Major Hacks & Cyber Attacks: Are We Prepared?
The words “terrorist attack” usually bring to mind physical violence: events like bombings, kidnappings, hijackings and hosting-taking. The more violent they are, the more they stay in our memories; the deadliest attacks have also been the most widely-known. And the number of terrorist attacks like these has been rising around the world.
But although terrorist attacks have become more frequent in the past decade, the number of deaths has declined.
That may be because terrorists are finding a new way to fight their battles: online, through hacking. Instead of striking at physical targets, terrorists are beginning to use technology more and more to virtually strike at their targets.
Hackers are feared for going after our identities and our wallets. With their technological skills, they can steal credit card numbers, passwords, social security numbers, and more. By using that information they can steal your identity, a crime that’s been on the rise. Millions of consumers have experienced some kind of identity theft due to hacking.
But thieves aren’t the only ones who are out to steal our data: Hacking by terrorists is also on the rise.
These “cyberterrorists” use their hacking skills to not only steal data, but to perform large-scale disruption of entire computer networks, bringing down essential services. They are able to attack a country’s very infrastructure by threatening the computer networks of utilities, banks, and accessing classified information.
The FBI has warned that hackers are replacing terrorists as the top threat to the United States. Experts have warned that a major cyberterrorist attack, such as an attack on power, transport, or other critical systems, is only a matter of time.
And it’s not all just theoretical. Cyberterrorists have already attacked the CIA’s computers, as well as French, British, and Israeli defense agencies. Below are some of the top major attacks cyberterrorists have already pulled off. If all this has already happened, what does the future hold?
Major Cyber Attacks: Are We Prepared for Digital Combat?
In the 14 months prior to October 2013, the U.S. alone saw 350 attacks launched at Wall Street and the financial industry. Major cyber attacks are quickly becoming a terrorist’s weapon, and could do serious damage to infrastructures that run governments and utilities.
- March 2014 NATO Websites Cyber Attack: In what appeared to be a response to tensions over the Crimea situation, hackers launched a Distributed Denial of Service (DDoS) attack.
- DDoS attacks bombard websites, causing them to slow down significantly, or crash all together.
- The attack lasted nearly 24 hours, shutting down the majority of NATO’s websites.
- The attack did not:
- Impede abilities to command and control
- Pose risk to classified data
- February Bitcoin Cyber Attack: A DDoS attack from unknown sources is spamming Bitcoin exchanges.
- Caused thousands of “phantom” transactions, so transactions had to stop to determine which ones were real.
- Programmers are working to fix exploits hackers are using, to close vulnerabilities..
- December 2013 – January 2014 Internet of Things (IofT) Attack: Possibly the first proven Internet of Things attack, this involved sending more than 750,000 malicious emails from more than 100,000 “smart” appliances.
- Hackers were attempting to expand the size of their botnets, or platforms used to launch large scale cyber attacks.
- Using these devices allows hackers to:
- Infiltrate enterprise IT systems
- Steal identities
- Appliances affected include:
- Home Networking Routers
- Televisions and Multimedia Centers
- At least one refrigerator
- No more than 10 emails came from a single IP, making the attack difficult to pinpoint location wise.
- Emails were sent in bursts of 100,000; three times a day.
- As predictions suggest more than 30 billion Internet connected devices online by 2020, this will not be the last IofT attack. As more home automation occurs, it will increase.
- Attacks are easy for hackers to orchestrate due to:
- Public networks
- Use of default passwords
- Lack of anti-virus software
- Lack of routine monitoring for breaches
- October 2012: “Red October”: Though discovered in October 2012, the virus had been running since at least October 2007.
- The purpose of the attack was to gain high level information from government entities.
- The attacked used vulnerabilities in:
- Microsoft Word
- Microsoft Excel
- Mobile devices
- Windows Phone
- Nokia devices
- Targets included:
- Countries in Eastern Europe
- The former USSR
- Central Asia
- Western Europe
- North America
- Data collected included information from:
- Government embassies
- Research firms
- Military installations
- Energy providers
- Nuclear providers
- August 2012 Shamoon: One of many attacks launched at the energy sector, this virus attacked Aramco, a Saudi Arabian national oil and natural gas company. It wasn’t meant to steal data, but to shut down the entire company.
- Shut down more than 30,000 computers
- Destroyed hard drives and data
Initiatives to Address Cyber Attacks Quickly
Government entities are preparing for the possibility of large scale cyber attacks.
- UK Cyberwar Game: Ameatuer computer experts take part in a simulated cyber attack in an underground bunker.
- The attack comes complete with:
- Mock newscasts
- Designed to:
- Help recruit top talent for cybersecurity
- Highlight the possibility of an attack on the nation’s infrastructure
- Defence Cyber Protection Partnership (DCPP): Partnership between the U.K. Ministry of Defence (MOD) and major security companies to help protect government infrastructure.
- Companies include:
- BAE Systems
- BT, Cassidian
- Hewlett Packard
- Lockheed Martin
- Selex ES
- Thales UK
- Government agencies include:
- Centre for the Protection of National Infrastructure (CPNI)
- Government Communications Headquarters (GCHQ)
- U.S. Office of Cybersecurity and Communications: Part of Homeland Security, this department focuses on keeping .gov and .com domains safe.
- It also includes the National Cybersecurity and Communications Integration Center (NCCIC) which serves to provide:
- 24/7 cyber monitoring
- Incident response and management
- A national point of cyber and communications incident integration
The Future of Cyber Attacks
- In April 2014, Willis Insurance predicted a “catastrophic” cyber attack on the energy sector in the United States.
- In 2012, 40% of U.S. cyber attacks on critical infrastructure were aimed at energy assets.
- Willis says the cost of these attacks will reach $18.7 billion by 2018.
- Attacks are predicted to come from:
- Rogue employees and contractors
- Environmental activists
- We are vulnerable to attack due to:
- Insecure web-based monitoring systems
- Cost cutting has impacted security.
- Emergency shut-off controls can be bypassed by hackers.
- This could cause a release of gas or oil, leading to fire or explosion.
- Security experts from Europol, Trend Micro and The International Cyber Security Protection Alliance (ICSPA) warn new technologies such as IPv6 and Google Glass are increasing the likelihood of attacks and will cause “real world” harm over the next seven years.
- The “always-on” society, where everything is connected, leaves businesses and citizens vulnerable to cyberattack.
- Everything will be “rootable”, or susceptible to hacking, as technology becomes more integrated into things we use every day.
- Running Shoes
- Google Glass could become a contact lens.
The Future of Cyber Attack Prevention
- The United States plans to:
- Build out intrusion prevention systems (IPS) to mitigate and reduce the malicious traffic that comes in.
- Increase domestic and international law enforcement when it comes to cyber crime.
- Routinely conduct exercises to test contingency plans in the event of an attack.
- Provide specialized, and continuing, training to the highly skilled computer security workforce.
- Increase fault system tolerance.
- Build out a cyber workforce in both the public and private sectors
- Automate security processes.
- Continue transparent practices.
- Publicizing the root cause and extent of adverse cyber attacks.
- Both the UK government and the European Commission have discussed improving the region’s cyber defenses as key goals to work toward.
- Vice president of the European Commission and EU commissioner for justice Viviane Reding has called for the creation of new cross-national privacy laws
- This will help users manage and secure the information they share online.
- The UK has established a “Cyber Unit”, designed to develop plans to counter and prevent attacks. It includes three agencies:
- Centre for the Protection of the Critical National Infrastructure (CPNI)
- The UK government is establishing:
- The UK National Computer Emergency Response Team (CERT) in early 2014
- A new Cyber Incident Response scheme in GCHQ
- An extended role for the CPNI to include working with all organisations that contribute to the protection of the UK’s national critical systems and intellectual property.
- The security experts from Europol, Trend Micro and ICSPA plan to launch the “Project 2020” film series.
- This nine-episode web series is intended to help educate web users and businesses about the potential dangers of cyber attacks using a fictional narrative.
Cyber attacks may not be fully prevented, but with new focus on technology and security issues, we are working toward a more secure world.
- NATO Websites Hit in Cyber Attack Linked to Crimea Tension – reuters.com
- Cyber Attack on Bitcoin a Big Warning to Currency’s Users – reuters.com
- DoD News – defense.gov
- Proofpoint Uncovers Internet of Things (IoT) Cyberattack – proofpoint.com
- Cyber – the Good, the Bad and the Bug-Free – nato.int
- The “Red October” Campaign – An Advanced Cyber Espionage Network Targeting Diplomatic and Government Agencies – securelist.com
- Willis Insurance Predicts Energy Cyber-Attack ‘Catastrophe’ Ahead – forbes.com
- Young UK Internet Defenders Compete in Cyberwar Game at Churchill’s Underground Bunker – usnews.com
- UK Government and Defence Firms Team up to Fight Cyber Threats – news.techworld.com
- Cyber Attacks Will Cause Real World Harm in next Seven Years – v3.co.uk
- Office of Cybersecurity and Communications – dhs.gov
- Blueprint For a Secure Cyber Future – dhs.gov
- The Future of Cyber Security 2014 – cyber2014.psbeevents.co.uk
Download this infographic.