Cyber-attacks & Hacking: What You Need To Know

The British chancellor, Phillip Hammond, has announced a £1.9bn investment in Britain’s cybersecurity strategy. The money is to be used to protect the country from hacking attacks on all fronts, from opportunistic raids on individuals and businesses to focused cyberwar led by state-run teams.

Hammond has promised a big sum, but the world of hacking is easily large enough to occupy all that money and more. It’s double the amount set out for a similar strategy in 2011, but has to deal with a world where cybercrime has moved from science-fiction novels and Hollywood movies to our banks, phones and even kettles.

What are Cyber-Attacks?

The range of misdeeds which can be described as a cyber-attack is vast, and demands a similarly large range of responses.

At the most technically complex end, cyber-attacks can entail a close-knit team of elite hackers working under the remit of a nation state to create programs which take advantage of previously unknown flaws in software – called 0days, or zero-days, for the amount of time the manufacturer has had to fix them – in order to exfiltrate confidential data, damage key infrastructure, or develop a beachhead for further attacks.

Examples of that sort of cyberwarfare include the Stuxnet worm, a specially made computer virus attributed to the US and Israel, which was deliberately designed to infect and damage centrifuges used in the Iranian nuclear programme, and the 2015 hack of the Office of Personnel Management, attributed to China, which led to the personal information of millions of US government workers being stolen.

The most dangerous hacking groups are known as “advanced persistent threats” (APTs): not only nation-states, but highly competent criminal organisations that carry out technically difficult targeted hacks.

But not all cyber-attacks involve high-end technical skills or state-sponsored actors. At the opposite end of the scale are hacks that take advantage of long-fixed security mistakes, ambiguities in user interfaces, and even good old-fashioned human oversight.

Many hackers are opportunistic, picking not the most valuable targets but the most lightly defended ones, such as computers that haven’t had security updates installed, or users who will happily click on malicious links if they are told that their bank sent them.

If APTs are like the Hatton Garden Heist, these hackers are the sort of people who will grab an unattended handbag and run. It may be less impressive, but for the vast majority of computer users, that’s the sort of cybercrime they should spend more of their time defending against.

Does Cyber-Crime even have to include Hacking?

Not according to Hammond. Some of the government’s past successes in fighting cybercrime involve tackling “phishing”, the practice of sending a fake email purporting to be from a trusted sender to encourage the recipient to enter confidential information.

Phishing can be fought by taking down the servers that collect the confidential information, which the government has been doing, but also by education: teaching individuals how to recognise a phishing email, and how to tell real websites from fake.

At its simplest end, cybercrime may not even involve computers much at all. “Social engineering” is the name in the hacker community for convincing an organisation or individual to do things they shouldn’t, and is an important part of the hacker toolkit. For instance, Mat Honan, a Wired reporter, had his entire digital life erased when hackers convinced Apple to reset his iCloud password with information they had convinced Amazon to hand over – all using nothing more complex than a phone call.

And then there are the simplest “hacks” of all: just logging into things using the default passwords. That’s how a rag-tag collection of cheap “smart” devices like webcams and kettles ended up being corralled into a network big enough to take down most of the internet for the east coast of the US in October.

By being press-ganged into a “botnet”. The devices were all vulnerable because their default passwords were known, and, worse, couldn’t be changed. That made it simple for a (still unknown) hacker to write a program that would automatically log in to those devices, rewrite their software, and leave them controlled by a central server. Even more impressively, those enslaved devices then start seeking out further devices to drag into the botnet, meaning that today, if you connect a vulnerable kettle to the internet, it will be hacked within an hour. It doesn’t need a human to do the hacking, the botnet (named “Mirai”) just scans for new kettle and logs in using the default username and password.

But how does that Botnet take down the Internet?

Through a technique called “distributed denial of service”, or DDoS. A denial of service attack involves overwhelming a particular server with requests – as though you decided to harm a small business by permanently calling their landline and refusing to hang-up, so no one else could get through. But the denial of services attacks is fairly easy to block, because they come from one location, and it’s hard to send enough traffic from one computer to overwhelm another computer.

A “distributed” denial of service attack involves commanding networks of thousands or millions of computers, or kettles, to all send their requests at the same time. Not only can it leave the server unable to respond to real demands, it can even leave it so overwhelmed that it fails completely, crashing key services or even revealing non-public information to the world.

The botnet that brought down parts of the Internet recently was targeted at a particularly important server, which acted as the main gateway for a number of large sites including Amazon, whose AWS network itself hosts even more sites.

Is that everything?

Mostly, but with the proliferation of smart devices, the number of things that can be hacked is growing daily. We’re connecting more and more things to the internet, and some of those things we really don’t want to be hacked.

In October 2015, for instance, security firm Rapid7 revealed vulnerabilities in a brand of insulin pump that diabetics use to control their condition. The weakness allowed an attacker to remotely trigger insulin injections, potentially leading to a fatal hypoglycemic shock. In 2013, weaknesses were discovered in power plants across the US and Canada that could cause them to overheat, shut down or malfunction if a malicious hacker decided to attack them. And as cars become more connected, hackers are going after them too: researchers who discovered how to remotely disable the brakes on Jeeps in 2015 reported this year that they had found new attacks which could do even more on an unpatched vehicle.

Can £1.9bn really defend against all of that?

It can do a lot, though not in the ways you might think. The extra money spent on staff in GCHQ and MI5, for instance, won’t result in teams of spooks staring at big screens shouting things like “reverse the trace and send spike the server!”. The money will be used, the government says, to “take the fight to those who threaten Britain in cyberspace”, in part by “striking back against those that try to harm our country”. It’s not clear what form retaliation could take, especially when identifying the perpetrator is not straightforward.

And £1.9bn from Britain can’t do everything. Experts agree that much of the response to cybercrime needs to be transnational: there’s no other way to ensure, for instance, that cheap electronics made in China and sold in the UK can’t be used to attack websites hosted in the US but serving the entire Western hemisphere.

Some solutions are cheap, but come with other costs. In the wake of the Mirai botnet, for instance, researchers have called for stronger regulations requiring timely security updates, and putting the cost of any damage on the manufacturer if no updates are available. That could help prevent future re-runs, but might also raise the cost of such devices.

Guardian:     UK To Increase National Cyber Defences:

 

« UK Will Retaliate Against Cyberattacks
Securing Data in the Cloud »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

April 4, 2024 | 11:00 AM PT: Join this webinar to find out about six emerging trends dominating the cloud cybersecurity landscape.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CloudCodes Software

CloudCodes Software

CloudCodes is a cloud security solutions provider focused on providing cloud security solutions to enterprise customers.

BSA - The Software Alliance

BSA - The Software Alliance

BSA is the leading advocate for the global software industry before governments and in the international marketplace.

BGD E-GOV CIRT

BGD E-GOV CIRT

BGD e-GOV CIRT's mission is to support government efforts to develop ICT programs by establishing incident management capabilities within Bangladesh.

Logsign

Logsign

Logsign is a Security Orchestration, Automation and Response (SOAR) platform with next-gen Security Information and Event Management (SIEM) solution.

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC) is one of the most distinguished Cybersecurity, Privacy and Information Security Conference in Thailand and Southeast Asia.

National Cybersecurity Institute (NCI) - Excelsior College

National Cybersecurity Institute (NCI) - Excelsior College

NCI is Excelsior College’s research center dedicated to assisting government, industry, military and academic sectors meet the challenges in cybersecurity policy, technology and education.

Asoftnet

Asoftnet

Asoftnet are specialists in IT security, IT forensics, IT service, websites, applications and mobile solutions.

Ponemon Institute

Ponemon Institute

Ponemon Institute conducts independent research on data protection and emerging information technologies.

Havelsan

Havelsan

HAVELSAN is a leading technology company in Turkey developing indigenous systems for domestic and foreign military, public and private sector clients.

Tech Mahindra

Tech Mahindra

Tech Mahindra is a global leader in IT solutions, BPO, business consulting services & digital technologies.

Alyne

Alyne

Alyne is a Munich based 2B RegTech offering organisations risk insight capabilities through a Software as a Service.

Cyber Ireland

Cyber Ireland

Cyber Ireland brings together Industry, Academia and Government to represent the needs of the Cyber Security Ecosystem in Ireland.

Dawgen Global

Dawgen Global

Dawgen Global is an integrated multidisciplinary professional service firm in the Caribbean Region providing a range of services including Risk Management and Information Systems Assurance.

Cisco Systems

Cisco Systems

Cisco helps seize the opportunities of tomorrow by proving that amazing things can happen when you connect the unconnected.

RIoT Secure

RIoT Secure

RIoT Secure AB is a technology enabler within the IoT industry - created with a vision to ensure security technology exists in the foundations of software development for IoT solutions.

SalvageData Recovery Services

SalvageData Recovery Services

Since 2003, SalvageData has been providing high-quality data recovery with the certifications needed to work with any storage media manufacturer.