U.S. Markets closed

  • S&P 500

    4,109.31
    +58.48 (+1.44%)
     

  • Dow 30

    33,274.15
    +415.12 (+1.26%)
     

  • Nasdaq

    12,221.91
    +208.43 (+1.74%)
     

  • Russell 2000

    1,802.48
    +34.10 (+1.93%)
     

  • Crude Oil

    75.58
    +1.21 (+1.63%)
     

  • Gold

    1,987.40
    -10.30 (-0.52%)
     

  • Silver

    24.20
    +0.21 (+0.88%)
     

  • EUR/USD

    1.0844
    -0.0065 (-0.5964%)
     

  • 10-Yr Bond

    3.4940
    -0.0570 (-1.61%)
     

  • Vix

    18.70
    -0.32 (-1.68%)
     

  • GBP/USD

    1.2329
    -0.0061 (-0.4944%)
     

  • USD/JPY

    132.7680
    +0.0790 (+0.0595%)
     

  • BTC-USD

    28,424.56
    +262.49 (+0.93%)
     

  • CMC Crypto 200

    621.66
    +7.45 (+1.21%)
     

  • FTSE 100

    7,631.74
    +11.31 (+0.15%)
     

  • Nikkei 225

    28,041.48
    +258.55 (+0.93%)
     

Fmr. U.S. Homeland Security Secretary on ransomware attacks: ‘The scale has multiplied a hundredfold’

1
Yahoo Finance Video

The Chertoff Group Co-Founder & Executive Chairman and Former Secretary of the U.S. Department of Homeland Security Michael Chertoff joins Yahoo Finance Live to discuss the impact of ransomware attacks.

Video Transcript

BRIAN CHEUNG: Now, obviously, all of this is coming under a lot of scrutiny in this particular space, so let's talk about this more with Michael Chertoff. He's the Chertoff Group co-founder and a former Secretary at the US Department of Homeland Security. And Michael, on the private side of things, we've been watching what's been going on with that IT software management provider Kaseya, which was attacked less than a week ago, exposed somewhere between 800 and 1,500 companies in a ransomware attack.

And then you also have that news of the RNC perhaps getting attacked through a ransomware issue via a Russian group known as Cozy Bear. Just broadly speaking, where do we stand on these types of security issues? Are private companies and the government just behind the ball on developing defenses to these types of things?

MICHAEL CHERTOFF: Yeah, well, these problems have been intensified. And actually, we've seen the frequency and the scale dramatically increase. So let me separate out a couple of things. One is the issue of ransomware, which I'm sure your viewers understand involves putting encrypted tools on the database, thereby making it impossible to read the data any longer unless you get the decryption key. And generally, what the criminal groups do is, they say you have to ransom that decryption key. And if you pay us in Bitcoin, we'll give you the key. Without it, you may have a lot of trouble operating because your records and your data is not accessible.

This has been going on for quite some time. And in fact, we saw attacks on the healthcare system on cities, on private businesses. But what is different now is the dimension and the scale has multiplied 100 fold. And that brings us to the second point. More and more of the attacks now are on the supply chain that provides the goods and services and the software and hardware that companies rely upon to operate their networks. In this case, Kaseya, the company that was hacked, provides a server management software called VSA, which it then sells to managed service providers, who then turn around and use it to help their customers manage their networks.

The problem is when there's a vulnerability in that software. It basically creates a backdoor to literally every end user and every customer who has that software as part of their system. And particularly, management-- systems management software by definition gives the person who operates that tool broad discretion to manage the network, which means they can get into anything. So I might describe what happened in Kaseya as a kind of super spreader event in the cyber ecosystem.

AKIKO FUJITA: Yeah, Secretary Chertoff, it's good to talk to you again. I mean, that seems to suggest to me that there needs to be a shift in the way in which we approach cyber defense. I mean, it used to be that when we were talking about hacks and attacks, it was about companies really not taking it seriously. Now you've got a situation where they are installing the software that's supposed to keep them safe. And that is the inherent vulnerability.

MICHAEL CHERTOFF: That's exactly right. And I think that's one of the reasons there's an executive order that President Biden issued a few weeks ago, where he talked about the federal government. And one of the things he emphasized was the importance of verifying and having zero trust in software. In other words, you've got to know who's running the software. You've got to know the specifications.

There has to be an assurance that the software provider is keeping security in mind. And you may have to test it, and also building a plan B for resilience purposes. And I think this is going to be one of the big challenges in the private sector as well. How do you know who to trust? And the worst thing in the world is if the security firm you're trusting is actually uploading the problem.

BRIAN CHEUNG: Secretary Chertoff, I guess, can you just walk us through the basics of how a ransomware attack goes? Because I think a lot of people are taking a step back, and they're wondering what is it about this type of activity that makes them more nefarious than other types of hacking, whether it's phishing or other type-- or, you know, Trojan horse, whatnot. How do you think this specific type of hacking approach presents different types of risk than, say, more previous, more antiquated attacks?

MICHAEL CHERTOFF: So there are two separate parts to this. One is how do you get the ransomware into the target network so you can then deploy it? And that's actually no different from what we see with other cyber attacks, whether it's trying to steal money or steal information or interfere with operating systems. You can use any one of a number of tools. You can phish, trick people into downloading something. You can masquerade as somebody that you're not and thereby gain access. You can steal a password or other credentials. And that's the same, whatever it is you're going to do with the end result.

What's different about ransomware is, unlike what we typically see, which is an effort to steal money or steal information or engage in some kind of a fraud, identity fraud, what ransomware does is it locks down all of your data, and it encrypts it. And now when you try to access your network, you can't. Because there's nothing you can read because it's all in code. And the only way to get it out of code is to get the key that allows you to decrypt it. And you can't get the key unless you pay a ransom. And that is why ransomware is destructive because what it does is, it basically shuts down your operations.

To give you an example, a couple of years ago, there was a form of ransomware called NotPetya. This was actually launched by the Russians against Ukraine. And in this case, they weren't interested in getting ransom. All they wanted to do is interfere with the business activities or the government activities of Ukraine. And so they infected using an accounting software. They infected all kinds of machines and all kinds of businesses. And that cost hundreds of millions of dollars to businesses operating in the region.

AKIKO FUJITA: How do you think the federal government should respond to this? I mean, we have seen the White House raise this issue with Vladimir Putin, for example. I mean, increasingly, we've seen state sponsored attacks. And yet despite that being raised in some way, that hasn't necessarily kept the attackers at bay. What should be the federal response at a time when the threat is evolving so quickly and happening at such a quick rate?

MICHAEL CHERTOFF: Well, I think this has really become the burning question in cyber security circles. Obviously, the federal government can help by warning companies when they get intelligence that there's going to be an attack by sharing information about how to defend yourself by working cooperatively in various sectors of the economy to raise the level of defenses. But in the end, there's also a question of deterrence. How do you prevent the Russians or people the Russians are hosting from carrying out these attacks? In the past, we've used sanctions, financial sanctions, that works to some extent. We've indicted people, but the chances of getting them in a US courtroom are very small.

And so now the question becomes, should we respond using some kind of cyber attack of our own? Should we, for example, disable the server that is being used to launch the ransomware, or otherwise create a consequence in Russia or for their criminal organization that's not just indicting them or sanctioning them for money, but is actually putting them out of action? And I think that's the next really big step policy.

Now see, one positive example of this we saw very recently. Colonial Pipeline paid several million dollars in ransom using Bitcoin. The FBI was able to recover the majority of that money by penetrating and getting the Bitcoin out of the wallet of the criminal group. When you take the money back from the criminals, you've destroyed their incentive to hack. And so doing more of that, I think, is going to be very positive.

AKIKO FUJITA: It's certainly good to get your insight today, a former Homeland Security Secretary, as well as the co-founder and executive chairman of the Chertoff Group. Michael Chertoff, good to talk to you again today. Thanks so much for joining us.

Recommended Stories

  • One of the world’s richest men knows why Silicon Valley Bank really failed: ‘People on iPhones’

    Stephen Schwartzman, worth $42 billion and at the head of a firm managing almost $1 trillion, says social media is what doomed the bank.

  • Procrastinators, Rejoice: The 6.89% I bonds Will Beat the Old 9.62% Bonds in Just 4 Years

    With a yield of 9.62%, the recently expired Series I bond was understandably popular. With interest rates rising, bond funds are down this year and banks continue to offer miserly rates on deposit accounts. So it's no wonder that a … Continue reading → The post It Pays to Procrastinate: The New 6.89% I bonds Will Beat the Old 9.62% Bonds in Just 4 Years appeared first on SmartAsset Blog.

  • Tesla Stock Advances As Bulk Of Semi Trucks Recalled Over Parking Brake Malfunction

    Tesla is recalling the bulk of its eagerly anticipated long-haul Semis after beginning deliveries of the all-electric, 18-wheel trucks just three months ago. TSLA shares shot up Friday. The National Highway Traffic Safety Administration, or NHTSA, announced Friday Tesla plans to recall 35 Semi trucks for parking brake issues.

  • Dow Jones Rises 150 Points After Cool Inflation Data; 6 Stocks To Buy And Watch

    The Dow Jones rose Friday after key inflation data, with the release of the PCE price index, the Fed's preferred measure of inflation.

  • Virgin Orbit’s sudden collapse is the latest in a series of high-risk failures by Richard Branson

    The satellite deployment startup founded by Branson is letting go of the bulk of its staff, citing an “inability to secure meaningful funding.”

  • Schwab Hit by Worst Month Since 1987 Amid Cash Sorting Woes

    (Bloomberg) -- Charles Schwab Corp.’s worst month in more than 35 years has sparked a debate among analysts as to whether the brokerage giant has been unfairly punished by investors amid growing fears about the US banking sector.Most Read from BloombergTrump Faces Fingerprints, Mug Shot After Dramatic IndictmentWorld’s Top-Rated Airport Sees Immigration System RestoredUS Stocks Extend Rally as Traders Eye Peak Rates: Markets WrapHow King Charles Got Thrown Into Disney’s Fight With Florida Govern

  • A $200,000 Annuity Will Pay Out This Much a Month

    An annuity can be an appealing option to build your retirement nest egg. Adding guaranteed retirement income to your retirement can give you financial stability. But the exact amount that you'll get from an annuity each month will vary. Let's … Continue reading → The post How Much Does a $200,000 Annuity Pay Per Month? appeared first on SmartAsset Blog.

  • Here’s What Retirement Looks Like in America in Six Charts

    Americans spend decades saving for retirement, never quite sure how much is enough or what sort of life that money will ultimately buy. To benchmark your retirement plans—including your savings and spending and how you spend your time—one place to start is by looking at how your numbers stack up against Americans overall. The biggest source of retirement income for many Americans is the nest egg built up during their careers.

  • Warren Buffett and Morgan Stanley Have One Thing in Common: They Both Like These 2 Stocks

    Investors looking for alpha in an uncertain market environment could do worse than following in the footsteps of legendary stock pickers and probably none can match Warren Buffet’s reputation. Not for nothing the “Oracle of Omaha” is considered one of the all-time greats and for nearly 60 years, between 1965 and 2022, his Berkshire Hathaway firm’s returns have doubled those of the S&P 500. So, it’s definitely worth nosing through Buffett’s portfolio to see which stocks he currently holds. And wh

  • Nomura Says US Money Supply Plunge Is ‘Elephant in the Room’ for Markets

    (Bloomberg) -- A Nomura Holdings Inc. strategist is warning that investors are overlooking a crucial clue as they grapple with the path of US inflation and the Federal Reserve’s response. Most Read from BloombergTrump Faces Fingerprints, Mug Shot After Dramatic IndictmentWorld’s Top-Rated Airport Sees Immigration System RestoredHow King Charles Got Thrown Into Disney’s Fight With Florida Governor DeSantisTrump to Be Arraigned Next Week After Historic IndictmentStocks Rally as Traders Eye Peak Ra

  • Japan's Toyota hands St Petersburg plant over to Russian state

    MOSCOW (Reuters) -Russia and Toyota said on Friday that the Japanese carmaker's factory in St Petersburg had been handed over to state entity NAMI, with Moscow snapping up more assets from global automakers leaving Russia over the conflict in Ukraine. "Toyota's production site in St Petersburg has... been transferred to the state," Russia's Ministry of Industry and Trade said in a statement. The company said in September it had decided to stop vehicle production in Russia due to the interruption in supplies of key materials and parts.

  • Bear of the Day: Advanced Micro Devices (AMD)

    This stock looks very top heavy with the topline expected to contract this year and margins shrinking

  • How to make $100,000 or more and pay no income taxes

    Here’s how to earn a six-figure income and pay no income taxes on it – totally legally.

  • Does Snowflake Inc. (SNOW) Have the Potential to Rally 33.64% as Wall Street Analysts Expect?

    The average of price targets set by Wall Street analysts indicates a potential upside of 33.6% in Snowflake Inc. (SNOW). While the effectiveness of this highly sought-after metric is questionable, the positive trend in earnings estimate revisions might translate into an upside in the stock.

  • DWAC Stock Jumps After Donald Trump Indictment

    Digital World Acquisition Corp. stock, the special purpose acquisition company aiming to take former President Donald Trump's tech and social-media platform public, soared Friday after a grand jury voted Thursday to indict Trump. The grand jury voted to indict Trump Thursday after hearing evidence the former president allegedly paid hush-money to a porn star during the 2016 election. Trump is now expected to come to New York to face the charges.

  • Average Retirement Savings For Married Couples By Age

    A recent study from the career experts Zety says that 40% of respondents fear retirement more than death. And almost nine in 10 responded that their biggest retirement fear is not having enough income. For married couples, planning retirement for two people can … Continue reading → The post Average Retirement Savings for Married Couples By Age appeared first on SmartAsset Blog.

  • Can I Retire Off The Interest I Made Investing $2 Million?

    For older Americans, living off the interest and returns of your retirement account is how retirement is structured. The goal is that by the time you hit your late 60s you will ideally have enough saved up to coast indefinitely. … Continue reading → The post How Much Interest Does $2 Million Pay Monthly? appeared first on SmartAsset Blog.

  • GE Stock Breaks Out To New High After Soaring More Than 45% — Is It A Buy?

    General Electric will emerge as an aviation and defense pure play in early 2024 after completing its big breakup. Is GE stock a buy as it breaks out to multiyear highs? GE News The company remains on track to spin off its energy business, as GE Vernova, in early 2024.

  • Can I Retire at 65 with $2.5 Million?

    For most people, it will be little or no problem to retire at age 65 if they have $2.5 million in savings. This amount of capital invested prudently is likely to provide sufficient income for a lifestyle comfortable enough to … Continue reading → The post Is $2.5 Million Enough to Retire at 65? appeared first on SmartAsset Blog.

  • The Nasdaq-100 Just Entered a Bull Market. Why It’s Time to Sell Apple and Microsoft.

    Tech has outperformed by a large margin during the first three months of the year and there may be better opportunities elsewhere.