Cyberwarfare: If It’s Begun in Ernest–Will America Hack Back?
As early as March 2020, cyber criminals hacked into the SolarWinds IT software company in an attack that revealed confidential and sensitive client information and private intellectual property. Criminals on the dark web may sell this stolen information to make money or use it for future attacks. The SolarWinds attack made both public and private sector companies vulnerable by means of a covert code inserted into SolarWinds’ software updates.
The April 29, 2021, ransomware cyberattack on Colonial Pipeline halted fuel distribution in 12 Eastern Seaboard states, shuttered some gasoline stations, caused long fuel lines in others, and generated public buying panic in local areas. Colonial Pipeline paid about $5 million in ransom to retrieve access to its network, of which the FBI retrieved about half that amount.
Almost exactly one month later on May 30, 2021, JBS Holdings, Inc. also suffered a cyberattack against the meat processing company. Although the company began reopening its operations in early June, this ransomware attack may affect beef prices in the US as the result of the company’s shutdown of its slaughterhouses. The attack is significant for another reason: JBS Holdings, Inc. paid $11 million in ransom to the hackers that broke into its computer network to restore network access.
It certainly appears that cyberattacks against US interests are in escalation mode. Recent news reports noted that President Joe Biden refused to rule out US counter-attacks in retaliation for the uptick in cybercrime. This topic is of critical importance to all organizations that store information in the cloud or use proprietary software to monitor and manage their networks. With that in mind, we touched base with industry experts to gain their opinions on whether the US edges closer to open cyberwarfare with foreign governments, especially Russia and China. We also appealed for their perspectives on what that counter-offensive and the all-out war would look like.
The following paragraphs provide those perspectives in question-and-answer format.
Is a Cyberwar upon Us, or Are Reports Just Hyperbolic?
“As we speak, foreign governments are targeting corporate servers and infrastructure for theft of information and attacks designed to cause disruption in commerce.
Cyberwarfare is really just a new name for offensive security operations, which is why it’s so alarming to hear reports of major corporations and business sectors being breached even as we speak. While we may not be engaging in battlefields on the scale of Iraq or Afghanistan, some could argue that we already live in a cyber war zone—one where our most critical infrastructure—financial institutions, retail outlets, and transportation systems—are vulnerable to disruption and damage, at least in part due to our own hubris and complacency.
Simply, it is just a way of fighting cyberwar without fighting soldiers. This means that every day, small groups of hackers can operate with relative impunity within our borders. Our government needs to directly engage in offensive cyber-operations against hostile states and non-state actors, as well as defensive measures against such activities.” — Anthony Buonaspina, BSEE, BSCS, CPA, CEO and founder, LI Tech Advisors
Can You Explain Further What Cyber Warfare Would Look Like?
“Foreign states and America are already engaging in cyberwarfare. There have been many cases such as Flame and Prism. Once a government penetrates a system’s defenses, it effectively would have a great deal of control over that particular system. The goal is to remain there undetected, gathering information for as long as possible and potentially use that system to break into other connected systems.
Launching an ‘attack’ could be a simple as changing some formulas or values on a spreadsheet to cause serious logistical or financial disruptions or redirecting Google searches to another cloned website own by the hacker. Rarely would a government openly and publicly go forward with a cyberattack against another government when they can get the same results without anyone knowing.” — Carl Fransen, CTECH Consulting Group
If the US Has Not Seen the Last of the Cyberattacks Attacks Against US interests, How Do You See the US Defending Against Such Attacks?
We will certainly see more critical national infrastructure hits coming as there is not enough cybersecurity proactive work being done. Organizations are not seeing the true danger and need to close up their vulnerabilities, and so they are very lax in their approach. They weigh risk vs cost and use insurance to balance that.
When we truly have mechanisms in place and companies that understand and take steps to protect their infrastructure, then the hacks will go down. The Colonial Pipeline hack was not successful because they were hacked by very intelligent hackers. They were lax with their security and the hackers found and used those holes against them. Colonial had an account of a user that was no longer employed, still active. They did not have multifactor authentication enabled for remote access via a VPN. The user with the account had his password found on the dark web, probably because he/she used it multiple times. This means that there was not enough user awareness to educate the users on how to properly protect themselves.
If you go back and look at every single attack, very few were due to unknown vulnerabilities and were, more likely than not, using software that was not properly patched. Accounts were not locked down. Users had local administrator-level access to their systems, and they simply did not get training on how to identify fake emails.
It’s a shame because so many companies are finding out the hard way that they have to pay so much more after an attack compared to what it would cost prior to an attack. — Guy Baroan, Baroan Technologies
How Do We Protect Against Future Cyber Warfare Attacks?
“Cyberwarfare has impacted us in ways we can barely imagine. Future threats to our physical security will include weaponized viruses and attacks that use computer code instead of weapons. These attacks could come from inside companies, as well as outside.
The debate over how best to deal with such attacks has been ongoing for some time–but it’s perhaps most relevant now that we live in an era where many critical infrastructure systems are interconnected and the threat of disruption from a single attack possibly seems like an imminent reality. Despite significant investment in protective technologies and systems by both public and private sectors, hackers have gained access to private information on an unprecedented scale, and are able to use it for purposes both harmful and purposeful.
In a highly interconnected world, we simply cannot afford to accept the risk that cyber warfare might one day cripple our economic system or bring down our democracy—Our government needs to step in and insist that all companies embrace predefined policies and procedures that would require them to fortify their network infrastructure.
Cybersecurity concerns are not going to go away anytime soon, and we all need to take a more proactive approach and not just purchase cybersecurity insurance and hope the problem goes away.” — Anthony Buonaspina, BSEE, BSCS, CPACC, CEO, and founder, LI Tech Advisor
About Ulistic, LP
Stuart Crawford founded Ulistic, LP in 2010. The company currently has its headquarters in Tampa, Florida, which houses between 11-50 IT employees. Ulistic, LP also serves clients in Canada, Australia, and the UK.
Ulistic, LP is the best SEO and website MSP marketing company for IT companies. Since 2010, Ulistic, LP has worked with small business websites, showing them how to protect and grow their IT business using effective, digital marketing strategies. For further information, please contact us.