Years ago hackers planted malicious software on computer systems that control parts of the United States’ critical infrastructure, including pieces of the electrical grid, gas and water systems. The malware, which the Department of Homeland Security warned about only last month, was dubbed BlackEnergy and traced back to the Russian government.
Whatever they were up to, the cyber-infiltrators didn’t use the digital weapons they’d planted to do any damage.
“This suggests that attackers are collecting detailed information on systems and processes running the vital infrastructure of the U.S … to coordinate further attacks,” says Pierluigi Paganini, a security analyst who publishes the blog SecurityAffairs. The DHS conjectured that attackers planted the threat to deter a future U.S. attack. (Remember Stuxnet?)
The BlackEnergy intrusion is the kind of stuff that national governments typically do in attacks against one another, but it was also reminiscent of a recent corporate hack that hit banking giant JPMorgan last summer. Intruders nosed around the bank’s systems from June to August, undiscovered and uninterrupted. They didn’t take sensitive information like credit card and Social Security numbers, the stuff that sells for a lot of money on the black market. But they did leave malware in the network that could possibly let them further exploit or control the company’s system any time they wanted.
BlackEnergy and the JPMorgan hack have given researchers, government authorities and corporate guardians ample reason to wonder if we’re watching a nascent but significant shift in the security landscape — one that suggests that Corporate America is now subject to cyber-hacks and cyber-attacks once reserved for governments and critical infrastructure.
The recent hacks, as well as others involving Target and the United States Postal Service, show that attackers can squat on a network, undetected, for months. If motivated to do so, they could enter a system, study it and learn how to do more than just steal information.
David Cowan, a cybersecurity investor at Bessemer Venture Partners, says it’s a trend he’s watching closely. Some security professionals believe we’ll see corporate attacks become more destructive over the next year.
Most criminals infiltrate a system to steal and sell data. It’s rare to see an attacker try to shutdown or harm a company.
“To take down a target, you put a price on your head,” says Jeremy Pickett, the head of threat research at the startup vArmour and a former infosec engineer at PayPal. “People hack for financial gain to make getting caught worthwhile. Ideologically motivated attacks only occur in extremely polarized areas, like Iraq.”
But such attacks have happened, including a 2013 campaign that disabled three of South Korea’s biggest banks. The malware was traced back to China, and investigators suspected that North Korea launched the attack.
Remember Anonymous? That clan of cyberhackers also attacked U.S. corporations back in 2010 to show support for Julian Assange and Wikileaks. They tried to shutdown Amazon, PayPal, Visa and MasterCard.
We’re living in what appears to be an increasingly polarized world, where relationships between large countries like the United States, Russia, China and Iran are becoming increasingly strained. That’s why Paganini likens the changing online threat to the arms race and acts of espionage that marked the Cold War battle that Russia and the U.S. waged after World War II and through the 1980s.
The FBI recently said that every major U.S. corporation had been hacked by China. FBI director James Comey noted that the thieves didn’t try very hard to hide their tracks — he compared them to drunk burglars — but they were still able to get in and steal all sorts of sensitive business data.
Imagine what attackers could do if they were able and willing to live, stealthily, inside a digital network, learn to control it and had motivations that were stronger and more passionate than theft or greed.