To address the constant evolution of cyber threats, Lisa Monaco, US Deputy Attorney-General, wants to engage private technology and cyber security companies to crack down on both nation-state advanced persistent threat (APT) groups and cyber criminal groups.
In a keynote address to the International Conference on Cyber Security (ICCS) 2022 in New York this week, US Deputy Attorney-General Lisa Monaco discussed how the engagement of private technology and cyber security companies could help with increasing the capacity to “disrupt and to respond to malicious cyber activity”.
Drawing from the recently released DOJ Comprehensive Cyber Review report, Monaco shared the lessons learned about combating cyber crime, which will direct how the department will respond in future.
“The report we released reflects what we have learned over the last year, including the need to prioritise prevention, to ensure we are doing all we can to help victims, and above all else; to use all the tools at our disposal, working with partners here and around the globe, across the government and across the private sector.
“This approach has yielded real results. In the last year, those results, reflected in actions and disruptions, many of which began with critical reporting from and cooperation with companies who have been victims of cyber attacks,” Monaco said in her speech at the ICCS.
Monaco noted the recent seizure of approximately $500,000 in cryptocurrency from a North Korean ransomware group known as Maui, as an example of disruption. According to the DOJ, a Kansas medical centre reported that it had been attacked by the Maui ransomware gang to the FBI after it had paid the ransom demand. The FBI tracked the payment through a series of cryptocurrency laundering services in China, resulting in the medical centre’s payment being successfully recovered by authorities and ransomware payments from other victims.
This is the latest ransom recovery made by authorities since $2.3 million was reclaimed from Colonial Pipeline’s ransom payment.
The challenges posed by evolving cyber criminal tactics “don’t neatly fit into either traditional cyber crime or national security categories”, according to the DOJ, describing them as “blended threats”.
“Criminal actors and nation-states are forming alliances of convenience, alliances of opportunity, and sometimes alliances by design.
“Today, some nation-states allow this criminal activity to persist without consequence, if not expressly condoning activity within its borders, by acting as a safe harbour for these cyber criminals and turning a blind eye,” the DOJ report stated.
The report has urged that “private companies to pick up some of the slack” and act as a buffer between both the local and federal governments to complement and bolster the steps the DOJ has taken, including the creation of the National Cryptocurrency Enforcement Team to better investigate and track illicit payments, and the introduction of the Civil Cyber-Fraud Initiative, which uses the False Claims Act to sue contractors and vendors that receive government funding for failing to meet the department’s cyber security standards.
The bottom line, according to the DOJ, is more should be done to “bridge the gap” between cyber crime enforcement at the various levels between the various levels of government that link nation-states based on the findings.
The DOJ added that increased cooperation with the private sector would be particularly important for “combating foreign influence operations that spread misinformation about everything from elections to Olympic athletes”.
“One recommendation is to require all prosecutors handling significant cyber investigations with transnational links to consult with attorneys in the department’s criminal division (CRM) and national security division (NSD) who have experience and training in working with the relevant partners to ensure a multi-front response to an ongoing threat,” the report read. “Another recommendation is to continue to assign department personnel to other departments that have different authorities and tools.
“Ultimately, one of the most effective ways to counter malign foreign influence operations is to shine a light on the activity and raise awareness of the threat.
“Such efforts are an important prong of a whole of-society effort involving collaboration among government at all levels, social media providers and others in the private sector, political candidates and organisations, and an active and informed citizenry.”
According to Monaco, the DOJ can only do so much without cooperation from companies, emphasising in her speech that “we are all in this together”.
“It is bad for companies and bad for America if we don’t work together on these issues.
“But we need our partners in the private sector for more than reporting and visibility into cyber attacks.
“We also need your know-how and your talent to prepare for the threats of tomorrow,” Monaco concluded.