CS1907
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
cyber espionage<br />
a "sobering story" that demonstrates how<br />
wide the scope is when we talk about nation<br />
state cyber-attacks. "The temptation is to<br />
think of one government's agency fighting<br />
another," he says. "However, as this story<br />
demonstrates, the reality is that the<br />
battlefield extends beyond that to businesses,<br />
public services and other organisations. In<br />
this case the Post Office, local government<br />
and banks are the victims that were caught<br />
in the crossfire.<br />
"This attack also shows that we need to<br />
change awareness of what constitutes critical<br />
infrastructure. Again, we are not just talking<br />
about the energy sector, communications<br />
and industrial organisations. Threat actors<br />
will also target the economy and, if a largescale<br />
attack is launched against the UK's<br />
banks, you can bet the situation will quickly<br />
become critical. The government has a<br />
responsibility to ensure a good standard of<br />
security and defence across all major<br />
organisations to safeguard the UK."<br />
MASSIVE INVESTMENT<br />
Andy Barratt, UK managing director of<br />
cybersecurity consultancy Coalfire, argues<br />
SOFTWARE: A SOFT TARGET<br />
that Iran's effort to steal sensitive data from<br />
UK public sector organisations "is another<br />
example of a surge in nation-state backed<br />
cyber espionage in recent years". Even a<br />
cursory look at the cyber strategies of<br />
countries around the world - both in Asia<br />
and the West - shows that there is massive<br />
investment in offensive digital capabilities,<br />
he points out.<br />
"It's interesting that Iran is seeking to extract<br />
data, rather than bring down core<br />
infrastructure like other nation-state attacks<br />
have done - North Korea's WannaCry hack,<br />
for example, brought parts of the NHS to a<br />
standstill. It's possible that Iran is being<br />
careful, given the West's penchant for<br />
military activity in the Middle East. But it's<br />
also possible that this was an intelligencegathering<br />
exercise to collect the data needed<br />
for more targeted espionage in the future."<br />
Public sector employees are a good target<br />
for accessing data, if the end goal is to access<br />
government infrastructure, he warns. "The<br />
attack costs are relatively low and a huge<br />
database of potential targets can be built up<br />
quickly."<br />
David Atkinson, Senseon: the battlefield<br />
extends beyond that to businesses, public<br />
services and other organisations.<br />
Andy Barratt, Coalfire: Iran is another<br />
example of a surge in nation-state<br />
backed cyber espionage in recent years.<br />
State hacking campaigns, such as Cloudhopper, that target software<br />
supply companies are incredibly dangerous. "By breaching one company,<br />
you can create a backdoor into thousands of others," cautions Simon<br />
Whitburn, SVP Cyber Security Services at Nominet, pictured above. "The<br />
information gathered from these types of attacks can then be used for<br />
spear phishing attacks on high value individuals, which is where serious<br />
damage can be done.<br />
Defending against this type of campaign can be very tough, he adds. "There is a<br />
feeling amongst users that, if lots of people trust and use a service, then it must be secure.<br />
This can result in companies downloading software without checking it themselves first.<br />
Cloudhopper demonstrates that this is a dangerous assumption. Whenever a company uses<br />
an outside service, even from a reputable source, they need to check that there is nothing<br />
malicious lurking in the code. This will add to the deployment time, but could help protect<br />
organisations against this type of malware spreading. One way of noticing if third party<br />
services have been compromised is to measure DNS traffic, which could flag if a programme<br />
is calling out to a command and control centre."<br />
www.computingsecurity.co.uk @CSMagAndAwards July/August 2019 computing security<br />
27