TNT 1.82% 28.0¢ tesserent limited

Cyber security in the media, page-339

  1. 2,211 Posts.
    lightbulb Created with Sketch. 690
    published in The Australian this weekend...IMO, the importance of cyber security is only just beginning to be realised by many investors.

    https://www.theaustralian.com.au/weekend-australian-magazine/cyber-wars-why-the-world-is-under-attack/news-story/7f464d9e9725905cb0ed4fe63f2108bb
    w w w . t h e a u s t r a l i a n . c o m . a u /

    Why the world is under cyber-attack

    Malicious attacks by state-sponsored hackers and criminals have flourished during the pandemic. Is this the next global crisis?

    By NICOLE PERLROTH



    For the past year, I have been sheltering from the pandemic in a cabin in the woods in California, watching as the US death toll climbed higher than in any other country. Witnessing this has been equal parts tragic and maddening, but I know there is a quieter layer to the terror, also invisible but no less life-threatening, palpable only when it hits our hospitals, our bank accounts, our water, our bodies.

    I have spent the past seven years infiltrating the world of cyberwarfare, tracking an escalating series of hacks on healthcare services, the power grid, nuclear plants, our privacy, our psyche, with no end in sight. But this year, one in which we virtualised our lives at a scope and speed the world has never seen, I have caught a harrowing glimpse of another plague, one for which there is no vaccination, and one that promises to consume us all if we do not alter our course.

    Among the stories to have emerged during the coronavirus pandemic are two cyber-attacks that bookended it. Last April, weeks into its stay-at-home order, Israel announced that Iranian hackers had infiltrated two Israeli water treatment facilities in an attack that officials said was designed to cut off water supplies or contaminate the drinking water for thousands of people quarantined at home. Nearly one year later, the US reported an eerily similar cyber-attack on a water treatment facility in a small town in Florida that increased the amount of the caustic substance lye in the water from 100 parts per million to 11,000 parts per million. Had an engineer not noticed a phantom hand moving his cursor across his screen, the attack might have poisoned thousands of residents, sending them to hospitals already under siege from Covid-19.

    It is still unclear whether those two cyber-attacks are related. But what is clear is that they flanked a period in which the world endured not just a terrible pandemic but some of the most aggressive and costly hacking episodes in modern history. Water treatment facilities, hospitals, schools, clinical trials, coronavirus vaccine research, supply chains, treatments and tests, electricity companies, technology firms and government agencies were all, in some way, shape or form, hijacked by hackers. Cyber-criminal activity spiked and nation-state hackers – not just the usual suspects in Russia, China, Iran and North Korea, but newer players like Pakistan – were caught hacking one another in an attempt to glean any intelligence or advantage they could during the pandemic.

    Unless we pause and change tack, these cyberattacks offer a glimpse of what the world can expect in the future as we digitise our economies, societies and daily lives at accelerating rates. When this is all over, working from home could become the new normal. We will depend more heavily on Zoom and the so-called “internet of things” – devices such as smart TVs, thermostats, fridges, pacemakers and insulin pumps that we are now plugging into the internet at a rate of more than 127 per second. It will see more critical infrastructure – more water and sewage treatment facilities, power grids, oil and gas pipelines, chemical plants, nuclear reactors, health, financial and government services – migrate to an internet that was never built with global security in mind. Unless we reprioritise our collective cyber-defence, this could have life-threatening implications.

    Until now the vast majority of attacks have been designed for espionage, or to steal money or data, but the same code and digital entry points are being used to set the stage for bioterrorism, an assault on our power grids, our democracies, our transportation systems, our drinking water. A decade ago, such predictions were dismissed as overly alarmist. Indeed, too many cybersecurity companies used the threat of a calamitous attack, a “Cyber Pearl Harbor” or “Cyber 9/11”, to market products that never quite succeeded in keeping hackers at bay. But the analogies to Pearl Harbor and 9/11 were problematic for another reason. In those two attacks, we never saw the planes coming; but we have seen the cyber equivalent approaching for more than a decade. The focus on planes and bombs is also a distraction from the predicament we already find ourselves in here in the West, where our power grids, hospitals, intellectual property, universities, elections and water supplies have already been infiltrated by hackers. We may not have seen the digital equivalent of a Pearl Harbor but, with each passing day, we inch dangerously closer. The world is simply waiting for the appropriate geopolitical trigger.

    I’ve spent years digging into this predicament. What I have discovered is worse than I could have conceived. I have discovered that our governments, charged with keeping civilians secure, are leaving us more unsafe. In the most tangible form, I learnt that governments in the US and UK – and, increasingly, regimes with far less red tape and abysmal human rights records – have paid hackers to dig for secret vulnerabilities in popular software and never tell a soul. These secret vulnerabilities form the raw material for cyber-weapons; they are dubbed “zero days” because, once discovered, companies such as Microsoft, Apple and Google have had zero days to patch them. This demand for “zero days” constitutes a new arms race; they are traded between governments, mercenaries and hackers. Those who own them are able not only to spy on our communications, but increasingly to hijack critical infrastructure.

    Speed, cybersecurity experts have long said, is the natural enemy of security. And early last year, the world began virtualising its business, manufacturing, finance, education and government at an ever-increasing rate. Use of tools such as Zoom, Slack and Microsoft Teams surged between January and April, a period that likewise saw a 630 per cent surge in cyber-attacks.

    Many of those attacks were the work of cybercriminals who seized on new work-from-home dynamics and a sudden urgency in business transactions to reap a profit. Data had migrated from corporate networks, where dedicated IT staff monitor for intrusions and regularly patch buggy software, to the cloud, employees’ personal phones and computers – ripe targets for hackers.

    Cyber-criminals seized on the need for a dispersed workforce to access employer systems and data remotely. In a series of extortion attacks they threatened to deluge victims with web traffic, cutting off customers’ and employees’ access to their online services, in exchange for a hefty payment. Among the more high-profile targets was Travelex, the British foreign exchange company. In some cases, these cyber-criminals demanded 20 bitcoin – more than $1m at today’s rates – to leave them alone. And when victims refused to pay, hackers turned up the pressure, increasing ransom demands by 10 bitcoin each day.

    Ransomware attacks became our new norm. Schools, electricity and energy companies, retailers and – perhaps most distressing of all – hospitals found their systems and data held hostage at dizzying speeds. During the pandemic, cyber-criminals cut the time it took from their initial entry to holding an entire organisation’s network for ransom to less than 45 minutes. The attacks up-ended the lives of doctors, nurses and patients across the UK and the US and became their own kind of pandemic, as Russian cyber-criminals shut down clinical trials and treatment studies for a coronavirus vaccine and held hostage Universal Health Services, a major hospital chain with more than 400 locations across the US and UK.

    In New England, healthcare workers at the University of Vermont Medical Centre found that they could not give cancer patients chemotherapy infusions because the hospital’s medical record system had been wiped out. Some tried to recall complicated chemotherapy protocols from memory. Nurses described the situation as “dire”. One compared the attack to working in the burns unit of a hospital after the Boston marathon bombing.

    The attacks on hospitals and healthcare organisations became so frequent that in May, the UK’s National Cyber Security Centre and the US Cybersecurity and Infrastructure Security Agency (CISA) jointly warned the sector that the attacks had become so unyielding – the culprit was stolen passwords – that there was only so much government officials could do. “We can’t do this alone,” warned Paul Chichester, the NCSC’s director of operations.

    By July, these attacks were no longer the work of cyber-criminals with stolen passwords. That month, Chichester again sounded the alarm after hackers, believed to be Russian, were caught using never-before-seen bespoke tools to break into the organisations leading vaccine research and development in the UK, Canada and the US. He described these as “despicable attacks against those doing vital work to combat the pandemic”.

    Over that same period, China also emerged as one of the most prolific hackers of vaccine research and development. Last May, the FBI and CISA jointly accused Chinese hackers of “attempting to identify and illicitly obtain valuable intellectual property and public health data related to vaccines, treatments and testing from networks and personnel associated with Covid-19 related research”. It wasn’t just the US that Beijing’s hackers targeted but institutions in Vietnam, Mongolia, Taiwan and the Philippines, in attempts to get a hold on its own pandemic.

    The World Health Organisation reported a 500 per cent increase in cyber-attacks by April. They came from all over the globe, including China but also Iran, where hackers were caught trying to break into the personal accounts of WHO staffers. In North Korea, the country’s most well-known hacking unit was caught targeting cryptocurrency exchanges to generate badly needed cash, and aimed its attacks at six countries – the UK, Singapore, the US, Japan, South Korea, India – that had announced financial support for businesses reeling from coronavirus restrictions.

    But the virus also saw the emergence of state hackers that rarely make headlines. In Pakistan, a group of state-sponsored hackers used the pandemic to break into India’s defence agencies and embassies. In India, a patchwork of state-backed hackers were caught using Covid-themed phishing emails to target Chinese organisations in Wuhan. That attack, and a perilous standoff between Indian and Chinese soldiers on their mountainous border, triggered a swarm of attacks by Chinese hackers on India’s IT and banking infrastructure. Over a period of just five days, Indian police said that Chinese operatives mounted more than 40,300 cyber-attacks.

    In Syria, hackers affiliated with the Syrian Electronic Army used Covid-19 themed emails and texts to entice victims in the Middle East to download mobile spyware. And in Nigeria, scammers used the pandemic to target unemployment insurance programs in a massive fraud that made off with as much as $100m from six US states.

    But the damage from those attacks pales in comparison to the incalculable damage from Russian hacks, only recently discovered in the US and France, on software supply chains. The US is now unwinding a breach of some of its most critical government agencies, only detected after FireEye, a cybersecurity company, discovered that it was hacked last December. Only in dissecting its own attack did FireEye learn that the hackers – suspected members of Russia’s intelligence – came in through SolarWinds, a huge US software company, and had made its way into 18,000 SolarWinds clients, including Britain’s National Health Service and more than 400 of America’s largest corporations and electricity companies. But it appears the primary target was nine US government agencies. The goal, it appears, was espionage, in an attack that compromised the US Department of Energy, including its nuclear labs, the treasury, commerce, state and justice departments, as well as parts of the Pentagon and the Department of Homeland Security, the very agency charged with keeping Americans safe.

    Last month we learnt that the US was not alone. Russian hackers targeted the French software firm Centreon, also in a supply-chain attack, to compromise clients including Airbus, Air France, Thales, ArcelorMittal (the world’s leading steel and mining conglomerate), telecom giant Orange, and Électricité de France, the world’s biggest maker of nuclear energy. That attack is believed to have started as far back as 2017 and is eerily similar to the attack on SolarWinds, but different in one disturbing way.

    Russia’s SVR intelligence agency is the leading suspect in the attack on SolarWinds. That group, which was previously responsible for an attack on the White House and the US State Department, is known as a quiet prowler, and its attacks are designed primarily for espionage.

    The same is not true for the Russian actor behind the attack on Centreon. That incursion, officials say, was the work of a disparate group of Russian hackers known as Sandworm, which operates on behalf of Russia’s military intelligence unit, the GRU. Sandworm is known for its destructive attacks, particularly in Ukraine, where it cut power to Ukrainians in the dead of winter, first in 2015 and again a year later in Kiev. Then in 2017 came the NotPetya attack, which decimated data at Ukraine’s government agencies and railways, and made it impossible for Ukrainians to take cash out of ATMs and pay for petrol at the pump. That attack also boomeranged out of Ukraine, hitting any business that had so much as a single employee in the country. It wiped data at the pharmaceutical companies Merck and Pfizer, FedEx, and shipping giant Maersk – and, most chilling of all, took out the radiation monitors at the old Chernobyl nuclear site.

    Officials believe and hope that the attacks related to SolarWinds and Centreon were designed for espionage rather than destruction – but they are not ruling out the latter. The same accesses Russia already has could, with a few clicks, be used to wipe or manipulate data, or turn off the lights. Its hackers can and have used those same access points for devastation. It could be months, years even, before officials and private investigators can confidently say they have identified every last victim, discovered every last Russian back door. In the meantime they have to assume every network, every communication channel they use is untrustworthy.

    Working our way back from the brink will entail difficult choices. It will be costly. In the US, President Biden squeezed $2bn in new cybersecurity funding into his Covid-19 recovery bill, which passed last week. But those funds – which fall well short of the $10bn Biden had first proposed – will only work if they are deployed efficiently, if governments can recruit individuals with the skills necessary to take stock of our digital inventory, our software supply chains, our electrical grids, our hospitals; if businesses adopt security by design instead of rolling out vulnerable software and updates to cars, planes, nuclear reactors, the grid; if individuals recognise their own role in our collective cyber predicament and deploy better password management, switch on multi-factor authentication, run their software updates, and stop clicking on links and attachments that give hackers entry to everything they touch with a mouse. If our schools and companies adopt a culture of security awareness and training, and if we trade some of the conveniences we now take for granted for better security.

    As I write these final words, I am still sheltering. The cyber-attacks have become so prolific that, from my quarantined perch, I have lost track. I am watching the world ask the same questions – Why weren’t we better prepared? Why didn’t we have enough testing? Better warning systems? A recovery plan? Why did we leave ourselves so vulnerable? – knowing full well that these same questions apply to the cyber industry too.

    I am crossing my fingers that the next big cyber-attack won’t occur until this pandemic has passed – and that when it does hit, we will be better prepared. But finger-crossing has never taken us very far. It is time to act.

    Nicole Perlroth is a cybersecurity and digital espionage journalist. Her latest book is This Is How They Tell Me The World Ends (Bloomsbury).


    DYOR
 
watchlist Created with Sketch. Add TNT (ASX) to my watchlist
(20min delay)
Last
28.0¢
Change
0.005(1.82%)
Mkt cap ! $299.3M
Open High Low Value Volume
27.5¢ 28.5¢ 27.5¢ $630.7K 2.261M

Buyers (Bids)

No. Vol. Price($)
6 419307 27.5¢
 

Sellers (Offers)

Price($) Vol. No.
28.0¢ 382301 6
View Market Depth
Last trade - 16.10pm 27/07/2021 (20 minute delay) ?
(live)
Last
27.5¢
  Change
0.005 ( 0.07 %)
Open High Low Volume
28.0¢ 28.5¢ 27.5¢ 1195734
Last updated 15.55pm 27/07/2021 (live) ?
TNT (ASX) Chart
arrow-down-2 Created with Sketch. arrow-down-2 Created with Sketch.