Earlier this week some disturbing news was relayed by the FBI which could have profound implications for how businesses defend against serious cyber-attacks. A confidential five-page news flash sent to businesses reportedly claimed that hackers are now launching destructive online raids specifically aimed at wiping target companies’ hard drives. It’s the first time such an attack has been waged on US soil and it could be an ominous harbinger of things to come.
So what exactly can we say about the incident and how best might US organizations respond?
Times have moved on a long way from the early days of computer viruses, written by bedroom-bound hobbyists in search of little more than their ten minutes of fame. Today’s cyber adversaries are generally well-organized, highly motivated and laser focused on either making money for themselves and their crime syndicates or advancing the strategic goals of their nation-state sponsors.
In 2010 two watershed events re-defined the threat landscape as we knew it. The first came at the beginning of the year when Google revealed that it had been the victim of a highly targeted, advanced and persistent cyber-attack launched from within China. The full extent of the so-called Operation Aurora campaign still hasn’t been revealed but it is thought to have encompassed dozens of firms, and could be said to be the first recorded incident of a genuine APT attack.
Later that same year, we learned for the first time about Stuxnet – a sophisticated worm leveraging an unheard of four zero-day vulnerabilities with the likely end goal of disrupting industrial control systems in an Iranian nuclear facility. Both attacks taught us much about the level of sophistication and resource that nation states are now devoting to cyber-attacks.
And in 2013 it was reported that computer networks running three major South Korean banks were attacked.
All of these attacks and campaigns are focused on acquiring financial and data intelligence; they have continued to grow stronger and smarter. What we are now seeing today is a finely tuned attack method being waged against high value targets.
Raising the stakes
This week’s revelation could turn out to be as big as these watershed events. Although it’s not yet known who is behind the attacks flagged by the FBI, or how widespread they are, it’s thought that the emergency note sent to firms came after a recent incident at Sony Pictures. That firm’s IT systems have reportedly been crippled for over a week as it deals with an apparent cyber-attack, which has been linked to North Korean operatives.
Most worrying for organizations is that the malware highlighted by the Feds is said to override all hard drive data, including master boot records, preventing the machines from even booting up. Such an attack would obviously be catastrophic for most organizations, but thus far it has been seen only on a couple of occasions – most notably against oil company Saudi Aramco in 2012 which took out up to 30,000 computers.
The fact that what appear to be well-resourced nation state operatives are launching destructive attacks against US organizations should be a wake-up call to all CSOs. It’s doubly concerning that this new tactic effectively destroys any chance of effective incident response. At the very least IT leaders should consider the following: