1 September 2014

Cyber Attacks From Russia Expected to Rise Dramatically If New Economic Sanctions Are Levied on Kremlin

Sanctions on Russia will increase risk of cyber attacks against Western companies and critical infrastructure
IHS Jane’s Intelligence Review
August 27, 2014
The United Kingdom’s Government Communication Headquarters (GCHQ) to the west of Cheltenham. Western companies may be at increased risk of cyber attacks following sanctions on Russia, but GCHQ and other Western government bodies have taken steps to tackle cyber crime. 
Key Points Increased Western sanctions against Russia suggest that retaliatory cyber attacks are more likely. 

State or state-sponsored cyber groups are likely to target critical Western assets with disruptive or criminal attacks. 

Firms that manage critical resources or financially sensitive data are likely to be at the highest risk of attack, together with large companies that are considered to be “symbolically Western”. 
EVENT

EU and US sanctions have been steadily expanded against Russia since they were first initiated in March following Moscow’s annexation of the Ukrainian region of Crimea. The most recent round, announced on 30 July, targeted specific sectors of the Russian economy, including state-owned banks and a ban on the export of certain technologies to be used in oil extraction.

EU and US sanctions have been steadily expanded against Russia since they were first initiated in March following Moscow’s annexation of the Ukrainian region of Crimea. The most recent round, announced on 30 July, targeted specific sectors of the Russian economy, including state-owned banks and a ban on the export of certain technologies to be used in oil extraction.

As any economic sanctions imposed by Russia will have far more limited ramifications than the Western sanctions are already having on Russia, IHS assesses that there is an increased risk of Russia seeking to retaliate by other means, including cyber attacks against Western states, both against critical infrastructure and businesses.

In August 2014, at least four US banks were hacked, including JP Morgan, with the hackers stealing data relating to checking (current) account and savings account information in what was described in the New York Times as a “sophisticated cyber attack”, which is being investigated by the FBI and NSA. According to Bloomberg, the attacks were the work of Russian hackers, as the level of sophistication was too high for normal criminals, suggesting state sponsorship. As well as state and financial assets, critical national infrastructure (CNI) and large companies considered to be “symbolically Western” are likely to be within the target set for any potential state-sponsored cyber attacks.
HISTORICAL CYBER CRIME

Russia has been accused by several cyber security firms of having undertaken cyber attacks, as a nation-state and a “host” for non-state actors. In July 2014, a representative for the W0rm Russian hacking collective claimed responsibility via Twitter for stealing a database of passwords and usernames from the CNET website servers for more than 1 million users. In August, an estimated 1.2 billion confidential usernames and passwords gathered from 420,000 websites were stolen by the Russian CyberVor group, according to Hold Security. There is no evidence of state sponsorship, but we assess that so-called patriotic hackers are valuable as they allow plausible deniability of state involvement.

Cyber attackers targeted Estonia in May 2007, attacking government websites, media, and financial institutions for three weeks after the government moved a Soviet-era war memorial from the city centre provoking anger among Estonia’s ethnic-Russian population and condemnation from Moscow. Estonian state and commercial websites were bombarded with requests for information, overwhelming servers, as part of a distributed denial of service (DDoS) attack. Similar attacks were launched against Georgia during its conflict with Russia in August 2008.

According to security firm Symantec the malware (malicious software) used in Estonia appeared to have been specifically targeted, and it was likely that “only a nation-state” would have the capabilities to create such complex malware and that the targets would be of more interest to a nation-state than an individual. The attacks involved computers being infected with software that opens a backdoor, providing access to files and servers and the ability to download viruses. According to a 2012 report by Kaspersky Lab, Russia was among the top five malware-hosting countries and among the top five for the highest frequency of web attacks.

In August 2014, dozens of computers in the Ukrainian prime minister’s office and at least 10 Ukrainian embassies abroad were infected with a cyber espionage weapon linked to Russia, according to the UK’s Financial Times newspaper. According to senior intelligence officials from NATO member states, Russia has been waging an aggressive, sophisticated cyber espionage campaign against Ukraine. Using programmes such as TOR for online anonymity, hackers can disguise their online trail by heavily encrypting the original data, done by sending it through a huge network of relays to conceal the IP address. The exact levels of hacking by Russian-linked perpetrators may therefore be considerably higher.
EXISTING RESILIENCE

Most large multinational firms have the financial and physical resources to ensure that their websites are protected with robust security measures. For example, Deloitte, a firm traditionally known for financial services, now hosts a Cyber Intelligence Centre to provide clients with a range of cyber security protective measures and advisory services. Many websites are designed to cope with huge demand, making them difficult, but not impossible, to overwhelm. In March 2014, several NATO-operated websites were brought down by a DDoS attack for which a pro-Russian Ukrainian hacking group, CyberBerkut, claimed responsibility, although this claim was not officially authenticated.

Governments have taken some steps to tackle the most serious forms of cyber crime - for example, in the United Kingdom, the Office of Cyber Security and Information Assurance (OCSIA) determines priorities in relation to cyberspace on a national scale. The UK’s National Security Strategy is assisted by Government Communications Headquarters (GCHQ) and the Centre for the Protection of National Infrastructure (CPNI); the National Cyber Security Programme was also ring-fenced in the latest 2013 Spending Review, having received GBP650 million over four years, highlighting the UK government’s commitment to improving resilience and issues surrounding cyber security. For example, spending by the Security and Intelligence agencies on national sovereign capability to detect and defeat high-end threats was estimated at GBP157 million (actual and forecast spend for 2011-13). According to a report by the National Audit Office, cyber attacks cause an estimated GBP18-27 billion in damage to the UK economy annually.

However, in the United States, Congress has continually failed to pass cyber security legislation, hindering the ability to counter cyber threats. Proposals for the Cyber Intelligence Sharing and Protection Act failed after the administration of President Barack Obama argued that the bill lacked confidentiality and civil liberties safeguards and would be vetoed by the White House. Given the ongoing repercussions from the information leaked by former US intelligence agent Edward Snowden concerning government surveillance and privacy, such concerns are taken extremely seriously and any legislation is unlikely to become law if opposed by advocates of internet privacy and civil liberties.
FORECAST

Former US national coordinator for security, infrastructure protection, and counter-terrorism Richard Clarke and former secretary of defence Leon Panetta warned of Russian retaliatory cyber attacks in April 2013 as a natural counter to Western economic sanctions. Panetta called cyber attacks the “battleground of the future” and said that Russia is second only to the US in cyber capabilities. Such state retaliation is not unusual: according to the chair of the Homeland Security and Governmental Affairs Committee, in 2012 Iran mounted a series of cyber attacks against major US financial institutions in retaliation for sanctions aimed at halting Iran’s nuclear programme. The attacks were intended to disrupt and delay online operations. Although no serious disruption was caused, this was the largest attempted DDoS attack, demonstrating sophisticated Iranian capabilities.

Given the increasing understanding of the need for high levels of cyber defence in the West generally, any potential threat is likely to be mitigated. For example, the UK government has allocated GBP860 million for the National Cyber Security Strategy since 2009. NATO has also created a Cyber Incident Response Centre to act as a co-ordination hub for NATO members to conduct and defend against cyber operations in case of an attack against the organisation or its members.

However, any government measures are likely to be restricted by budgetary constraints; it is likely that cyber defence will have suffered since 2007, at least in some of the hardest hit countries, as governments worldwide are forced to divert spending into other sectors. Additionally, the asymmetric nature of the cyber threat, as well as the sheer range of targets and potential methods of attack, means that cyber defences are likely to remain stretched and the threat of such retaliatory attacks will remain high.

No comments: