DOCSLIB.ORG

Cyber Attacks: Implications for Current and Future Policy

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Cyber attacks: Implications for current and future policy Introduction 2 Fancy Bear Group 2 Targets of the attack 3 International Republican Institute 3 The Hudson Institute 4 Description of the attacks 5 Reaction 8 Political consequences 9 Conclusion 11 References 12 1 Introduction Information networks are now everywhere But how are these attacks carried out? who and no field can escape it, especially not are the actors behind the scenes. What are politics. Increasingly often cyber-related the stakes involved and what enables these scandals are breaking out and the aim of attacks? To answer these questions, this case many of them is the destabilizing a country's study focuses on the group known as Fancy political life. The Estonian government in Bear and its attacks on the International 2007 [1], a French political party in 2017 or Republican Institute and the Hudson the German government in early 2019 [3]. Institute Think Tank in 2018. The case was These and many other countries have chosen because of its context and the suffered a cyber attack against their reactions of the actors involved. First section governments. Even the United States which of this case study discusses the Fancy Bear is considered the most powerful country in cybercriminal group. Next, the two targets the world, is an recurring victim of these of the attack are introduced and some of the type of cyber attacks. For example, the political context will be given before recent Russian interference in 2016 that explaining the actual attack in the third targeted the presidential elections had section. Finally, the reactions of various widespread, global publicity. [4] parties involved are analysed. Fancy Bear Group APT28, Pawn Storm, Sofacy Group, Among the most famous attacks by the STRONTIUM are some other known names group include attacks on NATO and the given to Fancy Bear hacker group. The White House in August 2015, using a variety of names alone speaks of the scale of zero-day exploit of java, spoofing the organization. In fact, This group of website[6]. An attack on the French hackers is linked to Russian military foreign TV5Monde television channel, taking intelligence (GRU) with high probability but control of the 12 television channels as well no irrefutable evidence of this link has been as Facebook and Twitter accounts [7]. As published. well as, the Democratic National Committee The group was founded in the mid-2000s hack in 2016 during the American elections and since then this group has been at the [8]. All these attacks are complex and can origin of numerous cyberattacks. These take several months to organize and execute. cyber attacks have had wide variety of Indeed, Fancy Bear is known to exploit targets and motives including for example zero-day vulnerabilities, spread malware and collecting information on journalists, senior spear phishing. That is why Fancy Bear is officials of the Orthodox Christian Church, classified as an APT, Advanced Persistent political opponents, governments and Threat, which is a type of stealth and companies [5]. continuous hacking, often orchestrated by 2 humans targeting a specific entity. These The intensification of attacks by this group kinds of attacks require a lot of resources, as well as other hacker groups such as Cozy resources that only states can afford, which Bear, also affiliated with the Russian state, supports suspicions of links with the suggests that the Russian authorities are no Russian government as well as the targets longer concerned with hidden advances and being aligned with Russian interests. are showing greater audacity. Targets of the attack As mentioned in the previous section, Fancy bear is an infamous group of cyber criminals. Their attack targets wary in range from small scale email leaks to serious attacks that are discussed in the news world wide [9]. In this report, the focus is on an attack on two organizations that are key facilities for the future of democracy, namely the international Republican institute and the Hudson institute think tanks [10]. This section describes the attack targets in detail. International Republican Institute International Republican institute (IRI) is an As the organization is a nonprofit, the organization that was established in April empowering of democracy starts with 1983. It is an nonprofit organization and volunteer experts from all over the world. despite its name being similar to an Example work includes improving electoral American political party, it is totally processes and querying public opinions as nonpartisan organization that does not really well as increasing women’s rights as well as take sides in politics. It’s true aim is to the overall political and democratic systems. improve democracy and freedom in the These actions are currently being done in 85 world. To achieve that, they work to create a countries around the world. [11] conversation channel between the governments and the people. They The exact reason why the organization was encourage politicians to listen to the citizens targeted by Fancy bear remain a mystery. and they encourage people to interact in the However, knowing that Fancy Bear has political decision making process. The russian connections and their repeated greater goal of doing this is to make attempts to try and shake the state of democracy flourish in countries where there democracies around the world, It would is no democracy, and share best practices seem that this was just another attempt to do between democracies that do flourish to just that, to shake the trust in the future of ensure efficient rule of the country and the democracy by gaining access to something longevity of current democracies. [11] confidential and scandalous and leaking it. 3 The Hudson Institute The Hudson institute was established in and culture. In addition, the ever improving 1961 by Herman Kahn. It is an organization technologies for example in health care, will that attempts to guide decisions makers in challenge the current way of thinking. The their preparation for the future. They try to aim of Hudson institute is to create encourage people to think outside of the strategies that result in controlled transitions box, outside of the conventional way of into these new ideas and technologies for thinking. New ways of thinking are vitally example in terms of law making. [12] important when managing step by step transitions to the future as the needs and Hudson institute is an American institute thoughts will not be what they are now in that operates both in America and globally. the future and there needs to be a controlled They organize publications, conferences, steps from here to the future. [2] policy briefings and various other recommendations to affect how government These steps are required in various fields. and other officials make decisions. [12] For example, Defense will continue to be an important political issue in the future as new The exact reason for the attack remains a ways to wage war are undoubtedly being mystery aside from gaining access to the developed. For example, first and second company’s credentials. Since Fancy Bear world wars involved physical machines, has Russian ties and they have attempted to while the next one might involve virtual affect governing of foreign countries in the warfare in the cyberspace. With the past, it might be reason enough that it was increased use of cyberspace it is important an important company for American to understand its effect on people and how to democracy. As American democracy is control the change for example when it being pushed to the limits under Donald comes to international relations, economics Trump’s presidency. Description of the attacks We now know the attackers, Fancy Bear, in order to gain access to confidential and the targets, the International Republican information. Institute and the Hudson Institute. Even if the reasons for this attack are unclear, the To steal credentials this, Fancy Bear used goal was to steal usernames and passwords social engineering. Social engineering 4 practices exploit the psychological, social victim will then enter his personal codes and broader organizational weaknesses of which will be retrieved by the person who individuals or organizations to obtain created the fake site, he will then have something fraudulently. For this attack, access to the victim's personal data and will fancy bear uses a method that the group is be able to steal and modify everything the familiar with, namely spear phishing. victim has on the said website. The attack Indeed, Fancy Bear has already carried out can also be carried out by e-mail or other this type of attack on at least 4 other targets electronic means. since 2014. Spear phishing [13] is a variant of phishing, Phishing consists of making the victim the distinction is made on the target. In believe that he is speaking to a trusted third phishing, victims are more or less random, party (bank, administration, etc.) to obtain everyone can be affected, while spear personal information: password, credit card phishing targets particular persons or number, number or photocopy of the company’s employees. To this end, the national identity card or date of birth. It is attack is more elaborate, cybercriminals will the most popular attack of the 21st century collect information on the victims to make and is not always easy to detect. Indeed, the attack as effective and efficient as most often, an exact copy of a website is possible. Spear phishing is a widely used made in order to make the victim believe tool in APT attacks targeting large that he is on the official website where he companies, banks, NGOs or governments. thought he or she was connecting to. The 5 Figure 1 : schema of “spear phishing” attack The spear phishing attacks are carried out attack, it seems that the group had enough according to the diagram in Figure 1, which information to know that the institutes are will be explained in parallel with how the using Microsoft Office 365.
Recommended publications
  • View Final Report (PDF)

    View Final Report (PDF)

    TABLE OF CONTENTS TABLE OF CONTENTS I EXECUTIVE SUMMARY III INTRODUCTION 1 GENESIS OF THE PROJECT 1 RESEARCH QUESTIONS 1 INDUSTRY SITUATION 2 METHODOLOGY 3 GENERAL COMMENTS ON INTERVIEWS 5 APT1 (CHINA) 6 SUMMARY 7 THE GROUP 7 TIMELINE 7 TYPOLOGY OF ATTACKS 9 DISCLOSURE EVENTS 9 APT10 (CHINA) 13 INTRODUCTION 14 THE GROUP 14 TIMELINE 15 TYPOLOGY OF ATTACKS 16 DISCLOSURE EVENTS 18 COBALT (CRIMINAL GROUP) 22 INTRODUCTION 23 THE GROUP 23 TIMELINE 25 TYPOLOGY OF ATTACKS 27 DISCLOSURE EVENTS 30 APT33 (IRAN) 33 INTRODUCTION 34 THE GROUP 34 TIMELINE 35 TYPOLOGY OF ATTACKS 37 DISCLOSURE EVENTS 38 APT34 (IRAN) 41 INTRODUCTION 42 THE GROUP 42 SIPA Capstone 2020 i The Impact of Information Disclosures on APT Operations TIMELINE 43 TYPOLOGY OF ATTACKS 44 DISCLOSURE EVENTS 48 APT38 (NORTH KOREA) 52 INTRODUCTION 53 THE GROUP 53 TIMELINE 55 TYPOLOGY OF ATTACKS 59 DISCLOSURE EVENTS 61 APT28 (RUSSIA) 65 INTRODUCTION 66 THE GROUP 66 TIMELINE 66 TYPOLOGY OF ATTACKS 69 DISCLOSURE EVENTS 71 APT29 (RUSSIA) 74 INTRODUCTION 75 THE GROUP 75 TIMELINE 76 TYPOLOGY OF ATTACKS 79 DISCLOSURE EVENTS 81 COMPARISON AND ANALYSIS 84 DIFFERENCES BETWEEN ACTOR RESPONSE 84 CONTRIBUTING FACTORS TO SIMILARITIES AND DIFFERENCES 86 MEASURING THE SUCCESS OF DISCLOSURES 90 IMPLICATIONS OF OUR RESEARCH 92 FOR PERSISTENT ENGAGEMENT AND FORWARD DEFENSE 92 FOR PRIVATE CYBERSECURITY VENDORS 96 FOR THE FINANCIAL SECTOR 96 ROOM FOR FURTHER RESEARCH 97 ACKNOWLEDGEMENTS 98 ABOUT THE TEAM 99 SIPA Capstone 2020 ii The Impact of Information Disclosures on APT Operations EXECUTIVE SUMMARY This project was completed to fulfill the including the scope of the disclosure and capstone requirement for Columbia Uni- the disclosing actor.
  • Hacks, Leaks and Disruptions | Russian Cyber Strategies

    Hacks, Leaks and Disruptions | Russian Cyber Strategies

    CHAILLOT PAPER Nº 148 — October 2018 Hacks, leaks and disruptions Russian cyber strategies EDITED BY Nicu Popescu and Stanislav Secrieru WITH CONTRIBUTIONS FROM Siim Alatalu, Irina Borogan, Elena Chernenko, Sven Herpig, Oscar Jonsson, Xymena Kurowska, Jarno Limnell, Patryk Pawlak, Piret Pernik, Thomas Reinhold, Anatoly Reshetnikov, Andrei Soldatov and Jean-Baptiste Jeangène Vilmer Chaillot Papers HACKS, LEAKS AND DISRUPTIONS RUSSIAN CYBER STRATEGIES Edited by Nicu Popescu and Stanislav Secrieru CHAILLOT PAPERS October 2018 148 Disclaimer The views expressed in this Chaillot Paper are solely those of the authors and do not necessarily reflect the views of the Institute or of the European Union. European Union Institute for Security Studies Paris Director: Gustav Lindstrom © EU Institute for Security Studies, 2018. Reproduction is authorised, provided prior permission is sought from the Institute and the source is acknowledged, save where otherwise stated. Contents Executive summary 5 Introduction: Russia’s cyber prowess – where, how and what for? 9 Nicu Popescu and Stanislav Secrieru Russia’s cyber posture Russia’s approach to cyber: the best defence is a good offence 15 1 Andrei Soldatov and Irina Borogan Russia’s trolling complex at home and abroad 25 2 Xymena Kurowska and Anatoly Reshetnikov Spotting the bear: credible attribution and Russian 3 operations in cyberspace 33 Sven Herpig and Thomas Reinhold Russia’s cyber diplomacy 43 4 Elena Chernenko Case studies of Russian cyberattacks The early days of cyberattacks: 5 the cases of Estonia,
  • Belling the BEAR

    Belling the BEAR

    2016/12/21 Russia Hacks Bellingcat MH17 Investigation | ThreatConnect SEPTEMBER 28, 2016 Belling the BEAR IN BLOG, FEATURED ARTICLE, RESEARCH BY THREATCONNECT RESEARCH TEAM ThreatConnect reviews activity targeting Bellingcat, a key contributor in the MH17 investigation. Read the full series of ThreatConnect posts following the DNC Breach: “Rebooting Watergate: Tapping into the Democratic National Committee [https://www.threatconnect.com/tapping-into-democratic-national-committee/] ”, “Shiny Object? Guccifer 2.0 and the DNC Breach [https://www.threatconnect.com/guccifer-2-0-dnc-breach/] “, “What’s in a Name Server? [https://www.threatconnect.com/whats-in-a-name-server/] “, “Guccifer 2.0: the Man, the Myth, the Legend? [https://www.threatconnect.com/reassesing-guccifer-2-0-recent-claims/] “, “Guccifer 2.0: All Roads Lead to Russia [https://www.threatconnect.com/guccifer-2-all-roads-lead-russia/] “, “FANCY BEAR Has an (IT) Itch that They Can’t Scratch [https://www.threatconnect.com/fancy-bear-it-itch-they-cant-scratch/] “, “Does a BEAR Leak in the Woods? [https://www.threatconnect.com/blog/does-a-bear-leak-in-the-woods/] “, and “Russian Cyber Operations on Steroids [https://www.threatconnect.com/blog/fancy-bear-anti-doping-agency-phishing/] “. [UPDATE] October 7th 2016 [/russia-hacks-bellingcat-mh17-investigation#update] Introduction Since posting about the DNC hack [https://threatconnect.com/blog/tapping-into-democratic-national-committee/] , each time we published a blog post on a BEAR-based topic we thought it was going to be our last. But like the Death Star’s gravitational pull, the story keeps drawing us back in as new information comes to light.
  • Information Provided by DHS Regarding Russian Scanning Was Incorrect Date: Wednesday, September 27, 2017 12:49:59 PM

    Information Provided by DHS Regarding Russian Scanning Was Incorrect Date: Wednesday, September 27, 2017 12:49:59 PM

    From: (b) (6) To: (b) (6) Subject: FW: Information Provided by DHS Regarding Russian Scanning was Incorrect Date: Wednesday, September 27, 2017 12:49:59 PM From: Secretary of State, Press Sent: Wednesday, September 27, 2017 2:58:05 PM To: Secretary of State, Press Subject: Information Provided by DHS Regarding Russian Scanning was Incorrect AP17:073 FOR IMMEDIATE RELEASE September 27, 2017 CONTACT: Jesse Melgar or Sam Mahood (916) 653-6575 Information Provided by DHS Regarding Russian Scanning was Incorrect SACRAMENTO – California Secretary of State Alex Padilla issued the following statement. “Last Friday, my office was notified by the U.S. Department of Homeland Security (DHS) that Russian cyber actors 'scanned' California’s Internet-facing systems in 2016, including Secretary of State websites. Following our request for further information, it became clear that DHS’ conclusions were wrong.” “DHS confirmed that Russian scanning activity had actually occurred on the California Department of Technology statewide network, not any Secretary of State website. Based on this additional information, California voters can further rest assured that the California Secretary of State elections infrastructure and websites were not hacked or breached by Russian cyber actors.” “Our notification from DHS last Friday was not only a year late, it also turned out to be bad information. To make matters worse, the Associated Press similarly reported that DHS has reversed itself and 'now says Russia didn’t target Wisconsin’s voter registration system,' which is contrary to previous briefings.” epic.org EPIC-17-03-31-DHS-FOIA-20180416-Production-1 000001 NPPD 000650 “The work of our intelligence agencies is critical in defending against cyber threats.
  • Ransomware a MULTI-HEADED MONSTER to BEAT

    Ransomware a MULTI-HEADED MONSTER to BEAT

    Ransomware A MULTI-HEADED MONSTER TO BEAT ERIK HESKES MAY 2021 RANSOMWARE Ransomware Introduction Ransomware is a buzzword and a real threat. A sophisticated attack or a script kiddie may lead to this result: a complete lockdown of a company with the associated damage. This damage can be enormous. Not only because the systems are down and no work can be done, but also because restoring the system, either by paying the ransom or by hiring specialists is very expensive indeed. And then there's reputational damage. When asked how it got to this point, hardly anyone has a good answer.... With the resources available, the attacker has every chance of committing a successful attack. This white paper covers the history of this type of attacks, the reasons for the attacker to carry out such an attack, the various ways of ransomware attacks and, very important, it describes the key protection measures that need to be in place to reduce chances of becoming a victim of these attack. Understanding the variety in ransomware attacks from the recent past is necessary to be able to determine the best strategy to protect the company’s data systems. Although, as you will see, dealing with ransomware is like dealing with a multi-headed monster. What is Ransomware? Ransomware can be defined as a type of malware that can infect a system by the encryption of files, folders, or an entire system. The compromised system shows the victim that a ransom needs to be paid, often by means of transferring a set amount of cryptocurrency or a large sum of money to an account or crypto wallet controlled by the attacker.
  • ' ' ' I ‘ *flfsmf WHO [00K GREAT

    ' ' ' I ‘ *flfsmf WHO [00K GREAT

    H .‘ Ä l“: \ I I ‘ \ l k ,.._ E ¥ \ FASSBENDER TEES OFF! ‘ CLOAK & HACKER How nusslks DIGITAL sms ARE PLANNING To INVAIJE AMERICA PENN STATE wnv Is FOOTBALL THESPoRToF sex PREDATORS? nun .' ' ' i ‘ *flfsmf WHO [00K GREAT. .ALLTHE RULES "SHOW IE I I STIIIGHTFOIHAID 54,99 "III III llFE. IT CAN BE VERY SIMPLE, BIIT IT CAI SET VERY COMPLICATED.‘ —Ii|:lael Installer UH“) HE TABLE OF NTENTS Ta INTO THE COUNTRY Joe Alwyn, the breakout smr nfb‘i'lly Lynn's Long Halfr‘ime Walk. tries on the seron's most stylish outdoor clothes, pg. 122 The Spark Michael Fassbender has a gift that makes great directors want to line up for him. But what happens to the life Ufa private man when he always has m reveal himself? Best of Times. BY AMANDA Worst of Times. I’ETRUSICH Some days. \I'nu \\ oke up p g . 10 6 feelim.r like yuu \\ ere “\ng in the spring See No Evil, Hear No of hope: other days. the Evil, Speak No Evil \\ inter nfdespuiiz Have He u b the head {mitlmll we reached utnpia 0r much zit .in elite prep Armageddon? \,k'l1|)l)l. HL‘ “1h. JIM) .1 CONTRIBUTION.'S HY \eriul pudnphih’ TED HELLER AND HY hlx’H' LE“ IS DANIEL SCHOFIELI) p g . 114 p g. ‘l 3 8 The Plot Against That '805 Show America Just like the mnmter I he mxhle «um ul hmv nn Stranger Things. HIHHJH xpiwhuckcd their hit slut“. the Ihx- l .N, elm'tiun buffer hmthen wenn-d “Y III()\I \\.
  • Cyber Security: Cyber Crime, Attacks and Terrorism

    Cyber Security: Cyber Crime, Attacks and Terrorism

    ODU UN Day 2020 Issue Brief GA First Committee (DISC) Cyber Security: Cyber Crime, Attacks and Terrorism Nick Myers ODU Model United Nations Society Introduction rise of cyber-attacks and the security measures against them in the hope of eliciting new Technology has revolutionized the international regulations regarding cyber interconnectedness of the globe. The flagship of security. Yet, the UN is not without problems of that globalization is the Internet. However, like its own in addressing the issues surrounding all other interconnecting technologies before it, cyber security and cyber terrorism. the Internet can become a weapon in the eyes of states, criminals, and terrorists alike. Known as Broadly, the UN is faced with a major roadblock either cyber war or cyber conflict, these attempts related to cyber. Member States have varied to disrupt information technology systems have positions on whether the UN should have provoked an increasingly desperate debate on oversight over what a nation does in cyberspace. how to respond. Some Member States insist current international laws can sufficiently deal with cyber threats. Other Member States fear expanding international law will be used to narrow their national power, or might undermine their freedom of action. Currently, cyberspace is viewed as an extension of international law, meaning cyber-attacks are viewed as legally the same as physical attacks rather than as separate issue without its own norms. There is some interest within the General Assembly and the Security Council to address cyber threats by creating new norms for cyber response and use. But the disconnect between As UN Member States struggle to protect their the international dangers and national networks and linked infrastructure from capabilities in cyberspace weakens the potential disruption, security against foreign-based attacks for forceful UN action, even when it is needed has become vital.
  • 2020 Cyber Threatscape Report I Accenture

    2020 Cyber Threatscape Report I Accenture

    2020 CYBER THREATSCAPE REPORT Accenture Security CONTENTS EXECUTIVE SUMMARY 3 What’s inside? 6 FIVE FRONTLINE TRENDS 11 01 COVID-19 ACCELERATES THE NEED FOR ADAPTIVE SECURITY 12 Pandemic opens the door to opportunistic threats 13 Surveillance tools are poised to welcome the age of Big Brother 20 02 NEW, SOPHISTICATED TTPS TARGET BUSINESS CONTINUITY 31 Established platforms are under siege 32 Cyberattackers evolve techniques used to exploit vulnerabilities 37 03 MASKED OR NOISY CYBERATTACKS COMPLICATE DETECTION 40 Sophisticated adversaries mask identities with off-the-shelf tools 41 Spear phishing steps up a gear 46 Supply chain targeting persists—and proliferates 51 04 RANSOMWARE FEEDS NEW PROFITABLE, SCALABLE BUSINESS 55 Maze ransomware changes the game, again 56 Data theft and extortion imitations increase victims’ pressures 58 New ransomware momentum upends cost vs disruption debate 59 05 CONNECTEDNESS HAS CONSEQUENCES 65 Virtualization of Operational Technologies is increasing 67 Cloud connectivity of OT systems is increasing 67 Internet-connected devices are increasing 68 A FLEXIBLE FUTURE 85 ABOUT THE REPORT 87 CONTACTS 88 2 2020 Cyber Threatscape Report EXECUTIVE SUMMARY In the past year, security strategies and practices have been tested like no other. Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world. CISOs who understand these challenges and can pivot their security approach can help their organizations to emerge stronger. 3 2020 Cyber Threatscape Report EXECUTIVE SUMMARY Accenture Cyber Threat Intelligence (Accenture CTI) has been creating relevant, timely and actionable threat intelligence for more than 20 years.
  • Chapter 29 Cyber Attacks by Terrorists and Other Malevolent Actors

    Chapter 29 Cyber Attacks by Terrorists and Other Malevolent Actors

    Chapter 29 Cyber Attacks by Terrorists and other Malevolent Actors: Prevention and Preparedness With Three Case Studies on Estonia, Singapore, and the United States Shashi Jayakumar The field of cyberterrorism has existed for as a long as it has been possible to interdict or compromise computer systems. While contributions of scholars, researchers, and practitioners have enriched discussions, there are longstanding and unresolved issues of definition which can give rise to confusion. Does cyberterrorism mean attacks only by individuals groups that fall within widely accepted definitions of “terrorist” or “terrorist organizations?” To what degree does the aim or intention of the malicious actor matter? For the purposes of the present volume, this study (without sidestepping these questions) examines attacks against computer infrastructure and Critical Information Infrastructure (CII) by all actors with capability, and not just groups such as Al-Qaeda or ISIS. As the author notes and establishes early in his discussion, this is necessary given that while conventional terrorist groups might have intent, they have not to date acquired the capability to carry out a genuinely destructive cyber-attack of the type that might lead to major loss of life or infrastructural damage. It is (for the most part) states which have this capability. Cyber prevention and preparedness covers a wide range. This three-part chapter includes technical aspects of cyber protection, systems (and people) resilience, risk mitigation, as well as nurturing talent within
  • From Cozy Bear, Lazarus Group, and Cerium, to Fireeye and Solarwinds: Why Life Sciences Companies Require a Comprehensive Approach to Defend Against Cyberattacks

    From Cozy Bear, Lazarus Group, and Cerium, to Fireeye and Solarwinds: Why Life Sciences Companies Require a Comprehensive Approach to Defend Against Cyberattacks

    Life Sciences From Cozy Bear, Lazarus Group, and Cerium, to FireEye and SolarWinds: Why Life Sciences Companies Require a Comprehensive Approach to Defend Against Cyberattacks Life Sciences companies collect, store, and utilize large quantities of personal data, including personal health information related to drug trials, through Software as a Medical Device and digital therapeutics, and intellectual property, including innovative research (e.g., COVID-19 vaccine research), and other industry-specific technologies. This data is very attractive to cyber criminals, nation state-sponsored hackers, and competitors owned by countries. The consequences of a successful data breach can include the theft of intellectual property, compromised research data, lost revenue, and financial penalties. On March 2, 2021, Microsoft announced that zero-day vulnerabilities in its Exchange Server email and calendar software have been exploited by a Chinese hacking group it calls HAFNIUM. A variety of Microsoft clients were targeted including infectious disease researchers.1 A BBC News bulletin issued February 16, 2021, claims that North Korea attempted to steal COVID-19 vaccine technology from US Life Sciences company Pfizer, according to South Korean intelligence officials.2 In July 2020, APT29 (Cozy Bear) was identified by cybersecurity agencies from the UK, Canada, and the US as targeting pharmaceutical companies and academic institutions tied to COVID-19 vaccine development.3 A November 2020 media report states that Russia’s APT28 (Fancy Bear), the Lazarus Group from North Korea, and another North Korea-linked group dubbed Cerium, are actively attempting to hack companies involved in COVID-19 vaccine and treatment research.4 AstraZeneca COVID-19 research was targeted by North Korea using fraudulent recruiting schemes to trick personnel into applying for fictitious job postings via LinkedIn and WhatsApp.5 1.
  • King's College, London: Department of War Studies

    King's College, London: Department of War Studies

    UNIVERSITY OF READING U.S. Strategic Cyber Deterrence Options Doctor of Philosophy in Politics Department of Politics & International Relations Scott Jasper March 2018 1 Contents Abstract......................................................................................................................... 3 List of Abbreviations..................................................................................................... 4 Introduction................................................................................................................... 7 Section One: Thinking about Deterrence Chapter I: Literature Review........................................................................................59 Chapter II: Global Cybered Conflict...........................................................................120 Chapter III: Theoretical Foundations..........................................................................158 Section Two: Contemporary Deterrence Strategies Chapter IV: Deterrence by Retaliation.........................................................................198 Chapter V: Deterrence by Denial................................................................................. 234 Chapter VI: Deterrence by Entanglement.....................................................................269 Section Three: A New Strategic Option Chapter VII: Active Cyber Defense..............................................................................307 Conclusion.....................................................................................................................343
  • The Most Dangerous Cyber Nightmares in Recent Years Halloween Is the Time of Year for Dressing Up, Watching Scary Movies, and Telling Hair-Raising Tales

    The Most Dangerous Cyber Nightmares in Recent Years Halloween Is the Time of Year for Dressing Up, Watching Scary Movies, and Telling Hair-Raising Tales

    The most dangerous cyber nightmares in recent years Halloween is the time of year for dressing up, watching scary movies, and telling hair-raising tales. Events in recent years have kept companies on high alert. Every day we are seeing an increase in cyberattacks carried out by organized hacker organizations. In a matter of seconds, these threats can destabilize large corporations, stealing large quantities of money and personal data, as well shake the very foundations of entire world powers. Have a look at some of the most terrifying attacks of recent years. 2010 2011 2012 Operation Aurora RSA SecurID Stratfor A series of cyberattacks carried out RSA suffered a security breach as a Publication and dissemination of worldwide, targeting 34 companies, result of a cyberattack that sought internal emails exchanged between including Google. The attack was details about its SecureID system. personnel of the private intelligence perpetrated by a group of Chinese espionage agency Stratfor, as well as hackers. PlayStation Network emails exchanged with clients of the firm. 77 million accounts were Australian Government compromised and blocked PS3 and DDoS attacks, carried out by the PlayStation Portable users from Linkedin online community Anonymous, accessing the service for 23 hours. The passwords of nearly 6.5 million against the Australian Government. user accounts were stolen by Russian cybercriminals. Operation Payback An attack coordinated jointly against opponents of Internet piracy. 2013 2014 Cyberattack in South Korea Celebrity photos Cyber networks of major South 500 private photographs of several Korean banks and television celebrities, mostly women, were networks were shut down in an placed on 4chan and subsequently alleged act of cyber warfare.