Reportage from the Cyber Security Week: trends and threats in cyber-space
di Laura Candiani
The place-to-be
For cyber lovers, October is THE month.
Specifically, the European Cyber Security Month: thirty days of events, trainings, workshops and practical demonstrations focused on cyber-security spread around Europe. Very likely, one of the place-to-be is the Cyber Security Week that happens every year in The Hague, Netherlands, and that brings together cyber-professionals and prospective talents from all over the world. Threats and solutions are analysed by a vast range of experts under many and varied aspects: from the technical point of view to the legal dimension, without forgetting the social implications and the psychological factor.
The third edition has been concluded last Friday and, during the last two days dedicated to the CSW Congress and Expo, it has seen the participation of more than 80 partners from businesses, governments, NGOs and training institutions involved in presentations, games, keynotes and workshops. Cyber-securities innovations and solutions have been displayed in more than 50 stands, attracting the interest of almost 900 visitors each day. Country focused pavilions have seen, between the others, the presence of Ukraine, Turkey, Great Britain and Canada. Various activities had the specific purpose of establishing and stimulating potential partnerships: the Matchmaking event, for instance, offered the opportunity to build collaborations between experts; Access to Capital facilitated the contact between entrepreneurs and investors while the Next Gen session engaged students, young professionals and leading experts through case-studies, debates and interactive workshops aimed at developing the potential of future cyber-talents.
Which role do you have in cyber-space? Do you want to be the cyber-attacker?
According to Adam Tyler, Chief Innovation Officer of Experian and speaker at the conference Digital Identities: the currency of the Dark Web, identities and data are the most valuable asset someone can have. And while before the value was physical, in the world of today is digital. The fact that our digital information can be stolen very easily for fraudulent scopes is well known; so why are we still not able to secure them efficiently? Is this a consequence of where the threats are coming from? The majority of people think that such threats can only come from the Dark Web. But the concept of Dark Web, that part of the Internet almost unreachable to common users and land of hackers and criminals, might be fallacious and not even so ‘’dark’’ after all. In reality, actually, it would be pretty easy, hide in plain sight on the surface of a common browser and available to those who know where to look.
During the conference, Tyler has demonstrated live on stage how everything is accessible and available to everybody. Do you want to steal financial data of a colleague of yours? Digit in Google’s search bar ‘’carding forum’’ and a it will appear a list of websites that teach you how to do it. The most used ones? Carding Mafia or PRVTzone. Some of them, even have Facebook group and Twitter accounts to better connect users. Do you prefer to launch a DDoS attack instead? Digit ‘’Network Stresser’’ and for 15 dollars you can have a professional service, like those offered by NetStress.org, that allows you to take down most of businesses websites. And what about a good old malware? ‘’Spyeye 1.3.48 cracked’’ and it’s done!
For better or for worse, nothing is deeply hidden on the Internet anymore. And, at the same time, nothing is really inaccessible: current threats are low cost, easy to get and customizable. And, for this reason, the profile of cyber criminals is changing: larger group of criminals are only a small part today, mostly is young people between 16-25 years old, individuals with a lot of time and a lot of curiosity for what they might be able to do.
But the danger doesn’t lie only on the digital surface, threats are changing and evolving all the time. Some hackers have turned again to the physical world. For less than 20 euro on Ebay, you can find a modified USB cable for your phone with an incorporated SIM at one extremity: once this is plugged in, it records and sends all the data to a predefined remote terminal. An invisible physical threat. One of the reasons of lack of security is simple for Tyler: we do not know how the inside of our devices looks like and, consequently, we are not able to tell if they have been corrupted or not.
What if you are the cyber-victim instead?
And once you find out you and your organization have been under attack and your data have been stolen? The answer has been given during the workshop Responding to Cyber Extortion Attacks: The latest developments in fastest growing cyber threat by Winston Krone from Kivu Consulting BV. The rule is to never pay in order to prevent someone from doing something. The reason is simple: there is no certainty that they will do what they have promised, that they will give you back your data. Or that the data are still actually your data and uncorrupted.
Not all ransomwares are the same, estimations say that there is a new type of malware every few days; and not all of them are well designed. Some, as Rapid or Thanathos, corrupt data and, even in the case of ransom’s payment, you need weeks to recover the files; others like Triple M, encrypt all your files and the decryption key is only available after the payment; some others instead, as Mamba, create permanent damage or takes forever to get decrypted as Bitpaymer .locked. And then, you have those hackers that vanish once they have launched the attack, as Sigma or Crysis/Dharma.
A new phenomenon in this field is the creation of Ransomware-as-a-Service (Raas). Ranion, for instance, is a company that helps users to launch attacks, selling malware package for the price of 600-900 dollars. Despite the fact that ransomwares happen very frequently, the concept doesn’t receive much consent in cyber-space. Individuals that recognize themselves as pure hackers consider scum those who launch ransomware because their malwares impair the same systems and the same ecosystem in which all the hackers operate and benefit from.
How to respond to a ransomware then? Segregating the network and shutting down the system; establish if payment is an option and if it’s the best one; trying to buy time and negotiate and to communicate with the attacker even in case of payment’s refuse; have a mitigation plan ready; be prepared to notify authorities and try to preserve evidence of the attack.
And from the legal perspective? Lawyer Jurrian Jansen from Norton Rose Fulbright LLP and co-speaker at the workshop, explained that once that has been decided to pay the ransomware, legally, this is not always possible. Generally, ransomware payment is not prohibited. But looking at the context, the malware type, the ransomware request, the motives and the type of communication from the attackers and the money’s flow that goes towards certain e-wallet in specific areas, some conclusions on who and why can be drowned. For instance, if following the money, there is the suspicion that Iran and North Korea are behind the attack, the ransomware cannot be paid for any reasons. The same goes for links with terrorism: for instance, under Section 17 of the British Terrorism Act 2000[1], if the victim of the ransomware suspects connection with terrorism, the payment is illegal and the act an offence[2].
During their Cyber War Game workshop, the Cyber Security team of EY had three more fundamental tips to manage a cyber-crisis: preparation, information and communication. Your organization has to be prepared in advanced to the eventuality of a cyber-attack, information has to be gathered in a fast and coherent way and finally, effective communication has to be put in place both externally and internally.
[1]‘’A person commits an offence if (a)he enters into or becomes concerned in an arrangement as a result of which money or other property is made available or is to be made available to another, and (b)he knows or has reasonable cause to suspect that it will or may be used for the purposes of terrorism.’’ [2]For more information, also see Taylor Wessing Law Firm, Cyber extortion – legality of ransom payments and the approach of businesses and insurers,available athttps://united-kingdom.taylorwessing.com/en/insights/accountancy-update/cyber-extortion-legality-of-ransom-payments-and-the-approach-of-businesses-and-insurersIf it was your data, would you be ready?
Autore:
