24 January 2015

Is Cyber-Terrorism the New Normal?

BY DAN HOLDEN, ASERT 
01.21.15 

With recent news stories involving serious attacks on Sony and its PlayStation Network, Microsoft’s Xbox Live network, alongside other high profile attacks on the Tor project and North Korea’s Websites, has cyber-terrorism become a very real and dangerous reality for enterprises to battle alongside other threats? 

Let’s start from the beginning. What is the difference between cyber-terrorism, vandalism, or even war? Looking back to the 90s and early 2000s, websites were commonly defaced just to satisfy an attacker’s ego. Just like graffiti, this is a great example of vandalism. A more recent example of this sort of attack was the recent defacement of the U.S. Central Command’s Twitter page – a textbook example of vandalism. 

If you consider malware like Stuxnet discovered in June 2010 and nicknamed the “world’s first digital weapon” things change drastically. Stuxnet had moved beyond the virtual world and was capable of causing physical destruction to computer equipment and possible large-scale destruction – or cyber-war. However, cyber-terrorism seems to have found a different niche where the destruction or disruption of service isn’t a military or state target, but that of a commercial entity or service – the businesses, services, or information that you and I often times depend upon. 


In the case of the Sony attack, which saw the release of confidential data of employees and their families in November 2014, there are many potential suspects. Regardless of “who dun it”, the damage to Sony is very real. There has been a loss in revenue due to movies being leaked, sensitive employee information was disclosed (including salaries and social security numbers), and executive emails were publicised – shedding a disparaging light on Hollywood executives. With these leaks came brand and other collateral damage, resulting in a long road ahead for Sony to fully recover. As a result, Sony’s potential and current customers are likely to question purchasing Sony products, which could have a devastating long-term impact on the company. 

Then, Lizard Squad – an organization that refers to itself as a cyber-terrorist – launched a massive DDoS attack against Sony’s PlayStation Network and Microsoft’s Xbox Live networks on Christmas Day, ruining holiday fun for millions in the process. Lizard Squad followed up these disruptions with an attack against the Tor Project, a network of virtual tunnels that allow people and groups to improve their privacy and security on the Internet, and have threatened many individuals and rival groups along the way. 

Finally there is the North Korea attack, which saw the nation’s Web and Internet infrastructure go down for roughly 9 ½ hours, resulting in many thinking that the U.S. government was behind the attack. While extremely unlikely, cyber-terrorism can be an act of disruption in this way, even used primarily for propaganda purposes. 

What makes these stories mirror the idea of terrorism is the collateral damage involved and the obvious ties to geo-political situations that we see in so many attacks today. This has been building for years and now President Obama has stated that cyber-terrorism is perhaps one of the greatest threats against the U.S. today. Unfortunately, the attacks are not only here to stay, but given the utter reliance on the Internet today, they are likely to grow in a very serious manner. 

So what does this mean for organizations? The simple answer is that organizations that fall victim to cyber-terrorism will see damage to their bottom lines. With operations often being disrupted, recovering from an attack can cost tens, even hundreds of millions, , and can exhaust the workforce who have to go into disaster recovery mode. Additionally, there is brand damage to consider. 

With so many choices, consumers lose trust quickly and may re-evaluate purchasing products from a company that is in a critical state as a result of a serious attack. It may also call into question the safety of their information with these businesses, leaving them to ask why they should buy from them or why they should use their services. This could have deep implications to not only their bottom lines but their reputations as well. 

The learning lesson for organizations to take away from 2014 is that these attacks can target anyone for a multitude of reasons, and they are very bad and very visible. Learning that the problem can’t be ignored and isn’t going away may sound simple, but some have remained unconvinced and are now paying the price. Because of this, organizations need to make IT security a top priority, and as part of this, visibility is vital. 

Dan Holden is the Director of ASERT, Arbor Networks’ Security Engineering and Response Team.

No comments: