The Cyber Defense eMagazine November Edition for 2023

More documents

Recommendations

Info

competition for power was marked by spies and threats of nuclear war, then the twenty first century appears to be marked by the development of grey warfare, societal manipulation, and cyber weapons of mass destruction. Indeed, the offensive cyber capabilities of America’s adversaries appear to out-match the nation’s domestic capabilities for cyber defense. China alone is thought to employ close to 100,000 Peoples’ Liberation Army (PLA) cyber warriors. The job of these special military units is to develop access to other countries’ IT systems, to establish footholds on sensitive networks, and to exfiltrate vast amounts of national secrets, intellectual property, and commercial trade secrets from western businesses. This all appears part of Xi Jinping’s ‘Made in China 2025’ plan, to boost China’s state-owned industries using stolen IP, and position China as the dominant global military and economic powerhouse. Russia too is well known for the voracity of its organized crime syndicates and mafia cyber gangs who exercise huge campaigns of cyber theft and cyber extortion against non-Russian language computer systems. This includes the 2021 Wizard Spider cyber-cartel attack against the Irish HSE (Health Services Executive) that resulted in $600m in damages, and the 2023 Lockbit ransomware attack against the Royal Mail that prevented international parcels being sent for several weeks. Combined, these types of cyber extortion attacks net billions of dollars each year in illicit earnings for the criminal Russian state. While seemingly opportunistic and motivated by the possibility of monetary gain even - if government entities refuse to pay ransoms, these attacks can also be ordered by the Kremlin for even darker purposes. In this case the Royal Mail attack occurred just after Britain had agreed to send longer range missile systems to Ukraine. Although full attribution has yet to take place, most cyber forensic investigators don’t believe in coincidence. Critical infrastructure in other countries has similarly been hit by Russian ransomware gangs. In 2021 the Colonial Pipeline which supplies gasoline and jet fuel to the US East Coast from refineries in the Gulf of Mexico was shut down for several days by DarkSide, a Russian gang. Supplying half the fuel to the US east coast as far north as New Jersey, the President was forced to declare a national emergency. The Baku–Tbilisi–Ceyhan (BTC) pipeline transports crude oil from Baku in Azerbaijan through Georgia to the port of Ceyhan in Turkey for export to the rest of the world. In 2008 it was blown up in a huge explosion in Refahiye in eastern Turkey, possibly by Kurdish PKK separatists, or possibly by a Russian cyberattack that over-pressurized the pipeline. The explosion conveniently occurred two days before the Russian invasion of Georgia and in the middle of the Russian backed Nagorno-Karabakh, Armenia - Azerbaijan war. It deprived Baku of its oil revenue for several months and Tbilisi of needed revenue in transportation fees. Whether or not the Kremlin was involved in these cyber-physical attacks, Russia has plainly developed some of the best cyber-kinetic offensive technologies and has been doing so since the 1990s and its wars against Chechnya, Georgia and elsewhere. The Ukraine electrical grid has been the victim of Russian cyber-attack many times since 2015 when the country failed to subvert itself to Russian hegemony following the invasion of Crimea or to put in place an east looking President following the Orange Revolution in 2014 and the un-ceremonial removal from office of Viktor Yanukovych a staunch Putin confident. Electrical power transformers have been overloaded and blown up, or the electrical grid turned off at the height of winter across parts of the country. Nor have hospitals and other CNIs been Cyber Defense eMagazine – November 2023 Edition 152 Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
spared from the wrath of Russian hackers. Numerous hospitals have been cyberattacked, many far from the front lines where soldiers might receive treatment for wounds. The list of deliberately targeted medical facilities includes obstetrics and pediatrics hospitals and clinics – some of which have been targeted by missile attacks at the same time. However, the Russian military establishment, through groups like ‘Sandworm’, part of the Russian GRU, (the Main Directorate of the General Staff of the Armed Forces of the Russian Federation) takes the prize for the singularly most costly and destructive cyberattack of all time when in 2017 ‘Not Petya’ a viral wiperware attack was launched upon the world. It took down many global businesses and cost the world somewhere between $8 and $12bn US dollars. This Russian military supply chain cyberattack was targeted at Ukrainian tax accounting software vendor M.E. Doc and intended to cripple Ukrainian businesses, however it quickly spread beyond the borders of Ukraine to every organization that does business in the country including an alarming number of Russian companies. The cyberattack therefore also takes the prize for the largest ‘home-goal’ of all time, negatively impacting the Russian economy along with the rest of the world. It is unknown just how many of those involved in the Not Petya attack later fell from balconies, but by all accounts, Putin was not pleased. Russia has so far not paid compensation to those who suffered losses. Smaller nation-states like Iran and North Korea also play a part in this game of gray warfare through attacks against CNIs including US power companies many of which were thought to have been infiltrated by Iranian attackers a decade ago. Meanwhile the DPRK has raided national banks such as the Bank of Bangladesh and launched indiscriminate ransomware attacks like WannaCry against Asian banks and healthcare providers such as the NHS. The prospect of a small hospital system, an electrical distributor, or telco provider having to defend itself from a determined and well-resourced nation state adversary, makes absolutely no sense. These defenders will be out-gunned every time and don’t stand a chance. It is perhaps no surprise then, that so many CNIs have been easily attacked and held to ransom, impacting national economies and society in general. National governments therefore not only have a duty of care to protect and defend CNIs from cyberattack but need to play an active role in the protection of their citizens from pariah state adversaries via these highly vulnerable attack vectors. Today however, government agencies which in the US include the FBI, Secret Service, and CISA - part of Homeland Security, play only a very limited role. This mostly includes the sharing of threat intelligence via FBI and InfraGuard briefings, or assistance with forensic investigation following an attack or breach. Given the criticality of CNIs to the economy, perhaps it’s time that the government did more. The trouble is that in the United States, most CNIs are privately held. As an example, outside of military DHA hospitals, the Veterans Administration, and state clinics, the vast majority of US healthcare providers are privately owned and operated. Nearly all of these suffer from chronic cybersecurity underfunding and under-staffing and have only limited capabilities to protect or defend against a regular cyberattack, let alone a state sponsored one. Other CNIs suffer from a similar predicament. As health systems continue to modernize and adapt to the changing nature of providing critical health services to patients and communities, they become especially vulnerable to cyberattacks. A sprawling digital footprint of vast lakes of medical data, AI-based medical applications, and a growing number of Cyber Defense eMagazine – November 2023 Edition 153 Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
Artificial Deception: The State Of
Page 3 and 4:
OT Cybersecurity: Safeguarding Buil
Page 5 and 6:
The Crumbling Castle --------------
Page 7 and 8:
@CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 9 and 10:
Cyber Defense eMagazine - November
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Artificial Deception: The State Of
Page 23 and 24:
Human-in-the-Middle In creating AI
Page 25 and 26:
effectiveness of defenses in place
Page 27 and 28:
this information and related activi
Page 29 and 30:
leading to the potential exploit of
Page 31 and 32:
An Age-by-Age Guide to Online Safet
Page 33 and 34:
Educate: It’s never too early to
Page 35 and 36:
About the Author Chelsea Hopkins is
Page 37 and 38:
Securing Infrastructure Against Bre
Page 39 and 40:
AI And Ad Fraud: Growing Risks for
Page 41 and 42:
enable organisations to make better
Page 43 and 44:
Bolster an Organizational Cybersecu
Page 45 and 46:
in EDP in addition to regular cyber
Page 47 and 48:
prioritize a Secure Software Develo
Page 49 and 50:
6. Deployment: Once the software ha
Page 51 and 52:
Beyond Passwords: AI-Enhanced Authe
Page 53 and 54:
3. Improving the Defensive Cybersec
Page 55 and 56:
7 Steps to Build a Defense in Depth
Page 57 and 58:
The same risks associated with USB
Page 59 and 60:
About the Author Mr. Spears has ove
Page 61 and 62:
As Zombie APIs are essentially forg
Page 63 and 64:
How To Combat the Mounting ‘Hackt
Page 65 and 66:
y pro-Russia hacktivists. These hav
Page 67 and 68:
Unlike IT cybersecurity attacks, wh
Page 69 and 70:
The Cyber Risk Nightmare and Financ
Page 71 and 72:
fell -11.3%, and underperformed the
Page 73 and 74:
DevOps’ Big Challenge: Limiting R
Page 75 and 76:
By making this single alteration to
Page 77 and 78:
ChatGPT For Enterprises Is Here - B
Page 79 and 80:
usiness email communication, data s
Page 81 and 82:
Chromecast End-of-Life Announcement
Page 83 and 84:
Going beyond awareness and fosterin
Page 85 and 86:
But the most crucial innovations ha
Page 87 and 88:
About the Author Vinaya is a highly
Page 89 and 90:
card transactions often comprise a
Page 91 and 92:
About the author Stefan Auerbach, C
Page 93 and 94:
Consider the following data and rea
Page 95 and 96:
4. Create a digital estate plan. Th
Page 97 and 98:
do untold damage to a company’s r
Page 99 and 100:
About the Author Sean Newman is the
Page 101 and 102: eing monitored to protect against m
Page 103 and 104: Developers Hold the New Crown Jewel
Page 105 and 106: the fact that many organizations la
Page 107 and 108: Expect to Fail: How Organizations C
Page 109 and 110: The more personnel that you train t
Page 111 and 112: How to Create a Threat Hunting Prog
Page 113 and 114: 5. Decide Whether to Automate Altho
Page 115 and 116: How To Improve Security Capacities
Page 117 and 118: eing noticed in a practice and some
Page 119 and 120: In Pursuit of a Passwordless Future
Page 121 and 122: than to guess their password, but i
Page 123 and 124: configurable data privacy. These bu
Page 125 and 126: It’s Time to Tear Down the Barrie
Page 127 and 128: Is it Time to Re-evaluate Your Thre
Page 129 and 130: Building For a More Secure Future:
Page 131 and 132: OAuth 1.0 to OAuth 2.0, or increasi
Page 133 and 134: About the Author Jeremy Butteriss a
Page 135 and 136: which helped feed the development o
Page 137 and 138: Protecting Your Business and Person
Page 139 and 140: Mitigating Phishing with Domain Nam
Page 141 and 142: About the Author Brian Lonergan, VP
Page 143 and 144: adoption is more than just an IT tr
Page 145 and 146: North Korea-Russia Summit A new all
Page 147 and 148: factors on both sides of the confli
Page 149 and 150: That being said, the Russian regime
Page 151: Protecting Critical Infrastructure
Page 155 and 156: About the Author Richard Staynings
Page 157 and 158: The Illusion of Ruthless Prioritiza
Page 159 and 160: Ditch the Worry - Switch to Secure
Page 161 and 162: others are continuing to increase a
Page 163 and 164: Shifting Left Means Shifting Smart:
Page 165 and 166: triggers to allow for a more standa
Page 167 and 168: • The Rise of Remote Work: The CO
Page 169 and 170: About the Author Jaye Tillson is a
Page 171 and 172: In terms of prioritization, out of
Page 173 and 174: Three Things to Know About the New
Page 175 and 176: For example, if a security leader n
Page 177 and 178: Cloud adoption has witnessed a sign
Page 179 and 180: The Tech Jobs That AI Will Not Disr
Page 181 and 182: Examples of tech jobs that will sur
Page 183 and 184: Cyber Defense eMagazine - November
Page 191 and 192: Free Monthly Cyber Defense eMagazin
show all

The Cyber Defense eMagazine November Edition for 2023

Create successful ePaper yourself

Delete template?

Save as template?