Recent cyber-attacks to hit the UK include the global WannaCry ransomware attack, which severely disrupted 47 National Health Service trusts in May, and an attack on dozens of MPs’ and peers’ emails in June. It is now believed that North Korea and Iran were respectively behind these attacks. Of special concern is North Korea, which seems capable of striking at any place and any computer of its choosing.

What is the United Kingdom claiming?

The culprits behind the two recent cyber-attacks at British establishments appear to have been finally found.

Of-Iran-North-Korea-and-your-computer-2017-Oct-18-07-10-46-section1.jpeg

WannaCry – National Health system

  • North Korea was behind the WannaCry attack, which crippled the NHS after stealing US, cyber weapons, the head of Microsoft has claimed.
  • The cyber attack in May was the largest in the NHS’s history and put lives under threat as hundreds of operations were cancelled. It led to ambulances being diverted after 40 hospital trusts became infected by a “ransomware” attack demanding payment to regain access to vital medical records. The attack meant vital equipment, such as MRI scanners and X-ray machines, had to be taken offline, as they could not be repaired immediately.
  • The President of Microsoft has now told that the government of North Korea was responsible for the attack. Brad Smith said he believed “with great confidence” that Pyongyang was behind the hack, which impacted 200,000 computers in 150 countries around the world.
  • North Korea has been widely linked with the WannaCry cyber-attack but this is the first time that an executive at Microsoft has blamed the administration publicly. It is important to note that the UK wasn’t the only country affected. But the Microsoft President’s comments were made related to this.

British MPs’ email hack

  • Iran is being blamed for a cyber-attack in June on the email accounts of dozens of MPs, according to an unpublished assessment by British intelligence. Disclosure of the report was first revealed by the Times but independently verified by the Guardian.
  • Initial suspicion for the attack fell on Russia, but this has now been discounted. The evidence amassed is pinpointing Iran, according to the assessment.
  • The cyber-attack on parliament on 23 June hit the accounts of dozens of MPs, including Theresa May, the prime minister and senior ministers. Every MP used the affected network for interactions with constituents.
  • The attackers sought to gain access to accounts protected by weak passwords. The parliamentary digital services team said they had made changes to accounts to block out the hackers. A spokesman said those whose emails were compromised had used weak passwords, despite advice to the contrary.  

Why are governments using cyber-attacks?

“The majority of intrusions we respond to can be attributed to nation-state actors, by nations that condone cyber-attacks, or folks in uniform paid by sovereign nations to do intrusions,”says Kevin Mandia, CEO of US-based cyber security company FireEye.

optimizesection2.jpg

  • This year’s threat landscape has been characterised by the growth of cyber activity from Iran, where an APT (advanced persistent threat) hacker group probably linked to Iran’s government had hit Saudi and Western aerospace and petrochemical firms, according to a recent FireEye report.
  • “If there is no risk of repercussions, where is the deterrent?” asks Mandia. “If you are in a nation that allows certain criminal activities on the internet, it is hard to have a proportional response to those types of activities.”
  • As a result, the balance of power has shifted, leading to an asymmetry of power in cyber space, where modern countries whose economies and jobs rely on the internet are extremely vulnerable to cyber attacks

Cyberspace is a convenient domain because much of the activity does not necessarily violate international law — it’s still murky out there.

  • In the last decade, the fact that nation-states were actively deploying cyber weapons against commercial interest in the West was well known in the law enforcement and intelligence communities. In the last few years, state-sponsored cyber attacks have come out from the shadows.
  • Given the high rewards and low risks for cyber attacks, nation-states are more active now than ever before. Indeed, in most instances, nation states devote seemingly limitless resources to achieve their objectives, including time, money, and hacker talent.
  • The two top players are Russia and China. Now it seems like North Korea and Iran have joined them to make it a quartet. They use sophisticated malware tools and simpler, off-the-shelf tools to achieve their objectives. In many cases, the common element of the attack is the exploitation of the human element within an organisation. This attack vector, exploiting the human component within the target’s infrastructure, has also increased in complexity. So it’s not just the ones and zeros part of an attack that’s sophisticated, it’s also the development of exploitations of other weak points within an enterprise.
  • In addition, since criminal groups are adopting the same tools and techniques as governments, the gap between deployment by a nation state and deployment by a criminal group, in terms of time and quality, is shrinking.

Other reasons

  • First priority is collecting military and diplomatic information. To this end, rouge nations have put significant talent and resources into targeting Government networks to collect the kind of diplomatic information that gives them an advantage in negotiations or strategic decisions as this information enables them to predict strategic positions and decisions. This is a trademark of Russia-sponsored hackers.
  • To enable State Owned Enterprises (SOEs) to compete and dominate on a global economic level. Over the last decade, cybersecurity professionals have noted an increasing number of network intrusions that result in exfiltration of business information, including IP and executive communications. This is a trademark of China sponsored hackers.
  • Money made from these ransom attacks can be used to fund a nation like North Korea. The belief is that North Korea is using this money for its dangerously poised missile program.

Cyber-attacks are not a matter of “if” but “when”. In fact, it is likely that many Government institutions may already have been breached, but not all of them may be aware. With the digital age and the increasing connectivity of people, devices and enterprises presenting new playing fields of vulnerabilities, fortifying infrastructure for cyber resilience is an urgent imperative for Governments.

Note: An advanced persistent threat (APT) is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The intention of an APT attack is to steal data rather than to cause damage to the network or organization.

When does the law stand on international cyber crimes?

Some believe we need governments to come together as they did in Geneva in 1949 and adopt a new Digital Geneva Convention that makes clear that these cyber-attacks against civilians, especially in times of peace, are off-limits and considered a violation of international law.

optimizesection3.jpg

  • Interestingly, in the cyber field, Russia proposed a UN treaty to ban electronic and information weapons (including propaganda) in 1999. With China and other members of the Shanghai Cooperation Organisation, it has continued to push for a broad UN-based treaty.
  • Interestingly again, the US resisted what it saw as an effort to limit American capabilities, and continues to regard a broad treaty as unverifiable and deceptive. Instead, the US, Russia, and 13 other states agreed that the UN Secretary General should appoint a group of governmental experts (GGE), which first met in 2004.
  • That group initially produced meagre results; but, by July 2015, it issued a report, endorsed by the G20, that proposed norms for limiting conflict and confidence-building measures. Groups of experts are not uncommon in the UN process, but only rarely does their work rise from the UN’s basement to a summit of the world’s 20 most powerful states. But while the GGE’s success was extraordinary, it was unable to issue a consensus report for 2017.
  • The GGE process has limitations. The participants are technically advisers to the UN secretary general rather than fully empowered national negotiators. Over the years, as the number of GGE member states increased from the original 15 to 20 and then to 25, the group became more unwieldy, and political issues became more intrusive. According to one diplomat who has been central to the process, some 70 countries have expressed interest in participating. But as the numbers expand, the difficulty of reaching agreement increases.
  • Some states suggested new norms to address data integrity and maintenance of the Internet’s core structures. There was general agreement about confidence-building measures and the need to strengthen capacity. The US and like-minded states pressed for further clarification of the earlier agreement that international laws of armed conflict, including the right of self-defense, apply in cyber space, but China, Russia, and their allies were reluctant to agree. And the deterioration in US-Russian relations soured the political climate.
  • Moreover, whereas some states hope to revive the GGE process or enlarge it into a broader UN process, others are skeptical, and believe that future progress will be limited to discussions among like-minded states, rather than leading to universal agreements.
  • Norms that may be ripe for discussion outside the GGE process could include protected status for the core functions of the Internet; supply-chain standards and liability for the Internet of Things; treatment of election processes as protected infrastructure; and, more broadly, norms for issues such as crime and information warfare. All of these are among the topics that may be considered by the new informal International Commission on Stability in Cyberspace established early this year and chaired by former Estonian Foreign Minister Marina Kaljurand.
  • Progress on the next steps of norm formation will require simultaneous use of many different formats, both private and governmental. For example, the 2015 agreement between China and the US to limit industrial cyber espionage was a bilateral accord that was later taken up by the G20.
  • In some cases, the development of norms among like-minded states can attract adherence by others at a later point. In others, such as the Internet of Things, norms for security standards may benefit from leadership by the private sector or non-profit stakeholders in establishing codes of conduct. And progress in some areas need not wait for others.

A regime of norms may be more robust when linkages are not too tight, and an over-arching UN treaty would harm such flexibility at this point. Expansion of participation is important for the acceptance of norms, but progress will require action on many fronts.

Note: The Geneva Conventions comprise four treaties, and three additional protocols, that establish the standards of international law for humanitarian treatment in war. The singular term Geneva Convention usually denotes the agreements of 1949, negotiated in the aftermath of the Second World War (1939–45), which updated the terms of the two 1929 treaties, and added two new conventions.

Where is the use of cyber attacks for North Korea?

north-korea-hacking-cyberwar.jpg

When North Korean hackers tried to steal $1 billion from the New York Federal Reserve last year, only a spelling error stopped them. They were digitally looting an account of the Bangladesh Central Bank, when bankers grew suspicious about a withdrawal request that had misspelled “foundation” as “fandation.” Even so, Kim Jong-un’s programmers still got away with $81 million in that daring cyber heist.

  • Then only sheer luck enabled a 22-year-old British hacker to defuse Wannacry, the biggest North Korean cyberattack to date, a ransomware attack last May that failed to generate much cash but brought down hundreds of thousands of computers across dozens of countries — and briefly crippled Britain’s National Health Service.
  • Their track record is mixed, but North Korea’s army of more than 6,000 hackers is undeniably persistent, and undeniably improving, according to American and British security officials who have traced these attacks and others back to the North.
  • Amid all the attention on Pyongyang’s progress in developing a nuclear weapon capable of striking the continental United States, the North Koreans have also quietly developed a cyberprogram that is stealing hundreds of millions of dollars and proving capable of unleashing global havoc.

Nothing to lose

  • The country’s primitive infrastructure is far less vulnerable to cyber-retaliation, and North Korean hackers operate outside the country, anyway. Sanctions offer no useful response, since a raft of sanctions is already imposed.
  • And Kim’s advisers are betting that no one will respond to a cyberattack with a military attack, for fear of a catastrophic escalation between North and South Korea.

“Cyber is a tailor-made instrument of power for them,” said Chris Inglis, a former deputy director of the National Security Agency, who now teaches about security at the United States Naval Academy. “There’s a low cost of entry, it’s largely asymmetrical, there’s some degree of anonymity and stealth in its use. It can hold large swaths of nation state infrastructure and private-sector infrastructure at risk. It’s a source of income.”

And it is scarier than you think it is

  • Both the United States and South Korea have also placed digital “implants” in the Reconnaissance General Bureau, the North Korean equivalent of the Central Intelligence Agency, according to documents that Edward J. Snowden released several years ago. American-created cyber- and electronic warfare weapons were deployed to disable North Korean missiles, an attack that was, at best, only partially successful.
  • There is evidence Pyongyang has planted so-called digital sleeper cells in the South’s critical infrastructure, and its Defense Ministry, that could be activated to paralyze power supplies and military command and control networks.

But the North is not motivated solely by politics.

  • Its most famous cyberattack came in 2014, against Sony Pictures Entertainment, in a largely successful effort to block the release of a movie (The Interview) that satirized Kim Jong-un.
  • What has not been disclosed, until now, is that North Korea had also hacked into a British television network a few weeks earlier to stop it from broadcasting a drama about a nuclear scientist kidnapped in Pyongyang.

How dangerous is the future?

While in the late 90s and early 2000s cybersecurity went as far as your company’s IT guy, today it’s a multi-billion dollar global industry that is expected to top $1 trillion by 2020.

gaurav.jpg

  • If Governments continue to allow these destructive cyber attacks to go unpunished, it should expect to see nations experimenting with their attack capabilities and honing their abilities to use them for numerous purposes. It is likely that we will see an increase in attacks of low sophistication in the coming years, with important government institutions and non- governmental institutions being useful targets for advancing hostile nations interests.
  • DDoS attacks are currently the most widely used tool for activists. However, with more destructive tools continuing to be used, our society is becoming numb to reports of new cyber-attacks. For those criminals wanting to develop their business model, launching larger and longer lasting attacks combined with the ability to increase obfuscation will allow them to move into the DDoS space.
  • Unfortunately, it doesn’t look as though we can rely on governments to stop using their full cyber capabilities, and as such we will likely see an increase in attacks from non-state actors with an increase in in arrests and prosecutions. However, there have been a couple of ideas discussed to help manage this situation, although there is a possibility that they will only cause a more difficult environment for all involved.
  • Deterrence by denial is a phrase which we have been hearing increasingly more often. This is only achievable if cyber security evolves to a state where companies can implement defensive technologies, which can truly rival that of the attacker.
  • Hacking back is another concept, which gets discussed every so often. Unfortunately, policies and procedures are unlikely to stop this growing threat. The criminals, which distribute destructive cyber attacks, have significant motivations and resources and given enough time, will be able to work through any combination of security technology.
  • From the moment an attacker enters a network it is a race against the clock for a security team to detect and prevent them from causing destruction to the network and information. Currently, the time it takes from breach to detection is measured in weeks if not months – this is far too long. If we are to make a significant reduction in detection time Governments needs to use intelligence, hunting and active monitoring.
  • Silicon Valley companies have been tussling with spy agencies over user privacy. While tech companies argue that encryption keeps their customers safe online, intelligence agencies say it allows criminals to communicate freely through the Internet.

Artificial Intelligence

  • The availability of low cost computing and storage, off-the-shelf machine learning algorithms, AI code and open AI platforms will drive increased AI use by the good guys to defend and protect – but also increase deployment of AI by the bad guys. There will be sophisticated attacks launched on a grand scale, quickly and intelligently with little human intervention, that compromise our digital devices and web infrastructure.
  • Cybercriminals will create fully autonomous, AI-based attacks that will operate completely independently, adapt, make decisions on their own and more. Security companies will counter this by developing and deploying AI-based defensive systems. Humans will simply supervise the process.

Anyone can be a victim of a “state-sponsored” cyber threat whether it takes the form of identity theft, malware or DDoS attack. Therefore, it is crucial for organisations to learn how to defend themselves. Although there isn’t a way to completely diminish “state –sponsored” attacks, there is a way to make them less successful by educating users to stay alert, recognise and report threats, while working from an ‘invisible’ network.

How dangerous is the future?

quote-the-potential-for-the-next-pearl-harbor-could-very-well-be-a-cyber-attack-leon-panetta-65-80-65.jpg

While in the late 90s and early 2000s cybersecurity went as far as your company’s IT guy, today it’s a multi-billion dollar global industry that is expected to top $1 trillion by 2020.

  • If Governments continue to allow these destructive cyber attacks to go unpunished, it should expect to see nations experimenting with their attack capabilities and honing their abilities to use them for numerous purposes. It is likely that we will see an increase in attacks of low sophistication in the coming years, with important government institutions and non- governmental institutions being useful targets for advancing hostile nations interests.
  • DDoS attacks are currently the most widely used tool for activists. However, with more destructive tools continuing to be used, our society is becoming numb to reports of new cyber-attacks. For those criminals wanting to develop their business model, launching larger and longer lasting attacks combined with the ability to increase obfuscation will allow them to move into the DDoS space.
  • Unfortunately, it doesn’t look as though we can rely on governments to stop using their full cyber capabilities, and as such we will likely see an increase in attacks from non-state actors with an increase in in arrests and prosecutions. However, there have been a couple of ideas discussed to help manage this situation, although there is a possibility that they will only cause a more difficult environment for all involved.
  • Deterrence by denial is a phrase which we have been hearing increasingly more often. This is only achievable if cyber security evolves to a state where companies can implement defensive technologies, which can truly rival that of the attacker.
  • Hacking back is another concept, which gets discussed every so often. Unfortunately, policies and procedures are unlikely to stop this growing threat. The criminals, which distribute destructive cyber attacks, have significant motivations and resources and given enough time, will be able to work through any combination of security technology.
  • From the moment an attacker enters a network it is a race against the clock for a security team to detect and prevent them from causing destruction to the network and information. Currently, the time it takes from breach to detection is measured in weeks if not months – this is far too long. If we are to make a significant reduction in detection time Governments needs to use intelligence, hunting and active monitoring.
  • Silicon Valley companies have been tussling with spy agencies over user privacy. While tech companies argue that encryption keeps their customers safe online, intelligence agencies say it allows criminals to communicate freely through the Internet.

Artificial Intelligence

  • The availability of low cost computing and storage, off-the-shelf machine learning algorithms, AI code and open AI platforms will drive increased AI use by the good guys to defend and protect – but also increase deployment of AI by the bad guys. There will be sophisticated attacks launched on a grand scale, quickly and intelligently with little human intervention, that compromise our digital devices and web infrastructure.
  • Cybercriminals will create fully autonomous, AI-based attacks that will operate completely independently, adapt, make decisions on their own and more. Security companies will counter this by developing and deploying AI-based defensive systems. Humans will simply supervise the process.

Anyone can be a victim of a “state-sponsored” cyber threat whether it takes the form of identity theft, malware or DDoS attack. Therefore, it is crucial for organisations to learn how to defend themselves. Although there isn’t a way to completely diminish “state –sponsored” attacks, there is a way to make them less successful by educating users to stay alert, recognise and report threats, while working from an ‘invisible’ network.

References

  1. North Korea behind WannaCry attack which crippled the NHS after stealing US cyber weapons, Microsoft chief claims
  2. Iran to blame for cyber-attack on MPs’ emails – British intelligence
  3. Nation-state cyber attacks come out of the shadows
  4. What’s The Future of Cybersecurity? | Future of Everything
  5. The Quint: ‘Ransomware’ Cyber Attack Leaves the UK’s NHS in a Lurch.
  6. UK Firms Hit By 600 Cyber-Attacks Each Day in Q3
  7. Preventing cyber crime is central to GCHQ’s mission, says chief
  8. Major cyber-attack will happen soon, warns UK’s security boss
  9. Cybercrime: The invisible threat
Advertisements