“A ‘bot’, short for robot, is a type of software application that performs tasks on command, allowing an attacker to take complete control remotely of an affected computer. The compromised machine may also be referred to as a ‘zombie’. A collection of these infected computers is known as a ‘botnet’.”– nacha.org.
Revolution - Eric Knapp, global director cyber security solutions, Honeywell Process Solutions
The ‘Internet of Things’ is exploding. Our IoT world is growing at a breath-taking pace, from two billion objects in 2006 to a projected 200 billion by 2020. That will be around 26 smart objects for every human being on Earth!
The image on this page is neither a virus, nor a cross-section of a zombie brain, it is a map of the Internet representing well over three billion connected users. Each user is represented by several devices e.g. they have a personal PC, business laptop, a smartphone, etc. The number of devices is growing at an exponential rate. The Internet is becoming ubiquitous. It is becoming pervasive. Some might say it’s even becoming invasive.
A guide to industrial cyber espionage
As the Internet surged into our personal and business lives, a threat followed hot on its heels – a threat to our privacy and safety.
In 2010 (http://www.instrumentation.co.za/article.aspx?pklarticleid=6957) Stuxnet struck the industrial cybersecurity gong. At the time, it was ground-breaking ... it was another revolution. Simple viruses gave way to complex, sophisticated, intelligent malware that was able to penetrate an air gapped network, infect logic controllers in a very targeted and precise way and manipulate industrial control processes in such a way that it caused physical damage. It caused a significant setback to the Iranian nuclear programme.
In June 2014 (http://www.instrumentation.co.za/8303a) a cyber espionage group, widely known as ‘Dragonfly’, actively targeted energy suppliers in predominantly Western countries. Dragonfly stole a lot of information. We are still not sure exactly how much information they stole or why they stole it. Unlike a lot of stolen information, this particular intellectual property has not surfaced yet. We don’t know why anyone took it. It could have been an academic exercise or it could be something much more sinister.
Why does the cyber threat exist?
The answer is simple. It’s about money. It is not about Euros or Dollars or Yen. It’s about Bitcoins – virtual currencies that have evolved in the digital age to allow anonymous transactions – transactions of the type where you can do almost anything:
• You can buy information if you need it.
• If you cannot create the malware yourself, you can have somebody else create it for you as a ‘service’.
• If you cannot access the network you need, you can buy your way in.
Personal cyber espionage – Raj Samani, chief technology officer (EMEA), Intel Security and advisor to The Europol Cyber Crime Force
What McAfee decided to do was test the allegations made in the paragraph above. One of the questions asked was, “What happens to the data after it is stolen?”
A research team conducted a study called ‘The Hidden Data Economy’ with the goal of understanding:
1. What happens after a data breach?
2. Does the data actually become available for selling?
3. If so, what data becomes available?
When the team started the research they expected to find credit card details. When they published the research the feedback that they received most often was, “You’re being ripped off. I can buy credit cards much cheaper than you.”
But, how does one know the services being offered are ‘trustworthy’? It is like any modern online business. If one buys a stolen credit card and it does not work, don’t worry, because you’ll get a free replacement.
One particular criminal enterprise investigated was offering a free customer service chat window, just in case you didn’t know how to perform the hack yourself – a criminal syndicate that actually gives you a free help desk!
Industrial espionage – understanding the adversary
Not only are vulnerabilities and direct access into the IT networks of large organisations being sold, but criminals are also selling direct access into operational technology.
First of all, we are up against an adversary who hacks and then provides that information to anybody willing to pay. An example is Cryptowall – a form of ransomware. If a computer is infected, the ransomware will encrypt all of the data on the computer. Not only that, it will also encrypt all of the data that you are connected to. So, if a computer uses shared drives and is connected to a company’s servers, it will encrypt those files as well.
To de-crypt that information, i.e. to get the data back, the user has to pay a ransom, somewhere in the region of about two Bitcoins (approximately US$400-500). A recent study showed that the Cryptowall Version 3 (by itself) netted the criminals US$235 million – a very conservative estimate. Since the research was completed it is estimated that the revenue could have doubled or tripled. That is just the revenue from Cryptowall Version 3.0.
The full article can be viewed at http://instrumentation.co.za/+J462
| Tel: | +27 11 543 5800 |
| Email: | [email protected] |
| www: | www.technews.co.za |
| Articles: | More information and articles about Technews Publishing (SA Instrumentation & Control) |
© Technews Publishing (Pty) Ltd | All Rights Reserved
printer friendly version