IP Expo Europe: Don't assume you're safe from the geopolitical cyber-war

The new cyber-threat landscape includes the geopolitical dimension which organisations ignore at their peril, said Werner Thalmeier.

Cyber-war coming to a network near you
Cyber-war coming to a network near you

Werner Thalmeier, director of security solutions for the EMEA and CACI regions at Radware, had words of warning for visitors on the first day of IPExpo. There would be no product slug or advertisement here, he reassured his audience, only a sober briefing of the way cyber-attacks are taking on a geopolitical character in the ongoing cyber-war.

The talk, titled "The Next Cyber War: Geo-political Events and Cyber-attacks", dealt with a phenomenon that has all but failed to keep out of the headlines.

Early this year, the hacktivist group Anonymous declared war on online Islamic fundamentalism in the wake of the Charlie Hebdo Massacre. Calling the campaign #opcharliehebdo, the mysterious group crowdsourced like-minded individuals to help hunt for social media accounts, forums and websites known to be popular with radical Islamists and promptly began attacking them.

Their targets, however, had a response. In turn, they launched a campaign called ANONghost, a statement of online Jihad, and with it, they attacked thousands of websites, including many French local government websites, plastering their webpages with pro-Islamic state, pro-radical propaganda. According to Thalmeier, 19,000 websites were affected.

Another such example was Operation Ababil, where online Jihadists once again attacked the networked capabilities of major western institutions. This time, they took aim at the banks, attacking every level of their networked systems and eventually found success attacking blindspots, namely the SSL servers.

These kinds of multi-vulnerability campaigns are often the attack method of choice of political actors such as these. Here, the adversaries will attack you at all stages of your network chain: the servers, the internet pipe and so on, until they find your blindspot.

From here, they won't kill your firewall, they'll just overwhelm the vulnerable spot and shut you down, said Thalmeier.

"When you become the victim of such an attack, there's not a lot you can do," he said. Even cloud protection, which doesn't as easily fall prey to more traditional attacks is vulnerable. While it's good for volumetric attacks, it's "obsolete" for attacks which are “low and slow”.

The Internet of Things also provides a grand new frontier for dangerous attacks. Thalmeier mentioned that wearable Insulin dispensers for diabetics can be hacked, and depending on the whim of the attacker, can kill or harm the machine's host. "Many more of these attacks are on the horizon," Thalmeier says.

This new horizon for cyber-attacks is more specific, more targeted and more relentless. The attackers "pick a target, pick a victim and they will use whatever is necessary to take them down".

To survive, organisations shouldn't assume that they aren't targets; they must establish multiple lines of defence and understand attackers' real behaviour as well as their own "vulnerability in the distributed, outsourced world".

Thalmeier spoke to SCMagazineUK.com, making clear "the threat landscape has changed,"  cyber-attackers are now using multiple layers and vectors to stage their assaults. On this, Thalmeier reminds users "don't trust a single solution".