide precise and insightful details about the design and coding of the bot clients, aiding law enforcement in understanding the safe procedures for mitigation.”
He further added that the threat researchers helped law enforcement recognize the most significant and efficient malware distribution campaigns. “Additionally, we applied our vast knowledge of the origins and evolution of multiple botnets to pinpoint the new botnets that are most likely to expand and pose dominant threats globally,” Pargman remarked.
Private sector organizations can further support law enforcement endeavors in several ways. Mark Lance, the vice president of digital forensics and incident response at GuidePoint Security, encouraged the clients they worked with to establish groups for sharing threat intelligence. “We advocate for sharing the challenges being encountered, without compromising proprietary information, because everyone faces similar issues, thus let’s be open and learn collectively,” Lance expressed. “Previously, incidents were stigmatized, with people avoiding discussions about them, leading to ignorance.”
Urgency of augmented contributions
Despite the increasing transparency within the industry, which aids in mitigating cyber threats, cybersecurity experts assert that the private sector could contribute more. Raj Samani, the senior vice president and chief scientist at Rapid7, emphasized the necessity for greater promotion of The No More Ransom Project as an aspect requiring improvement. The collaborative initiative with law enforcement and cybersecurity vendors, inaugurated in 2016, aids ransomware victims in recovering without caving in to ransom demands. The No More Ransom Project offers decryption tools and imparts knowledge on ransomware.
Samani acknowledged that he frequently highlights the project during the conferences he partakes in across the globe, yet the responses are often disheartening.
“I always inquire if anyone is aware of it, even at prominent events like RSA. The maximum responses I’ve received were from 20% of the attendees, and that’s within our industry,” Samani disclosed. “Considering that 80% of the audience, who possess awareness of my background, remains unfamiliar with No More Ransom within our sphere, how can we expect others to be informed? It’s distressing.”
Tony Anscombe, the chief security evangelist at ESET, suggested that the efforts of the private sector could be more impactful. Presently, he characterizes the sector’s actions as primarily being “reactive.”
He stressed that while collaboration is essential, law enforcement interventions might need to tackle the root cause, which he identified as finances. Ransomware groups and other cybercriminal activities are sustained by cryptocurrencies, which are challenging to track.
“In my opinion, efforts should target the source, although it’s intricate. Making payments to unverified entities illegal could be an avenue,” proposed Anscombe. “By intercepting the payment, you not only hinder ransomware operations but also discourage cybercriminals from transitioning to alternative methods due to challenges in funds withdrawal.”
Patrick Sullivan, the CTO of security strategy at Akamai Technologies, mentioned that recent crackdowns by governments are beginning to alter the economics for malefactors. For instance, in May, authorities identified and sanctioned the alleged head of the LockBit ransomware group, Dimitry Yuryevich Khoroshev, known as LockBitSupp. Ever since this law enforcement action took place, the exposure of LockBitSupp has made other threat actors reconsider working with him if they aim to get paid.
Sullivan underlined that private sector entities are progressively advocating for transparency and collaboration wherever possible, even among fierce competitors. While companies may engage in robust marketing against one another, the researchers and engineers within these organizations align behind the scenes to exchange data and intelligence, aiding government efforts.
“Our collective aim is to prevent attacks as they unfold. Any effort contributing to halting these attacks, whether through economic disincentives or aiding law enforcement in neutralizing adversaries or dismantling infrastructure, is beneficial,” Sullivan emphasized.
Arielle Waldman serves as a news writer for TechTarget Editorial, specializing in enterprise security.
About Author
