The task of maintaining a secure digital environment is far from trivial, as the activities of criminal groups posing imminent threat via cyber-attacks is increasing. There are a few components that could be causing this increase in digital crimes. More criminals are simply be turning to the internet instead of traditional criminal pursuits, and many extremist groups and totalitarian governments have managed to build up a cadre of security professionals and developers, boosting their presence on the dark side of the web. But how do these recent developments in the international cyber war affect your daily life and what should you do about it? Here’s everything you need to know, writes Szilard Stange, pictured, Director of Product Management at OPSWAT.
1.What is their motivation?
There is no easy answer to this question. Many cyber criminals are simply looking for money and fame among their fellows, others are motivated by ideological or political considerations. These disparate motivations can result in criminal acts ranging from the formation of huge computer networks (botnets) to drive ransomware attacks or orchestrate large-scale spam operations. Others seek to steal data or disturb the operations of critical infrastructure.
2.Who sponsors them?
Many cyber-crime activities are self-financed, funded by the masses who fall for world-wide spam, phishing and ransomware attacks. The large-scale bank heist recently reported by Kaspersky Lab proves that malware-borne attacks can provide a huge payout for the criminals! Many governments fund their own cyber armies, so to speak, focused on espionage or even enacting physical attacks as was seen with the famous Stuxnet worm that was used to sabotage the Iranian nuclear programme.
3.Do countries employ cyber espionage?
Another form of cyber warfare is the modern form of warfare between countries. Many countries like the United States, the UK, China, and South Korea say that they employ special operations as a part of their cyber defense strategy. The primary goal of these strategies is to protect the country’s critical infrastructures like telecommunications, government, energy, banks and the military itself. But these forces have another side as well. Since Edward Snowden, we all know that the United States has developed a cyber surveillance system to collect information not only within the U.S. but everywhere around the world. We also can be sure that many other countries – explicitly or implicitly said – also employ modern types of espionage to collect information about other countries, companies, etc. The goal of this modern spying is the same as it was in the past: to obtain information that can be used not only to protect themselves but also to block or interfere with another country’s infrastructure. Nowadays all modern countries depend highly on computers, so blocking the operation of computers can cause huge negative impacts on an entire country. This makes cyber weapons an important part of modern countries’ armies.
4.Do cyber spies use tools like James Bond?
Compared to old school agents the new cyber spies are completely different. Hiding themselves on the internet is much easier than in the real world, but they now need to have a totally different skill set than they had in the past. The new cyber spies are talented IT security professionals. Network engineering, software development, and reverse engineering are the most common skills for this type of professional. The modern cyber agents do not need to have guns and other tools like those seen in James Bond films.
5.Why aren’t they arrested?
Cyber-crimes are quite difficult to prosecute, because the perpetrators are well-versed in techniques to conceal their identity and location. Individual IP addresses can be hid by anonymity networks like Tor. Sometimes the nature of the crime also protects criminals from identification and prosecution. For example, a botnet network could contain thousands of infected computers located all over the world. Most of the time owners of the infected computers don’t even know they are infected, and it is difficult for the authorities to differentiate these innocent victims from the perpetrator of the crime.
6.Can they cause a real war?
According industry speculations, it’s quite possible. But the evidence is clear that they could, and indeed have already participated in warfare. We need only look at the successful intrusions into critical infrastructure like nuclear facilities and breaches of military networks to begin to understand the role cyber-warfare plays. The US sanctioning North Korea over its alleged role in the Sony Pictures hack and North Korea’s response is one of the best examples to date of real geo-political consequences stemming from a cyber-attack. Several countries have made it clear that they will respond to cyber-attacks using traditional warfare if necessary—quite a disturbing prospect!
7.How could this affect me?
If a criminal’s motivation is to steal money or data then you could be a direct victim. I recommend that you carefully check your accounts and credit report on a regular basis, and take care when logging into websites containing your sensitive data.
However, higher-level cybercrime, like taking control of critical infrastructure facilities, probably doesn’t pose a direct threat. Even if the attackers can intrude into a computer in a nuclear facility, these systems have redundant layers of physical protection to defend the infrastructure and to prevent catastrophic events.
8.Is my computer part of these wars?
The highest risk for you as a consumer is being looped into a botnet. If your computer is linked to such a network, it will not only consume your resources (RAM, CPU, Internet bandwidth) but it may raise law-enforcement agencies’ attention. In the past it was enough to avoid browsing porn sites, not download pirated media or programs, and make sure that your operating system and antivirus programs were up-to-date, but just avoiding risky behavior is no longer enough! Everyone should be cautious as more attackers use zero-day vulnerabilities and hack well-known sites to demonstrate their capabilities and to distribute new malware.
9.What can I do?
Up-to-date security tools, like an all-in-one desktop security program, is more important than before, but they may not be enough to keep you safe. We recommend using anti-malware multi-scanning to assess suspicious files, as well as a solution that will assess your system for threats your installed antivirus may have missed. When you receive a notification that you need to update a key program on your computer, like Java or Adobe Flash, don’t just ignore it! Many viruses rely on out-of-date software to gain access to your machine, so applying security updates for your operating system and other 3rd party programs without delay is also a key step to minimize the risk of malware infection of your computer. And finally, if you need to access your employer’s corporate network from your home computer, make sure you comply with your company’s security policies! Using the security tools that are provided to you are more important now than ever before.
