Homeland Security sees rising cyber threats
Facebook
Twitter
Email
Steve Weisman, Special for USA TODAY
7 hours ago
Recently the Department of Homeland Security’s National Cybersecurity and Communications Integration Center issued a disturbing report disclosing a sophisticated and widespread series of cyberattacks.
Numerous sectors have been hit, the report says, including “Information Technology, Energy, Healthcare and Public Health, Communications and Critical Manufacturing” since May of 2016 and perhaps even earlier.
The battle against those who would use computers to wreak havoc whether they are ordinary criminals, terrorists or adversary nation states is a battle that will not go away.
Thinkstock
Who is behind this campaign of cyberattacks is unknown, and the NCCIC is of course still investigating. In the meantime, its report serves as a warning for companies and offers steps they can take to counter this threat.
According to the report, “threat actors appear to be leveraging stolen administrative credentials (local and domain) and certificates, along with placing sophisticated malware implants on critical systems.” The report indicates that IT service providers have been targeted as a way to gain access to the computers of their customers.
It adds that “the threat actor could possibly gain full access to networks and data in a way that appears legitimate to existing monitoring tools.”
Two malware programs identified in the report are called PLUGX/SOGU and REDLEAVES. According to the NCCIC, it “is aware of several compromises involving the exploitation of system administrators’ credentials to access trusted domains as well as the malicious use of certificates” using these two types of malware.
A cyberattack against one company with the intention of using its ability to access another company — the true intended victim — is not anything new. In the 2013 major data breach of Target, access to its computers and credit card processing equipment was achieved through first hacking the company that provided heating and air conditioning services to Target, and then using its capabilities and credentials for remote access to Target.
In the United States as well as throughout the world, critical infrastructure essential to our lives is connected to the Internet and vulnerable to hackers, be they cybercriminals, terrorists or foreign states. The damage caused by a successful attack on any of these areas of our infrastructure could be devastating.
Financial institutions, telecommunications networks, energy production including nuclear power plants, our water supply and even our national air traffic control system are all increasingly dependent upon computer systems and vulnerable to hacking. According to the Government Accountability Office (GAO), “the interconnectivity between information systems, the internet and other infrastructures creates opportunities for attackers to disrupt critical systems, with potentially harmful effects.”
The GAO report made 17 recommendations with 168 specific actions it indicated were needed to address security weaknesses, including the obvious need to encrypt sensitive data. This glaring flaw is one that is found too often throughout the Internet which was never developed with security in mind. Too often security has been built in as an afterthought rather than incorporated into systems using the Internet as a part of their initial development.
The threat is quite real. In 2014 the computers that operated the smelting furnace of a German steel mill were hacked causing it to overheat resulting in tremendous damage.
Technology has created the dangers being exploited by the yet unidentified hackers, but it also can help reduce that danger. Although the NCCIC recognized that there “is no single or set of defensive techniques or programs that will completely avert all malicious activities,” it did offer some suggestions.
One of the most successful and strongest defensive measures is the use of whitelisting software. Rather than having computer software that tries to identify every possible strain of malware and then prevent it from being installed, whitelisting software takes the approach of not allowing any software to be downloaded unless it specifically is approved.
Among the other recommendations of the NCCIC was the increased use of dual-factor authentication to prevent an unauthorized person from stealing the passwords and credentials of an authorized user and using it to gain access to the targeted company’s computers.
The NCCIC report issues a long list of other defensive measures and best practices for companies to consider to help protect themselves.
It is also important to note that the most sophisticated malware is only effective as a weapon when it is downloaded onto the computers of the intended target. This is often done by the targets themselves — the unsuspecting people who are victimized by phishing and the more sophisticated "spear-phishing" emails. Computer programs called analytics can recognize and protect computer users from phishing emails. It is also important for companies to better train their employees in safe computing.
The battle against those who would use computers to wreak havoc whether they are ordinary criminals, terrorists or adversary nation states is a battle that will not go away. We have the resources to defend ourselves, but we have to do a much better job of committing to using those resources.
Steve Weisman, an expert in preventing cyberscams and identity theft, is a lawyer and professor at Bentley University. He writes the blogscamicide.com, where he provides daily updated information about the latest scams. His new book is Identity Theft Alert.
Help • Terms of Service • Privacy Notice • Your California Privacy Notice • Ad Choices • Full Site
Copyright Gannett 2017
