lolloj - Fotolia

Cyber weapons are perfect weapons, says security expert Mikko Hypponen

There is a lot of 'fog' surrounding cyber weapons and cyber war because there is no way of knowing the true capability of any country, says security expert Mikko Hypponen

Cyber weapons are perfect weapons - they are invisible and, unlike the nuclear arms race, countries can keep them under wraps as there is no visible sign of research and development, according to Mikko Hypponen, chief research officer at security firm F-Secure.

“Governments are very interested in them because they are effective, deniable and relatively cheap,” he told delegates at the Infosecurity Europe 2016 conference in London.

“In the nuclear arms race it was all about deterrents. It was clear which nations had a nuclear capability and which countries you should not mess with, but in the cyber arms race, that is no longer clear,” he said.

There is a lot of “fog” surrounding cyber weapons and cyber war, said Hypponen, because there is no way of knowing the true capability of any country.

“The leaders are undoubtedly the US, followed by Israel, Russia and China, but after that the fog just gets thicker – there really is no way of knowing the cyber offensive capability of countries like Brazil, Vietnam and Australia,” he said.

Another factor contributing to the “fog” is the fact that acts of cyber war are not always as clear cut as the Russia-based cyber attacks that cut the power supply to around 200,000 people in Ukraine in December 2015.

While that is clearly an act of cyber war, said Hypponen, a recent series of heists and attempted heists at four banks is not, but indications are that it could very well be.

Links to Sony hack

The world is changing, he said, evidenced by the fact that a link has been discovered between the recent cyber attacks on banks and the attack on Sony Pictures in November 2014.

According to Hypponen, communication malware used in the cyber attacks on the banks used a distinctive encryption key that has been seen only once before - in malware used in the attack on Sony Pictures.

Although careful not to pin the attacks on the banks onto North Korea, he noted that the US linked the attack on Sony Pictures to North Korea, having hacked into the country’s computer networks.

Hypponen also noted that in the case of the Bangladesh central bank, the attackers tried to transfer nearly $1bn into accounts controlled by them.

“I am not saying North Korea hacked into the banks’ systems, but considering the total annual budget of the country is only $4bn, it is possible the attacks were aimed at fixing the country’s budget deficit,” he said.

Therefore, it is possible that the attacks on the banks are the first instance of a nation state attack that was aimed at stealing money rather than sabotage or espionage, he said.

Ransomware is not new

Hypponen also reflected on the evolution of malware, noting that some supposedly new attacks, like ransomware, are actually fairly old. As curator for the malware museum recently established by the international Internet Archive, he revealed the first instance of ransomware dates as far back at 1989.

The AIDS Information Trojan claimed to be a legitimate piece of software to assess an individual’s likelihood of being infected with HIV. However, if anyone installed the software but failed to pay the licence fee, the software was designed to overwrite the host machine’s master boot record, encrypt all the file indices and demand ransom of $189 payable to a PO Box in Panama.

The functionality of this malware is almost exactly the same as the Petya ransomware discovered 27 years later in May 2016, he said, and the only real difference is that the ransom is payable in bitcoins.

“Ransomware is the top problem in malware at present and is being driven by competition between different ransomware gangs, of which there are around 110, each with their own family of ransomware,” said Hypponen.

“These gangs are run like a business. They are all looking for the best return on investment and compete to make their ransomware as effective as possible by offering localised versions, for example."

The gangs also protect their reputation by ensuring they are able to offer support to enable victims to pay, and to ensure they can restore encrypted data to encourage future victims to pay.

“But this competition is also driving cyber criminals to look for new markets, so we are now seeing the emergence of things like the first ransomware for Macs because there is less competition,” said Hypponen.

“Keranger is the only Mac ransomware, but is also fairly unusual in that it is designed to look for and encrypt file backups to ensure that there is no way to recover by simply restoring backup files, which is commonly termed a ‘dick move’,” he said.

Another example of “old” malware becoming “new” again is macro malware that virtually disappeared after the introduction of Office 97, which disabled macros by default in Microsoft Office applications.

However, macro malware has reappeared, said Hypponen, and is being spread through tricking victims into clicking the "enable content" button.

“These attacks are very effective because they send victims emails from known and trusted contents with attached documents that require the recipients to click the ‘enable content’ button to view them, but if you take nothing else from Infosec 2016, please remember to never click that button,” he said.

Read more about ransomware

Businesses still get caught by ransomware even though straightforward avoidance methods exist.

Criminals used devices compromised for click fraud as the first step in a chain of infections leading to ransomware attacks, said security firm Damballa.

The first half of 2014 saw an increase in online attacks that lock up user data and hold it to ransom.

The CryptoLocker ransomware caught many enterprises off guard, but there is a defence strategy that works.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

The authors seem to have a strange understanding of such concepts as arms race, nuclear weapons, and warfare in general.
To begin with, nuclear weapons are meant not to be used because of the MAD concept - Mutually Assured Destruction.
Arms race is not just about having more. With every few more inventions applicable for military technologies, your existing weaponry and machinery becomes obsolete. So the race is about constant upgrading of existing units and manufacturing new ones.

Now, in military conflicts each side nowadays is afraid of escalation to the MAD point.
Cyber warfare is, for now, an exemption. But it won't stay long.
Cancel
There’s also very little commitment (both in personal and coast) on the part of the attacker compared to traditional warfare. It takes a lot more to send bodies into a conflict, but cyber attacks avoid the bulk of that cost.
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close