World's Trouble Spots Escalating Into Cyberthreats For Businesses

As regional troubles spill over to the digital world, companies should reinforce their defenses and demand their suppliers do the same, experts say
In the past, companies could avoid the world's trouble spots, pulling out of war-torn countries and unstable regions to avoid conflict. Yet, as the world's citizens become more savvy online, local unrest is quickly transforming into global threats that companies cannot easily evade.

The Syrian Electronic Army's recent attacks against media firms' domain-name infrastructure is only the latest example of the escalation of local conflicts to the global digital stage. Over the last year, distributed denial-of-service attacks by the Iranian cyber militia known as the Izz ad-Din al-Qassam Cyber Fighters has cost U.S. and European banks millions of dollars. And, attacks by hackers aligned with North Korea's interests have hit both South Korean and U.S. servers.

"The threat landscape has expanded in ways that are almost unimaginable," says Jeffrey Carr, a cyber threat consultant and founder of Taia Global. "You can't really anticipate all the different threat actors out there that might be interested in your website, your IP [intellectual property], or your reputation."

So far, the impact of such digital attacks have been mild, if embarrassing. While security researchers and providers have warned that vulnerable critical infrastructure could be targeted by attackers with catastrophic results, attacks by purported hacktivist groups and patriotic hackers have been limited to denial-of-service attacks, defacements, and propaganda. Most groups seem deterred by the potential repercussions of a serious cyberattack, says Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike, a startup focused on advanced threats.

"All these actors are cautious actors, because they don't want to incur too much of a reaction," he says. "That is likely to continue unless there is actually a conflict in which the regime decides that a greater level of retaliation is needed."

The ongoing civil war in Syria and the possible punitive bombing of strategic government sites by the U.S. and Western nations has increased tensions, however. So far, Western nations have refused to intercede in the Syrian conflict, which has claimed more than 100,000 lives in the last two years and produced more than 2 million displaced refugees, according to tallies kept by the United Nations and the Syrian Observatory for Human Rights. Yet, with the U.S. and European nations building a case showing that the Syrian government used chemical warfare against rebels, the conflict looks ready to escalate.

The digital side of the conflict could escalate as well. The Syrian Electronic Army has reportedly claimed it would strike back at the United States, if the nation struck at potential chemical weapons storage sites or took other punitive actions.

"We should not be shocked that other countries are using their capabilities to gain whatever advantage they can in the economic sphere or the geopolitical sphere, and that means that the private sector in this country is absolutely a target of these attacks because they are a key part of our infrastructure," he says.

Knowing that attacks come from Syrian hacktivists or government-sponsored hackers can help companies tune their defenses and implement additional protections around critical data, says Alperovitch. Companies should develop a greater ability to defend their own networks, starting with a good legal framework for what is allowed, he says.

"You are going to have to enable the private sector to allow them to do more in defense of their private networks," he says. "With these lower-level attacks, we won't see a response from the U.S. government."

[Protecting domains requires registry locks as well as other measures, including two-factor authentication and administrative access control. See Domain Security Needs More Than Registry Locks.]

For the government, the issue is complicated by the fact that attributing attacks to actual actors is difficult. Bouncing communications between multiple computers to hide the source of the controller's system is technically easy, says Raj Samani, chief technology officer for McAfee's Europe, Middle East and Africa group.

For that reason, companies should never assume that hacktivists are who they say they are, he says. The barriers to become a hacktivist are low--anyone with some knowledge, a few free online tools and a flair for dramatic Pastebin posts can create their own hacktivism group or pretend to be one, he says.

"Hitting the mark on attribution is very difficult in the cyber world," Samani says. "If I attack your PC today, I can come from any computer in the world, and for you to really go after me, you have to go through a very painstaking and laborious process.

For that reason, companies should learn what they can through investigating details of the attack, but not lose focus of the general mission to reduce their attack surface area and harden their systems, says Taia Global's Carr.

"You will never know everyone out there; you will never be able to plan for every contingency," he says. "So while it is good to know and keep up with who the threat actors are, you cannot anticipate unknown threats."

Finally, companies need to not just lock down their own systems, but ensure that their suppliers are doing the same. The recent domain takeover that made The New York Times inaccessible for hours, and in some cases days, happened because the news organization's supplier of DNS services, MelbourneIT, had a third-party reseller whose credentials where compromised.

"In many cases, it is not a question about security but of transparency," says McAfee's Samani. "Do you have transparency about all of the risks in your supply chain? And in most cases, the answer is no."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.