New methods of attack pose challenge to cyber security sector
The attacks perpetrated by today’s generation of hackers have evolved in both sophistication and capability, say cyber security experts. Governments and large corporations must now protect themselves from what have become known as APTs – Advanced Persistent Threats.
If attacks of the past were designed to be a nuisance which would clog up servers or collapse websites under bombardments of junk mail, then APTs can be understood as a long term effort to infiltrate a system without alerting the victim to the intrusion.
Technological advances have had a large role in bringing about the new threat but just as important is the sophisticated organizational techniques that hackers are now using, Hudi Zack, a representative of US Information Technology Verint Systems cyber department, told The Media Line. Technology which was previously only affordable to governments is now in the hands of criminals and this has increased the danger, he said.
But it is the way in which hackers are organizing their attacks which is the game changer. “The attackers are very patient, they know exactly where they want to go, they go in low profile, under the radar, (and) get to where they want” Zack said, explaining that hackers may take months to complete what are known as “low and slow” attacks against a server. Infiltrations are conducted like a military operation, Zack explained, with clear phases.
First an attacker will conduct a reconnaissance of a target creating “an intelligence picture of the entity they want to attack,” from which vulnerabilities and entry points into a network can be identified, Zack said. Next attackers will infiltrate the target. This can be done using fishing emails or by infecting an employee’s computer while they are outside of the protection of their work place, Zack said.
One favored method of intelligence services is to infiltrate state official’s networks via hotel Wi-Fi during diplomatic meetings, as an attacker can predict a target being in a specific location in advance. “It is easier to hack into an Iranian official’s computer whilst he’s in a European hotel than when he is in his office in Tehran, for example,” Zack said.
Once a virus is inside a network it then generally communicates back to its operators and begins to spread towards the specific location on the network that is desirable – “Usually the first point of infiltration is not where it wants to go – it wants to go to the financial system, to the data center, to the CEO’s computer.”
Cyber security experts have identified three or four groups which hackers generally tend to belong to. The first and least threatening is young computer enthusiasts who become involved in hacking for fun or out of a sense of curiosity; secondly there are politically motivated hacktivists including groups like Anonymous. Although these two groups are possibly the best known caricatures of hackers they are actually the ones governments and corporations are least worried about.
That privilege falls to organized criminal gangs– groups who try to steal, damage or ransom data for financial gain, and to state-run cyber espionage units. It is the criminal and security agency hackers that have the resources and the sophistication to conduct the APT attacks that states and corporations are concerned with.
Governments are aware of the threat and are reacting to it, a marketing manager for Israeli Aerospace Industries (IAI) who wished not to be named, told The Media Line. IAI, both Israel’s largest defense contractor and a subsidiary of the government, has branched out into the cyber security realm – a move increasingly common among leading arms manufacturers.
The IAI manager pointed to comments by Lieutenant General Gadi Eizenkot, Israel’s most senior officer, that a fourth branch of the military, cyber warfare, will be formed in the coming years. This new organization will stand alongside the land, sea and air branches which have traditionally been the basis for militaries in the twentieth century, and will form a unified defense against cyber threats to Israel.
The fact that both Prime Minster Benjamin Netanyahu and Defense Minister Moshe Ya’alon spoke at this year’s International Cyber Conference at Tel Aviv University, indicated how seriously Israel – a country renowned for its high-tech capabilities – is taking cyber security.
Consolidation of resources into dedicated cyber units is increasingly the strategy governments are moving towards, Daniel Cohen, research fellow with The Institute for National Security Studies told The Media Line. A second approach is the recognition that cyber security is not simply a concern for the military and for critical infrastructure but for profit orientated companies too.
Both these ideas can be seen in the announcement by the Israeli government earlier in 2015 of the intention to create a cyber-bureau to protect civilian private interests, Cohen said. Such an organization would be designed to prevent aggressor states damaging the Israeli economy by disrupting private enterprises, Cohen explained.
A third manner in which governments are working to protect themselves is through the creation of human capital which once sufficiently trained would provide a stockpile of experts able to defend against cyber threats, Cohen said. Cyber defenders have an arsenal of tools with which to defend against hackers. Computer forensics can be used to try to identify a perpetrator and to reverse engineer an attack in order to formulate a defense for the future. Cyber intelligence units are also increasingly monitoring social media and hacker forums to identify trends in methods of infiltration and to predict when and where attacks will be made.
If today’s cyber threats have governments scrambling to restructure their security apparatus then tomorrow’s dangers are likely to be no less worrying. When asked to predict what will come next Cohen suggests that computer espionage will become increasingly powerful and prevalent. Even more alarming perhaps is Cohen’s assessment that in the near future terrorist groups, especially those being used as armed proxies by states, will gain the capability to use APTs and will make use of them to target governments and their citizens.
Israel, both the perpetrator and the victim of a number of infamous hacking attacks (if internet rumors can be believed), is placed at the forefront of the growing cyber warfare arena. With both one of the Middle East’s largest high-tech industries and most advanced militaries the Jewish state will wish to maintain its edge in this emerging field.