Cyber-attacks & Hacking: What You Need To Know

The British chancellor, Phillip Hammond, has announced a £1.9bn investment in Britain’s cybersecurity strategy. The money is to be used to protect the country from hacking attacks on all fronts, from opportunistic raids on individuals and businesses to focused cyberwar led by state-run teams.

Hammond has promised a big sum, but the world of hacking is easily large enough to occupy all that money and more. It’s double the amount set out for a similar strategy in 2011, but has to deal with a world where cybercrime has moved from science-fiction novels and Hollywood movies to our banks, phones and even kettles.

What are Cyber-Attacks?

The range of misdeeds which can be described as a cyber-attack is vast, and demands a similarly large range of responses.

At the most technically complex end, cyber-attacks can entail a close-knit team of elite hackers working under the remit of a nation state to create programs which take advantage of previously unknown flaws in software – called 0days, or zero-days, for the amount of time the manufacturer has had to fix them – in order to exfiltrate confidential data, damage key infrastructure, or develop a beachhead for further attacks.

Examples of that sort of cyberwarfare include the Stuxnet worm, a specially made computer virus attributed to the US and Israel, which was deliberately designed to infect and damage centrifuges used in the Iranian nuclear programme, and the 2015 hack of the Office of Personnel Management, attributed to China, which led to the personal information of millions of US government workers being stolen.

The most dangerous hacking groups are known as “advanced persistent threats” (APTs): not only nation-states, but highly competent criminal organisations that carry out technically difficult targeted hacks.

But not all cyber-attacks involve high-end technical skills or state-sponsored actors. At the opposite end of the scale are hacks that take advantage of long-fixed security mistakes, ambiguities in user interfaces, and even good old-fashioned human oversight.

Many hackers are opportunistic, picking not the most valuable targets but the most lightly defended ones, such as computers that haven’t had security updates installed, or users who will happily click on malicious links if they are told that their bank sent them.

If APTs are like the Hatton Garden Heist, these hackers are the sort of people who will grab an unattended handbag and run. It may be less impressive, but for the vast majority of computer users, that’s the sort of cybercrime they should spend more of their time defending against.

Does Cyber-Crime even have to include Hacking?

Not according to Hammond. Some of the government’s past successes in fighting cybercrime involve tackling “phishing”, the practice of sending a fake email purporting to be from a trusted sender to encourage the recipient to enter confidential information.

Phishing can be fought by taking down the servers that collect the confidential information, which the government has been doing, but also by education: teaching individuals how to recognise a phishing email, and how to tell real websites from fake.

At its simplest end, cybercrime may not even involve computers much at all. “Social engineering” is the name in the hacker community for convincing an organisation or individual to do things they shouldn’t, and is an important part of the hacker toolkit. For instance, Mat Honan, a Wired reporter, had his entire digital life erased when hackers convinced Apple to reset his iCloud password with information they had convinced Amazon to hand over – all using nothing more complex than a phone call.

And then there are the simplest “hacks” of all: just logging into things using the default passwords. That’s how a rag-tag collection of cheap “smart” devices like webcams and kettles ended up being corralled into a network big enough to take down most of the internet for the east coast of the US in October.

By being press-ganged into a “botnet”. The devices were all vulnerable because their default passwords were known, and, worse, couldn’t be changed. That made it simple for a (still unknown) hacker to write a program that would automatically log in to those devices, rewrite their software, and leave them controlled by a central server. Even more impressively, those enslaved devices then start seeking out further devices to drag into the botnet, meaning that today, if you connect a vulnerable kettle to the internet, it will be hacked within an hour. It doesn’t need a human to do the hacking, the botnet (named “Mirai”) just scans for new kettle and logs in using the default username and password.

But how does that Botnet take down the Internet?

Through a technique called “distributed denial of service”, or DDoS. A denial of service attack involves overwhelming a particular server with requests – as though you decided to harm a small business by permanently calling their landline and refusing to hang-up, so no one else could get through. But the denial of services attacks is fairly easy to block, because they come from one location, and it’s hard to send enough traffic from one computer to overwhelm another computer.

A “distributed” denial of service attack involves commanding networks of thousands or millions of computers, or kettles, to all send their requests at the same time. Not only can it leave the server unable to respond to real demands, it can even leave it so overwhelmed that it fails completely, crashing key services or even revealing non-public information to the world.

The botnet that brought down parts of the Internet recently was targeted at a particularly important server, which acted as the main gateway for a number of large sites including Amazon, whose AWS network itself hosts even more sites.

Is that everything?

Mostly, but with the proliferation of smart devices, the number of things that can be hacked is growing daily. We’re connecting more and more things to the internet, and some of those things we really don’t want to be hacked.

In October 2015, for instance, security firm Rapid7 revealed vulnerabilities in a brand of insulin pump that diabetics use to control their condition. The weakness allowed an attacker to remotely trigger insulin injections, potentially leading to a fatal hypoglycemic shock. In 2013, weaknesses were discovered in power plants across the US and Canada that could cause them to overheat, shut down or malfunction if a malicious hacker decided to attack them. And as cars become more connected, hackers are going after them too: researchers who discovered how to remotely disable the brakes on Jeeps in 2015 reported this year that they had found new attacks which could do even more on an unpatched vehicle.

Can £1.9bn really defend against all of that?

It can do a lot, though not in the ways you might think. The extra money spent on staff in GCHQ and MI5, for instance, won’t result in teams of spooks staring at big screens shouting things like “reverse the trace and send spike the server!”. The money will be used, the government says, to “take the fight to those who threaten Britain in cyberspace”, in part by “striking back against those that try to harm our country”. It’s not clear what form retaliation could take, especially when identifying the perpetrator is not straightforward.

And £1.9bn from Britain can’t do everything. Experts agree that much of the response to cybercrime needs to be transnational: there’s no other way to ensure, for instance, that cheap electronics made in China and sold in the UK can’t be used to attack websites hosted in the US but serving the entire Western hemisphere.

Some solutions are cheap, but come with other costs. In the wake of the Mirai botnet, for instance, researchers have called for stronger regulations requiring timely security updates, and putting the cost of any damage on the manufacturer if no updates are available. That could help prevent future re-runs, but might also raise the cost of such devices.

Guardian:     UK To Increase National Cyber Defences:

 

« UK Will Retaliate Against Cyberattacks
Securing Data in the Cloud »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Northbridge Insurance

Northbridge Insurance

Northbridge is a leading Canadian business insurance provider. Services offered include Cyber Risk insurance.

ATSEC Information Security

ATSEC Information Security

ATSEC is an independent, privately-owned company that focuses on providing laboratory and consulting services for information security.

Norwegian Business & Industry Security Council (NSR)

Norwegian Business & Industry Security Council (NSR)

NSR is a member organization serving the Norwegian business sector in an advisory capacity on matters relating to crime and security including cyber.

Hedgehog Security

Hedgehog Security

The key objective of Hedgehog is to provide simple, effective and affordable information security improvements that support your drive to increase productivity and profitability.

Qufaro

Qufaro

Qufaro is a new initiative designed to make it simpler for those with career ambitions in cyber security to access the UK’s cyber-specific education and innovation opportunities.

Anglo African

Anglo African

Anglo African is an information technology firm providing end-to-end solutions to different industries, from IT Infrastructure to DataCom as well as Cloud & InfoSec services.

Acuant

Acuant

Acuant is a leading global provider of identity verification, regulatory compliance (AML/KYC) and digital identity solutions.

Swiss Cyber Think Tank (SCTT)

Swiss Cyber Think Tank (SCTT)

The Swiss Cyber Think Tank is a business network for Cyber Risk & Insurability, providing an industry-wide networking platform for insurers, technology and security firms.

Irish National Accreditation Board (INAB)

Irish National Accreditation Board (INAB)

INAB is the national accreditation body for Ireland. The directory of members provides details of organisations offering certification services for ISO 27001.

American Cybersecurity Institute

American Cybersecurity Institute

American cybersecurity Institute is a newly formed not-for-profit organization dedicated to education, advocacy, study and analysis in the space of cybersecurity law and policy.

Stanley Reid & Company (SRC)

Stanley Reid & Company (SRC)

Stanley Reid & Co is an Executive and Technical Search Firm serving the commercial market and the US Intelligence & Defense community. Our areas of expertise include Cybersecurity.

SyncDog

SyncDog

SyncDog is a leader in enterprise security and the preeminent vendor for containerized mobile application security across cloud & on-premise computing environments.

Tangible Security

Tangible Security

Tangible employs the most sophisticated cyber security tools and techniques available to protect our clients’ sensitive data, infrastructure and competitive advantage.

link22

link22

link22 offers a high level of expertise within IT security and system solutions. We help public and private actors with highly secure IT-solutions.

Nexer

Nexer

Nexer is a modern tech company with expertise in strategy, technology and communication with a strong vision.

Forensic IT

Forensic IT

Forensic IT is a specialised cyber security firm with expertise in Digital Forensics and Incident Response (DFIR).