Cybersecurity winter is not coming…

Cybersecurity winter is already here.

WARNING, THIS ARTICLE CONTAINS SPOILERS.

If we were to look back at some of the most important cyberattacks and cyber-risks that occurred so far in 2016, a mid-year review would very closely resemble Game of Thrones: full of conspiracies, betrayals, shameless pretend-to-be friends and unexpected turns of events – we might even end up believing that the cyber-world served as an inspiration for George R. Martin.

 

JANUARY: hacktivists and cyber-terrorists, plot masters

The beginning of this year was marked by a strong growth in hacktivism. According to Hackmageddon, 27.7% of the overall cyber-attacks recorded in January were related to political or religious beliefs. The attack that got the ball rolling: Anonymous versus the Thai police. Seeing how the local police of Thailand had unfairly sentenced to death two foreigners for the murder of a pair of British tourists, Anonymous immediately blocked all access to its website, leaving a single message on the home page: “Failed law. We want justice. #BoycottThailand “.

While this may somehow seem “fair”, we also find a large number of cyber-terrorists (clearly Valar Morghulis advocates) hiding among these hacktivists. As any other community, cyber-terrorists have become increasingly more organized (read our previous article on hacking business models here), putting their technological know-how at the disposal of general disorder. Stingier than the plot masters of Westeros, without any regard for existing criminal or moral laws, nothing can come in their way when it comes to achieving their goals.

FEBRUARY: a wall cannot protect you against malware

The cyber-heist of the Central Bank of Bangladesh shook the financial sector to its core when a group of hackers managed to steal $ 81 million (approximately € 71.5 million) without anyone even noticing. Debts were certainly paid. The case became even more controversial when the details of the attack were published, announcing that the international financial institution in question had not previously installed a firewall.

Cybersecurity experts from around the world lost it that day. Although a single “wall” would not have been enough to keep the outsiders at bay (read our article on the limitations of a firewall here), it still is a basic cybersecurity measure. As hackers’ favorite target, banking organizations should be the first ones to set up a « shield » against external threats. Otherwise, nothing can prevent the wildings from coming in through the front door.

 

MARCH: ransomware or the Ramsey Bolton of digital extortion

A month after the Hollywood Presbyterian Medical Center agreed to pay the ransom in order to unlock its system and resume its activity (a rather important activity taking into account the “public”), hackers declared opened the hunting season on US healthcare institutions. In March, MedStar Health went through a typical “Boltonian” experience in digital torture when its network, linking together ten hospitals, was infected by a ransomware (read our article on data hostage situations here).

Another lesson we learned that month: paying a ransom does not guarantee that hackers will keep their word. Rickon should have probably read this article before placing his trust in Ramsey, don’t you think? #PoorRickon

 

APRIL: an Apple backdoor will not hold without Hodor

After the shooting of San Bernardino, the FBI came into possession of one of the iPhones used by the terrorists and asked Apple to develop a new version of its iOS (read our article on the FBiOS here), which would enable them to bypass some key security features of the iPhone. And what do you think the CEO of Apple replied? No backdoor without Hodor. No, seriously now, Tim Cook bluntly stated that the government could ensure that the FBiOS would not fall into the wrong hands.

We were then emerged in a heated debate between the defenders of security and those of privacy – a similar debate to that between the faith and the crown in Westeros (before Cersei’s other son – we never remember his name – sides with the Septon). Each party was fighting for its rightful place on the Iron Throne, while the real dilemma was not who holds the most power, but rather how to combine these two elements together. Without wildfire to solve the issue, the question still remains.

 

MAY: the old ways are vulnerable against Daenerys’s dragons

When the masters attacked the City of Maureen, Dany defied them by asserting their need to “get rid of the old ways and make way for new ones”, right before burning them alive. In cybersecurity,

Those monitoring the digital pulse of things quickly realized that it’s high time to head towards a different approach (“new ways”) if they want to stay in the game. To deal with advanced and unpredictable threats, one must stray from conventional methods. If Daenerys had the courage to ride a dragon, we can expand the limits of our imagination too.

 

JUNE: not aware = not immune to white walkers

Beginning of the month, DDoS (distributed denial of service) attacks wreaked havoc in the French press (see our article on the latest incidents here). June revealed itself as more generous than the previous months, attacking all pillars of free expression – social networks, for instance (see our article here). All this because of the lack of knowledge (or perhaps, the lack of will?) with concern to cybersecurity best practices and emerging cyber-threats.

How can we protect ourselves against an army of zombies (botnets or not) if 1. we do not have the right weapons and 2. we do not want to admit their existence. Hmm … well, we probably wouldn’t even have time to ask the question.

 

Our mid-year review ends here (phew, we were starting to run out of Game of Thrones references), with a small token of advice: fiction is not just mere exaggeration, sometimes it is there to inspire us to go beyond what is achievable in the present. It is with this vision that we developed Reveelium, with the aim of spending more on predicting attacks rather than treating them. The end of the last GoT season says it all (we were wrong, here’s another reference): the war is just beginning. We will need assets such as Bran and Melisandre to deal with the enemies.

Link:

https://www.reveelium.com/en/cybersecurity-winter-is-not-coming/