Monday, 20 November 2017

Cybersecurity Collaboration is Key to Dark Web Deterrent

When the NotPetya cyber attack struck in June, taking the radiation monitoring system at Ukraine’s Chernobyl nuclear power plant briefly offline and causing massive disruption to global companies such as WPP and Maersk, security experts braced for a wave of attacks.

A month earlier, organisations in more than 100 countries were hit by WannaCry, ransomware that infected Windows operating systems demanding a payment to unlock machines and allow users to regain access.

Cyber intelligence officials say both attacks were launched using hacking tools from top secret cyber weapons. The intelligence was leaked from the US National Security Agency in 2016, and made available on the dark web — parts of the internet not accessible via normal search engines. Yet almost six months after NotPetya hit, there has not been another attack on the same scale.

“It’s been alarmingly quiet,” says Martin Borrett, chief technical officer for IBM Security Europe. “We were expecting to see a wave of attacks after the NSA dump. I am still expecting something major before Christmas.”

The hackers are still trying though. In October, another outbreak of malicious ransomware, Bad Rabbit, froze computer systems in Europe and began advancing to the US. The virus used an update to Adobe Systems’ Flash multimedia and spread to countries, including Russia, Ukraine and Germany.

“Although the effects have been less widespread, Bad Rabbit shows the hackers are not resting on their laurels,” says Betsy Cooper, executive director at Berkeley University’s centre for long-term cyber security.

The failure of the Bad Rabbit virus to spread more widely raises the question of whether the hackers are laying low or if organisations are getting better at preparing for a cyber attack. Ms Cooper adds: “One of the key lessons from NotPetya is that it’s not as easy to get victims to pay ransomware fines as perhaps the hackers thought. Payments for NotPetya were relatively low.

“So some hackers may be taking more time and seeking to more carefully execute attacks to ensure that such attacks reap greater financial rewards.”

Others argue the NotPetya and WannaCry attacks served as a much-needed warning. “We now have that healthy paranoia, and there’s a level of heightened awareness,” adds Mr Borrett. “Everyone’s being that bit more vigilant.”

It has been alarmingly quiet — I am expecting something major before Christmas

Martin Borrett, chief technical officer, IBM Security Europe
The costs of dropping your guard are becoming more evident. US pharmaceuticals group Merck blamed NotPetya for losing $375m (£284m) in the third quarter. It says it lost $240m in sales alone because the US Centers for Disease Control and Prevention had to borrow a vaccine from the country’s stockpile rather than buy it from Merck, which was taken offline by the hack.

The National Audit Office reported that the impact of the WannaCry attack on the British National Health Service was more extensive than first thought. One in three NHS trusts and 595 doctors’ practices were affected with 19,000 appointments cancelled.

While the number of large-scale attacks may have dropped since the summer, the UK’s National Cyber Security Centre reported that it had received 1,131 cyber incident reports over the past year to the end of September. The NCSC, a division of UK intelligence agency GCHQ, says 590 were considered “significant incidents” while more than 30 were assessed as “being sufficiently serious enough to require a cross-government response process”.

“The UK faces threats from across the globe on a daily basis,” says Ciaran Martin, NCSC chief executive. “It’s not a question of ‘if’ cyber attacks will happen, it’s a matter of ‘when’.”

As well as adding more patches, experts say companies and public bodies need to collaborate more to tackle the threat from leaked cyber weapons. It is estimated that at least a dozen NSA tools are being discussed and worked on by hacking forums on the dark web.

The Shadow Brokers group, which officials believe is a proxy for Russian intelligence services, began to leak NSA cyber weapons online in August 2016.

US cloud storage company Rackspace is leading efforts from Silicon Valley to collaborate more closely. It has established a security forum that includes Amazon, Google, Microsoft and PayPal.
“We need to get better at sharing information because the bad guys are really good at it,” says Brian Kelly, Rackspace chief security officer.

Culled from: FT

No comments: