The Web of Shadows
Guest blog by 1-Fix
Halloween is a slightly strange time of year when you stop and think about it. It is the one day each year where we (in the UK at least) celebrate ghosts, ghouls, witches and other generally spooky stuff. It wasn’t always quite so commercial. Like most festivals, the history of Halloween links back to the Christian religion and specifically the eve of the feast of All Saints Day, with the less common name for Halloween being All Saints’ Eve and the celebration was a remembrance of the dead, including martyrs and saints (hallows).
Commercialisation has morphed Halloween into an orange pumpkin carving, trick-or-treating, witch cackling, “big scare” version of what it is really all about.
The murky world of cybersecurity and hacking is also very similar, at least in terms of public perception. If I ask you to think of a hacker and draw me a picture, I would put money on you drawing a shadowy figure in a hoody. You might use the now infamous Guy Fawkes mask made famous to the general public by the Anonymous hacking consortium – although it was actually designed and first used in the V for Vendetta comic series in the 1980s.
Really though, whilst I’m sure some of them own hoodies, hackers aren’t typically shadowy hooded people sitting in dark rooms. The most prolific and globally troubling hackers are nation state collectives. These are teams of professionally trained cyber warriors who act on behalf of a country or government to commit cyber crime that furthers the aims of that country.
It’s not just the countries that we in the West would commonly jump towards that are hacking on a state level, every major country has teams of people both hacking and defending – probing systems for weaknesses and trying to catch those probing their own. Something like a cyber cold war, although more luke to medium warm than cold as these teams can and will attack without there being traditional conflict or warfare playing out in the public eye.
To give you some idea of the sort of things that happen, who carries them out, and who is targeted or affected, let’s take a look at a couple of high-profile nation state hacks; One from the West, and one from the East.
Starting with the West, the attack that jumps front of mind for me was a virus called Stuxnet. Although never officially confirmed, Stuxnet is widely believed to have been developed by the United States and Israel in a joint operation known as “Operation Olympic Games”. The worm was designed to spread quickly around computer networks once it was introduced to a system on that network. Its target was very specific: Siemens SCADA systems. Now unless you are into industrial control systems, that will mean nothing to you, but SCADA systems are used to control industrial processes and specifically in this instance the control of centrifuges used to enrich Uranium for atomic weaponry creation. The worm was believed to have been delivered via compromised USB sticks, which were clearly picked up and plugged into at least one computer within the Iranian nuclear program as it successfully caused around one-fifth of their nuclear centrifuges to spin so fast they spun themselves apart. Clever stuff!
Now to head East and to talk about the Lazarus Group. This is a hacking collective that work on behalf of North Korea to attack state enemies and find ways to steal money for the North Korean economy which is heavily sanctioned worldwide in general trade terms.
The Lazarus Group were responsible for the hack of Sony Pictures in 2014 which according to Sony cost them $15 million. Other sources say the damage was more likely to have been $35m – $85m, but the reputational damage was huge.
The Lazarus Group infiltrated Sony via phishing e-mails, which encouraged staff at the company to open an attachment which then installed malware to allow them access to the systems.
They stole and published internal data, private e-mails, films, PlayStation content and much more. Why? As an act of revenge against Sony who were planning to publish a film called “The Interview” which portrayed North Korea and its leaders in a bad light.
They also successfully pulled off a number of further high-profile hacks including a hack of Bangladesh Bank to attempt to steal $1 billion – getting away with $101 million before being locked out of the systems.
So how does this impact you, your business, and your cyber security? After all, you’re not expecting to be hacked by North Korea, are you?
Well actually, the key thing here is the lessons we can all learn in terms of cyber hygiene and good practice. All of the attacks above were essentially able to happen due to people – staff – doing something that wasn’t sensible: plugging in an unknown USB device, opening a phishing e-mail, installing unknown software.
By training all of our staff on the basics of good cybersecurity, we can all improve our security posture and ensure that we don’t get subjected to a data breach or hack.
Free cyber security training can be found on the National Cyber Security Centre website here:
https://www.ncsc.gov.uk/blog-post/ncsc-cyber-security-training-for-staff-now-available
More advanced cyber security training and testing can be arranged by numerous companies. A good starting point would be to speak to your IT service provider.
Stay safe, don’t get spooked, and Happy Halloween!
Craig Atkins runs 1-Fix Limited, an IT Support and Cyber Security consultancy in Readingspecialising in helping small businesses with all of their technology challenges, from helpdesk support, procurement, cloud, and – of course – cyber security.
Craig can also be found on LinkedIn - https://www.linkedin.com/in/craigatkins1fix/
