The events that have transpired in recent weeks have raised a global alarm on new attack methods that could affect international political stability. The news has been plagued with stories about potential large-scale cyberterrorist attacks, hacktivism, cyber theftof funds aimed at terrorism acts and attempts to disrupt critical infrastructure.
Cybercriminals have many different incentives behind their actions. The common notion is that most hackers and criminals seek monetary gains. However, creating instability in a particular country could also be a primary motivation for opposing nation states, cyberterrorists or hacker groups seeking the upper hand through strategic, military, fear, economic, political or social change advantage.
Attacks targeting a country’s critical infrastructure have been successful in the past, including the disruption of Ukraine’s power grid on two separate occasions between 2015 and 2016.
More recently, the US Government warned nuclear power plants of a heightened cyberattack threat to their facilities.
Critical infrastructure in Latin America also faces similar threats and risks.
Critical infrastructure refers to the systems and assets that, whether physical or virtual, are so crucial to a country that their failure or destruction would have a significant impact on security, national economy, public health, or any combination of these. Critical infrastructures encompass everything from water, energy and hydropower systems to transportation and communication systems, government and military systems, health systems, financial services and emergency services.
If compromised by a cyberattack, each asset in these sectors could be suddenly disrupted or prevented from operating safely and reliably. Such a dramatic change would have a debilitating impact on a country’s economic stability and public welfare. The potential vulnerabilities depend on the particular infrastructure under attack and the present threat vectors.
Similarly, not all cyberattackers are the same. Knowing who we’re up against will help us to be better prepared. Below are some of the key cybercrime actors:
Hacktivists: These are groups motivated by political, social or moral outrage, representing ideas that are collectively disagreed upon. These actors typically use illegal digital tools in a non-violent way to pursue their ideological goals. The use of botnets is one of their most common tools that allows them to control millions of devices worldwide. These devices will then wait for instructions from the command and control (C&C) server to execute denial of service attacks on political targets, destroy websites to increase visibility of their own ideologies and publish their target’s personal data to cause political damage and to leverage the breach to their own advantage.
Organised cybercrime: Generally, these cybercriminals participate in massive profit-driven attacks. They typically seek out personal identity information such as social security numbers, medical records, credit card and bank information, and extortion. These criminals carry out a number of targeted cyberattacks, including phishing scams, social engineering, mailing spams, botnets, password theft, exploit kits, malware and ransomware.
Cyberterrorists: Their aim is to intimidate and spread fear, causing disruption, chaos, and damage. Cyberterrorists are groups that may or may not be well funded, yet still manage to effectively attack their high-profile targets. They are capable of disrupting internet sites and services, infiltrating systems to steal confidential data and expose it publicly, stealing from financial institutions to fund their activities and potentially causing serious damage or death. Corrupting critical information and infrastructure aimed at disruption and destruction is a common goal of cyberterrorists.
Cybersoldiers: These are national or external Government-sponsored groups that are usually well funded and often build sophisticated and targeted attacks. They are motivated by political, economic, technical, and military agendas. Their goals include espionage, disclosure of confidential information and extortion through the use of specific cyber weapons to disrupt, damage or destroy critical infrastructure. They act in line with the national and military interests of their country’s Government and have the resources not only to use any existing methods of exploitation, but also to develop new threats. Their well-known practices consist of exploiting unpatched vulnerabilities in operating systems and applications using unknown “zero-day” attacks, as well as email password attacks such as “spear phishing”, social engineering, direct spam, data exfiltration, remote access Trojans and malware.
Internal cyberthreats: Internal attackers are often disgruntled or former employees who seek revenge or some form of financial gain. They sometimes collaborate with other threat actors in exchange for money, usually exfiltrating data and misusing their privileges.
Others: Some attackers are simply opportunists or amateurs driven by the desire to gain notoriety, but sometimes they are also professional security researchers and hackers who aim to profit by finding and exposing cyber vulnerabilities in network systems and devices. An internal user error or human error can also result in configuration gaps or breaches that alter critical resources.
ADDRESSING THE CYBERATTACK RISKS TO CRITICAL INFRASTRUCTURE
The duties tied to private and public interests are now shifting towards a shared security responsibility among governments, technology providers, and critical infrastructure owners and operators.
Fulfilling these responsibilities is crucial for a nation’s success in protecting its critical infrastructure, but achieving this fulfillment largely depends on an effective action plan that focuses on approach, culture and new ideas.
History has shown that private sector-led initiatives can be more quickly mobilised through public-private partnerships and collaborative frameworks that promote governance, roles and responsibilities, standards and the exchange of threat intelligence and best practices.
By recognising these threats, addressing them collectively and understanding the need for integrated solutions, a unified cybersecurity approach can be developed to protect the critical infrastructure which we rely on.
Through public-private partnerships and collaboration, security experts combine advanced segmentation, visibility, analysis and response strategies to ensure the security and reliability of our critical infrastructurein order for these to continue providing the essential and much-needed services to our communities.
Marc Asturias is vice-president of marketing, communications, public relations and government affairs at Fortinet
Now you can read the Jamaica Observer ePaper anytime, anywhere. The Jamaica Observer ePaper is available to you at home or at work, and is the same edition as the printed copy available at http://bit.ly/epaperlive