Malware: The New Weapons of Mass Destruction

Canadian businesses are quick to adopt modern technologies into their workplace. It’s how we remain competitive and connected to clients, partners and industry news. But the advancement of malware and constant security attacks makes it increasingly nerve-wracking to those who interact with sensitive business data. Our dependence on the internet makes us a prime target for cyber criminals. But its not just small time hackers, looking to wreak havoc on our computer systems. Cyber-warfare and state-sponsored attacks are on the rise and for many large countries are a central element to their military strategies.

By now it’s very likely that even your average computer user is familiar with the numerous variations of malware.  The threat of not being able to access your business data, or worse having sensitive information made public is enough that its quite common place for businesses to implement comprehensive backups, security awareness training sessions and to have extortion insurance policies in place as part of an effective security strategy.

But it is not just your business that is being threatened by cyber criminals. Malware is also used by state intelligence agencies (commonly referred to as cyber warfare) to carry out attacks or covert actions against other countries’ computer systems. All technologically advanced governments and private businesses are vulnerable to state sponsored cyber espionage. Reports from Canada and across the world confirm that such attacks have succeeded in stealing industrial and state secrets, private data and other valuable information.

The Major Players.

Attackers with even only basic skills have the potential to cause real harm to any of our computer systems and typically aim to hit as many victims as possible. Sophisticated attackers with unlimited funding and resources usually design malware for specific targets and are geared towards data-gathering cyber espionage or sabotage. With the power to disrupt the electronic controls of our power grids, water treatment plants and telecommunications networks, state-sponsored malware has the potential to become the future weapon(s) of mass destruction. They are able to interfere with the production and delivery of basic goods and services provided by our governments and the private sector. In addition, malware can undermind our privacy by stealing our personal information. While it’s very unlikely any government would openly admit to sponsoring such attacks, there has been enough public evidence that “digital armies” exist and are regularly developing new state-sponsored malware.

  • Stuxnet

The worlds first (discovered) digital weapon to attack industrial control systems that monitor and control large scale facilities like power plants, dams, waste processing systems, etc. When a computer is infected with Stuxnet, the malware will wreak physical destruction on the equipment the computer controls.
Stuxnet is believed to be a jointly built cyber weapon by American-Israeli developers (although neither state has confirmed this openly). It was likely developed during the Bush administration to sabotage Iran’s nuclear program.

  • Flame

A Windows specific threat, Flame, is an espionage malware.  It does not appear to be either physically destructive to either the infected networks or the data collected, which has lead researchers to conclude that it’s only purpose was to collect data and not be discovered. Flame’s targets were located in certain Middle Eastern countries.

  • Equation Group

Kaspersky researchers have called Equation Group the most sophisticated computer attack group in the world. ” Equation Group surpasses anything known in terms of complexity and sophistication of techniques, and has been active for almost two decades”.  While Kaspersky will not call them out directly there is strong evidence that suggests the work of Equation Group is that of the NSA (National Security Agency based in the United States). The malicious firmware they’ve created survived a military-grade disk wiping and reformatting. It made victims’ stolen data available even after reformatting the drive and reinstalling the OS. Once a hard drive was compromised the infections were impossible to detect or remove.

The technological breakthroughs Equation group has accomplished and performed against targets leave little doubt that their operations are sponsored by a nation-state with nearly unlimited resources. The countries that were and weren’t targeted, the ties to Stuxnet and Flame found inside the Equation Group key logger strongly support the theory the NSA or a related US agency is the responsible party.

Things to Consider.

Today, more than 100 governments have publicly acknowledged their own offensive cyber-war programs. And while we often hear about our tax dollars going towards infrastructure and military defenses, we must also distribute some towards technology infrastructure and cyber armies, if we intended to defend our systems that we all rely on everyday.

The Canadian federal government alone now offers more than 130 commonly used services online, including tax returns, employment insurance forms and student loan applications. We’ve all seen the nightmares that can become reality when critical systems are corrupted (like Ottawa’s government employees effected by the Phoenix Pay Systems, or Delta’s aging technology).

Most state-sponsored malware targets specific groups and the attacker is only interested in gathering intelligence or conducting espionage. But software tools that are built to do this, can often turn into related malware that has been built upon to wreak havoc in a variety of ways.

Dealing with any kind of cyber threat in isolation is not enough. Whether you are a home user, business, or government agency, an incident response strategy should be in place that enables you to fight back and protect your critical systems and data. Have a security partner on-hand that prepares and responds to security incidents, assess potential vulnerabilities and provides management with direction to reducing cyber security threats.