With cyber attacks and data breaches becoming more commonplace these days, the global state of online security has never been more alarming. In 2017, the world learned about the public leak of cyber weapons used by the United States National Security Agency as well as by the Central Intelligence Agency. While the leak appears to have been politically motivated, it quickly became a security issue around the world as cybercrime groups quickly took advantage of the leak and adopted military-grade cyber weapons to launch attacks against civilian targets as they continue to ply their wicked trade.
Now that cyber criminals have acquired dangerous malware used by the U.S. intelligence and military organizations, individuals and enterprises should adopt a more aggressive stance in terms of security; in other words, information security should be implemented at a cyber defense level. Here are six reasons why military-grade infosec should be in the minds of business owners these days:
Cyber Warfare Dangers
The ongoing investigation into the hacking of political parties and electoral commissions during the 2016 presidential election suggests that Russian cybercrime groups were working for the Kremlin. Once hackers are given access to cyber warfare weapons, they will not hesitate to use them against civilian targets. One recent example was the WannaCry ransomware attack in May 2017, whereby hackers used a tool developed by the NSA to shut down the data infrastructure used by the National Health Service of the United Kingdom.
As can be expected, many of the tools stolen from the CIA and NSA were originally developed for espionage purposes. It is not unreasonable to assume that individuals interested in corporate espionage have looked at the leaked cyber weapons and added them to their digital arsenals.
Similar to cyber warfare, terrorist organizations such as ISIS may use cyber weapons to conduct disruptive attacks against civilians. In 2013, several financial institutions in the United States and South Korea were crippled by a series of attacks that included SQL injection and distributed denial of service (DDoS) tactics. It is widely believed that hackers working for the North Korean regime may have been behind the attacks.
Hacking in the Name of Activism
Hackers who are politically and socially motivated, commonly referred to as hacktivists, have been very active in recent years. One of the most infamous cases in this regard was the Ashley Madison data breach, which resulted in a few suicides committed by members whose alleged philandering activities were exposed before the entire world. With television shows such as "Mr. Robot" becoming very popular, some infosec analysts have warned that hacktivism may be on the rise. For this reason, simple managed detection and response services are being recommended to corporate executives.
Black Hat Cyber Threats
The world of information security is largely populated by three types of individuals: white hats, grey hats and black hats. White hats are security professionals, grey hats may also be professionals whose personal code of ethics may include unauthorized penetration testing. Black hats may be affiliated with anarchist and cybercrime groups who embrace digital disruption for nefarious purposes.
Availability of Hacking Tools
One issue faced by information security specialists these days deals with the proliferation of hacking tools available to anyone who is interested in disrupting networks. One colorful example was prompted by "Mr. Robot," the previously mentioned cable television drama; in one episode, a smartphone running a special Linux distribution known as Kali was prominently featured. This device can be used for advanced penetration testing, and it used to be available on a retail basis from an infosec company known as Pwnie Express. These days, the "Pwn Phone" project has gone open source.
In the end, it is very important that individuals and business owners are aware of the cyber threats listed herein. At a time when anyone can be a target of cyber crime, appropriate measures should be taken.