Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Rising Cyberattacks in West Highlight Vulnerabilities

A series of high-profile cyberattacks on targets in the West have highlighted the vulnerability of companies and institutions, making the issue a higher public priority but with no easy solution.

A series of high-profile cyberattacks on targets in the West have highlighted the vulnerability of companies and institutions, making the issue a higher public priority but with no easy solution.

The latest incident to underline the capacity of cybercriminals to disrupt daily life came in early May when Colonial Pipeline, a US-based operator of a key fuel pipeline, became a victim of ransomware.

The attack saw its computer systems encrypted, putting its operations offline and causing fuel shortages for American drivers.

At the end of 2020, US authorities also revealed that hackers had compromised SolarWinds software which was run by large parts of the US government and companies around the country. Russia was blamed.

Other attacks include the hacking of the Democratic Party ahead of the 2016 US election as well as the major global malware outbreaks called WannaCry and NotPetya which paralysed computers all over the world in 2017.

Beyond the major incidents that make the news, cybersecurity firms and experts have been warning for years about the rising tide of online attacks — some state-orchestrated, some criminally motivated.

“It is hard to imagine that we haven’t had enough significant cyber incidents for everyone to realise how important it is,” said Suzanne Spaulding of the Center for Strategic and International Studies, a Washington-based think-tank.

Despite all of them, the issue “has not been given sufficient priority,” she said.

Advertisement. Scroll to continue reading.

– Complacency –

The best defences against cybercrime by individuals and small companies are simple and almost free: deleting suspect emails, updating software regularly, changing passwords, and keeping saved back-ups.

Larger organisations can afford specialised IT security teams and the best-equipped employ outside monitoring services to keep an eye on their networks and check for intrusions round-the-clock that foretell a major attack.

But many organisations are complacent, said Spaulding.

“There are two kinds of companies in the world, those who have been hacked and those who haven’t detected it yet,” she told AFP.

Another problem is that many countries are not producing enough trained IT technicians, which drives up wages for the most sought-after skills, putting them beyond the reach of many organisations, particularly in the public sector.

Adam Meyers from cybersecurity firm CrowdStrike says the key to safety is often simply being better protected than the weakest targets.

“There’s an old adage that you don’t have to run faster than the bear to get away. You have to run faster than the person next to you,” he said.

– State capabilities –

One area that has been prioritised by Western governments is building up their own cyber-military powers, which enable states to investigate and deflect attacks, as well as carry out their own spying and operations.

“For the last decade, it’s been in the toolbox of armies and intelligence services as part of a conflict that is not necessarily open, but is latent,” said Julien Nocetti, a researcher at the Geode institute at Paris 8 university.

The National Cyber Power Index by the Belfer Centre at Harvard University puts the United States at the top of 30 countries ranked on their ambitions and cyber-capabilities, with China second, and Britain third.

The reach and power of the US National Security Agency was laid bare in 2013 following leaks by fugitive contractor Edward Snowden.

“Europe and the United States are sometimes shown as being the victims and the nice guys in this domain … but that’s not how it is. There’s a general blindness about our own operations,” said Nocetti.

And the rules of engagement are still being defined, with a multilateral attempt to create some sort of framework for states failing to make progress.

Some experts worry that one day a state-backed cyberattack will trigger a spiral of reprisals and counter-reprisals that could trigger real-life hostilities.

Countries may have built up enough digital weapons to serve as a deterrent.

“One of the reasons why Russia, the US and China don’t turn each other’s lights off is because they are afraid of what the reaction would be,” said Adam Segal, director of the Digital and Cyberspace Policy program at the Council on Foreign Relations, a US think-tank.

Related: Cyberattacks: Bigger, Smarter, Faster

Related: Operating in the Shadows: US Cyber Command

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...