The evolving threat landscape - from mischievous attacks to cyber war and espionage

Opinion by Darien Kindlund

Cyber attacks are becoming increasingly visible to the public, with high-profile breaches and ongoing commentary from large organisations such as Google and the UN frequently making headlines.

Cyber attacks are becoming increasingly visible to the public, with high-profile breaches and ongoing commentary from large organisations such as Google and the UN frequently making headlines.

When it comes to cyber crime, we are currently seeing a shift from unwitting individuals being targeted for relatively low financial gain (i.e. through credit card fraud) to large corporations or indeed governments being hit due to the high pay-off intellectual property (IP) and sensitive information that they hold.

The tactics used by hackers have also evolved from hit and miss attacks, to targeted intelligence gathering on specific victims to state-sponsored espionage, where the hackers' aim is not so much to acquire specific information, but rather to opportunistically gather IP and trade secrets indiscriminately across the target industry.

Attacks that facilitate international espionage appear to be becoming more frequent, with the recent Flame virus providing a prime example of the ways in which malware can be used to this effect.

Widely described as the most sophisticated virus of all time, Flame evidences the fact that cyber espionage is an increasingly real and advanced threat to a firm's security. The target industries of cyber espionage offer substantial financial rewards and include the likes of pharmaceuticals and aerospace, where the potential to steal ideas and rush competing products to market before patents can be processed, provides a strong financial motivator for these threat actors.

Google's recent pledge to inform vulnerable Gmail account users if it believes they are the victims of a state-sponsored spying attack was largely thought to have been a reaction to the discovery of Flame, and the surrounding incidents of cyber crime targeting US and other government officials. However, this also highlights the issue of how consumers and end-users are coming into the fold – increasingly impacted by the changing threat landscape.

In most cases, customers or stakeholders of an organisation will rarely feel the direct effects of an attack - however, should a next-generation attack be successfully orchestrated, the damage to the victim organisation is likely to be felt through a series of indirect actions at a later date, many of which will adversely affect the consumer.

Espionage aside, as cyber criminals become more persistent and advanced in their pursuits, a particular area for concern is the potential for critical infrastructure to be attacked.

Alarmingly, our critical systems are more often than not, woefully under-protected, and can be exploited in a number of ways by hackers utilising sophisticated malware to cause chaos. Unsurprisingly, attacks on critical infrastructure can cause significant disruption, but at a rate that is not immediately noticeable to the victim.

The Stuxnet virus that was discovered in 2010, for instance, was the first malware able to spy on and destabilise industrial systems, with the most probable target of the virus thought to have been the uranium enrichment infrastructure in Iran. The virus was able to cause the slow yet significant degradation of networks and adversely impacted consumers, as it succeeded in crippling Iranian nuclear plants.

Nation states are potentially able to conduct another attack with the same motives in mind – to cause gradual (or indeed sudden) damage to the target's infrastructure – which can be specifically timed in order to create the greatest impact.

For instance, an intrusion planned at the most volatile point in a trading day for the markets, or to coincide with major event such as the London Olympic Games, where the city will undoubtedly be under global scrutiny, would compound the effects of the initial attack.

As cyber crime becomes more sophisticated, we are likely to continue to see high-profile data breaches in the news, and it is possible that other organisations may be forced to follow Google's lead and acknowledge the scale and urgency of the problem.

The main challenge facing organisations is that the technology currently in place to identify and subsequently thwart an attack is often inferior in its sophistication to the malware being used to execute the hack.

Any organisation that has a duty of care toward its stakeholders must really up its game when it comes to security defences. Traditional tools such as anti-virus and firewalls have been repeatedly shown to be inadequate and outdated when dealing with next-generation attacks, as advanced malware simply bypasses these perimeter defences.

With this in mind, it is vital that businesses and governments alike ensure that their security measures are bolstered with next-generation threat protection that truly meets the challenges posed by today's cyber criminals.

Whereas IT security has traditionally been a somewhat reactive process – with organisations defending against known threats - this must now become a proactive endeavour to prepare for any eventuality.

Put simply, it is now wise to re-think security infrastructure with the basic premise that the networks have already been compromised. It is no longer a question of ‘if' but ‘when' and is a reality that businesses must wake up to before they become the next unfortunate victim to make headlines.

Darien Kindlund is senior staff scientist at FireEye


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events