CYBER attacks and cyber crime have become a massive threat to industry and governments across the globe.
Dozens of American online banks were attacked by a state-sponsored hacker group in 2012. The attacks, which are presumed to have come from Iran, showed an unprecedented level of sophistication, scale, scope and effectiveness, far beyond that of amateur hackers.
The aim was to disrupt online banking rather than steal money or blackmail for ransom. No bank accounts were breached and no customers’ money was stolen. Attackers also hijacked computing clouds and used computing power to disrupt US banking sites.
Another new trend has been the increase in distributed denial of service (DDoS) attacks. Rather than data theft, the attackers bombard computer servers with so many requests that they ultimately collapse and can no longer be accessed by customers. These kinds of cyber attacks are only halted by payment of a ransom.
Advanced Persistent Threat (APT) has, in the past, been largely confined to government and military targets. But ultra-sophisticated threats have evolved and been defused throughout critical infrastructures (CI) in the last two years. Infrastructure operators are often at least one generation behind the attackers, even in advanced Western countries.
Cyber attacks have caused worldwide losses amounting to hundreds of billions of dollars. The Bundeskriminalamt (Federal Criminal Police Office) estimates that cyber criminals caused losses of US$92 million (70 million euros) in Germany in 2011, but the real figure has been estimated to be up to US$65 billion (50 billion euros).
The Russian Business Network (RBN) is believed to be one of the most powerful and dangerous cyber crime organisations, and the only one that Nato (North Atlantic Treaty Organisation) has rated a major threat.
The organisation is accused of being responsible for 40 per cent of the world’s cyber crime. The US Treasury has reportedly estimated that RBN’s global cyber crime activities could amount to more than US$100 billion a year – more than the global illegal drugs trade.
Security experts consider critical infrastructures to be at particular strategic risk because they are essential for a state’s survival. They include information systems, telecommunications, transport and traffic sectors, energy supply, healthcare, financial services and other sensitive services.
A recent report by the security company, Solutionary, concluded that American organisations are at greater risk from domestic threats than they are from foreign threats.
Eighty-three per cent of cyber attacks against US organisations came from US-based IP addresses – 23 per cent of the organisations were US government agencies.
All industrial sectors are believed to have been targeted, particularly for espionage purposes, and will become more vulnerable as they grow increasingly dependent on digital technology and the strategic information of the data they manage.
Emerging threats are becoming more multifaceted and have moved ahead of adequate measures to protect against them.
The arms race between attackers and defenders has shifted from exploitation to disruption.
Cyber criminals are finding new methods to circumvent protection systems, making it increasingly difficult for defenders to monitor them and keep them out.
New cyber attack trends expected to emerge in the years up to 2020, particularly of transnational cyber crime, have been set out by McAfee, other private security companies and cyber experts who have based their prediction on attacks since 2011.
• More attacks against critical infrastructure and strategic financial, socio-economic and other services, using vulnerable relays or active groups to disrupt and paralyse systems, and black out communications or power grids, especially at times of diplomatic conflicts;
• Attacks against power distribution networks, transportation networks, and communication networks which could cause unprecedented crises to a country’s economy, safety, health, sanitation and civil peace.
Resilience concepts for security against cyber attacks are being broadened from just being reactive to become more comprehensive, deeper, resilient and integrated.
But finding sufficient financial resources to implement concrete solutions will be one of the greatest challenges for companies and governments.