U.S. intelligence chief warns Congress of rise in cyberattacks

Published Thu, May 2 202412:03 PM EDTUpdated Thu, May 2 202412:52 PM EDT

Key Points

The number of ransomware attacks worldwide grew as much as 74% in the past year, according to Director of National Intelligence Avril Haines.
Haines said U.S. entities were the most heavily targeted in 2023, with attacks in sectors such as healthcare doubling from the prior year.
The intelligence chief also said they have seen a sharp increase in attacks on control systems for critical infrastructure but added that there are several ways for entities to prevent being targeted.

Director of National Intelligence Avril Haines testifies before the Senate Armed Services Committee May 2, 2024 in Washington, DC.

Win Mcnamee | Getty Images News | Getty Images

The top U.S. intelligence official warned Congress of an alarming rise in cyberattacks at a hearing on global threats Thursday.

Director of National Intelligence Avril Haines said the number of ransomware attacks worldwide grew as much as 74% in 2023.

The comments from Haines come as various companies, such as UnitedHealth Group, MGM Resorts and Clorox, have been disrupted by cyberattacks in the past year.

"Although the likelihood of any single attack having a widespread effect on interrupting critical services remains low, the increased number of attacks and the actors' willingness to access and manipulate these control systems increases the collective odds that at least one could have a more significant impact," Haines told members of the Senate Armed Services Committee.

Haines said U.S. entities were the most heavily targeted in 2023 with attacks in sectors such as healthcare doubling from the prior year.

The intelligence chief also said they have seen a large increase in attacks on control systems for critical infrastructure but added that there are several ways for entities to prevent being targeted.

In 2021, a ransomware attack forced the shutdown of the largest fuel pipeline in the U.S. The closure caused major disruptions to gas delivery and led to long lines at pumps on the East Coast.

"So many of those attacks are basically possible as a consequence of just not engaging in good cybersecurity practices, not updating passwords, not, you know, doing the kind of work that needs to be done patching vulnerabilities," Haines said.

Sen. Angus King, I-Maine, pushed Haines to do more to prevent state-sponsored attacks from U.S. adversaries. The U.S. has in recent years accused China and Russia of enabling cyberattacks on American soil.

"They've got to understand that we hold their systems at risk. ... That's got to be part of our strategy. It can't just be patching and cyber hygiene," King said.

Thursday's warning came a day after UnitedHealth Group CEO Andrew Witty told Congress in a separate hearing that the company paid a $22 million ransom to hackers that breached its subsidiary Change Healthcare. In 2023, cyberattacks also temporarily shut down MGM's hotel booking system and disrupted production at Clorox.

Don’t miss these exclusives from CNBC PRO

Wednesday's analyst calls: Analysts discussed Alphabet and a Chinese electric vehicle maker.
CPI report: Inflation eased in April, with consumer prices still rising 3.4% from a year ago.
Trading CPI: How stocks could react to Wednesday's inflation report
Berkshire Hathaway reported Q1 2024 figures, revealing that most of the conglomerate's stock portfolio is focused on just five stocks.
CNBC Pro scoured Goldman Sach's May conviction lists for stocks with further upside of 50% or more, based on the bank's price targets.