The Federal government’s top intelligence official sounded the alarm last week about a daunting increase in cyberattacks in the last year, with the majority targeted at U.S. entities.
During a Senate Armed Services Committee hearing on May 2, Director of National Intelligence Avril Haines said the number of ransomware attacks worldwide grew as much as 74 percent in 2023, and that a substantial portion of those attacks were aimed at U.S. entities.
She also talked about the prevalence of attacks against U.S. critical infrastructure providers that target their control systems.
“Although the likelihood of any single attack having a widespread effect on interrupting critical services remains low, the increased number of attacks and the actors’ willingness to access and manipulate these control systems increases the collective odds that at least one could have a more significant impact,” Haines told lawmakers.
She also explained that U.S. entities were the most heavily targeted in 2023 – with attacks in sectors such as healthcare doubling from the prior year. For example, UnitedHealth Group CEO, Andrew Witty, told Congress in a separate hearing that the company paid a $22 million ransom to hackers that breached its subsidiary Change Healthcare.
In the face of increasing threats, “there are several ways for entities to prevent being targeted,” Haines said.
“So many of those attacks are basically possible as a consequence of just not engaging in good cybersecurity practices, not updating passwords, not … doing the kind of work that needs to be done patching vulnerabilities,” Haines said.
However, Sen. Angus King, I-Maine, had a different take on how cyberattacks — especially state-sponsored attacks from U.S. adversaries — should be resolved and pushed Haines to do more to prevent such attacks.
“They’ve got to understand that we hold their systems at risk. … That’s got to be part of our strategy. It can’t just be patching and cyber hygiene,” Sen. King said.
