Cyber security: Hackers step out of the shadows with bigger, bolder attacks

Successful hacking campaigns used to be all about keeping under the radar. But, for some, making a big splash is now now more important than lurking in the shadows.
Written by Danny Palmer, Senior Writer

Stealth and secrecy used to be the hallmarks of cyber espionage and cyberwarfare, with spies and hackers sneaking in and out of target networks without leaving a trace or evidence that could be linked back to them.

But increasingly, cyber attacks are now carried out in fully public view, and many attackers don't appear to worry so much about keeping under the radar. Some even seem to go out of their way to make sure they are spotted.

One example of the way cyberattacks have gone public: the WannaCry ransomware caused chaos and made headlines around the world, with many businesses locked out of their PCs by hackers who demanded a bitcoin ransom in exchange for restoring access to data.

But even if victims opted to give into the attack and pay the ransom -- which some did -- there was never any means of the attackers fulfilling their end of the deal.

WannaCry was attributed to North Korea, with Pyongyang having taken advantage of EternalBlue, a leaked NSA hacking tool, to help power the spread of the attack. It's still not clear whether it was a bungled attempt to make money or simply a show of force by the North Korean regime.

Just weeks later, organisations around the world were hit by what first appeared to be another ransomware attack dubbed NotPetya. But in this case it soon became apparent that acquiring cryptocurrency was never the goal: there wasn't even a means to pay. NotPetya was a wiper, designed to destroy data on the machines it was targeting, not hold them to ransom.

The attack was seemingly designed to target Ukraine, but it spread across the world, causing billions of dollars in damage. In this instance, the US, UK and a number of other states eventually pointed to state-backed Russian hackers as the culprits.

North Korea denies involvement with WannaCry and Russia still rejects that it was behind NotPetya.

But Kremlin-backed hackers have also been accused of a number of other operations, most notably the cyber attacks and disinformation campaigns designed to influence the 2016 US presidential elections. Russian President Vladimir Putin has been ambiguous about Russia's involvement in these attacks, largely denying it but also suggesting they could have been the work of 'patriotic' individuals within Russia.

SEE: What is cyberwar? Everything you need to know about the frightening future of digital conflict

"All these groups like APT28 or Lazarus, they're putting less effort into hiding their operations. It's probably because everyone knows these attacks will happen and they just want to get to specific data or have a specific influence," says Maya Horowitz, director of threat intelligence and research at Check Point Software.

"In the past, they used to go under the radar, they used to have their own opsec so that no one would know that there's any attack and nobody would talk about cyber and APTs. Now part of the process is just to create chaos -- so if it's revealed, maybe it's even better, because it makes people scared."

Rather than stealing data in secret, cyber attacks have now become a way for some states to show their technical prowess, especially if they are trying to compete with economically or militarily more powerful states.

This use of cyberwarfare by some states to level the playing field with bigger rivals is also likely to be a trend in future.

Critical infrastructure like power, water, healthcare and more are fundamental to the functioning of modern societies -- and attackers know this, so they make tempting targets for hacking.

The impact of these attacks has already been demonstrated when large sections of Ukrainian power grids were taken out in December 2016, plunging people into darkness and leaving them without heating in the middle of winter.

Like NotPetya, these attacks have been attributed to Russia. Some believe it's only a matter of time before state-backed attackers -- wherever they may be from -- try to do to the same to US power.

"What we need to worry about, and something we're not investing a substantial amount of time in, is investing in critical infrastructure -- that's what keeps me up at night," says Eric O' Neill, national security strategist at Carbon Black and a former FBI counter terrorism and counter intelligence operative.

SEE: Cyberwar: What happens when a nation-state cyber attack kills?

Having your credit card details stolen is bad, having your personal information leaked in a data breach is frustrating -- but if hackers really want to cause damage, they could go after infrastructure.

"If the lights all get shut off and people are fighting at the gas pump so they can feed their generators, you have serious problems. Then there's also hospitals which can't run so people die, without refrigeration we can't feed people -- and the longer it happens, the worse it gets," says O'Neill.

While that sort of scenario may sound far-fetched, there have been warnings about weaknesses in critical infrastructure and the potential for these to be exploited by attackers. If nation-state backed groups are looking to cause maximum disruption, they can do it by meddling with critical infrastructure.

"I worry about it: because in a world where we're used to convenience, if we lose that convenience, the very fabric of society fails and attackers know that," O'Neill adds.

The world has repeatedly been warned about the threats posed by powerful hacking operations and despite real-world examples, such as WannaCry, the risks are still ignored by most people outside of the cyber security sector. That means the risk of another significantly destructive incident is still far too high.

"Disruption and destruction are a big category that those of us in the security industry have in the back of our minds, but the reality is the next incident may come sooner than we think it's going to," says Jennifer Ayers, VP of Falcon OverWatch and security response at Crowdstrike.

"The last destructive incident prior to WannaCry was over a decade ago, but we weren't ready for it a decade ago, we had a decade to prepare, but we weren't ready last year, what happens if we're hit next year?" she adds.

In an ideal world, we wouldn't have to think about having to answer this question. But as nation-state hacking activity gets increasingly brazen and increasingly focused on causing damage and disruption over stealth, it might be that 2019 could be the year when the world has to face another major destructive cyber attack, and we're still not ready.


Editorial standards