Cyber Attack: Waiting To Strike
By Khaleej Times
Online systems are coming under new, sophisticated forms of attack which lurk in the corners of the Net. Allan Jacob reports on what to expect from the next wave of cyber terrorism.
Much as we would like to dismiss these dangers online, they are here, amongst us, altering the way we do things — for the worse. There has been a spurt in sophisticated cyber attacks lately which have left crippling damage in its wake. It’s like a swarm which has evaded detection for many years, only to come back and strike at the most opportune moment.
Criminals targeting systems may be as old as the Net itself but how much are people, governments and institutions prepared for the next generation of online attacks just as they are getting over daily breaches?
Experts are not only finding it hard to wrap their heads around these threats, they’re also vague about the extent of the damage they can cause. The web defence community calls these attacks Advanced Persistent Threats (APT), many of them being the work of state actors. We’re not sure again, but we do know the UAE is the fourth favourite target for these attacks, according to FireEye, which puts Saudi Arabia, and Turkey on top of the list.
Experts say they are ‘advanced’ because they bypass existing protection, ‘persistent’ because they stay undetected for a long time and are ‘threats’ because they have a malicious function.
Government and financial services are the most targeted verticals, says FireEye, a leading Net security firm.
“The advanced threat is a reality in the Middle East, Turkey and Africa, and businesses and governments in the region need to start preparing an effective defensive strategy in order to avoid the risk of their data and intellectual property finding their way into the wrong hands,” according to Ray Kafity, vice-president at FireEye.
Some fingers have been pointed at Russian and East European state and non-state actors. The secretive and repressive North Korean regime has also been blamed for the latest attack on Sony Pictures which saw three Hollywood films making their way on to the Net ahead of their scheduled release dates in theatres.
FireEye has told the US Federal Bureau of Investigation that cyber thieves may try to penetrate systems on Wall Street. Three weeks ago, the cyber security firm detected an advanced threat named Sourface, also called APT28.
There have been several instances in which it appeared to target the governments and militaries of countries with which the Russian government was attempting to strengthen relationships. For example, it appeared to target Mexican and South African government agencies at the same time that Russia was building out increased partnerships with those countries, particularly expanding their trade relationships and increasing weapons sales.
“We don’t discount the possibility that Russia-based threat groups may target entities in the UAE, particularly given the growing economic relationship between the two countries, and both governments’ stated interest in expanding bilateral relations.”
The two countries are talking of increasing trade, energy investments and business partnerships, and therefore, targets might include government agencies closely involved in these discussions.
“Just to be clear, what we have announced is a report on cyber espionage operations (not attacks) that (are) likely benefit the Russian government. Again, the key word here is likely, we are not saying that we definitely know that APT28 works for the Russian government, we are assessing — based on the targets APT28 chooses and characteristics of the malware they develop — that the Russian government has most likely sponsored the group since at least 2007. We are very careful in making an assessment (based on our data and research).”
Last month, security firm Symantec revealed the presence of a malware named Regin, which was involved in “systematic spying campaigns against a range of international targets”. These included governments, infrastructure operators, businesses, researchers and individuals.
The virus had some links to Stuxnet, which was allegedly used by US and Israeli governments to attack computer networks involved in disputed Iran’s nuclear programme some years ago.
Nicolai Solling, Director of Technology Services at Help AG, says there are many state-sponsored actors actively dispensing malware and so-called new generation worms. “It is a poorly hidden truth that both Western, Asian and former Eastern bloc countries are developing and sponsoring the generation of malware or funding espionage programmes utilising malware and advanced persistent threats.
“Very close to our own backyard, we have seen an element of campaigning that is either been state-sponsored or is being carried out by groups that are loyal to the Syrian government — and they were also attacked by their opponents.”
On the loose
Solling says the spread of malware is not always controlled by the attackers. “Specifically, in our region and in the UAE, we saw a large infection of the Malware Stuxnet and Flame — which were targeting Iranian nuclear facilities — simply due to our close geographical location to Iran.”
He says the main cause behind state-sponsored malware is easy to understand as intelligence services are keen to pick up information about their geo-political adversaries. “Since this information is now stored in IT systems, it is natural to focus the activities on the systems holding the information.”
However, state-sponsored is only part of the problem. Other groups of malware producers have a commercial focus, meaning they steal data to sell, or hold sensitive information. A ransom is usually sought and unless it is paid, the data can go public to the embarrassment of the victims. ‘‘Commercial hacking groups are more widespread in their attacks and for them it is all about targeting as many systems as possible and harvesting as much information as possible,’’ says Solling.
Online protection firm McAfee Labs, in its latest threat assessment report, foresees increased use of cyber warfare and espionage tactics next year. “Cyber espionage attacks will continue to increase in frequency as long-term players will become stealthier information gatherers, while newcomers to cyber-attack capabilities will look for ways to steal sensitive information and disrupt their adversaries.”
In the assessment, it says established nation-state actors will work to enhance their ability to remain hidden on victim systems and networks.
The bigger worry is that cyber criminals will continue to act more like nation-state cyber espionage actors and cyber warfare by small nation states and terror groups will gain ground.
Growing awareness
In the UAE, Kafity says awareness and understanding of online dangers is maturing rapidly. “This is driven by increasing governance and regulations requiring enterprises in verticals like finance and healthcare among many others to pay careful attention to how they approach and execute data/network security.”
Users are required to change their behaviour and ensure systems are patched and the software they use have a good reputation. Organisations must implement correct solutions to secure their online presence.
Governments play a huge role as they can enforce governance frameworks on their organisations. The UAE is a great example of this, where Abu Dhabi Systems and Information Centre and Dubai Smart Government both maintain and publish governance frameworks for government organisations to follow,” says Solling.
Earlier this year, UAE National Electronic Security Authority said it would come up with electronic security standards and policies to secure core sectors of the economy, the first big step in an evolving process to combat these advanced threats online.