Spies Like Us

Spies Like Us

Why we are all on the front line in the new cold war

What is going on?

This week, the American Government issued a statement accusing the Russian Government of organising or orchestrating cyber-attacks on key elements of American infrastructure. Specifically, they claim that, over the past few years, Russian hackers have launched a string of attacks aimed at nuclear power plants, water supply companies and other vital elements of public infrastructure. The attacks were designed to install malware which would enable massive disruption of the supply of power and water to tens of millions of Americans.

In the UK, the National Cyber Security Centre has stated that the Russian military was almost certainly responsible for the NotPetya cyber-attack, which affected large numbers in the British business community during June of last year. More recently, a number of warnings have been issued highlighting the possibility of further Russian cyber-attacks linked to the fallout from the Sergei Skripal poisoning, possibly as a form of retaliation for the expulsion of Russian Government staff from the UK. The Chief of General Staff in the British Army, General Sir Nick Carter recently said that cyber-warfare and other types of clandestine action, pose a greater threat to UK security than terrorism.

It seems that there are a number of different sources of possible attacks:

  • The Russian military has its own very well-resourced units, capable of launching extremely sophisticated attacks around the globe
  • Russian organised crime, operating in a climate of lawlessness, is a major player in the worldwide disruption of business activity for profit, often using tactics such as ransomware, or the threat of massive DDOS attacks to extort money.
  • Groups of “Russian Patriots” operating independently of the Russian state, but probably with the covert support of the security services.

It is very probable that all three of these sources of cyber-threats operate in a loosely orchestrated manner, sharing resources and even personnel.

It is also important to remember that Russia is not the only player on this new front line of the latest Cold War. Last year, the British NHS suffered massive disruption caused by a piece of malware called WannaCry, which almost certainly originated in state sponsored cyber-warfare units in North Korea.

Just so you understand that it isn’t all about evil Russians and North Koreans, WannaCry used exploits based on weaknesses in older Microsoft operating systems, discovered by the American secret services. Rather than report the problems to Microsoft to allow the faults to be fixed, the Americans used those weaknesses to develop their own cyber-weapons. The Americans and, doubtless, most western powers have, or are developing, their own defensive and offensive strategies in this arena. It is also generally accepted that Israel used cyber-warfare, with the support of America, to attack Iran’s nuclear industry, delivering malware on USB sticks which were left lying around outside a nuclear facility as though lost by staff members. When picked up and used, they launched malware called Stuxnet which caused a major accident at the uranium enrichment plant.

How does it affect me?

The online world is becoming a scarier place and the threat to the business community and to individual users of IT is increasing. Recent publicity around the

I cannot think of a single one of my clients who has not been the recipient of some sort of criminal attack over the past few months. Those attacks are increasingly subtle and sophisticated, involving combinations of techniques using email spoofing, phishing and well researched social engineering to deliver ransomware, steal data or commit straightforward cash theft. I explained how these attacks work in my blog post Phishing for Fun and Profit.

What can I do to protect my business?

Here are three things you can do for a start:

  1. Review your existing IT security policy.
  2. Review your existing IT security staff awareness and training policy.
  3. Use the demands of the new GDPR to drive improvements in your security.

If any of this is beyond your capacity, don’t wait to be a victim - get expert assistance immediately.

We take care of IT, so you can take care of business