By Omar Tisza
Cyber threats are increasingly gaining the full attention of industry and–most recently–government as the Department of Homeland Security establishes the newly announced Cybersecurity and Infrastructure Security Agency (CISA) to advance the state of our national cybersecurity throughout the spectrum of our critical infrastructure sectors.
The need for a risk management approach that views cyber threats as potentially harmful to human life is the most adequate level of analysis. Our world keeps expanding beyond the physical realm into cyberspace, with far reaching consequences within this interdependent ecosystem.
From time-to-time we like to touch upon the security and resiliency significance of complex and blended threats by compiling relevant incidents that demonstrate the need for a better understanding of such threats.
We’ve defined blended threats as natural, accidental, or purposeful physical or cyber dangers that have or indicate the potential to have crossover impacts and harm life, information, operations, the environment, and/or property.
While complex threats would be two or more separate attacks aimed at the same general or specific target(s) or objective(s), a key distinction of blended threats when compared to complex threats is the crossover component – one attack, with crossover effects; a threat that originates in one domain and that has impacts across to another domain. A more detailed breakdown of definitions can be found here.
Triton Malware heightens Industrial Control Systems (ICS) Vulnerabilities
McAfee Labs: “Triton Malware Spearheads Latest Generation of Attacks on Industrial Systems.” Nov 08, 2018 by Thomas Roccia, @fr0gger_. Triton is the latest iteration of ICS malware aimed at further attempting to disrupt critical infrastructure assets. ICS are used to manage industrial facilities such as “nuclear, oil and gas refineries, chemical plants, etc.” The motivations for deploying malware on industrial plants range from espionage to financial gain but cyber-attacks on ICS “disrupt, take down, or destroy the industrial process.” Historically, ICS malware, such as earlier versions of Triton, sought to gain control of industrial assets to damage data, but newer iterations seek to attack “safety instrumented systems (SIS), a critical component that has been designed to protect human life.” Triton is “mov[ing] from mere digital damage to risking human lives.”
Not unlike Indianapolis Colts quarterback Andrew Luck throwing completions then lining up as a receiver, blended threats may start out as one type of incident, and result in another.
Iran Attacked by Unidentified Malware
Bleeping Computer: “New Stuxnet Variant Allegedly Struck Iran.”Oct 31, 2018 by Ionut Ilascu, @Ionut_Ilascu. “A malware similar in nature to Stuxnet but more aggressive and sophisticated allegedly hit the infrastructure and strategic networks in Iran.” After reports suggest that Iran was attacked by a more destructive version of Stuxnet, the specific kind of malware was unidentified, but it allegedly targeted industrial control systems to sabotage industrial infrastructure. However, it is clear that Stuxnet targets “Siemens industrial control system equipment” and focuses on striking “centrifuges in nuclear enrichment at various facilities in Iran.” It is possible that the attack was aimed at similar targets throughout Iran’s industrial and nuclear infrastructure. Reports of the improved Stuxnet attack came after Iranian media quelled reports “that President Hassan Rouhani’s mobile phone had to be replaced recently with a more secure variant because it had been tapped” prompting serious security concerns for Iran.
“Smart” is the New Vulnerable
F-Secure Blog: “Hypponen’s Law: If it’s smart, it’s vulnerable.” Aug 11, 2018 by Jason Sattler, @FSecure. Mikko Hypponen, F-Secure’s Chief Research Officer, cautions against our devices: “If it’s smart, it’s vulnerable.” Everything is slowly transitioning to the internet, our watches, refrigerators, ventilation systems, even door bells; much like our phones. The vulnerabilities and cybersecurity of smart devices will become paramount in securing our homes, and eventually public spaces. This is already relevant for companies who rely on ICS to increase production and profit. Smart devices and systems create an interdependent framework–amplified by the advent of the Internet of things (IoT)–which will necessitate an approach where nearly everything is assessed through the lens of cybersecurity.
“All these connected devices, all these ‘smart’ devices in our networks. And I should know because I am the father of the Hypponen Law, which tells you that whenever something is described to you as ‘smart’ what you should be hearing is… it’s vulnerable.” – Mikko Hypponen, F-Secure’s Chief Research Officer
Anonymous Attacks Gabon with DoS After Elections
News24: “Gabon official websites hacked: Anonymous group.”Oct 29, 2018 by News24, @News24. “The Anonymous hackers collective on Sunday claimed it hacked into more than 70 Gabon government websites, as part of what it called a campaign against dictatorships.” The websites were taken off line to mend the service after the legislative elections took place a few days prior to the attack. This Denial of Service (DoS) rendered the websites inoperable as Anonymous was vocal in their opposition to the government of Gabon as they stated, “the dictators should have been expecting us”.
Crypto Mining Beats IRL Mining in Energy Consumption
The Register: “Dollar for dollar, crafting cryptocurrency sucks up ‘more energy’ than mining gold, copper, etc.” Nov 7, 2018 By Katyanna Quach, @katyanna_q. Even though the gold rush is long gone, a new kind of mining, cryptocurrency mining “require[s] as much, if not more, energy to mine as precious metals like copper, gold or platinum, according to some latest calculations”. Crypto-mining involves the continuous operations of energy-demanding hardware and software in order to “add blocks to currency’s blockchain, which is a digital ledger that publicly lists all the transactions.” Established cryptocurrencies like Bitcoin and Linecoin are the most difficult to mine and require the highest levels of energy consumption. Crypto-mining harms the environment as pollutants and emissions are released into the atmosphere due to the exorbitant energy costs, worsening our environmental crisis.
Internet and Power Outages Highlight Global Need for Failsafes
Oracle: “Last Month in Internet Intelligence: October 2018.” Nov 9, 2018 by David Belson, @dbelson. In the month of October, Ethiopia, Iraq, Venezuela, Northern Mariana Islands, and East Timor suffered wide spread internet connectivity disruptions and power outages that were either state sanctioned or a result of incidents with nationwide consequences. While some of the outages were inflicted by the government of these countries for political reasons, Oracle observed a lack of total internet shutdown in most incidents as relevant data centers had back up measures in place. “Regardless of the underlying causes, the importance of redundant Internet connections and the need to regularly test failover/backup infrastructure cannot be understated.”
“The growing importance of the Internet for communication, commerce, and even government services means that wide-scale Internet disruptions, even brief ones, can no longer be tolerated.” – David Belson, Sr. Director, Internet Research and Analysis at Oracle.
Futuristic Risk: Human Memory Hackers
Kaspersky Lab: “Hackers attacking your memories: science fiction or future threat?”Oct 28, 2018 by @kaspersky. In a not too distant future, neurostimulators may “become ‘memory prostheses’ since memories are also created by neurological activity in the brain.” This technology would allow for an implanted medical device to send electrical impulses to the brain and boost memory functions. While this technology is not yet readily available for consumption, the hardware and software foundations are in place to eventually create a memory boost implant, presenting future cybersecurity concerns. Researchers found an exposed connected infrastructure, unencrypted data transfers between the implant and software, a software backdoor for any clinician to treat the patient in an emergency, and a lack of cybersecurity best practices with medical staff among the potential risk that could plague the implant and facilitate hacking. Even though the implant could drive healthcare research and development, the future vulnerabilities should be addressed with a sector wide mindset, including the participation of “healthcare professionals, the security industry, the developers and manufacturers of devices and associated professional bodies.”
Cyberspace has proved that lines of code from a computer can be weaponized to threaten, not only valuable data, but the security of our physical spaces through the malicious manipulation of devices that can range from simple household appliances, such as IoT, to medical devices and even complex industrial systems. The future of cyberspace looks grim from the perspective of relentless and sophisticated threats, but the future takes a more optimist turn when stakeholders come together and collaborate on building cyber resiliency while recognizing the shared responsibility of the risks that we face, as we can only make our communities as strong as our weakest link.
Omar Tisza graduated from American University in 2017 with a bachelor’s in International Relations. After a brief stint in business development on the federal market, he began his role as Jr. Risk Analyst at Gate 15 in 2018 and currently supports the Health Information Sharing and Analysis Center (HISAC) and the Healthcare Sector Coordinating Council – Cybersecurity under the leadership of Executive Director Greg Garcia, former Assistant Secretary for Cyber Security and Communications at DHS.
This post’s featured image of Andrew Luck is from the AP via the Daily Herald. Daily Herald caption and link: Indianapolis Colts quarterback Andrew Luck (12) makes a catch over Miami Dolphins free safety Reshad Jones (20) during the first half of an NFL football game in Indianapolis, Sunday, Nov. 25, 2018. Associated Press.
Our team includes security updates in our free daily paper, the Gate 15 SUN. We encourage readers to consider the evolving blended threat environment and to take that into consideration as you plan and conduct preparedness, security and operations. Read some of our previous posts on blended and complex threats in the links below.
- Complex Threats: Ransomware, Hurricanes, Murder, Defacements, Bots, and Blackouts… ?
- Potatoes and Tomatoes: You Say Blended, I Say Complex…
- Blended Threats! McAfee Labs Addresses Digital Impacts to Physical Infrastructure
- Blended Threats: Mining Takes a Toll!
- Blended Threats (update 1.1): Understanding an Evolving Threat Environment
- Blended Threats: The Oracle Has Spoken!
- More on blended threats, some of our associated preparedness activities, and other content that may be of interest can be accessed from our blog.
Understand the Threats. Assess the Risks. Take Action.
What are blended threats? A blended threat is a natural, accidental, or purposeful physical or cyber danger that has or indicates the potential to have crossover impacts and harm life, information, operations, the environment, and/or property.
Maintain security and threat awareness via Gate 15’s free daily paper, the Gate 15 SUN and learn more about Hostile Events Preparedness and our HEPS Program here. Gate 15 provides intelligence and threat information to inform routine situational awareness, preparedness planning, and to penetrate the decision-making cycle to help inform time-sensitive decisions effecting operations, security, and resources. We provide clients with routine cyber and physical security products tailored to the individual client’s interests. Such products include relevant analysis, assessments, and mitigation strategies on a variety of topics.