Cybersecurity Threats Rule Headlines as We Close Out 2016
Securing Your Data Should Be Priority for Coming Year
Russia officially Implicated in Cybersecurity Threat
The US cybersecurity threat ruled the headlines last Thursday (12/29/16) as various media outlets and news stations reported on President Obama’s sanction of Russia. The president’s retaliation coincided with the FBI officially implicating Russian intelligence in the interference of the 2016 presidential election and the public release of the first official detailed analysis of the hacking.
The analysis included samples of malicious computer code said to have been used in a broad hacking campaign, as well as allegations that Russian intelligence hacking started in mid-2015 and continued through to the 2016 election attacks. The report also contained a list of secret code names thought to have been used by the Russian hackers.
The analysis alleges hackers gained access to and stole sensitive information, including internal emails, and publicly leaked that information. The report did not, however, officially name which organizations were hacked, despite speculations publicly voiced by various public figures.
Russia, of course, denies the allegations. But the release has been announced a “joint analytic report” between the F.B.I. and the Department of Homeland Security, based in part on intelligence from the NSA, lending credibility to its findings.
Obama Sanctions Russian Diplomats
In what has been referred to as long overdue countermeasures by US political leaders, Obama took retaliatory action against Russia Thursday. Included in the mandate was the expulsion of 35 Russian intelligence operatives and the sanctioning of the GRU and FSB.
Obama also ordered a more detailed report on the intelligence to be published in the next three weeks. However, it is suspected many of the details will remain classified such as evidence collected from “implants” in Russia computer systems, tapped conversations, and information gathered by spies.
The US government is professedly going to declassify that technical information on Russian cyber activity to help companies defend against future attacks – an effort which would prove highly beneficial to American business, but remains unlikely.
Shutting Down the Russian Hackers
The expulsion of the 35 diplomats was in response to the harrassment of American diplomats in Russia, officals said. But some individuals involved are believed to be linked to cyber activity. In fact, two of the sanctioned men are actually on the FBI’s Most Wanted list for cyber related crimes.
Evgeniy Bogachev is wanted for a number of charges including conspiracy, bank fraud, wire fraud, computer fraud, money laundering, and identify theft. Alexsey Belan is wanted for computer intrusion, aggravated identity theft, and computer fraud.
In addition, the State Department announced the closure of two “recreational facilities” that are said to be used for Russian intelligence activities. It remains unclear whether they were used in the election-related hacks or not.
The administration also sanctioned three organizations said to have supported the hacking operations:
- The Special Technologies Center: a signals intelligence operation in St. Petersburg
- Zor Security: also known as Esage Lab
- The Autonomous Noncommercial Organizatino Professional Association of Designers of Data Processing Systems: the lengthy name, according to American officials, is a cover for a group that provided special training for the hackers
Obama said these actions were “not the sum total of our response.” Several officials, including Vice President Joseph R. Biden Jr., have suggested that there may also be a covert response, one that would be obvious to Mr. Putin but not to the public.
NYT Reports Russia Has Secret Cyberwarfare Program
Andrew Kramer wrote for The New York Times that Russia is actively recruiting elite hackers for a top-secret cyberwarfare program, reaching out to professionals, college students, and even criminals to create teams of powerful hackers. Apparently, Russia is doing this to bolster their offensive efforts with “a sprawling cyberespionage operation” which includes the military, military contractors, and teams of recruited civilians.
“For more than three years, rather than rely on military officers working out of isolated bunkers, Russian government recruiters have scouted a wide range of programmers, placing prominent ads on social media sites, offering jobs to college students and professional coers, and even speaking openly about scouting Russia’s criminal underworld for potential talent,” Kramer wriets.
The kicker? His sources are reputable. The threat is real. And the Russian government isn’t the only entity capabile of building cybercrime forces and orchestrating massive cyber-attacks.
“Almost all developed countries in the world, unfortunately, are creating offensive capabilities, and many have confirmed this,” Kramer quotes Anton M. Shingarev, Vice President at a Russian antivirus company. Kramer points out American hacking efferts in example of this, pinpointing a NSA sponsored summer camp which teaches hacking basics to high school students.
What This Means for Business in 2017
While this big media bust over hacking is focused on politics, it’s easy to read between the headlines. Technology is advancing at lightning speed and hacking is a commodity sought after and even encouraged by various governments. If ever there was a time to bunker down on your information security efforts, it’s now.
“Cyber theft is the fasting growing crime in the Untied Stabes by far,” stated President Elect Donald Trump recently. This statement packs a powerful punch and ought to be one we bear in mind; not because Trump is going to be president, but because he is first and foremost a wildly successful businessman. Furthermore, his statement is quite factual when you look at the statistics.
Cybersecurity Ventures, one of the world’s leading researchers and publishers of data covering cyber security issues, predicts global cybercrime damages will cost the world $6 trillion annually by 2021. What’s more, a recent report released by CV indicates nearly half of all cyber-attacks are committed against small businesses alone.
With figures like that, it’s easy to agree that cybersecurity is the top issue for business in 2017. CV predicts businesses and governments will fight back against cybercrime with security awareness training for employees as their top focus – expected to become a fundamental cyber-defense strategy by 2021.
We couldn’t agree more.
What are you doing to protect your business against cyber threats? Share with us!
Sources: “FBI analysis fingers Russian spy agencies for U.S. election hacks,” by Dustin Volz, editing by Kevin Drawbaugh and Lisa Shumaker, for Reuters – Dec. 29, 2016; “How Russia Recruited Elite Hackers for Its Cyberwar,” by Andrew E. Kramer, for The New York Times – Dec. 29, 2016; “Obama Strikes Back at Russia for Election Hacking,” by David E. Sanger for The New York Times, Neil MacFarquhar contributed reporting from Moscow – Dec. 29, 2016; “Russia vows ‘reprisals’ over US sanctions,” by AFP – Dec. 29, 2016; “Ryan: New sanctions against Russia ‘overdue’,” by Jordain Carney for The Hill © Provided by The Hill Ryan: New sanctions against Russia “overdue” – Dec. 29, 2016; “The FBI just released a comprehensive list of the outlandish secret code names used by Russian hackers,” by Allan Smith for Tech Insider – Dec. 29, 2016; “Two Expelled Russian Diplomats Were On FBI Most Wanted List,” by Ronn Blitzer for LawNewz – Dec. 29, 2016; “Top 5 cybersecurity facts, figures, and statistics for 2017,” by Steve Morgan for CSO Daily – Dec. 29, 2016; “Read Donald Trump’s Remarks to a Veterans Group,” by Daniel White for Time – Oct. 3, 2016; “Hackerpocalypse: A Cybercrime Revelation: 2016 Cybercrime Report,” by Steve Morgan, Editor-In-Chief, Cybersecurity Ventures – Aug. 17, 2016; “GRIZZLY STEPPE – Russian Malicious Cyber Activity,” JOINT ANALYSIS REPORT by DHS and FBI – Dec. 29, 2016; “Issuance of Amended Executive Order 13694; Cyber-Related Sanctions Designations,” US Dept. of Treasury – Dec. 29, 2016