Szilard Stange, Director of Product Management, OPSWAT
The task of maintaining a secure digital environment is far from trivial, as the activities of criminal groups posing imminent threat via cyber-attacks is increasing. There are a few components that could be causing this increase in digital crimes. More criminals are simply be turning to the internet instead of traditional criminal pursuits, and many extremist groups and totalitarian governments have managed to build up a cadre of security professionals and developers, boosting their presence on the dark side of the web. But how do these recent developments in the international cyber war affect your daily life and what should you do about it? Here’s everything you need to know.
- What is their motivation?
There is no easy answer to this question. Many cyber criminals are simply looking for money and fame among their fellows; others are motivated by ideological or political considerations. These disparate motivations can result in criminal acts ranging from the formation of huge computer networks (botnets) to drive ransomware attacks or orchestrate large-scale spam operations. Others seek to steal data or disturb the operations of critical infrastructure.
- Who sponsors them?
Many cyber-crime activities are self-financed, funded by the masses who fall for world-wide spam, phishing and ransomware attacks. The large-scale bank heist recently reported by Kaspersky Lab proves that malware-borne attacks can provide a huge payout for the criminals! Many governments fund their own cyber armies, so to speak, focused on espionage or even enacting physical attacks as was seen with the famous Stuxnet worm that was used to sabotage the Iranian nuclear program.
- Why aren’t they arrested?
Cyber-crimes are quite difficult to prosecute, because the perpetrators are well-versed in techniques to conceal their identity and location. Individual IP addresses can be hid by anonymity networks like Tor. Sometimes the nature of the crime also protects criminals from identification and prosecution. For example, a botnet network could contain thousands of infected computers located all over the world. Most of the time owners of the infected computers don’t even know they are infected, and it is difficult for the authorities to differentiate these innocent victims from the perpetrator of the crime.
- Can they cause a real war?
According to industry speculations, it’s quite possible. But the evidence is clear that they could, and indeed have already participated in warfare. We need only look at the successful intrusions into critical infrastructure like nuclear facilities and breaches of military networks to begin to understand the role cyber-warfare plays. The US sanctioning North Korea over its alleged role in the Sony Pictures hack and North Korea’s response is one of the best examples to date of real geo-political consequences stemming from a cyber-attack. Several countries have made it clear that they will respond to cyber-attacks using traditional warfare if necessary—quite a disturbing prospect!
- How could this affect me?
If a criminal’s motivation is to steal money or data then you could be a direct victim. I recommend that you carefully check your accounts and credit report on a regular basis, and take care when logging into websites containing your sensitive data.
However, higher-level cybercrime, like taking control of critical infrastructure facilities, probably doesn’t pose a direct threat. Even if the attackers can intrude into a computer in a nuclear facility, these systems have redundant layers of physical protection to defend the infrastructure and to prevent catastrophic events.
- Is my computer part of these wars?
The highest risk for you as a consumer is being looped into a botnet. If your computer is linked to such a network, it will not only consume your resources (RAM, CPU, Internet bandwidth) but it may raise law-enforcement agencies’ attention. In the past it was enough to avoid browsing porn sites, not download pirated media or programs, and make sure that your operating system and antivirus programs were up-to-date, but just avoiding risky behavior is no longer enough! Everyone should be cautious as more attackers use zero-day vulnerabilities and hack well-known sites to demonstrate their capabilities and to distribute new malware.
- What can I do?
Up-to-date security tools, like all-in-one desktop security programs, are more important than before, but they may not be enough to keep you safe. We recommend using anti-malware multi-scanning to assess suspicious files, as well as a solution that will assess your system for threats your installed antivirus may have missed. When you receive a notification that you need to update a key program on your computer, like Java or Adobe Flash, don’t just ignore it! Many viruses rely on out-of-date software to gain access to your machine, so applying security updates for your operating system and other 3rd party programs without delay is also a key step to minimize the risk of malware infection of your computer. And finally, if you need to access your employer’s corporate network from your home computer, make sure you comply with your company’s security policies! Using the security tools that are provided to you are more important now than ever before.