We are told constantly in global news that the current cyber threat landscape within which we are living is filled with danger and malice, but just how much damage can cyber attackers cause.
Jerry Dixon, ex-Homeland Security and Crowdstrike CISO believes it is realistic that we could all be facing a more physical attack.
Dixon told CBR about his thoughts on the current scale of cyber activity globally, and in summary he said: “if you look at just a little over a decade ago you had less than ten countries that were really in cyber operations and now just about every country is in the game.”
Nation-state level cyber activity is a huge, attention grabbing element of importance in the new cyber era, but the covert and nefarious nature of cybercrime committed for monetary gain is a rapidly growing threat to everyone.
Ransomware can now be purchased from the Dark Web in a pre-packaged form, with which even an unskilled individual can easily initiate a cyber-attack that results in the entrapment of a targeted individual or business, and requires them to pay a bitcoin ransom to reverse the effects.
Mike East, VP of Sales at CrowdStrike said to CBR that “if you think about cybercrime as a whole you have to think about the motivation, you might have political or nation-state, but on the e-crime side, it is actually a relatively easy crime to commit, and there is almost zero chance of being caught, and nearly zero chance of being incarcerated.”
Jerry Dixon places preparedness as a characteristic of paramount importance when running a company in the height of such a chaotic period of time, when tech professionals are even in the dark and unsure of where the next attack will come from and in what form.
“I am a huge believer in having a cyber-crisis management plan… you want to have all of the senior business leaders for each line of businesses as part of that plan, and you want to have your executive response team put together which is usually your general council, your CISO your CIO and your COO, these are the folks that are going to be driving the response across the organisation,” the CrowdStrike CISO said.
In saying this Dixon outlines the importance of being constantly on guard, and knowing what to do in the event of a breach so as not to let chaos ensue and further benefit an attacker’s progress. He said that prevention is the first priority, but if prevention was no longer possible, then maximum visibility is the next most important factor for containing an attack.
Dixon went on to note the more frightening potential threats posed by hackers seeking monetary gain, he said that we are now: “seeing SCADA control systems being targeted, Georgia Tech did a study and they actually took ransomware and they used a water plant and controlled the amount of chlorine that gets into the water, and so they used it as an example of digital extortion as they were able to get ransomware onto that device, and if you didn’t pay the bitcoins they would basically increase the amount of chlorine going into the water, meanwhile blinding the operators, making it look like everything is ok, and this is starting to come up in consumer IT as well.”
This alarming study highlights the level to which systems for controlling vital elements of infrastructure are integrated with the internet in the modern world. While integration with the internet may be necessary to manage the scale of modern demands, if weak points are located by hackers, society could be physically at risk en-masse.
Jerry Dixon said on the matter: “Critical infrastructure is huge and the problem you are having in that space is that systems that were not historically connected to the internet are now connected to the internet. You are also seeing major utilities also offshoring administrative management of their networks, so that increases your footprint, and what used to be local to your area is now a global thing.”
The wide scale Ukranian power outages of late 2016 were confirmed as the result of a cyber-attack on a Ukrainian power facility, following a similar but larger incident the previous year which affected around 230,000 people.
It is becoming increasingly apparent that there must be a cultural shift toward a more efficient and practical understanding of the cyber threat landscape. However, this does not assuage the concerning possibility that hackers could compromise, corrupt or disable areas of critical infrastructure.
The world has become infested with aggressive cyber activity on various levels; regular citizens are facing having their personal possessions taken ransom in the form of attacks on IoT devices, while nation-state attacks threaten democratic processes. SCADA attacks on critical infrastructure represent an even darker possible reality, whether they are used to hold governments or large organisations to ransom, or if they are used in an act of war.