[ad_1]
The increasing frequency of ransomware attacks on private companies engaged in banking, gas supplies, beef production and other important businesses may seem like an overblown national security threat, but a growing number of experts are warning that the attacks represent the cyberwarfare trend of US adversaries. ready to exploit, not for money, but for serious geopolitical gain.
As the scope and complexity of events increase in the months and years ahead, analysts say, Russia, China, Iran and North Korea It is likely to accelerate the use of ransomware to obtain direct foreign policy concessions. Washington or from US allies around the world.
“I think before and after key foes like Iran and North Korea “He exploits ransomware for political gain,” said Jenny Jun, a nonresident fellow at the Atlantic Council’s Cyber Statecraft Initiative.
It’s important to understand the basic mechanics of a typical ransomware attack: A group of hackers break into a company’s computer system, find sensitive data such as customer bank account numbers, and then lock that data with an encryption key or password. it is impossible for the company to access the data. The hackers then demand that the company pay a fee in exchange for the encryption key to unlock the data.
Ms Jun said the same processes offer new and cost-effective ways to wreak havoc with hostile forces, both state and non-state actors, especially if the targeted companies are involved in key critical infrastructures such as defense manufacturing and high-end or other politically sensitive industries. banking.
Hacking groups like DarkSide and REvil have used ransomware in recent months to get US companies to pay tens of millions of dollars for encryption keys to release data. Ms. Jun predicts that foreign governments with influence over hacking groups will soon demand something other than money.
In an interview with The Washington Times, Ms. Jun said instead, xenophobes could demand easing of sanctions, release of prisoners and subtle policy changes designed to undermine US interests on the global stage.
“It may be a demand for a country to accept control over a particular territory,” he said.
A foreign enemy can also use ransomware to demand that an international bank or country stop cooperating with US sanctions.
He said Iran has a track record of engaging in such tactics outside of the cyber realm. Tehran managed to take control of a South Korean-flagged oil tanker earlier this year, and pressured South Korea to release nearly $7 billion in frozen Iranian assets.
Ms. Jun described it as “trivial” that Iran, which has frozen billions of dollars in overseas banks due to US and Western economic sanctions, will eventually turn to ransomware attacks to achieve similar ends. “You can imagine their facility being held hostage by ransomware, and then the Iranians saying, ‘If you release our money, we release the encryption key,'” he said. “It doesn’t have to be against the US; It could target US partners.”
Preparing the ‘battlefield’
The future of cyber warfare is coming fast.
“Cyberspace may be the most important ‘battlefield’ in the coming years,” said David Maxwell, a former US Special Forces officer. North Korea At the Foundation for Defense of Democracies. “For North KoreaA very attractive environment to work in. The benefits are high and so far the costs are extremely low.”
North Korea It is not known to have been involved in government-sponsored ransomware attacks, but Mr Maxwell said Pyongyang appears to be conducting a series of hacking activities designed to conduct “reconnaissance” for potential actions in South Korea, the US and other networks to achieve certain targets. geopolitical gains
“So they might be ‘preparing the battlefield,'” he told The Times. “One day, we may see massive attacks on infrastructure that can do massive amounts of damage,” which could benefit the regime’s “blackmail diplomacy.”
Stewart Baker, a former National Security Agency general counsel and now the policy chief for the Department of Homeland Security at private company Steptoe & Johnson, who practices technology law, said in an interview that it was “not unreasonable” that xenophobes would look for a subtle way to launch ransomware. Attacks for political purposes.
“You cannot gain geopolitical influence by locking a piece of data and publicly demanding a policy change,” Mr Baker said. “But can you do it quietly? Maybe.”
Are there scenarios where the private sector ransomware incident could turn into a public policy football? “Yes,” said Mr Baker, pointing to the Colonial Pipeline attack by Russia-based hackers in May that briefly stopped the flow of gasoline in the southeastern United States.
Had the attack been much more sophisticated and had managed to hook up the Colonial’s industrial control systems for weeks, hijacking the computer system that turned the pipeline on and off, it could have made a major geopolitical twist, Mr Baker said. Colony officials admitted that they paid ransomware thieves about a week later to restore the materials.
Mr. Baker told US officials that if the shutdown had been more extensive and longer-lasting, Russian President Vladimir Putin would have come forward and told US officials that Moscow had the ability to track and catch Russian-based hackers, provided that it would do so. , say, Washington He agrees to prevent American social media companies like Twitter and Facebook from giving Russian dissidents a forum to criticize Kremlin policies.
In cyber geopolitics
US cybersecurity officials have focused on the possibility that geopolitical developments, such as US airstrikes or sanctions against a particular country, will trigger increases in cyberattacks against the US – not that cyber or ransomware attacks themselves could become geopolitical weapons in the hands of previously foreigners. enemies.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency released an “insight” document in January 2020 warning that “increasing geopolitical tensions and threats of aggression could lead to cyber and physical attacks on the homeland, as well as devastating hybrid attacks on US targets and by proxies.” . interests abroad.”
The document focused specifically on the possibility of “destructive and disruptive cyber operations against strategic objectives, including financial, energy and telecommunications organizations, and increased interest in industrial control systems and operational technology” by foreign hackers.
It also warned of the threat of “cyber-assisted espionage and intellectual property theft targeting various industries.”
Mr Baker told The Times: China The United States has long engaged in this type of cyber-enabled espionage targeting American companies contracted with the Pentagon to work on defense and weapons development.
“It was more about giving than playing cards. China geopolitical advantages they don’t have otherwise,” said Mr Baker. Cyber espionage effectively “allows the Chinese to modernize their armies, possibly by stealing something 15 years ago – hacking defense contractors”.
“Not because they came in and called. [whomever they’ve hacked] To say, ‘Hey, woohoo, we have your data,'” said Mr. Baker. “No, instead, they took that data and handed it over to someone else and said, ‘Here you go.’ Build it [weapon] for us now.
“So there’s a geopolitical impact to that,” said Mr Baker.
The United States has reportedly pursued geopolitical goals through covert cyber actions over the past decade. The New York Times reports that the Obama and Trump administrations have ordered aggressive cyberattacks against the Pentagon. North KoreaIn hopes of sabotaging Pyongyang’s missile test, the missile program begins within seconds of opening.
Analysts generally agree that this will be a geopolitical blow. Washington if such cyberattacks reliably neutralize the threat from nuclear-tipped North Korean intercontinental ballistic missiles. However, the effectiveness of the Pentagon’s campaign targeting Pyongyang’s launches remains a matter of debate in the United States. Washington.
[ad_2]
Source link