For years physical security has been imperative for political officials, with body guards and teams of agents securing the leaders of the world. In 2015, the need for protection has begun shifting from the “physical” to the “virtual” as cybercriminals and cyber-spies have started to target leaders.
As noted in the third quarter security roundup, Hazards Ahead: Current Vulnerabilities Prelude Impending Attacks, we are seeing the arms bazaar of the Deep Web now empowering nefarious actors with robust asymmetrical attack capabilities.
One such example is Operation Pawn Storm, a concerted campaign against the leadership of the USA and the Ukraine. Trend Micro researchers have seen evidence of dynamic cyber-attack “kill chains” being waged against senior leadership as a geopolitical reaction to international tensions. This attack campaign leveraged seven zero-day attacks and custom malware for iOS devices.
The X-agent malware for iOS allowed attacker to commandeer proximity settings, e.g. POP the Mic, based on the location of the users’ calendar settings. Late this August, the campaign expanded to include the spouses of the 2,600 most significant people in the Federal government and Congress. With this stealthy feature monitoring those in within earshot, one can imagine private discussions and personal conversations potentially being compromised and recorded.
Pawn Storm serves as a harbinger of things to come, as some geopolitical tensions will manifest as cyber-intrusions. What is most troubling for security veterans is the reality that terrorist groups have dramatically improved cyber capabilities as a result of their participation in a myriad of the Deep Web and Russian underground forums. Critical infrastructures have been exposed and successful attacks could result in a kinetic impact to society at large.
As noted in our survey, “Cyber Security of Critical Infrastructures in the Americas,” 44 percent of the critical infrastructure respondents suffered from “delete and destroy” attacks. This phenomenon continues unabated as the modus operandi of attacks has pivoted from data theft/burglary, to backdoor/home invasion, and, now to destruction of data e.g. “burning the evidence.”