Tom Meehan
The idea of a third World War seems like something in the far distant future, to be explored in books and movies rather than in real life. However, with the growing prevalence of cyberattacks, many of which come from government bodies, the potential of cyber warfare might push us much closer to the brink of war than we realize.
If you’ve read any news about cyberattacks in the past five years, you’ve definitely heard about at least one ransomware attack. Hackers use ransomware to encrypt their victims’ data and lock them out of their networks. Then, the hackers offer victims a key in exchange for a ransom that can run into hundreds of thousands or even millions of dollars, usually paid in cryptocurrency to make it near impossible to trace the ransom payment.
Sometimes victims regain access to their data without any issues after paying the ransom. However, the real concern is for organizations that pay the ransom, only for hackers to delete their data or leak sensitive data like customer information, credit card numbers, social security numbers, and classified corporate or government data to the dark web for other bad actors to exploit.
Why Ransomware Is Today’s Biggest Cyber Threat
Ransomware has become a popular type of cyberattack in recent years, with ransomware gangs operating around the world in countries like Russia, China, and North Korea. These cyber gangs even offer “ransomware as a service,” selling their malware on the dark web for anyone to use—and business is booming.
Even in 2020, when most businesses struggled in the face of the COVID-19 pandemic and disruptions to the global supply chain, ransomware took off. As hundreds of headlines proclaim just how profitable ransomware can be (like the announcement that Colonial Pipeline paid nearly $5 million in ransom to recover its stolen data in May of this year), more bad actors are drawn to the ransomware business in pursuit of a quick profit.
Ransomware attacks have become much more common. As more hackers enter the “business” of ransomware, they tend to target smaller businesses that are more vulnerable to cyberattacks and more likely to pay the ransom to regain access to their systems. The widespread use of cryptocurrencies, such as bitcoin, has made it even easier for hackers to receive ransoms as well.
According to a recent report from cybersecurity firm Sophos, the average cost of recovering from a ransomware attack has doubled, increasing from $761,106 in 2020 to $1.85 million in 2021 and becoming higher than the ransom itself. Another company, Chainanalysis, found that ransomware attacks led to at least $350 million in ransom paymentsin 2020, a 311 percent increase compared to 2019. However, it is difficult to estimate the full financial impact of these attacks because ransomware is highly under-reported, despite being one of the most high-profile forms of cyberattack.
A Pattern of Ransomware Originating from Overseas
In June 2021, the FBI reported that they were investigating around 100 different types of ransomware, many of which trace back to actors in Russia. In fact, some of the biggest cyberattacks in history have happened in the past 12 to 18 months alone, and most of them came from hacker groups in China and Russia. Although these groups are usually not official state actors, both the Chinese and Russian governments have a reputation for ignoring international calls to crack down on cybergangs in their jurisdictions, essentially protecting these groups and sometimes even enabling their operations.
In December 2020, SolarWinds, a major US information technology firm, discovered it was the victim of a massive cyberattack that targeted the company’s clients, affecting approximately 18,000 government agencies and businesses. A group of state-sponsored hackers working with the SVR, Russia’s foreign intelligence service, added malware to a legitimate software update that created a backdoor into the software, allowing the hackers to enter victims’ systems whenever they wanted.
Some of the victims of the SolarWinds attack include parts of the Pentagon, the Department of Homeland Security, the State Department, the Department of Energy and the Treasury, along with major corporations like Microsoft, Cisco and Intel. Since the hack went undetected for months, the SolarWinds attack demonstrates the biggest concern about modern cyberattacks: that victims might never even realize they were hacked.
Just a few months later, in March 2021, Chinese government hackers targeted Microsoft Exchange, an enterprise email software, to steal data from at least 30,000 organizations around the world, including government agencies, defense contractors, infectious disease researchers, and policy think tanks. Microsoft concluded that the attacks originated from China and appeared to be state-sponsored. However, China has repeatedly denied involvement in this attack or previous ones, instead claiming that the United States is responsible for cyberattacks against the Chinese government for over ten years.
On May 6, 2021, the Colonial Pipeline Company, which provides fuel to a majority of the Eastern United States, was the target of a ransomware attack attributed to DarkSide, a Russian hacking group. The attack, which led Colonial Pipeline to shut down its 5,550-mile gasoline pipeline for a few days, likely came from a single password breach. Because the account reportedly did not use multifactor authentication, hackers only needed a username and password to gain access to the largest gasoline pipeline in the US.
On May 31, 2021, during Memorial Day weekend, JBS, the world’s largest meat processing company, discovered a ransomware attack on its North American and Australian systems and shut down slaughtering at all of its US plants for a day. By June 3, JBS had fully restored global operations, avoiding an extended shutdown that could have further increased already high food prices and disrupted the global food supply chain, given JBS’s dominance in the meat industry. The company also revealed it had paid a ransom equivalent to $11 million to prevent the potential fallout of long-term disruption to their operations.
Over Fourth of July weekend of this year, a Russian cybergang known as REvil/Sodinikibi deployed a ransomware attack on Kaseya, a US managed services provider, targeting the company’s virtual systems/server administrator (VSA) software in demand for $70 million in bitcoin. The hack impacted approximately 1,500 small- to mid-sized businesses. However, hundreds of supermarkets in Sweden had to close because their cash registers were inoperative, while several schools and kindergartens in New Zealand were knocked off-line because of the attack.
The Danger Posed by Foreign Involvement in Cyberattacks
In the US, cybersecurity efforts are usually focused on Russia, which organizes state-sponsored attacks while declining to prosecute cybercriminals, including ransomware hackers who target Americans. This trending behavior prompted US President Joe Biden’s first summit with Russian President Vladimir Putin in Geneva in June, where Biden gave Putin a list of sixteen areas of critical infrastructure that should be exempt from cyberattacks. It is important to note that the Russian hacking groups responsible for the attacks on the Colonial Pipeline and Kaseya this year have disbanded or otherwise disappeared, which might indicate some sort of government intervention.
However, the US, along with NATO, the European Union, Australia, New Zealand, and Japan, has also condemned cyberattacks coming out of China, indicating a broader and more unified stance against Chinese hacking. Compared to Russia, where the government isn’t usually involved in cyberattacks, many experts believe that the Chinese government works directly with criminal contract hackers to deploy cyberattacks for both espionage and personal profit.
With the world distracted by other major global events, like the shifting political climate in many countries and the COVID-19 pandemic, it has been easy to ignore the growing threat of international cyberattacks. Many people do not realize just how serious these attacks are, even with so many high-profile breaches taking place in less than a year in the US alone. As ransomware becomes more sophisticated and more accessible, it becomes harder for government agencies to stay ahead of hackers, particularly if they have support from foreign governments.
How Global Cyber Warfare Could Play Out
Although it sounds farfetched, it’s actually not unreasonable to expect that all of these cyberattacks are ramping up to the possibility of a third World War. In fact, 2034: A Novel of the Next World War by Elliot Ackerman and Admiral James Stavridis, explores this very idea. In the novel, the Chinese government uses technology to defeat a US naval fleet and take control of the South China Sea, propelling the world into a new era of cyber warfare.
The novel proposes the idea that the United States, along with many other developed nations, has become so dependent on technology that we have become vulnerable to cyberattacks, which can be even more destructive than “traditional” war. Although the US has yet to fight a World War on its own land, a massive cyberattack might have an even greater impact, enabling foreign governments to bring down entire military bases and government headquarters without ever stepping foot into the states.
In an interview with Wired, coauthor Stavridis argues that the US and China could potentially “sleepwalk” into a real war, becoming so deeply entrenched in a cyberwar between themselves that they drag the whole world into it. According to Ackerman, one of the lessons of the book is that you never want to be the country that starts a war, but you do want to be the country that finishes it. The United States didn’t start the previous World Wars, but by finishing them it has established nearly a century of global dominance. But if the US accidentally starts the next World War, even if it’s just a cyberwar, then what will that mean for its status as a global superpower?
Although recent cyberattacks over the past few years seem largely disconnected, driven by hackers pursuing glory and profit, the growing trend of ransomware indicates a clear movement toward cyber warfare, where government bodies work with hackers to bring down critical infrastructure in other countries. As cybersecurity becomes a top priority for both private companies and government agencies, we should be aware of just how big of a threat hackers pose to our world today and tomorrow.
No comments:
Post a Comment