[BreachExchange] More Dependence on Internet Leads to More Cyberattacks Worldwide

Audrey McNeil audrey at riskbasedsecurity.com
Tue Aug 29 19:11:49 EDT 2017


https://citizentv.co.ke/news/more-dependence-on-internet-
leads-to-more-cyberattacks-worldwide-174085/

>From power grids, to major corporations, nothing in the world is immune to
cyberattacks. The reason, said cyber security experts, is the growing
dependence on the internet.

“The internet is becoming more and more integrated into our lives every
single day, and we as citizens and we as corporations and governments are
becoming more interconnected and using the internet as part of that
backbone of communication and collaboration. This means that there’s
increased attack surface for those who wish to be malicious,” said Jonathan
Homer, with the U.S. Department of Homeland Security’s National
Cybersecurity and Communications Integration Center.

Homer works with a team that supports federal agencies, local governments
and those who are part of the critical infrastructure within the U.S. to
help them get back online and help prevent future attacks.

“On a weekly basis, we fly out and respond to organizations that are going
through the once in a lifetime cyberattack,” Homer said.

Greater financial gain

More digital information on the web means greater financial gain for
criminals. In the last year, there has been an increase in cases of
ransomware, an attack that locks a computer until a payment is made.

“It’s becoming easier and easier in part because the tool kits needed to
break into many of these systems are becoming more readily accessible on
the dark web,” said Clifford Neuman, director of the University of Southern
California Center for Computer Systems Security.

Tracking down the criminals has not been easy for law enforcement.

“We do think that reporting cyber intrusions is underreported to law
enforcement, whether it’s the FBI, Secret Service or another entity,” said
John Brown, special agent in charge of the Federal Bureau of
Investigation’s Los Angeles office.

“I think it’s a business decision. They’re concerned about the publicity,
which we completely understand. There they have customers, et cetera that
may not do business with them if like, hey, there’s an issue with their
cyber defense,” Brown said.

Federal laws on reporting breaches are vague and many state laws require
reporting when personal information is compromised, but there are gray
areas.

“Much of what happens in the case of businesses is they don’t necessarily
know what information has been disclosed, and they sort of, perhaps
intentionally, lay a blind eye to that to say, ‘Well, we don’t know
personal identifiable information has been disclosed. All that we know is
someone got into our system,'” Neuman said.

Range of online perpetrators

The FBI says the online perpetrators range from criminals who want money to
hackers with geopolitical motivations.

“Clearly there are nation states that are involved in cyber activity who
are interested in stealing our trade secrets, our proprietary information
that our companies are developing, our secrets within our government,”
Brown said.

A Chinese national, Yu Pingan of Shanghai, was arrested and charged this
week for allegedly distributing malicious software known as Sakula. The
malware has been linked to hacks against U.S businesses.

Sakula has also been linked to the 2014 and 2015 cyberattacks at the U.S.
Office of Personnel Management (OPM), where personal information of
millions of federal employees was stolen. The federal court filing,
however, against Yu does not mention the OPM hacks.

U.S. officials have blamed the Chinese government on those attacks.

“Most cyberattacks require multiple weaknesses or vulnerabilities of some
form in order to be able to reach the final goal of the attacker.One of the
greatest weaknesses of any corporate network is the human element,” said
Homer.

Neuman said it is not a matter of if an attack will happen, but when.

“I think that most companies are not prepared to handle the zero day, the
newest attack that occurs because it’s like fighting the last war. You
don’t know what the particular new techniques are that are going to be
applied,” Neuman said.

Critical partnership

For the FBI, building partnerships with private industry is critical.

“It’s really about building those relationships before the intrusion. So,
what we ask companies to do is to call us and to basically just say, ‘Hey,
let’s talk about what would happen if we did have an intrusion. Let’s work
through that,'” Brown explained.

Another way to prepare for a cyberattack is to rethink how systems on the
web are designed, Neuman said.

“Where we really need to be going is in a way where we design our systems
to be more resilient against the inevitable hack,” he said. “Understand
that individuals are going to get in, but make sure that the structures of
the systems are designed to contain the damage that can occur. And that’s a
much more difficult problem to solve because it requires changing the way
we design our systems overall.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170829/c0b9be04/attachment.html>


More information about the BreachExchange mailing list