Views /Opinion

Cyberattacks like Cold War flaps

By Katie Benner
Years ago hackers planted malicious software on computer systems that control parts of the United States’ critical infrastructure, including pieces of the electrical grid, gas and water systems. The malware, which the Department of Homeland Security warned about only last month, was dubbed BlackEnergy and traced back to the Russian government.
Whatever they were up to, the cyber-infiltrators didn’t use the digital weapons they’d planted to do any damage.
“This suggests that attackers are collecting detailed information on systems and processes running the vital infrastructure of the US . . . to coordinate further attacks,” says Pierluigi Paganini, a security analyst who publishes the blog SecurityAffairs. The DHS conjectured that attackers planted the threat to deter a future US attack. (Remember Stuxnet?)
The BlackEnergy intrusion is the kind of stuff that national governments typically do in attacks against one another, but it was also reminiscent of a recent corporate hack that hit banking giant JPMorgan last summer. Intruders nosed around the bank’s systems from June to August, undiscovered and uninterrupted. They didn’t take sensitive information like credit card and Social Security numbers, the stuff that sells for a lot of money on the black market. But they did leave malware in the network that could possibly let them further exploit or control the company’s system any time they wanted.
BlackEnergy and the JPMorgan hack have given researchers, government authorities and corporate guardians ample reason to wonder if we’re watching a nascent but significant shift in the security landscape - one that suggests that Corporate America is now subject to cyber-hacks and cyber-attacks once reserved for governments and critical infrastructure.
The recent hacks, as well as others involving Target and the United States Postal Service, show that attackers can squat on a network, undetected, for months. If motivated to do so, they could enter a system, study it and learn how to do more than just steal information.
David Cowan, a cybersecurity investor at Bessemer Venture Partners, says it’s a trend he’s watching closely. Some security professionals believe we’ll see corporate attacks become more destructive over the next year.
Most criminals infiltrate a system to steal and sell data. It’s rare to see an attacker try to shutdown or harm a company.
“To take down a target, you put a price on your head,” says Jeremy Pickett, the head of threat research at the startup vArmour and a former infosec engineer at PayPal. “People hack for financial gain to make getting caught worthwhile. Ideologically motivated attacks only occur in extremely polarised areas, like Iraq.”
But such attacks have happened, including a 2013 campaign that disabled three of South Korea’s biggest banks. The malware was traced back to China, and investigators suspected that North Korea launched the attack. Remember Anonymous? That clan of cyberhackers also attacked US corporations back in 2010 to show support for Julian Assange and Wikileaks. They tried to shutdown Amazon, PayPal, Visa and MasterCard. We’re living in what appears to be an increasingly polarised world, where relationships between large countries like the US, Russia, China and Iran are becoming increasingly strained. That’s why Paganini likens the changing online threat to the arms race and acts of espionage that marked the Cold War battle that Russia and the US waged after World War II and through the 1980s. WP-BLOOMBERG

By Katie Benner
Years ago hackers planted malicious software on computer systems that control parts of the United States’ critical infrastructure, including pieces of the electrical grid, gas and water systems. The malware, which the Department of Homeland Security warned about only last month, was dubbed BlackEnergy and traced back to the Russian government.
Whatever they were up to, the cyber-infiltrators didn’t use the digital weapons they’d planted to do any damage.
“This suggests that attackers are collecting detailed information on systems and processes running the vital infrastructure of the US . . . to coordinate further attacks,” says Pierluigi Paganini, a security analyst who publishes the blog SecurityAffairs. The DHS conjectured that attackers planted the threat to deter a future US attack. (Remember Stuxnet?)
The BlackEnergy intrusion is the kind of stuff that national governments typically do in attacks against one another, but it was also reminiscent of a recent corporate hack that hit banking giant JPMorgan last summer. Intruders nosed around the bank’s systems from June to August, undiscovered and uninterrupted. They didn’t take sensitive information like credit card and Social Security numbers, the stuff that sells for a lot of money on the black market. But they did leave malware in the network that could possibly let them further exploit or control the company’s system any time they wanted.
BlackEnergy and the JPMorgan hack have given researchers, government authorities and corporate guardians ample reason to wonder if we’re watching a nascent but significant shift in the security landscape - one that suggests that Corporate America is now subject to cyber-hacks and cyber-attacks once reserved for governments and critical infrastructure.
The recent hacks, as well as others involving Target and the United States Postal Service, show that attackers can squat on a network, undetected, for months. If motivated to do so, they could enter a system, study it and learn how to do more than just steal information.
David Cowan, a cybersecurity investor at Bessemer Venture Partners, says it’s a trend he’s watching closely. Some security professionals believe we’ll see corporate attacks become more destructive over the next year.
Most criminals infiltrate a system to steal and sell data. It’s rare to see an attacker try to shutdown or harm a company.
“To take down a target, you put a price on your head,” says Jeremy Pickett, the head of threat research at the startup vArmour and a former infosec engineer at PayPal. “People hack for financial gain to make getting caught worthwhile. Ideologically motivated attacks only occur in extremely polarised areas, like Iraq.”
But such attacks have happened, including a 2013 campaign that disabled three of South Korea’s biggest banks. The malware was traced back to China, and investigators suspected that North Korea launched the attack. Remember Anonymous? That clan of cyberhackers also attacked US corporations back in 2010 to show support for Julian Assange and Wikileaks. They tried to shutdown Amazon, PayPal, Visa and MasterCard. We’re living in what appears to be an increasingly polarised world, where relationships between large countries like the US, Russia, China and Iran are becoming increasingly strained. That’s why Paganini likens the changing online threat to the arms race and acts of espionage that marked the Cold War battle that Russia and the US waged after World War II and through the 1980s. WP-BLOOMBERG