RiskUKAugust2017
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
How Can We Combat ‘Virtual Hackers’?<br />
The WannaCry<br />
ransomware attack in<br />
May, which affected<br />
elements of the<br />
National Health<br />
Service (NHS), has farreaching<br />
implications<br />
for the nature of the<br />
threat presently facing<br />
our connected<br />
economy. Nicola<br />
Whiting outlines the<br />
growing threat of<br />
automated cyber<br />
weapons in criminal<br />
hands and observes<br />
how leading<br />
organisations from<br />
NATO to the FBI are<br />
borrowing from the<br />
hackers’ ‘playbook’<br />
in order to fight back<br />
The revelation that the WannaCry attack was<br />
probably the work of a ‘script kiddie’<br />
indicates that the automation of hacking<br />
techniques is now enabling amateur hackers to<br />
launch attacks with nation state-level expertise,<br />
a development that dramatically increases the<br />
severity of cyber threats facing today’s major<br />
organisations. What was once the preserve of<br />
military forces and spy agencies is now within<br />
the reach of basement-dwelling hacktivists and<br />
generalist cyber criminals.<br />
The WannaCry network infection vector was<br />
among a slew of sophisticated tools apparently<br />
stolen from America’s National Security Agency,<br />
demonstrating that advanced cyber warfare<br />
technologies developed by Governments are<br />
increasingly falling into the hands of ordinary<br />
citizens. This could be construed as the<br />
equivalent of intercontinental ballistic missiles<br />
being stolen and sold to street criminals.<br />
Not only does this development dramatically<br />
increase the number of potentially devastating<br />
cyber attacks the world might face in times<br />
ahead, but also renders it that much harder for<br />
the authorities to trace the perpetrators.<br />
In the same way that automated cyber<br />
weapons may replicate the work of skilled<br />
Black Hat hackers, new software can<br />
autonomously replicate the work of leading<br />
White Hat hackers, analysing entire networks<br />
for vulnerabilities with the knowledge and skills<br />
of a penetration tester.<br />
The WannaCry attack on the NHS is a good<br />
example. Just as the attack was launched using<br />
an automated network ‘worm’ coded to find<br />
vulnerabilities, parts of the NHS were able to<br />
use their own automated tools to identify<br />
vulnerabilities and successfully protect<br />
themselves against the attack.<br />
Some NHS Trusts used the automated Nipper<br />
Studio tool to replicate the skills of expert<br />
human penetration testers and harden their<br />
firewalls and network devices at a speed and<br />
scale that’s beyond human capabilities, duly<br />
finding and closing vulnerabilities before they<br />
could be attacked.<br />
Nipper Studio creates a virtual model of how<br />
the setting and rules interact with each other<br />
and understands the interactions just like a<br />
human would, but in a fraction of the time and<br />
with repeatable accuracy.<br />
NHS Trusts with well-tested procedures in<br />
place and which had used automation to<br />
harden their networks against attack went<br />
unbreached when WannaCry struck,<br />
subsequently ensuring that the highly sensitive<br />
information in their systems remained secure.<br />
Rise of cyber warfare<br />
Behind the escalation of cyber attacks lies the<br />
increasing investment by Governments,<br />
terrorists and other groups in ‘cyber-offensive’<br />
capabilities: the development of hacking tools<br />
that offer the ability to penetrate enemy<br />
networks and systems and project ‘cyber<br />
power’ around the world.<br />
The capability of automated cyber warfare<br />
systems was first illustrated by Stuxnet, a selfreplicating<br />
cyber worm which destroyed over<br />
1,000 nuclear centrifuges across an Iranian<br />
nuclear facility, setting that nation’s nuclear<br />
ambitions back by at least two years.<br />
Security expert Claudio Guarnieri has noted<br />
that the so-called Regin malware, recently used<br />
to attack EU diplomatic delegations, also bore<br />
the signature of a nation state spy apparatus.<br />
Another such attack recently knocked out the<br />
Ukraine’s national grid.<br />
These military-grade cyber weapons are<br />
percolating down into the online underworld,<br />
largely because cyber weapons are far easier to<br />
steal than conventional armaments. It’s both<br />
easier and cheaper to copy a code than a cruise<br />
missile. Today, an entire cyber arsenal can be<br />
spirited away on a USB stick.<br />
In the subterranean networks of The Dark<br />
Web, there’s now a highly-developed cyber<br />
60<br />
www.risk-uk.com