The year ahead is likely to be distinguished by five major trends as financial cyber crime continues to evolve and focuses on equity and capital markets, according to FireEye.
Dave DeWalt, chairman and chief executive (CEO) of the US-based cyber attacks protection specialist, predicts that developments over the coming 12 months will include the following:
- Financial cyber crime evolves and focuses on equity and capital markets: Today, like everything else, money has been digitised, and it is possible to transfer it (or steal it) and send it around the world at the speed of light. Equity and capital markets have complex infrastructures – and complexity is the enemy of security. For this reason, most cyber attacks take place long before they are discovered. The more complex the infrastructure, the more likely that criminals will find an exploit. Sometimes, complexity isn’t required. In April 2013, the Syrian Electronic Army hacked the Associated Press’ Twitter account, writing, ‘Breaking: Two Explosions in the White House and Barack Obama is injured’. The Dow began a short-lived nosedive, but recovered. More such attacks could occur in the future.
- First major cyber disaster: National critical infrastructures – including everything from electricity to water supplies – are now dependent on the security of the computer hardware and software that manage them. In order to modernise the infrastructure all these systems are connected to the web. The US Department of Homeland Security cybersecurity response team reported that attacks on the country’s power, water, and nuclear systems rose 52% in 2012, compared with 2011. It is likely only a matter of time before the world sees its first real national or international humanitarian cyber crisis. There are two possible scenarios:
a) Intentional: Stuxnet and Iran’s alleged retaliation against Saudi Aramco have shifted the thinking on cyber war from theory to reality. But these are mere hints of what is likely to occur in the future, the World Wide Web is just one generation old.
b) Accidental: In 2010, the Dow Jones lost and regained 600 points in minutes. This event, known as the ‘Flash Crash’, still has no explanation. Algorithms are now making most of our daily decisions for us, and they are prone to both malicious manipulation and to making mistakes.
- Cyber Balkanisation: With cyber espionage fears in the post-Snowden era, some traditionally sensitive nations (Brazil, Mexico) and others that had no hostility to the US (Germany) may grow increasingly nationalistic vis-à-vis the US, for both practical and political reasons). As a result, foreign governments and enterprises will try to locate all IT and data infrastructures in country to better shield themselves from international cyber snooping. Commercial IT, software, and security companies will be forced to change their business practices at a significant cost. This trend was articulated recently by Neelie Kroes, European commissioner for digital fffairs, who wrote, “if European cloud customers cannot trust the US government, then maybe they won’t trust US cloud providers either.” The impact? The infrastructure set by China (the Great Firewall), Iran (the Halal Intranet), and North Korea (the ‘Walled Garden’ intranet), could soon include countries that normally should be sharing as much data as possible – such as North Atlantic Treaty Organisation (NATO) allies.
- Cyber espionage expands globally: Governments will not relinquish their ability to conduct law enforcement and counterintelligence activities, and the temptation to conduct espionage will always exist. Emerging markets will enter the fray: the revolutionary and inexpensive nature of computers and the amplification power of networks are not exclusive to the world’s largest nations. Further, cyber mini-super powers will grow. Some upstarts with means and motive: Poland, Taiwan, Brazil, Japan, India and South Africa. Rogue states such as Iran, Syria, North Korea, and even non-state actors such as Anonymous will use cyber attacks to conduct diplomacy and to wage war by other means. (Irony alert! Other world governments will experience their own Snowden affairs, because all governments do it, only on a smaller scale. This will take some focus off the US specifically and put it on the topic more generally.). FireEye’s own data shows the prevalence of the cyber attack footprint: attack servers exist in 184 countries or 94% of all nations. Further, the Snowden impact gives the world a chance to convince regional audiences that the US cannot be trusted, as well as the political cover to increase their own domestic surveillance and increase their own global espionage campaigns. In Russia, for instance, Putin’s regime is attempting to put in place new regulations that would subject Russian Internet users to increased and more efficient government monitoring and surveillance.
- Cyber sabotage will rise: Crime ware is now destroying operating systems as the last step of an attack for four reasons:
a) Cover up: As European authorities have found success in catching cyber gangs, criminals have decided to add a computer-wiping feature to destroy evidence and avoid arrest.
b) Retaliation: For example, when Saudi Aramco was attacked, data on 30,000 computers was destroyed, replacing it with a burning American flag, hinting of cyber retaliation to come.
c) Political statement: In March 2013, South Korea was hit with malware that was a throwback to the 1990s: it wiped out computers maliciously. Likely North Korean attackers sent a message: “we can make your life very, very hard.”
d) Cyber War: In December 2013, US cyber command chief Keith Alexander warned that a nation-state had developed a basic input-output system (BIOS) attack that ‘bricks’ computers, and could ‘destroy’ US computers and thus the US economy. Other experts said the country was China.