Five Eyes Nations Face Growing Ransomware Threat

Ransomware is the most severe threat to Five Eyes collation nations, and it’s worsening with financial gain no longer being the sole goal for threat actors today. Even though discussing the importance of coalitions in the fight against ransomware, the chief operating officer at the United Kingdom’s National Cyber Security Centre (NCSC) stated that ransomware is becoming more prevalent in the United Kingdom because threat actors no longer need to be skilled to hire a ransomware attack surface or methodology. Financial motivation is not the primary motivator for cybercriminals today, and nation-states carry out ransomware attacks. Representatives from the United States, Canada, and Australia agreed that ransomware is a significant threat to most technologically sophisticated countries. The Five Eyes nations comprise Australia, Canada, New Zealand, the United Kingdom, and the United States and share a wide range of intelligence. 

A threat intelligence senior executive at the Australian Cyber Security Centre (ACSC) explained that significant incidents affect Australian organizations with eroded trust and confidence in the nation’s digital economy. Ransomware is the most destructive type of cybercrime Australia faces. Healthcare, education, and other critical public services have recently become profitable targets, underscoring the indiscriminate nature of ransomware threat actors. The head of the Canadian Centre for Cyber Security mentioned an instance in Canada where a cyberattack targeted a Children’s hospital, causing numerous network systems to go down.

All the national representatives who spoke at the panel stated that their cybersecurity strategies had been reviewed or published recently. A new plan is being developed in Australia to outline the country’s cybersecurity priorities from 2023 to 2030. The current cybersecurity plan for Canada, backing back to 2018, is currently being reviewed with the anticipation the document will be completed in the summer of 2023. The United Kingdom’s NCSC announced its cybersecurity policy in December 2022, and the White House published the United States Government’s National Cybersecurity policy in March 2023. The director of cybersecurity at the National Security Agency detailed the United States’ strategy’s response to ransomware. The National Security Agency first uses law enforcement and other authorities to investigate ransomware crimes to disrupt the ransomware infrastructure. The second major priority is to strengthen critical infrastructure to withstand ransomware attacks. The third step is to address the misuse of virtual money to launder ransomware payments. The fourth is to leverage the multinational operation to undermine the ransomware ecosystem.

Even though the group was eager to emphasize the importance of organizations sharing breach data with government agencies, the approaches to mandatory reporting differed. The first challenge is information sharing and the importance of breached organizations sharing their information with national agencies. Currently, Canada doesn’t have any mandatory reporting powers. The Cyber Incident Reporting for Critical Infrastructure of 2022, enacted in the United States, requires critical infrastructure companies to report malicious activity to the CISA. Certain organizations in the United Kingdom are legally required to report a cyber breach to the Information Commissioner’s Office (ICO) within 72 hours of the incident. Although the NCSC is not a regulator, it collaborates closely with the ICO.

In Australia, there are no overarching regulations; however, critical national infrastructure companies are required to report regularly. There must be a balance, and the challenge is to balance what is required and what is encouraged. Additionally, there must be a collaboration with the regulators, the private sector, public sector, and CNI. From an ACSC standpoint, numerous companies must volunteer their reports because it allows the organization to assemble a comprehensive threat picture. The more people are encouraged to report their experiences to the organization, the better they can turn the information around and advise the Australian community. Recently, the Canadian government introduced a bill in parliament to support creating its own mandatory reporting requirements for federally regulated companies.

With ransomware attacks becoming a growing threat in today’s digital world, high-profile companies must remain ahead of the current threat landscape and regularly update their network security infrastructure. At SpearTip, our certified engineers continuously work in an investigative cycle, monitoring companies’ networks for potential ransomware attacks, and are ready to respond to incidents at a moment’s notice. Our remediation experts work to restore the companies’ operations, isolate the malware to reclaim their networks, and recover their business-critical assets. Our pre-breach advisory services will help companies’ security posture to improve the weak points in their networks. Every client risk assessment is designed to uncover security gaps and is accompanied by a technical summary complete with an individualized risk report detailing necessary steps to remediation the gaps. Our ShadowSpear Platform, an integrable managed detection and response solution, exposes sophisticated unknown and advanced ransomware threats using comprehensive insights through unparalleled data normalization and visualizations.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.