Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

01:19 AM

World's Trouble Spots Escalating Into Cyberthreats For Businesses

As regional troubles spill over to the digital world, companies should reinforce their defenses and demand their suppliers do the same, experts say

In the past, companies could avoid the world's trouble spots, pulling out of war-torn countries and unstable regions to avoid conflict. Yet, as the world's citizens become more savvy online, local unrest is quickly transforming into global threats that companies cannot easily evade.

The Syrian Electronic Army's recent attacks against media firms' domain-name infrastructure is only the latest example of the escalation of local conflicts to the global digital stage. Over the last year, distributed denial-of-service attacks by the Iranian cyber militia known as the Izz ad-Din al-Qassam Cyber Fighters has cost U.S. and European banks millions of dollars. And, attacks by hackers aligned with North Korea's interests have hit both South Korean and U.S. servers.

"The threat landscape has expanded in ways that are almost unimaginable," says Jeffrey Carr, a cyber threat consultant and founder of Taia Global. "You can't really anticipate all the different threat actors out there that might be interested in your website, your IP [intellectual property], or your reputation."

So far, the impact of such digital attacks have been mild, if embarrassing. While security researchers and providers have warned that vulnerable critical infrastructure could be targeted by attackers with catastrophic results, attacks by purported hacktivist groups and patriotic hackers have been limited to denial-of-service attacks, defacements, and propaganda. Most groups seem deterred by the potential repercussions of a serious cyberattack, says Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike, a startup focused on advanced threats.

"All these actors are cautious actors, because they don't want to incur too much of a reaction," he says. "That is likely to continue unless there is actually a conflict in which the regime decides that a greater level of retaliation is needed."

The ongoing civil war in Syria and the possible punitive bombing of strategic government sites by the U.S. and Western nations has increased tensions, however. So far, Western nations have refused to intercede in the Syrian conflict, which has claimed more than 100,000 lives in the last two years and produced more than 2 million displaced refugees, according to tallies kept by the United Nations and the Syrian Observatory for Human Rights. Yet, with the U.S. and European nations building a case showing that the Syrian government used chemical warfare against rebels, the conflict looks ready to escalate.

The digital side of the conflict could escalate as well. The Syrian Electronic Army has reportedly claimed it would strike back at the United States, if the nation struck at potential chemical weapons storage sites or took other punitive actions.

"We should not be shocked that other countries are using their capabilities to gain whatever advantage they can in the economic sphere or the geopolitical sphere, and that means that the private sector in this country is absolutely a target of these attacks because they are a key part of our infrastructure," he says.

Knowing that attacks come from Syrian hacktivists or government-sponsored hackers can help companies tune their defenses and implement additional protections around critical data, says Alperovitch. Companies should develop a greater ability to defend their own networks, starting with a good legal framework for what is allowed, he says.

"You are going to have to enable the private sector to allow them to do more in defense of their private networks," he says. "With these lower-level attacks, we won't see a response from the U.S. government."

[Protecting domains requires registry locks as well as other measures, including two-factor authentication and administrative access control. See Domain Security Needs More Than Registry Locks.]

For the government, the issue is complicated by the fact that attributing attacks to actual actors is difficult. Bouncing communications between multiple computers to hide the source of the controller's system is technically easy, says Raj Samani, chief technology officer for McAfee's Europe, Middle East and Africa group.

For that reason, companies should never assume that hacktivists are who they say they are, he says. The barriers to become a hacktivist are low--anyone with some knowledge, a few free online tools and a flair for dramatic Pastebin posts can create their own hacktivism group or pretend to be one, he says.

"Hitting the mark on attribution is very difficult in the cyber world," Samani says. "If I attack your PC today, I can come from any computer in the world, and for you to really go after me, you have to go through a very painstaking and laborious process.

For that reason, companies should learn what they can through investigating details of the attack, but not lose focus of the general mission to reduce their attack surface area and harden their systems, says Taia Global's Carr.

"You will never know everyone out there; you will never be able to plan for every contingency," he says. "So while it is good to know and keep up with who the threat actors are, you cannot anticipate unknown threats."

Finally, companies need to not just lock down their own systems, but ensure that their suppliers are doing the same. The recent domain takeover that made The New York Times inaccessible for hours, and in some cases days, happened because the news organization's supplier of DNS services, MelbourneIT, had a third-party reseller whose credentials where compromised.

"In many cases, it is not a question about security but of transparency," says McAfee's Samani. "Do you have transparency about all of the risks in your supply chain? And in most cases, the answer is no."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
9/5/2013 | 4:49:21 PM
re: World's Trouble Spots Escalating Into Cyberthreats For Businesses
Samani makes a good point about attack attribution; really complicates defenses.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/30/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-30
The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request: http://v...
PUBLISHED: 2020-10-30
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vu...
PUBLISHED: 2020-10-30
Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash. An attacker must first obtain the ability to execute high-privileged code on the targ...
PUBLISHED: 2020-10-30
Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privi...
PUBLISHED: 2020-10-29
Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s pass...