Disruptive cyber attacks: should I worry?

15:50 22 July in attack, Cyber security, hack, Incident Response, Threats, Vulnerability by robp
0

If you follow cyber security news even vaguely, you’ll be aware of the recent news stories about hacking a Chrysler Jeep. This is good, solid security research, conducted over a number of years which on the face of it seems entirely valid. In other words, the vulnerabilities they describe exist, and are serious. You may also have read the McAfee report which says 59% of respondents to a survey reported that ‘confirmed cyberattacks resulted in physical damage’. I, and far smarter others, were extremely skeptical of this. In McAfee’s defence, it was responses to a survey rather than hard analysis, and they have said they will make the data available to some of the skeptics.

Anyway, all of this implies the sky is falling in and we should be very afraid. Add to that the intentionally disruptive hacks targeting Sony, the Sands Las Vegas casino and TV5 Monde (note the well informed commentator at the end of that article) and you might conclude there is trend in cyber attacks, which will bring the world to its knees.

Is there a trend in cyber attacks that will bring the world to its knees?  

Not that will bring the world to its knees, no. I have written before about the phrase ‘cyber attack‘ and what it means, as well as the people who are behind them, and I think that all still stands. It’s worth noting that for the most part, the tools and techniques of the hacker, indeed the whole ethos, is largely built on the desire to be covert. The traditional exceptions to this are groups like Anonymous, who like people to know they are being targeted, groups who deface websites for fun & kudos and criminals trying to extort money through denial of service attacks or by encrypting all your files. But for the most part, be they criminals, spies or something else, hackers like to go undiscovered.

However, once someone has compromised your computer to try and capture your passwords, or a group have wormed their way into a target organisation and gained a foothold, they actually have quite a lot of power. The goal of most hackers is to gain administrative access to a computer, which means they can install their own software, turn off antivirus and firewalls and essentially do whatever they like. This also means they could delete essential system files, or wipe your hard disk. For the most part they don’t as they want to steal your secrets or your credit card details. And as is demonstrated in the media every day, organisations get compromised and have data stolen all the time.

So whilst I don’t think there has been any upswing in capability, I do think it’s possible that we will see more ‘disruptive’ cyber attacks, wherein the hackers use the usual covert means to compromise networks, but then cheerfully cause havoc by trashing key systems and wiping computers. In fact, this isn’t that new. Both Iran and North Korea have been blamed for this kind of activity in the past – Iran for an incident at Saudi Aramco, and North Korea for attacks on a number of large South Korean organisations at the same time! As more hacking groups realise they can do this using the tools and techniques they know well, and that it will likely result in headlines all over the world, it may look like an attractive option.

So what can I do?

None of these attacks represent a step change in capability, just a different goal. Hence, you need to do what you are doing right now and continue to make your attackers lives harder. Train staff to watch for phishing emails. Keep everything patched, both applications and operating systems. Ensure you security test internet facing applications, and scan all your internet facing IP addresses looking for vulnerable or unnecessary services. Implement an intrusion detection system, or other form of security monitoring.

All of the above are things we can help with, and we even offer a security monitoring service.

What about the hackable Jeep?

There is a patch, so apply it if you have a vulnerable vehicle. We’re going to see more of this kind of thing, as more vehicles and other devices have internet connections. Sadly it seems vehicle manufacturers didn’t really think about security when implementing a network connected vehicle. I expect they won’t be the only industry making these kind of serious mistake.

Thanks for reading. Any questions, find us on twitter, or use the contact form.  Also if you liked this post why not share it on Twitter or LinkedIn using the link at the top?

Rob