Cyber warfare risk is mostly hype

The vast majority of hi-tech attacks described as acts of cyber war do not deserve the name, says a report.

The Organisation for Economic Cooperation and Development study is part of a series considering incidents that could cause global disruption. While pandemics and financial instability could cause problems, cyber attacks are unlikely to, it says.

Instead, trouble caused by cyber attacks is likely to be localised and short-lived…

Attempts to quantify the potential damage that hi-tech attacks could cause and develop appropriate responses are not helped by the hyperbolic language used to describe these incidents, said the OECD report.

“We don’t help ourselves using ‘cyberwar’ to describe espionage or hacktivist blockading or defacing of websites, as recently seen in reaction to WikiLeaks,” said Professor Peter Sommer…who co-wrote the report with Dr Ian Brown…

“Nor is it helpful to group trivially avoidable incidents like routine viruses and frauds with determined attempts to disrupt critical national infrastructure,” added Prof Sommer…

The report concludes that it is unlikely that there will be a cyberwar. Most of the hype – like a great deal of politics involving the military in Western nations – is designed to promote the profits of corporations and their officer-class flunkies.

No surprises there, either.

19 thoughts on “Cyber warfare risk is mostly hype

  1. n00b says:

    “Microsoft warns 10,000 customers they’re targeted by nation-sponsored hackers : Hacking remains a tool of choice for influencing elections, company warns.” https://arstechnica.com/tech-policy/2019/07/microsoft-warns-10000-customers-theyre-targeted-by-nation-sponsored-hackers/ According to a post from Microsoft Corporate Vice President of Customer Security & Trust Tom Burt, about 84% of the attacks targeted customers that were large “enterprise” organizations such as corporations. The remaining 16% of attacks targeted consumer email accounts. Burt said some of the 10,000 customers were successfully compromised while others were only targeted, but he didn’t provide figures.
    “This data demonstrates the significant extent to which nation-states continue to rely on cyberattacks as a tool to gain intelligence, influence geopolitics, or achieve other objectives,” Burt wrote. Microsoft presented the figures Wednesday at the Aspen Security Forum.
    Advanced Persistent Threats (APT) groups list: https://www.fireeye.com/current-threats/apt-groups.html

  2. Update says:

    (1/12/2020): “In the wake of the US assassination of Iranian general Qassem Soleimani and the retaliatory missile strike that followed, Iran-watchers have warned that the country could deploy cyberattacks as well, perhaps even targeting US critical infrastructure like the electric grid. A new report lends some fresh details to the nature of that threat: by all appearances, Iranian hackers don’t currently have the capability to start causing blackouts in the US. But they’ve been working to gain access to American electric utilities, long before tensions between the two countries came to a head.” https://arstechnica.com/information-technology/2020/01/iranian-hackers-have-been-password-spraying-the-us-grid/
    On Thursday morning, industrial control system security firm Dragos detailed newly revealed hacking activity that it has tracked and attributed to a group of state-sponsored hackers it calls Magnallium. The same group is also known as APT33, Refined Kitten, or Elfin and has previously been linked to Iran. Dragos says it has observed Magnallium carrying out a broad campaign of so-called password-spraying attacks, which guess a set of common passwords for hundreds or even thousands of different accounts, targeting US electric utilities as well as oil and gas firms. https://dragos.com/resource/north-american-electric-cyber-threat-perspective/

  3. Joseph L. Lockard says:

    Pompeo: Russia ‘Pretty Clearly’ Behind Massive SolarWinds Cyberattack https://www.npr.org/2020/12/19/948318197/pompeo-russia-pretty-clearly-behind-massive-solarwinds-cyberattack
    Massive Russian hack attack threatens national security and fuels disinformation warfare : The chilling Russian cyber breach endangers our safety and democracy. Enough with wrist slaps and naive attempts at ‘resets.’ We need decisive action. https://www.usatoday.com/story/opinion/2020/12/19/russia-hack-attack-threatens-american-safety-democracy-column/3965580001/

  4. похороним тебя says:

    The U.S. government spent billions on a system for detecting hacks. The Russians outsmarted it. (Washington Post 12/15/20) https://www.seattletimes.com/nation-world/the-u-s-government-spent-billions-on-a-system-for-detecting-hacks-the-russians-outsmarted-it/

    (12/14/20): The Cybersecurity and Infrastructure Security Agency (CISA) tonight issued Emergency Directive 21-01, in response to a known compromise involving SolarWinds Orion products that are currently being exploited by malicious actors. This Emergency Directive calls on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately. https://www.cisa.gov/news/2020/12/13/cisa-issues-emergency-directive-mitigate-compromise-solarwinds-orion-network

  5. Update says:

    “Whether the cyber-attacks that shut 5,500 miles of oil pipeline this weekend are coming from private crooks or a state-sanctioned effort is almost beside the point. Somehow our response to this attack, as the big one apparently triggered by what looked like Russian-sponsored hackers on government agencies and companies last month, ought to be generating a lot more urgency.
    The idea that a small group of bad guys in a faraway darkened room can control our electric grid, our fuel supplies, our business functions, our very defenses virtually at will should be as frightening as the prospect of powerful bombs in the likes of Iran or North Korea.” https://www.dcreport.org/2021/05/10/colonial-pipeline-wake-up-people-were-under-attack/
    “In the next week, the administration is expected to issue an executive order intended to bolster the security of federal and private systems after two major attacks from Russia and China in recent months caught by surprise American companies and intelligence agencies.” https://www.nytimes.com/2021/05/08/us/politics/cyberattack-colonial-pipeline.html

  6. n00b says:

    “The Cyber Front in the War on Ukraine” (2/25/22) https://www.vice.com/en/article/akvyej/the-cyber-front-in-the-war-on-ukraine
    “Russian Ransomware Gang Says It Will Support Russian Government : The Conti ransomware gang announced it will retaliate against “the critical infrastructures” of anyone who launches cyberattacks on Russia.” (2/25/22) https://www.vice.com/en/article/y3vxnm/russian-ransomware-gang-says-it-will-support-russian-government
    “Pro-Russia Conti Ransomware Gang Targeted, Internal Chats Leaked : “Glory to Ukraine!” a message from the leaker reads.” (2/28/22) https://www.vice.com/en/article/z3ng84/pro-russia-conti-ransomware-messages-leaked

  7. Heads up says:

    President Biden said there is “evolving intelligence” that the Russian government is exploring options for potential cyberattacks. (Wall Street Journal March 21, 2022 at 4:42 pm ET) https://www.wsj.com/livecoverage/russia-ukraine-latest-news-2022-03-21/card/biden-says-russian-government-is-exploring-options-for-cyberattacks-lKF4al4DrVApvVYsW4IA
    Mr. Biden said in a statement Monday that he has previously warned that Russia could conduct malicious cyber activity against the U.S., “including as a response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners.” He said he was reiterating those warnings now, calling it a critical moment to improve cyber security.
    Citing efforts the federal government and Congress have made to improve cyber defenses, Mr. Biden said the administration would continue working to disrupt and respond to attacks on critical infrastructure. He also called on the private sector to harden cyber defenses.

    Russia warns relations with US could be severed in ‘note of protest’ https://thehill.com/policy/international/599048-russia-warns-us-that-relations-near-breaking-point

  8. Santayana says:

    In his long report in 1924 and in his detailed 1925 book “Winged Defense”, Brigadier General William “Billy” Mitchell described how the Japanese would attack Hawaii at 7:30 AM by first attacking the Air Corps airfields and hangers to stop any counter attacks, followed by bombers to take out the ships at Pearl Harbor. Exactly as the Japanese did – except that Mitchell didn’t foresee their use of aircraft carriers. https://www.americanheritage.com/billy-mitchells-prophecy#1
    A Japanese carrier, the Hōshō, which entered service in December 1922, was the first carrier designed as such from the keel up. https://en.wikipedia.org/wiki/Japanese_aircraft_carrier_H%C5%8Dsh%C5%8D

  9. Update says:

    The US has disrupted a global “botnet” controlled by Russia’s military intelligence agency, Attorney General Merrick Garland announced on Wednesday.
    A botnet is a network of hijacked computers used to carry out cyberattacks. “The Russian government has recently used similar infrastructure to attack Ukrainian targets,” Garland told reporters at the justice department.
    “Fortunately, we were able to disrupt this botnet before it could be used. Thanks to our close work with international partners, we were able to detect the infection of thousands of network hardware devices.
    “We were then able to disable the GRU’s [the military intelligence agency] control over those devices before the botnet could be weaponized.” https://www.theguardian.com/us-news/2022/apr/06/us-disrupts-russian-global-botnet-doj

  10. Cap'n Crunch says:

    “On Tuesday, the Ukrainian Computer Emergency Response Team (CERT-UA) and the Slovakian cybersecurity firm ESET issued advisories that the Sandworm hacker group, confirmed to be Unit 74455 of Russia’s GRU military intelligence agency, had targeted high-voltage electrical substations in Ukraine using a variation on a piece of malware known as Industroyer or Crash Override. The new malware, dubbed Industroyer2, can interact directly with equipment in electrical utilities to send commands to substation devices that control the flow of power, just like that earlier sample. It signals that Russia’s most aggressive cyberattack team attempted a third blackout in Ukraine, years after its historic cyberattacks on the Ukrainian power grid in 2015 and 2016, still the only confirmed blackouts known to have been caused by hackers.” https://arstechnica.com/information-technology/2022/04/russias-sandworm-hackers-attempted-a-third-blackout-in-ukraine/

  11. Update says:

    “Russian intelligence agencies have increased their efforts to hack US and allied government computer networks to gather intelligence since the war in Ukraine began, Microsoft said in new findings published Wednesday.
    American organizations were the top target of the Russian hacking attempts outside of Ukraine, according to Microsoft, but the alleged Russian hacking has spanned 42 countries, and a range of sectors that might have valuable information related to the war, from governments to think tanks to humanitarian groups.
    NATO, the 30-country military alliance that includes the US, Canada and European allies, has been a particular target for Russia’ computer operatives, according to the Microsoft report.” https://www.cnn.com/2022/06/22/politics/microsoft-russia-hackings/index.html

    • Cassandra says:

      A comprehensive report from Microsoft about Russia’s cyberattacks during its war with Ukraine compares Russia’s hacks preceding its invasion to the assassination of Archduke Franz Ferdinand, an event the precipitated World War I and shaped much of the 20th century.
      “The recorded history of every war typically includes an account of the first shots fired and who witnessed them,” Brad Smith, Microsoft’s president and vice chair, wrote in the introduction to the report “Historians who discuss the first shots in America’s Civil War in 1861 typically describe guns, cannons, and sailing ships around a fort near Charleston, South Carolina. Events spiraled toward the launch of World War I in 1914 when terrorists in plain view on a city street in Sarajevo used grenades and a pistol to assassinate the archduke of the Austrian-Hungarian Empire.”
      Smith said that the “war in Ukraine follows this pattern,” but that “the first shots” in that war were fired hours before Russian tanks crossed the Ukrainian border, in the form of a cyberweapon called “FoxBlade” that was deployed against Ukrainian computers. https://www.vice.com/en/article/xgyzqj/microsoft-compares-russian-hacks-of-ukraine-to-assassination-that-started-world-war-i

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.