Mar 01 2021

New Forms of Ransomware and 5G Smart City Attacks Could Cause Real Harm, Expert Warns

Theresa Payton, a cybersecurity expert and former White House CIO, argues for new ways of thinking on security.

The threat of ransomware attacks for state and local governments has been an ever-present peril over the past several years, one that has gotten worse, experts say. What’s more, the threat is likely going to evolve to attack cloud service providers that host government services.

That’s according to cybersecurity expert Theresa Payton, who detailed her IT security predictions for 2021 and 2022 during a recent webinar sponsored by CDW and Intel.

Payton, the CEO of Fortalice Solutions and a former White House CIO, noted that the cybersecurity landscape has been shaken.

“Everyone is in reimagining mode,” she said. “I know each of your organizations are. I know those of you that are in government are, whether it’s state, whether it’s local. The businesses in your area are also in reimagining mode. And personally, each one of us is in reimagining mode. Guess who else is? Cybercriminals. They’re in reimagining mode too.”

Payton also predicted that malicious actors would leverage 5G wireless networks to launch attacks on smart cities. While 5G is in many ways more secure than its predecessor networks, there are potential vulnerabilities that hackers can exploit.

The Evolving Threat of Ransomware Attacks

It’s false that most victims of ransomware pay a ransom to access their data and then get the decryption keys and recover, Payton said. It used to be “fairly true,” but now sometimes the keys that are provided are false keys that do not work.

Ransomware has been outsourced in many ways to criminal syndicates, and sometimes “junior varsity” attackers without enough expertise are involved, Payton said. “A lot of it is outsourced now,” she said. “They kind of want to give you the right keys, but they’ve lost track and they’re not very organized, and it’s gotten kind of bigger than they can handle, the ransomware incidents. So, they can’t figure out which keys to give you.”

Payton added: “There’s not really a help desk in between the cybercriminal syndicates that are actually conducting the ransomware against you.”

Payton predicted that in 2021, “ransomware will go all-in on the cloud.”

“Besides ransomware, ‘extortionware’ and ‘destructionware’ will, sadly, become household words,” she said. “As ransomware continues to evolve, we’ve seen situations where the ransomware happens and basically they say, ‘We actually have your data and we’re going to start dumping it on the internet in three hours if you don’t pay us.’ Or, they actually show you, they’re deleting your data a little bit at a time to try and get you to pay versus. having you try to go to the backup route.”

Ransomware will “successfully hit a cloud services provider that houses organizations’ systems. They’re going to lock both the backup and the operations, making it very hard not to pay the ransom,” Payton predicted.

To guard against such attacks, Payton recommends that organizations have more than one cloud services provider to ensure “operational resiliency.” She also recommends IT leaders “think about storing an extra copy of your backups and your access logs offline and out of band.”

Agencies can also practice a ransomware response playbook, along with learning about the new forms of ransomware that delete data, Payton said. IT leaders need to think through when they might pay and when they might not — and must ensure that government lawyers are involved.

Increasingly, she said, cybersecurity insurance firms are also deciding it might be cheaper for organizations to pay ransoms than to pay for the service disruptions, the restoration of backups and the forensics of an attack. “Yikes,” Payton said. “Make sure you’re really on the same page with your insurance company as well.”

MORE FROM STATETECH: Find out how SIEM tools can enhance your agency’s cybersecurity.

5G Networks Could Pose a Threat to Cities

5G wireless networks hold enormous potential for smart cities and for public safety agencies.

Yet Payton predicted that 5G “will actually accelerate cybercrime.”

Payton argued that the world needs 5G, but security issues around the network that are not resolved soon are going to “allow cybercriminals to launch massive attacks at a speed and scale we’ve never seen before.”

As cybersecurity firm Bluefin notes, 5G is more secure than older wireless networks because 5G networks encrypt more data, are more software-based and can be more easily monitored and managed. Network slicing technology, meanwhile, enables specific devices to have network-specific protections.

“In other ways, it’s less secure,” Bluefin notes in a blog post. “Because of the potential to connect to more devices, there is a larger attack surface. With the increase in connectivity, there will also be a need to authenticate a larger number of devices.”

Payton said she thinks a smart city running on 5G “is going to be held hostage by a cyberattack.” To guard against that, she said, cities should think about specific geographic locations where 5G networks and devices operate and talk to 5G service providers “about backup options and services if there is a cyberattack specifically against the 5G.”

gorodenkoff/Getty Images