State sponsored and orchestrated cyberattacks are increasingly becoming more sophisticated and effective. They are inexpensive and can be executed from far away places; the point of origin in most cases go undetected. The level of risk is fractional as compared to other forms of espionage and acts of war. By the time, a country’s intelligence agencies figure out what hit them, the hack has already compromised data integrity.
Better Late Than Never!
FireEye – a U.S. based cybersecurity firm – was instrumental in detecting the most severe cyberattack on U.S. governmental agencies and some of the Fortune 500 companies. Initial investigation point fingers at the Russian government – a charge that has been denied by the Kremlin. Cyber experts in the U.S. are baffled by the tradecraft used this time round. In what could be termed as an embarrassment for U.S., the cyberattack has been uncovered almost a year after it reportedly began.
Modus Operandi
The hackers involved in the recent cyberattack on U.S. targeted a nondescript company – SolarWinds. This network management software company was the indirect path to the supply chain feeds of cabinet-level government departments and the who’s who of corporate world. Treasury, commerce and energy departments have acknowledged the cyberattack. In all of this, the most worrying admission came from the Department of Energy, that Los Alamos National Laboratory – the lab which designs nuclear warheads – was among the affected agencies from the cyberattack.
SolarWinds released an update to its software in March earlier this year and it is believed that this patch was the vehicle through which the malware was embedded. Even if the firefighting is able to contain the malicious code from inflicting further damage, a permanent backdoor may have been breached.
Confuse and Conquer
Democracies are the main targets of cyberattacks. Hackers are trying to make the most of an increasingly partisan world. Countries are ideologically splitting themselves in half; spreading misinformation and sowing discord has never been easier. E-governance has shown tangible benefits, but the dark side of the web has obvious pitfalls. While the U.S. cyber defense apparatus was busy trying to stop a repeat of 2016 Presidential election hack of the Democratic National Committee, the miscreants devised a nimble yet capable cyberattack.
This was a classic case of allocating disproportionate resources for a cause and leaving other entry points vulnerable. Slowly but surely, the U.S. is ceding ground to its rivals and given how much dependence its allies have been keeping on it in the past, we may soon reach a point where it is every country for itself.
Cyber Punching Bag
The U.S. has become the perennial cyber punching bag for its adversaries. Time and again, Russian, Chinese and North Korean cyber warfare agencies have targeted previously impenetrable U.S. government departments. U.S. has not always been at the receiving end of these cyberattacks; it collaborated with Israel in 2010 to derail the Iran nuclear programme. Espionage is not a new phenomenon, and it has been going on since kingdoms and nations were formed. What goes around comes around.
In cyber warfare, countries have been mindful about not crossing the red line, yet causing maximum possible disruption. This is the reason we see no country making hue and cry about being attacked and they even try to stay hush-hush about it.
In this interconnected world there are only two types of entities – firstly, those who have been hacked and secondly, those who don’t know they have been hacked. The strategy of controlling escalation seems to be making the opponent bolder and world powers should follow certain degree of civility by not targeting electric grids and medical research.
COVID-19 and Cyberattacks
As lockdown was imposed in most parts of the world in March 2020, bulk of the desk job workforce transitioned to work from home. In such a hybrid work environment, the hackers hit the jackpot. There is a huge difference between the security parameters of an office and home network. Due to the restrictions on mobility, governments and corporates had to dilute the stringent rules; this led to sensitive information flowing through fragile infrastructure. North Korean hackers tried to lure the staff of AstraZeneca with job offers in recent weeks, as the company races to deploy its vaccine for the COVID-19 virus.
Blame Game
Successive U.S. administrations have been behind the curve when it comes to cyber security. It seems U.S. is not particularly good at playing the catch-up game. The Trump administration will not take explicit responsibility for the latest cyberattack but the buck stops with POTUS. Former National Security Agency Director and the 1st Commander of United States Cyber Command, Gen. Keith Alexander – who served under Presidents George W. Bush and Barack Obama – described Chinese cyber theft of U.S. companies’ trade secrets and intellectual property as “the greatest transfer of wealth in history.”
There were breaches of email systems at the White House, State Department and Joint Chiefs of Staff, reportedly committed by Russian government-linked hackers. Hackers reportedly linked to the Chinese government stole sensitive security clearance documents on more than 20 million current and former federal employees and their families from the Office of Personnel Management. There were also private-sector breaches, led by North Korea’s destructive cyberattack against Sony Pictures Entertainment, but also including major data breaches at Target, J.P. Morgan, Yahoo and the denial-of-service attack against the internet optimization firm Dyn (defunct since end of May 2020), which knocked websites including Netflix and The New York Times offline for hours.
Cyber Threat Hunting
Cyber threat hunting is a proactive security search through networks, endpoints, and datasets to hunt malicious, suspicious, or risky activities that have evaded detection by existing tools.
Security personnel can’t afford to believe that their security system is impenetrable. They must remain ever vigilant for the next threat or vulnerability. Cyber threat hunting aggressively assumes that a breach in the enterprise has or will occur.