Malware attacks against digital voting booths, weapons systems and critical infrastructure. Have the seeds already been sewn for a catastrophic apocalypse?
Cyberattacks targeting critical industrial and manufacturing sectors are appearing at an alarming frequency.
According to a study by IBM’s X-Force Incident Response and Intelligence Services team, where IBM incident response activities were compared in the first half of 2019 versus the second half of 2018, destructive malware attacks designed to wipe data and shut down systems have increased by a whopping 200 percent over the past six months.
IBM said 50 percent of the malware attacks were found in the manufacturing, oil, gas, and education sectors. Most of the destructive attacks occurred in Europe, the U.S., and the Middle East.
Since the beginning of 2019, a ransomware crippling industrial and manufacturing firms, called LockerGoga, has led to catastrophic consequences. First, it surfaced when it attacked the French engineering consultancy Altran Technologies. The company had to shut down its IT network and all applications to protect its client data. Then, LockerGoga hit Norwegian aluminum manufacturer Norsk Hydro, causing some of the company’s aluminum plants to switch to manual operations.
The Norsk Hydro attack was significant, considering the implications of this type of potential disruption in the production of raw materials during wartime. If a country should find itself in a state of total war, not just aluminum, but other materials like steel and iron, which are required for the building of ships, aircraft, and other munitions, could be immediately crippled by countries that are operating at a militaristic disadvantage.
Hackers can carry out these types of attacks by delivering ransomware and other forms of malware using techniques such as password guessing, brute force attacks and phishing to capture Domain Administrator permissions and copy malware to an exact location to execute an attack and encrypt the files on every device that logs into the network. What makes LockerGoga different from other ransomware is that some of its variants make it difficult for victims to pay a ransom by modifying administrator passwords and logging users off using logoff.exe. This is a clear indication that LockerGoga’s goals may be to conduct cyber-sabotage of primary industrial operations.
Another alarming report in the New York Times from this past summer detailed the fact that the United States was ramping up attacks against Russia’s power grid in response to “heightened Russian cyber aggression and the noted political meddling that was a major theme of Robert Mueller’s almost two-year special counsel investigation of the Trump 2016 presidential campaign.” Infrastructure attacks have the potential to turn out the lights on major cities, cause the meltdown of nuclear power plants, or fail to notify citizens of impending emergencies like the poisoning of the municipal water supply.
Other examples of destructive malware affecting infrastructure organizations include Stuxnet, NotPetya and Shamoon.
The malicious code deployed in these kinds of attacks generally result in data loss, rendering enterprise devices inoperable, as well as crippling device functions.
While the information currently available shows that the use of such malware has so far been restricted to state-sponsored hacking groups with the intention of bringing down geopolitical rivals, the attacks are expanding beyond nation-states.
Organized cybercriminals like the infamous North Korean hacking groups thought to be behind attacks similar to 2017’s WannaCry outbreak are mounting a wide array of targeted cyberattacks against the finance industry to steal information of monetary value and sabotage trading systems.
Another potentially devastating target for hackers would be election systems. By injecting malware into digital voting booths, bad actors can change the results of an election, altering the course of history. According to a report from Rollcall.com,
“Victims of the Russian hacking operation included U.S. state and local entities, such as state boards of elections (SBOEs), secretaries of state, and county governments, as well as individuals who worked for those entities,” the report said. “The GRU also targeted private technology firms responsible for manufacturing and administering election-related software and hardware, such as voter registration software and electronic polling stations.” This is particularly scary considering the political divide currently festering in America.