Cyberwars: The Month of Cyberattacks

hackers_securityThe month of August has been a busy time for online security specialists, due to numerous cyberattacks being reported close to each other. First came word that supermarket chain Supervalu had been hacked, followed by news of security breaches at a largest American medical group, the Nuclear Regulatory Commission and then the UPS Store. In all cases, the intrusions led to the theft of millions of users’ personal data.

The worst of the lot appears to have been the massive cyberattack on Community Health Systems, one of the largest hospital chains in the US that oversees 206 hospitals in 29 states. According to the company, the intrusion led to stolen Social Security numbers, patient names, addresses, birth dates and telephone numbers of some 4.5 million patients. And as usual, the attack is believed to have had the backing of a foreign government.

https://i2.wp.com/www.chs.net/wp-content/uploads/2013/12/hma-map.pngThis is the largest known attack to involve hospital patient information since the US government began tracking these types of data breaches in 2009. According to Elysium Digital data security expert Joseph Calandrino:

One possible goal of this attack is to facilitate future targeted attacks. The type of data that was stolen from the hospital system is often used to verify a person’s identify. The exposure of this data creates a risk that the hackers could leverage it to gain access to other accounts and information.

As is so often the case these days, it is believed the cyberattack originated in China. Security firm Mandiant, which investigated the breach in April and June, said the hackers belong to a group that targets crucial infrastructure, such as defense, engineering, financial services, and health care companies. It’s unclear if these hackers are affiliated with the Chinese government.

Unit-61398-Chinese-Army-Hacking-Jobs-With-Great-BenefitsVarious security experts have long accused China of waging a cyberwar on US government and private company websites. For example, a report that was released by Mandiant back in 2013 linked Unit 61398 of the China’s People’s Liberation Army to a large number of cyberattacks on US soil. However, the Chinese government has flatly denied that it is involved in cyber-espionage or hacking.

Community Health Systems has since reported that it stopped the cyberattack by removing the malicious software used by the hackers and is notifying its patients of the breach. It has also been reported that the hack may have been facilitated by the Heartbleed bug, a flaw in OpenSSL that hackers use to exploit to obtain encrypted data. The timing certainly seems apt, as the bug was revealed back in April and the attack took place between April and June.

nsasecurity_primary-100041064-largeHowever, this was were merely one of several breaches that took place over the past few months. In addition to the CHS, UPS, and numerous major outlets, cybersecurity firm Hold Security identified what was arguably the largest known data breach in history earlier this month. In this attack, the Russian cybergang Cybervor allegedly stole 1.2 billion username and password combinations and more than 500 million email addresses.

With these latest attacks, it appears that large-scale security breaches carried out by individual hackers and sponsored by nation-states is becoming the new normal. And as these kinds of attacks become more common, cybersecurity experts are concerned that people may suffer from “alert fatigue”, where they will basically cease caring about and not be aware of breaches that affect them.

RAND_hqIn addition, security experts would like people to keep in mind that there is a difference between a spike in activity and reporting on activity. Much like the problems of violence, teen sex and crime rates, there is likely a gap between an actual increase and the perception of one. As Lillian Ablon, a researcher for the RAND Corporation, explained:

Back during Operation Aurora [in 2009], when Google got hacked, Google coming out [in 2010] was a big step in the industry. Before that, companies didn’t really talk about being breached.

Legally, companies and government agencies are required to report security breaches to the public only when customer data is involved, and only in 47 states. Alabama, New Mexico, and South Dakota lack mandatory reporting laws, and few laws on the books extract penalties when a breach occurs. Still, whatever the magnitude of the number of security breaches, it’s also true that we are living in an increasingly uncertain world when it comes to keeping our data safe.

internetNaturally, public vigilance is a good policy, but its not exactly a solution. When the hacks at the Nuclear Regulatory Commission, the Community Health Systems, the Cybervor attack, and hack of the DHS, the attacks were suspected of coming from abroad. More and more, attacks are being staged from a location that is far removed from the source, and backed by third parties who are likely unknown.

Security experts believe that the eventual solution will require businesses to rethink how they operate, putting a much bigger emphasis on security. But the consequences of that could have global economic implications, if better security hurts competitiveness. In the short term, it means that customers who do business with companies that suffer security breaches will need to be that much more vigilant.

That means not reusing passwords for multiple accounts, using two-factor authentication when available, and keeping a close eye on bank statements and credit card activity. And as for the breaches themselves, there’s not much you can do except be prepared to hear about more of them, more often. For better or for worse, it is the age we live in, where big data means big data intrusion!

Sources: cnet.com, (2), (3)

Cyberwars: Watching the US and China in Real-Time

norse-hacking-map-640x353Since the dawn of the internet age, there has been no shortage of stories about hackers, malware-peddling malcontents, online scams and identity theft. Add to that the growing consensus that wars in the future will be fought online through “cyberwarfare divisions”, and you can understand why such positive statements once made about the internet – like how it would bring the world together and create “a global village” – would seem incredibly naive now.

However, despite the prevalence of hacking and cyberwarfare-related fear, very few people have actually experienced what it is like. After all, the effects of hacking are mostly invisible to the untrained eye, with the exception of very-high-profile database breaches. Now, though, a security company has produced a fascinating geographic map that shows global hacking attempts in real-time. And of course, the ongoing battle between US and Chinese forces accounts for much of it.

norse-china-usa-hacking-smallerThe real-time map, maintained by the Norse security company, shows who’s hacking who and what attack vectors are being used. The data is sourced from a network of “honeypot” servers – essentially a juicy-looking target that turns out to be a trap -maintained by Norse, rather than real-world data from the Pentagon, Google, or other high-profile hacking targets. The Norse website has some info about its “honeynet,” but it’s understandably quite sparse on actual technical details.

If you watch the map for a little while, it’s clear that most attacks originate in either China or the US, and that the US is by far the largest target for hack attacks. You can also see that the type of hack used, indicated by the target port, is rather varied. Microsoft-DS (the port used for Windows file sharing) is still one of the top targets , but DNS, SSH, and HTTP are all very popular too. CrazzyNet and Black Ice – two common Windows backdoor programs often used by script kiddies and criminals – is also sure to pop up.

Unit-61398-Chinese-Army-Hacking-Jobs-With-Great-BenefitsOn occasion, the map is likely to show a big burst of coordinated attacks coming from China and directed towards the US. And while it is difficult to blame these attacks directly on the Chinese government (as they are adept at routing their attacks through other servers) government and independent researchers are confident the majority of these attacks are being directed by the People’s Liberation Army’s Unit 61398 – aka. the PLA’s cyberwarfare division.

A lot of hacks originate in the US, too, but their targets are much more varied. And in cases where Chinese facilities (or other nations that are nominally identified as hostile to the US) you can bet that the US Cyber Command at Fort Meade is behind the lot of them. But the map is still limited in that it uses Norse’s own honeypot operations to identify these attacks, and it therefore cannot be said with absolute certainty that real attacks happen in the same fashion.

nsa_aerialBut a general picture of the size and shape of global hacking and cyberwarfare can be divined by looking at the stats. Back in 2012, the US DOD reported that it was the target of 10 million cyber attacks per day. Likewise, the National Nuclear Security Administration says it saw 10 million attacks per day in 2012. In 2013, BP’s CEO said it sees 50,000 cyber attacks per day, and the UK reported around 120,000 attacks per day back in 2011.

While the extent and purpose of these attacks certainly varies, it is pretty clear that hacking and cyberwarfare is a global problem and something that governments, corporations, and institutions need to pay attention to. Last year, the Obama administration’s announced that it would not sit idly by in the face of stepped up attacks from China. However, the subsequent testimony and document leaks by Snowden showed that the US has been conducting its own attacks the entire time (and even beforehand).

And such is the nature of war, regardless of the context or the weapons used. States rattle their swords claiming they will not tolerate aggression, but there is always a fine line between maintaining one’s defenses and escalating a situation to the point that mutual destruction becomes inevitable. Perhaps the people who are currently fighting this alleged cyberwar should look to the past – specifically to the First World War and the Cold War – to see just how effective “arms races” are!

Source: extremetech.com, map.ipviking.com