Like catching smoke: can we stop a cyberwar?

Cyberattacks across the world are surging, with a new report from Accenture Security highlighting a 125% increase in such cyber intrusions across the first half of 2021. But according to a cyber expert and former Federal Bureau of Investigation agent, these known attacks are likely to be just a proportion of the actual activity.

“We don’t necessarily hear about all the attacks,” says Dr Dennis ‘Darknet’ Desmond, a lecturer in cybersecurity, cyber intelligence and cryptography at the University of the Sunshine Coast. “For a company to suffer an attack, it could be very embarrassing. It could potentially affect the confidence that their customers have in them. It could also affect potential litigation that they might have, as well as the stock price. So, companies are loath to admit that they’ve actually been breached, or they’ve lost data.”

Ransomware attacks in particular are on the rise, with a recent cybersecurity report from Check Point Software Technologies suggesting that a new company becomes victim to ransomware every 10 seconds. In these attacks, malicious software (malware) prevents the user accessing their files or devices, with money demanded to return the access.

Desmond says Australia, the US and the UK were the top countries targeted by cyberattacks. They can be governmental (a nation targeted) or corporate (a business attacked), but they are also often personal. And the COVID-19 pandemic has made us more vulnerable to these online attacks.

“If you think about how often you’re online – whether you’re buying products and services online, you’re having food delivered, you’re ordering some sort of rideshare, or even if you’re, just as we are now because of COVID, having to work remotely out of our homes – the potential for us to become victims significantly increases,” he says.

“What we’re seeing are focused attacks against individuals in the form of fraud and scams – primarily romance scams and remote-access tools, as well as online dating scams. We’re also seeing a heavy preponderance of COVID-theme scams lately, both on surface and darknet, as well as the traditional tech scams.

“It’s not guaranteed that everyone is going to experience an attack, but everybody is certainly vulnerable to an attack. They only need one or two people to actually fall for these scams to be successful, so it just won’t go away.”

Desmond previously served as a special agent for the United States Army and the FBI, as well as a senior intelligence officer with a speciality in identity defence with the US Department of Defense. He says cyberattacks come from a vast range of actors, from the cliché of kids in basements through to nation-state computer guns for hire.

“The beginning hackers – the script kiddies – are out there trying different kinds of code and script that they’re buying off the internet or receiving from more sophisticated hackers,” he says.

“And then you see a progression to hackers who are performing either individually or as part of an organisation for profit. Then you see well-organised criminal groups who are trying to profit, as well as organised crime. And then it goes into well-organised and structured nation-state contractors and even defense-based and national-security-level attackers. There’s a wide range of possible attackers out there.”

Identifying attackers was part of Desmond’s work at the FBI, but the methods and ways in which they could erase their trail meant that it was at times like catching smoke.

“As an FBI agent, that was one of the hardest things for me to figure out: who is the actual individual sitting at the keyboard?” he explains. “You might have an IP address, but then you have to say, ‘well, did this person use an onion router? Did this person use a VPN? Did this person use proxies to mask their true location, and did they engage in cyber tradecraft methodologies to obfuscate where they really were and what they were really doing?’

“Now expand that out into the international environment, where you’ve got thousands, if not millions, of interconnected devices. And an attacker is using all these different methods to obfuscate their actual location. The more sophisticated attackers will often clean up after themselves to eliminate any evidence of their activities. That can make investigation and forensic analysis difficult for the investigator or the intelligence officer. And therefore, it often takes a lot of time to figure out who’s responsible.”

Abetting the growth in ransomware and other malware attacks is the darknet market, where black-market websites can trade through the anonymity of the dark web. Among the products peddled on the darknet market is ransomware.

“The darknet market is designed around anonymity and to conceal the identity of the users – both the buyers and the sellers – and typically darknet markets operate using solely digital cryptocurrencies for anonymity or pseudonymity,” says Desmond.

“Now, in these environments, malware, ransomware (and) remote access tools are either sold outright, or they may be leased. So we’re now seeing ransomware as a service, where you can actually rent software in order to attack a server. You can even hire bots to conduct a denial-of-service attack against the target. And this entire malware economy has grown over the last several years within the darknet environment.

“And [you] pretty much don’t need any specialised hacking skills to be able to either rent or buy these tools and then employ them against the target. There’s nice how-to instructions on how to use them and how to launch them.”

Beyond criminal activity, nation-state cyberattacks – backed or run by governments – are also increasing in frequency and visibility. University of Surrey research released in April showed that the number of nation-state-backed cyberattacks doubled between 2017 and 2020. Infrastructure, businesses, military espionage and government departments can all be targets for these attacks.

As the word ‘attack’ suggests, this might easily be seen as a new form of warfare – weapons fired across cyberspace rather than a battlefield. Put it to Desmond that the next world war might well be fought in the cybersphere, and he’s adamant that the virtual trenches have already been dug.

“I believe we’re already at war,” he says. “An individual with whom I attended Harvard was a well-known journalist named David Sanger, and he likes to compare where we are with cyber warfare to the development of the aircraft. He’s put us at the level of World War One, where the biplanes are just starting to be used for reconnaissance, and still haven’t quite matured into a sophisticated use.

“I think that we’ve actually gone beyond that. We’re using cyber to actually perform reconnaissance, collect intelligence. We’re using disinformation campaigns and we see cyber warfare operating as a low-intensity conflict – it’s always in the background. Part of the benefits of using information warfare from a cyber perspective is that it distracts the country away from foreign engagement, trade and external issues, and refocuses it on its own domestic issues.

“It’s also what we’re not seeing that is of concern, where there may have been implantation and networks of beaconing, identifying targets for potential attacks in the future, being able to establish targeting packages for future use in concert with a conventional physical war in which we might engage.

“So, I think we’re at the very beginning of potential cyber warfare. I don’t think it will operate independently – I think it will always be used with other traditional forms of warfare.”

If governments have proved unsuccessful in the fight against cyberattacks, so too have the tech giants. Despite being the world’s largest and richest online presences, with some of the finest tech brains in the world, the likes of Google, Apple, Facebook and Microsoft have also been unable to hold back the tide of cyber intrusions. Desmond says the lack of controls built into the internet have made curbs almost impossible.

“When DARPA [the US’s Defense Advanced Research Projects Agency] first envisioned the creation of the internet, and what the internet eventually became – which was pretty much the Wild West – anybody could gain access,” he says. “There was no centralised control; anybody could connect their network device.

“Well, this has grown and grown and grown over the last several decades to become this massive and incredibly necessary tool for businesses and individuals. And still the standards are largely lacking internationally as to device security.

“We see this specifically with the Internet of Things – smart home devices. There’s a lack of a set of standards on how these devices are to be built, maintained and networked into the internet. But if you think about our reliance on personal electronic devices – our wearables, such as our Fitbit and health monitors, and even Bluetooth devices such as Apple AirTags – now we have got all these ad hoc devices that are connecting and networked. And really, the lack of control, which is intentional, creates a lot of potential vulnerabilities for them.”

So, how to achieve what government and tech giants have struggled to accomplish – to protect yourself from this wave of cyber intrusions? Desmond has a few tips.

“The biggest thing from a security perspective (is to) make sure that you change your passwords,” he says. “Don’t use single-user sign-ons for all your accounts. Keep daily awareness of your bank accounts and your credit cards. Make sure that you take appropriate security around your personal devices – I would use passcode and two-factor authentication for all your accounts.

“And be careful what you share online – that’s probably most important. Don’t answer all those security questions or the profile questions with the same answers. Believe it or not, you don’t actually have to be honest online about where you were born, when you were born, who you’re married to, or what your dog’s name is. Be very, very circumspect about the data that you share.”