A series of “small lapses” in cybersecurity led to several recent successful ransomware attacks, the House Oversight and Reform Committee concluded in a staff memo released Tuesday.
the memo was the result from a panel investigation into ransomware attacks against Colonial Pipeline, meat producer JBS USA, and insurance group CNA Financial Corporation, all of which involved victims who paid ransoms demanded to ensure critical systems could be restored. online quickly.
“Ransomware attackers took advantage of relatively minor security lapses, such as a single user account controlled by a weak password, to launch enormously costly attacks,” the memo reads. “Even large organizations with apparently robust security systems were victims of simple initial attacks, highlighting the need to increase security education and take other security measures before an attack.”
CNA, who paid a rescue of more than $ 40 million, was successfully attacked after an employee accepted a fake browser update, while JBS, which paid the attackers around $ 11 million At Bitcoin, it saw its systems compromised when hackers gained access to an old account with a weak password that had not been deactivated.
Colonial Pipeline was compromised due to a single stolen password linked to a profile. The attack sparked gas shortages in several states in May after the company was forced to shut down the pipeline and eventually paid the attackers around $ 4.4 million in Bitcoin, most of which went later. recovered by the Department of Justice.
Beyond the security flaws, the committee also found that companies affected by ransomware attacks had no clear points of contact with the federal government, hampering response efforts, and that they faced enormous pressure to pay ransomware. attackers.
“Following discoveries of the intrusions, the three companies faced immediate and repeated pressure from attackers to quickly pay the ransom,” reads the memorandum, noting the attackers’ efforts to increase ransom demands and establish time limits for payment.
Oversight chair Carolyn maloneyCarolyn Maloney Democrats Ask Education Secretary To Address ‘Stealth’ At Federal Level Energy And Environment Overnight – Presented By American Petroleum Institute – Biden Seeks To Address Methane Oversight Committee Chairman Subpoenas To Major Companies oil companies MORE (DN.Y.) previously roasted the leaders of CNA, JBS USA and Colonial Pipeline through letters in June, noting that she was “extremely concerned” by her decision to pay “international criminal actors” the required ransoms.
The memo was released ahead of a hearing on ransomware attacks held Tuesday by the Oversight and Reform panel, which featured National Cyber Director Chris Inglis and senior officials from the FBI, Cybersecurity and Infrastructure Security Agency (CISA) giving testimony.
The members questioned witnesses, in particular, about the Biden administration’s efforts to reject major recent ransomware attacks, particularly those carried out by Russia-based cybercriminals, which included the attacks on Colonial Pipeline and JBS.
“From the FBI’s perspective, we have not seen a decrease in ransomware attacks in recent months from Russia,” testified Bryan Vorndran, deputy director of the FBI’s Cyber Division. “We have incomplete data, at best we only see about 20 percent of intrusions in the country, not unlike our partners in CISA, but the FBI has remained focused on investigating cybercriminals in Russia and their surroundings”.
Inglis, who testified To another House committee last month that had seen a “noticeable decline” in cyberattacks linked to Russia, he emphasized the need to continue taking steps to encourage the Russian government to address ransomware attacks originating from malicious actors within borders. from the country.
“We will continue to pressure the Russians, but they must understand that they must do their part,” Inglis testified on Tuesday.