More Dependence on Internet Leads to More Cyberattacks Worldwide
August 28, 2017
From power grids, to major corporations, nothing in the world is
immune to cyberattacks. The reason, said cyber security experts,
is the growing dependence on the internet.
“The internet is becoming more and more integrated into our
lives every single day, and we as citizens and we as
corporations and governments are becoming more interconnected
and using the internet as part of that backbone of communication
and collaboration. This means that there’s increased attack
surface for those who wish to be malicious,” said Jonathan
Homer, with the U.S. Department of Homeland Security's National
Cybersecurity and Communications Integration Center.
Homer works with a team that supports federal agencies, local
governments and those who are part of the critical
infrastructure within the U.S. to help them get back online and
help prevent future attacks.
“On a weekly basis, we fly out and respond to organizations that
are going through the once in a lifetime cyberattack,” Homer
Greater financial gain
More digital information on the web means greater financial gain
for criminals. In the last year, there has been an increase in
cases of ransomware, an attack that locks a computer until a
payment is made.
“It’s becoming easier and easier in part because the tool kits
needed to break into many of these systems are becoming more
readily accessible on the dark web,” said Clifford Neuman,
director of the University of Southern California Center for
Computer Systems Security.
Tracking down the criminals has not been easy for law
“We do think that reporting cyber intrusions is underreported to
law enforcement, whether it’s the FBI, Secret Service or another
entity,” said John Brown, special agent in charge of the Federal
Bureau of Investigation’s Los Angeles office.
“I think it’s a business decision. They’re concerned about the
publicity, which we completely understand. There they have
customers, et cetera that may not do business with them if like,
hey, there’s an issue with their cyber defense,” Brown said.
Federal laws on reporting breaches are vague and many state laws
require reporting when personal information is compromised, but
there are gray areas.
"Much of what happens in the case of businesses is they don’t
necessarily know what information has been disclosed, and they
sort of, perhaps intentionally, lay a blind eye to that to say,
'Well, we don’t know personal identifiable information has been
disclosed. All that we know is someone got into our system,'"
Range of online perpetrators
The FBI says the online perpetrators range from criminals who
want money to hackers with geopolitical motivations.
“Clearly there are nation states that are involved in cyber
activity who are interested in stealing our trade secrets, our
proprietary information that our companies are developing, our
secrets within our government,” Brown said.
A Chinese national, Yu Pingan of Shanghai, was arrested and
charged this week for allegedly distributing malicious software
known as Sakula. The malware has been linked to hacks against
Sakula has also been linked to the 2014 and 2015 cyberattacks at
the U.S. Office of Personnel Management (OPM), where personal
information of millions of federal employees was stolen. The
federal court filing, however, against Yu does not mention the
U.S. officials have blamed the Chinese government on those
“Most cyberattacks require multiple weaknesses or
vulnerabilities of some form in order to be able to reach the
final goal of the attacker.One of the greatest weaknesses of any
corporate network is the human element,” said Homer.
Neuman said it is not a matter of if an attack will happen, but
“I think that most companies are not prepared to handle the zero
day, the newest attack that occurs because it’s like fighting
the last war. You don’t know what the particular new techniques
are that are going to be applied,” Neuman said.
the FBI, building partnerships with private industry is
“It’s really about building those relationships before the
intrusion. So, what we ask companies to do is to call us and to
basically just say, 'Hey, let’s talk about what would happen if
we did have an intrusion. Let’s work through that,'" Brown
Another way to prepare for a cyberattack is to rethink how
systems on the web are designed, Neuman said.
“Where we really need to be going is in a way where we design
our systems to be more resilient against the inevitable hack,"
he said. "Understand that individuals are going to get in, but
make sure that the structures of the systems are designed to
contain the damage that can occur. And that’s a much more
difficult problem to solve because it requires changing the way
we design our systems overall.”