Nations investing in cyber, ‘democratization’ of malware are factors accelerating dangers online, CISA official says
Two trends are combining to amplify the threat that cyber poses to the U.S., according to a top Cybersecurity and Infrastructure Security Agency official: nation-states expanding their offensive capabilities, and the wider availability of easily-used hacking tools.
Brandon Wales, executive director of the Department of Homeland Security’s cyber wing CISA, said Monday that nations like China, Russia, Iran and North Korea “are investing significantly in tools to target our networks.”
A small number of ransomware gangs also are producing malware for wider use as part of their affiliate programs, Wales said at CyberWeek, a Scoop News Group event.
“We continue to see a democratization of malicious cyber capabilities,” he said. “Today, hacking tools can be purchased for use by any criminal, regardless of expertise, or even rented to provide as a service capability.”
Those separate phenomena are responsible for many of the most troubling developments in cyberspace over the past year. The U.S. has blamed Russian and Chinese state-backed hackers for the SolarWinds and Microsoft Exchange Server hacks, respectively, that caused widespread intrusions. And ransomware attacks, mostly from gangs that the U.S. says Russia is harboring, have increased dramatically in 2020 and 2021 in part due to the ransomware-as-a-service business model.
“What we are actually seeing is the intersection of two concerning trends,” Wales said. “Nation-state actors are expanding their capabilities. Full access to off-the-shelf cyber intrusion capabilities are now readily available.”
That has moved the danger of cyberattacks from the “conceptual to the tangible,” he said.
“Over the past year we have seen cybersecurity intrusions increase in both prevalence and impact, targeting some of our most critical national functions, banks — hospitals, oil and gas companies, and everything in between,” Wales said.
Wales touted the Biden administration’s approach to responding to those attacks, such as a May executive order that largely addressed the cybersecurity of government agencies and contractors. CISA, tasked with a great many responsibilities under that order —35 in all — has met every deadline so far, he said.
