Cyberattacks Bring Front Line Home
The risk of cyberattacks is on the rise and drafting victims onto a global battlefield. Increasingly, government entities, private industries, and citizens are the targets and unwitting sponsors of terrorist operations and bad actors the world over. Gist Say’n explains.
Cyberattacks deserve to draw attention this January 2020 news cycle. Chinese, Russian, and Iranian hackers, plus their proxies, along with everyday old criminals, are utilizing the most active and perhaps costly battlefield facing the United States in this new decade. It stretches out around the globe and goes unnoticed until it reaches out to devastate as targets sit in the comfort of their own office or home.
Right now, the story that Russian hackers targeted the Ukrainian company, Berisma, is making a few headlines. Just like it always does, as it endlessly tries to meddle in elections and the internal views of its rivals. And not just in the United States, for example, they have been very busy in South America this past year trying to limit the opposition to its ally Venezuela. It's what Russia does, and it is nothing new. Nor is the phenomena limited to Russia.
Espionage and propaganda campaigns against foreign countries have gone on forever. For example, the British did it to us when seeking U.S. support before we entered WWII. Its agents fed false stories to newspapers and organized protests. Not cool, but not new. What is relatively new is the Cyber aspect of it.
Countries that currently fancy taking a bigger swing at the United States include Iran. In the wake of escalated tensions with the U.S., experts fear Iran will ramp up its cyberattacks.
Iran's Cyber Warfare Threats Are Real
The United States killed Iranian General Qassem Soleimani near the Baghdad airport via drone on January 3rd. The strike followed a buildup of provocative Iranian actions over the past several months that include downing a U.S. drone and launching rocket attacks against U.S. bases in Iraq that killed one American and left several others injured.
On December 29th, the same day that the United States used airstrikes to retaliate against Iranian backed Hezbollah in Syria and Iraq for the death of that American contractor, an attack group linked to Iran initiated a cyberattack. It used a data-deleting program known as a "wiper" in an attempt to destroy data on systems at Bahrain's national oil company. The group reportedly had access to the Bapco network for nearly six months before it chose to execute the malware on that day, so cybersecurity experts don't think it was a coincidence.
Soleimani was widely known as being not just one of Iran's key leaders but for being the head of massive and long-running state-sponsored terrorist activities. The drone strike came in the wake of the physical attack Soleimani had just directed against the U.S. embassy in Iraq. Also, the White House says Soleimani was in the process of directing future physical attacks on other American Embassies.
In anticipation of the Iranian response to Soleimani's death, Twitter trended with hashtags proclaiming, we were at the edge of world war III. The U.S. redeployed troops to the Middle East, and warnings went out to companies at home. Iran launched missile attacks against two U.S. occupied bases in Iraq, which fortunately did not result in any deaths. Unfortunately, it mistakenly shot down a Ukrainian airliner killing all 176 people on board.
The Cybersecurity and Infrastructure Security Agency (CISA), which is an agency within the Department of Homeland Security, issued three updates warning against physical and cyberattacks from Iran. The warnings directly addressed IT professionals with advice on how to secure their networks against an Iranian attack.
On January 6th the CISA described the threat as thus:
"Iran has a history of leveraging asymmetric tactics to pursue national interests beyond its conventional capabilities. More recently, its use of offensive cyber operations is an extension of that doctrine. Iran has exercised its increasingly sophisticated capabilities to suppress both social and political perspectives deemed dangerous to Iran and to harm regional and international opponents.
Iranian cyber threat actors have continuously improved their offensive cyber capabilities. They continue to engage in more "conventional" activities ranging from website defacement, distributed denial of service (DDoS) attacks, and theft of personally identifiable information (PII), but they have also demonstrated a willingness to push the boundaries of their activities, which include destructive wiper malware and, potentially, cyber-enabled kinetic attacks.
The U.S. intelligence community and various private sector threat intelligence organizations have identified the Islamic Revolutionary Guard Corps (IRGC) as a driving force behind Iranian state-sponsored cyberattacks–either through contractors in the Iranian private sector or by the IRGC itself."
According to cyber threat researchers at Check Point Security, during the first week after Soleimani's death, at least 35 organizations faced attacks by cyber offensives "specifically traced" to Iran's state-sponsored hacking groups. It estimates 17% of those targets were in the U.S., with an additional 7% being in Israel. Though alarming, the company told Forbes that this is not a material change over what was happening before Soleimani was killed. A source explained to Forbes that, "No significant response has yet been seen by us."
The keyword there is "yet." While Iran has publicly declared that its overt physical retaliation against the United States is over, there is fear its cyber warfare efforts may still be gearing up.
Current U.S. government posturing indicates that any widespread cyberattack traced back to Iran will be met with an even more destructive cyber or physical response from the United States, so Iran will likely first try to mitigate that risk. Therefore, security experts speculate this may be the calm before the storm.
Damaging the United States in any way possible has long been an openly stated goal of Iran. That damage includes cyberattacks. Be it through state-sponsored groups or proxy hackers, Iran has long cheered so-called nuisance attacks that include the defacement of websites and the disruption of their service.
This January, hackers claiming Iranian backing defaced the U.S. government's Federal Depository Library Program website with a picture of a bloodied president Trump. Intruders also altered the Texas Department of Agriculture's website with a message stating "Hacked by Iranian Hacker."
However, Iran also has more lofty goals. It craves the ability to use state-directed attacks against critical infrastructure targets like energy, transportation, and finance, while also using concerted attacks to steal or destroy the data and systems of commercial organizations. Similar to the attack it attempted in December against Bapco's network.
Included in its January 4th, 2020 Terrorism Threat Summary, the department of Homeland Security, stated that "Iran maintains a robust cyber program and can execute cyberattacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States."
While Iran has been investing heavily in the buildup of its cyber warfare capabilities, it is still not believed to be a match for those of the United States. So, it is likely either inability or fear is what's keeping the regime currently in check. It is a precarious balance that is continually shifting.
Your Risk of Cyberattack
By definition, cyberwarfare involves the actions by a nation-state or international organization to attack and attempt to damage another nation's computers or information networks through, for example, computer viruses or denial-of-service attacks. Also devastating, though, are more locally targeted cyberattacks.
A cyberattack is a malicious and deliberate attempt by an individual or organization to breach the information system of another individual or organization. Usually, the attacker seeks some benefit from disrupting the victim's network.
For useful definitions of common types of cyberattacks and the threats they pose, follow this link: Common Cyberattacks
According to Cisco Systems, cyberattacks hit businesses every day. Between January 2016 and October 2017, the total volume of events increased almost fourfold and has continued to rise ever since. Former Cisco CEO John Chambers once said, "There are two types of companies: those that have been hacked, and those who don't yet know they have been hacked."
The FBI is the lead federal agency for investigating cyberattacks by criminals, overseas adversaries, and terrorists. It agrees that the threat is serious—and growing. Cyber intrusions are becoming more commonplace, more dangerous, and more sophisticated, striking a more extensive array of targets. The FBI says the nation's critical infrastructure, including both private and public sector networks, are targeted by adversaries on a continued basis.
An estimated fifty-three percent of cyberattacks result in damages of $500,000 or more. It's seemly to the point that unless you live like the Unabomber, off the grid in the woods, you or an entity you rely on are at risk. Company's trade secrets and other sensitive corporate data, along with universities' cutting-edge research and development, have long been a cause for targeting. Hackers also quickly identified private individuals as easy prey for fraud and identity theft as a means to line their pockets and purposes, while online predators target children. Now municipalities and school districts are also increasingly subject to attack.
Armor is a security solutions provider. The Head of its Threat Resistance Unit (TRU) research team, Chris Hinkley, told TechRadar why cybercriminals have begun to target the education sector, saying:
"The attackers know that the services these organizations provide are critical to their communities, and they also know that schools and municipalities are typically more vulnerable to security attacks because of their limited budgets and lack of IT staff. This combination can give the threat actors a tremendous advantage over their victims because they know these entities cannot afford to shut down and are often more likely to pay the ransom."
A new report from Armor states that 1,039 schools across the United States fell victim to ransomware attacks in 2019. Its research also showed the number of affected schools more than doubled during the last three months of the year.
Criminals are using ransomware to steal and hold information captive at such an alarming rate the FBI has issued multiple new alerts since the Fall of last year. These indicate that individuals and businesses alike are being held hostage by criminal syndicates, often of foreign origins. In some cases, like Iran, the government backs the groups. Monies collected are then used to support all forms of criminal activities and even terrorism.
These cyber data-nappers will ransom not just financial information on customers, but operating systems, accounts and receivables, shipping and inventory records, patient and student records, anything and everything that could prevent the target from functioning normally. Anything disruptive enough to prompt payment is fair game.
Scammers will often send ransomware through email phishing campaigns. A virus will lie dormant within the email until someone inside the network clicks on the infected file or link. The fraudster can then access all of the system's devices and data. The bad actor encrypts the system, effectively locking the rightful owners out. The attacker promises to decrypt the information if the victim pays, usually by virtual currency like Bitcoin. Unfortunately, there is no way to guarantee that the cybercriminal will unlock the data if they are paid.
There was a noticeable increase in attacks starting back in 2018. A report by the security research firm MalwareBytes says, they "shot through the roof in the last quarter of 2018." Its data shows attacks rose nearly 400% from the previous quarter and then continued to increase in 2019.
Texas businesses and organizations were some of the most frequent targets during this period. In August, more than 20 government entities, most in rural areas, fell victim to a coordinated statewide ransomware attack. In October, it was Heritage Auctions turn. A ransomware attack took the Dallas-based auction house offline for three days. The Dallas Observer reported that no one paid the ransom in these cases, but several weeks later, many were still struggling to return to normal operations.
The FBI advises all victims of ransomware not to pay. It says, even if you manage to get your system back online, the attacker likely left other malware hidden on your system that will require a remediation team to completely wipe the computers and restore everything from clean, offline backups. Beyond the cost of the ransom, the FBI says you also face the loss of productivity, legal fees, and the need to purchase credit-monitoring services for employees and customers whose information lay exposed during the hack.
The statistics gathered by the FBI's Internet Crime Complaint Center (IC3) show Internet-enabled theft, fraud, and exploitation were responsible for a staggering $2.7 billion in financial losses in 2018 alone. A figure derived from reported instances. Yet many attacks go unreported to authorities, and even more, are never made public.
Prevention is the FBI's prescribed method to deal with this ongoing threat. However, that is of little use to those unable to ward off a successful hack. Even with defensive measures in place, the landscape is continuously changing, and attackers breakthrough.
To ward off emanate financial ruin or even just embarrassment, countless companies and individuals have paid and will continue to pay to get their information back. Regardless of what the FBI advises, this is unlikely to change. As a result, hackers will keep hacking, and the cycle will continue to reward them with untold billions.
So Here's The Gist
First, unlike China, Russia, and the United States, Iran is not at the top of all the cyber warfare capable nations. However, the government does believe Iran can inflict damage on the United States and will do so if it thinks it can get away with it without serious repercussions.
Second, cyberattacks against governments, businesses, and individuals are on the rise with no end in sight. Ransomware scams are simultaneously draining coffers here and filling those of bad actors, including terrorist organizations around the world. Data-napping has replaced kidnapping as a favored revenue stream for the wicked.
Remember, you can agree or disagree, it's okay, I'm Gist Say'n.