Director of National Intelligence Avril Haines testifies before the Senate Armed Services Committee May 2, 2024 in Washington, DC.
Win Mcnamee | Getty Images News | Getty Images
The top U.S. intelligence official warned Congress of an alarming rise in cyberattacks at a hearing on global threats Thursday.
Director of National Intelligence Avril Haines said the number of ransomware attacks worldwide grew as much as 74% in 2023.
The comments from Haines come as various companies, such as UnitedHealth Group, MGM Resorts and Clorox, have been disrupted by cyberattacks in the past year.
“Although the likelihood of any single attack having a widespread effect on interrupting critical services remains low, the increased number of attacks and the actors’ willingness to access and manipulate these control systems increases the collective odds that at least one could have a more significant impact,” Haines told members of the Senate Armed Services Committee.
Haines said U.S. entities were the most heavily targeted in 2023 with attacks in sectors such as healthcare doubling from the prior year.
The intelligence chief also said they have seen a large increase in attacks on control systems for critical infrastructure but added that there are several ways for entities to prevent being targeted.
In 2021, a ransomware attack forced the shutdown of the largest fuel pipeline in the U.S. The closure caused major disruptions to gas delivery and led to long lines at pumps on the East Coast.
“So many of those attacks are basically possible as a consequence of just not engaging in good cybersecurity practices, not updating passwords, not, you know, doing the kind of work that needs to be done patching vulnerabilities,” Haines said.
Sen. Angus King, I-Maine, pushed Haines to do more to prevent state-sponsored attacks from U.S. adversaries. The U.S. has in recent years accused China and Russia of enabling cyberattacks on American soil.
“They’ve got to understand that we hold their systems at risk. … That’s got to be part of our strategy. It can’t just be patching and cyber hygiene,” King said.
Thursday’s warning came a day after UnitedHealth Group CEO Andrew Witty told Congress in a separate hearing that the company paid a $22 million ransom to hackers that breached its subsidiary Change Healthcare. In 2023, cyberattacks also temporarily shut down MGM’s hotel booking system and disrupted production at Clorox.