future of cyber warfare

3 questions about the future of cyber warfare

“We’re not creative enough when we imagine cyber warfare,” F-Secure Security Advisor Sean Sullivan recently told me. “It’s not kinetic explosions. It could be a guy whose crimeware business has dried up and is looking for new business.”

Over the last week, F-Secure Labs has taken a look at attacks from the “Energetic Bear” hacking group, Havex, which targets the energy sector, and now CosmicDuke, which is aimed at targets in Ukraine, Poland, Turkey, and Russia.

The goal of these attacks seems to be espionage or gathering information up for a buyer, which could be a government. But the methods don’t match the precision and massive investment of manhours that went into an attack like Stuxnet, which was designed to take down Iran’s nuclear capabilities.

“They rely on plausible deniability and using resources that don’t seem to be created specifically for the task,” Sean said. “It matches the modular methodology of what we conventionally think of as crimeware.”

“You look at one element and it looks like crimeware,” said F-Secure Senior Researcher Timo Hirvonen, who wrote the CosmicDuke analysis. “You look at it from a different angle and you say, ‘I’ve never seen it aimed like that before.'”

“The conventional wisdom is that anything related to cyber warfare will be shiny and new,” Sean said. These attacks instead suggest “semi-professionalism”.

Here are three questions Sean is pondering in the wake these attacks:

What do we mean when we say state-sponsored?

“Cyber warfare models real life,” Sean said.  “Some countries have a massive cyber intelligence infrastructure that works from the top down. Others seem to have a more grassroots origin, co-opting existing technologies that seem to be built on existing crimeware.”

He wonders if state-focused campaigns are using malware that isn’t necessarily state-sponsored. “Countries who use troops with black masks and no insignias standing on a peninsula may have the same kind of thing going online.”

Opportunistic and pragmatic governments may be paying people to co-opting technology that exist for international espionage purposes.

He suggests the goals of such attacks may fit into Sun Tzu’s advice from The Art of War: know your enemy.

Armed with information, countries can use soft power to turn allies against each other and dissuade retribution like economic sanctions.

What do we mean by APT — advanced persistent threat?

These attacks are not complex in the way Stuxnet was. And they don’t need to be.

CosmicDuke  — a variant of a malware family that has existed since 2001–  infects by tricking targets into opening either a PDF file which contains an exploit or a Windows executable whose filename makes it look like a document or image file.

Once the target opens the malicious file, CosmicDuke gains access starts collecting information with a keylogger, clipboard stealer, screenshotter, and password stealers for a variety of popular chat, e-mail and web browsing programs. CosmicDuke also collects information about the files on the system, and has the capability to export cryptographic certificates and their private keys. Once the information has been collected, it is sent out to remote servers via FTP. In addition to stealing information from the system, CosmicDuke allows the attacker to download and execute other malware on the system. Pretty standard stuff.

Is the war against crimeware driving criminals to cyber espionage? Or: Could be fighting cybercrime be counterproductive?

“Some of these guys may be working for the government and themselves,” Sean said.

A wave of successes in the international war on cybercrime may be driving criminals to new buyers.

“The talent developed on its own,” he said. “And now there’s a government taking advantage of talent in their borders. Law enforcement has been going after crimeware. But it doesn’t go away. It’s fungible. The talent’s still there it needs to make a buck.”

Sean believes there’s a message in these attacks for everyone.

“It’s not just the NSA that hunts system admins. If you have any sort of credentialed access to important systems, you are a target. Keep calm and secure your stuff.”

He hopes that businesses will recognize that prevention is always the best remedy.

“For IT managers: ask for the security budget you need – and fight for it. There is more evidence than ever that letting cost dictate security is bad management.”

If governments are willing to work with increasingly opportunistic malware authors, risks could grow exponentially.

“Is today’s crimeware botnet, tomorrow’s national security nightmare?” Sean asks. “What happens when these guys get out of jail? I’m sure they won’t let the talent go fallow.”

Cheers,

Sandra

More posts from this topic

nano freedome

A match made in digital heaven

When an enigmatic and groundbreaking artist started making waves on Youtube, the public was simultaneously curious and in awe of this new type of sonic assault, detached from any specific genre, culture or style. nano draws on life experience accumulated in NYC and Japan to create a truly global aesthetic. nano’s music transcends the confines of nationalities and ethnicities, and reflects nano’s “no national borders” motto. Despite being the product of a united and connected world, nano chooses to be shrouded with a veil of mystery and privacy. Like we here at Freedome, nano believes that personal privacy is a choice and the only person to control it should be YOU YOURSELF. We created Freedome because we LOVE the digital and connected world we all live in. We love it so much, that we want to give everyone the tools to enjoy it to the max by not having to worry about the negative sides that come with it. It’s all about choice and keeping control. A lot of your personal information is shared without your approval, and we should be able to share everything you want without fear of your stuff being stolen or used against you. Just like nano, we think that sharing your passions and keeping your privacy are not mutually exclusive. To celebrate our mutual  love for privacy and a connected world, nano has teamed up with Freedome with a special exclusive song, which can be found here. Join our global troop of digital freedom fighters. Your privacy, your choice.

April 22, 2015
BY 
kids laptop remote working take your kids to work

How about ‘Take Your Work to Kid’ Day?

In the United States, Australia and Canada, April 23 will be Take Our Sons and Daughters to Work Day. But given our changing economy and workplace, is one day enough to improve the bonds between parent and child? Originally created to give girls a chance to "shadow" their parents in the workplaces women have so often been excluded from, Take Your Kid to Work Day, as it's often called, was expanded in 2003 to include boys as a way to help all kids see "the power and possibilities associated with a balanced work and family life." It's a nice ideal, but it isn't much of a reality, at least in many industrial countries. Americans spend an average of 1,788 hours a year at work. Most parents with full-time jobs will spend almost two-thirds of their day working and sleeping, leaving little time for anything else. Hopefully your country is a little better at balancing work/home. Finnish workers, for instance, spent 1,666 hours on average at work in 2013 that's 122 hours or 3 full weeks less than their American counterparts. Don't be jealous: German workers only averaged 1,388 hours at work in 2013. Chances are wherever you live your kids already see you at work. A 2012 survey found that 60 percent of Americans are email accessible for 13.5 hours a weekday with an extra 5 hours on the weekend. Given the extraordinary demands work makes on us, perhaps you can make a demand on your work to be a bit more flexible. Given that we're nearly always accessible, why can't parents plan around their kids' schedules and get some work done? Activities like sports, dance, karate and other arts offer parents a chance to be an active observer of their kids while getting some work done on a mobile PC or device while their children are being supervised by another adult. Given that 70 percent of millennial use their own devices for work, it's likely that younger parents already do this to some degree on their phones and tablets. But they're likely not thinking about potential data leakage that can occur, especially when using public Wi-Fi built on old technology that could expose your identity and possibly even your email. But with security and a virtual personal network -- like our Freedome VPN -- you can be about as secure in the office as you're out in the world seeing how your kids work, as they get another chance to see you. Cheers, Sandra [Image by Wesley Fryer | Flickr]        

April 21, 2015