HJAR Jul/Aug 2021

Editor At what point do the FBI and other government agencies get involved? Do you have enough staff to work the increase in caseload? Cyber Task Force The depth and breadth of the cyber threat have expanded signifi- cantly over the past decade; that trend isn’t going to change anytime soon. As witnessed in the recent Solar Winds, Haf- nium, Colonial, USAID, JBS cases, the FBI must be equipped with adequate per- sonnel and tools to investigate large- scale cyber incidents as well as protect its own networks and systems. But what you see in the headlines wildly understates what our workforce is dealing with. We spend most of our time working against the several hundred other different national security, crimi- nal and blended threats we’re investigat- ing every day. We’re also spending a lot of our time on investigative work that enables all of our partners to take actions using their own authorities, here and overseas, against our common adversar- ies. That’s why we’ve been building up our program since well before the world focused on SolarWinds. But, there’s more to be done. A lot of what we need to build isn’t sexy — for example, we have to mod- ernize IT systems and match our ability to collect and analyze data to the rap- idly increasing amount of evidence we ingest. But, the point is to achieve results and protect the public. We’ve been fac- ing a major threat to our way of life for years. Today, that threat is increasing, and it’s becoming impossible to miss. People who hadn’t realized they were living on the front lines as they filled their cars with gas or bought hamburg- ers at the store know it now. The level of cyber-induced pain Americans have felt in their daily lives is new, and it’s abso- lutely unacceptable. The FBI encourages anyone who has been the victim of a cybercrime or has seen suspicious cybercriminal activ- ity to report it to the FBI. We have an online portal at www.ic3.gov designed to make it seamless for anyone to report a cybercrime. You can also contact the local FBI office located in Arkansas at 501-221-9100. Every cyber incident can provide us additional clues we need to pursue those responsible, so we work with the victim to collect technical evidence we can run against our databases and share with our government partners so they can do the same. Much like a serial killer, cyber actors will continue to target additional victims, so every detail we gather gets us a step closer to finding them and stop- ping them before they strike again. Editor Are most cybercriminals caught and restitution made? Cyber Task Force The FBI does not sup- port paying a ransom in response to a ransomware attack. Paying a ransom doesn’t guarantee you or your orga- nization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for oth- ers to get involved in this type of ille- gal activity. The FBI does recognize that paying or not paying a ransom is a busi- ness decision. Certainly, the FBI has intelligence to indicate that criminal cyber actors are given safe haven by adversarial nation- states. Notably, in December 2019, the U.S. Treasury Department’s Office of For- eign Assets Control (OFAC) sanctioned Evil Corp, the Russia-based cybercrim- inal organization responsible for the development and distribution of the Dridex malware. Dridex malware has infected computers and harvested login credentials from hundreds of banks and financial institutions in over 40 coun- tries, causing more than $100 million in theft. Concurrent with OFAC’s action, the Department of Justice charged two of Evil Corp’s members with criminal violations and the Department of State announced a reward for information up to $5 million leading to the capture or conviction of Evil Corp’s leader, Maksim Yakubets. Yakubets also provides direct assistance to the Russian government’s malicious cyber efforts, highlighting the Russian government’s enlistment of cybercriminals for its own malicious purposes. The FBI’s Yahoo! investigation revealed an instance in which state-spon- sored actors and criminal actors were working together to target victims. Rus- sian FSB officers protected, directed and paid criminal hackers to collect informa- tion through computer intrusions in the U.S. and elsewhere. In July 2020, the U.S. Department of Justice indicted two People’s Republic of China (PRC) cyber actors for steal- ing hundreds of millions worth of trade secrets, intellectual property and other high-value information from biotechni- cal, commercial and government vic- tims in the United States and abroad. The hackers are associated with China’s Ministry of State Security (MSS) Guang- dong State Security Department (GSSD). These MSS-affiliated actors targeted medical device manufacturers, defense contractors, pharmaceutical, high-tech manufacturers, gaming and software, government, military, education, U.S. naval and maritime, aerospace, and infor- mation technology. Additionally, these actors also targeted Hong Kong-related human rights activists. In the FBI’s Mabna investigation, nine Iranians were charged with conducting a massive cyber theft campaign against educational, private and government institutions on behalf of Iran’s Islamic Revolutionary Guard Corps (IRGC). These individuals were each leaders, contractors, associates, hackers-for- hire or affiliates of the Mabna Institute, an Iran-based company. Editor We spoke with one IT person whose company is one of the first calls made when ransomware has locked down the computer system. He says that by the time he is called, it is 10 JUL / AUG 2021 I  HEALTHCARE JOURNAL OF ARKANSAS   DIALOGUE