If cybercriminals tried to extort money through traditional banking systems, they wouldn't be able to pull off their attacks. Therefore, we should regulate cryptocurrencies to better fight ransomware, Chris Krebs, former CISA chief, believes.
The past five years in cybersecurity have been nothing short of crazy, starting with Russian interference in the 2016 election, Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA), said in the opening keynote of the International Information System Security Certification Consortium (ISC)² Security Congress 2021.
The presidential election was a wake-up call that showed how cyber capabilities could destabilize democracy. Apart from the Russians, cyber adversaries backed by China have been especially active in recent years, and Iran and North Korea have caused their fair share of the mayhem.
Krebs called ransomware the number one threat that every organization should defend against.
To this day, it is still too easy for malicious cyber actors to execute and automate attacks. Attackers demand money in cryptocurrency, and, as this is an unregulated area, they get away pretty easily with their crimes.
Although, as Sophos principal research scientist Chester Wisniewski revealed during an interview with CyberNews, while most of the attacks are not that sophisticated, laundering money is probably the most challenging component of the attack.
"Once they get all the money, they are hiring professional money launderers that have set up ways of moving all that bitcoin and Monero around to anonymize it. It's easier now than it looked a year ago. Most of them were doing their own money laundering, figuring out their own way to get the money out of the system. Because it was so difficult, that's now turned into another job that somebody got really good at," he said.
Attackers use cryptocurrencies to extort money. If the ransom payments were coming from the heavily regulated traditional banking system, they couldn't pull off their attacks. Therefore, we need to regulate cryptocurrencies, too, Krebs believes.
"We've got to make it harder for the bad guys to operate here," he said. "We've got to target cryptocurrencies to make it harder to transfer money."
Government, he added, can make a difference in combating ransomware by imposing requirements to strengthen the security of the IT products, making it harder for cyber adversaries to operate by disrupting their networks and Command and Control servers, and providing assistance to organizations.
More from CyberNews:
Subscribe to our newsletter