The year was 1993 when I attended the Third Virus Bulleting Conference in Amsterdam, held at the Grand Hotel Krasnapolsky where I presented my first ever paper, on the subject of defeating Anti-Virus by means of encapsulation of malicious payload – My session was the second PM of the day, and as the hall filled up with just about every seat taken, my nerves kicked in – what should have been 45 minutes of presentation time was completed in just 30 – See URL below:
https://www.virusbulletin.com/uploads/pdf/conference/vb93/VB93report.pdf
Why this event precludes this article is, in Amsterdam I happened to sit in on a session delivered by Winn Schwartau on the prospects of a thing called CyberWar. However, whilst I listened intently with a growing appreciation of this becoming a reality, I seemed to be in a minority, with my fellow delegates rejecting the suggestion as utter nonsense. Some 10 years later, I found myself in the very same position presenting to several CISO’s and IT Security Executives in London – again the tone was much the same, with one very senior delegate commenting ‘you can’t do harm to anyone with a computer, this is just hype’ – somewhat annoyed, my response was, ‘not exactly so, you could hit them over the head with your laptop’. Post that conversation, I was attending a SC Dinner in London, where I had a conversation with a senior person from the CPNI (Critical National Infrastructure) Team who held a very strong belief that the cyber threat was over hyped, and the product of the imagination of people such as I, spreading FUD!
Moving on along the road of time, not long after my encounter with CPNI member, I attended a dinner at the Ritz (lucky me) hosted by the CEO of Symantec – John Thompson. At the table I found myself sitting next to an MP who was called Theresa May. Mr Thompson was leading the charge and briefing the attending, feasting VIP delegates that we were winning the CyberWar. However, on this occasion there was one attending diner who did not agree with the overall presented synopsis of success being offered – me! Notwithstanding the challenges I put forward, and the current (at that time) Cyber-State of the globe, the grazers at the table simply looked on, with only comments of disagreement toward the obtuse explanations they we are being given the disrupter. In fact, some years later when speaking at an event in Nice, I met up with Mark Pritchard MP, who had also attended the Ritz dinner – we were talking, and he said, and I quote, “do you remember that bloke at the table who kept banging on about Cyber Security” – Yes, I replied, that was me – awkward!
Today, we are where we are, and time has slipped by only to add confirmation to what we should have expected – the world is continually in a digitised state in which CyberWar is taking place on a daily, in absolute plain sight – what was that you said, prove it? Just consider the following:
- The actions of Anonymous who have declared CyberWar on the Russian Government and bringing down of their State News Agency.
- The Russian Cyber Aggression against Ukraine, with Denial-of-Service attacks on Government Websites.
- The emergence of what looks like Ransomware without prospect recovery – Ransomware turned Cyber-Weapon.
- The so-called “wiper” Malware which intended to render targeted devices inoperable has been discovered on dozens of Ukrainian systems within Government, Not-for-Profit Organisations, and IT Technology Sector.
- The alleged a Belarusian Cyber-Spying mission, targeting the personal email accounts belonging to members of the Kyiv’s forces.
- The REvil, Hey webop_geeks, you_are_already_dead, a note claiming to be left by the REvil Ransomware Gang declared, embedded into the attack itself as a string of text in the URL for the extortion demand – See Fig 1:
Fig 1 – REvil Object
This in a post that detailed mitigation of a recent attack that hit up to 2.5 MRPS (Millions of Requests Per Second) on a single website.
- On Thursday, March 3rd, hacktivists from a group going by the Twitter handle of “v0g3lSec” breached the website of a Russian Space Research Institute (IKI) via one of the associated subdomains and defaced it see Fig 2:
Fig 2 – IKI Defaced Website
- And then there are those Russian Banks who would seem to have been suffering from some form of service outage last weekend for whatever reason – see Fig 3:
Fig 3 – .ru Banks Availability
Granted, here are just a few examples of Cyber-Hostility, AKA CyberWar, but I feel we, and even those cynics and doubters may finally agree that the age of CyberWarfare is well and truly upon us, and as consequence of sanctions against the USSR (sorry Russia) we should anticipate that things will get much worse, that is, before they get much much worse….. All we must do now is work out how we move away from the conventions of delivering the old-style approach to build robust cyber defences and start to think outside that sealed box to see beyond last week!
John is the Principle at Shadow-Intelligence (Si), partnering with PALISCOPE, BreachAware and iStorage. He is a Visiting Professor at the School of Science and Technology, Nottingham, Trent University (NTU) and holds the appointment of Editor in Chief for the International Journal of Cyber Forensics and Advanced Threat Investigations (CFATI). For the last decade he has delivered training courses in the Middle, and Far East to Commercial, Industrial, the Financial Services Sector, and Military Agencies, including the UAE, US, Pakistan, Saudi Arabia, Malaysia (KL), Singapore, Argentina, and Sao Paulo
He served in the Royal Air Force 22 years’, specialising in Counterintelligence, working with UK Agencies such as GCHQ/CESG, and others in the fields of SIGINT, COMINT and Satellite Communications, holding appointments such as System ITSO for a CIA SCIF.
In the commercials sectors of IT/Cyber he has worked for/with Logica, Bae, T5, GM, Experian, Betfair, Palace of Westminster, House of Lords/Commons, TSol (Treasury Solicitors) and provided Consultancy to the Saudi Arabian MOD, TRA (Telecommunications Authority (Dubai) and the Military Academy of Malaysia (KL) on SOC, CSIRT, Digital Forensics and OSINT. Within the last 5 years he has focused on Geopolitics, with global expertise around the UAE and Russia, Anti-Terrorist Operations (ATO), Cyber-Warfare, Dezinformatsiya (Disinformation) and Maskirovka (Military Deception).
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.