Experts believe that hacker attacks on major departments and companies around the world are just a rehearsal of future cyber attacks. All world countries should prepare for new battles with lovers of secret information.
Information security experts claim that the increasing number of reports of hacker attacks on major corporations and companies around the world, banks and government agencies, as well as the discovery of new targeted viruses for industrial espionage, is only a rehearsal for future full-scale cyberwar.
McAfee’s announcement this week became aware of a series of hacker attacks that have affected 72 organizations around the world. To date, this cyber attack is the largest of the disclosed hacker attacks.
McAfee’s IT security specialists have announced the discovery of a targeted series of interconnected attacks. The victims of these attacks were many large companies around the world: the International Olympic Committee, the UN, government organizations in many countries: Taiwan, India, South Korea, the United States, Vietnam and Canada.
Classified information has become the goal of hackers. The hackers attacked the system of the secretariat of the international organization in Geneva in 2008, in consequence of which they had full access to all UN secret information for several years.
The vice-president of McAfee Dmitry Alperovich (Dmitri Alperovitch) in his report said: "Even we were surprised by the huge list of organizations that became victims, and the audacity of the criminals."
Experts believe that all of these are led by a strong client country. Jim Lewis, a cyber-expert at the Center for Strategic and International Studies, said that after reading the report, McAfee said that China was behind all this. Several companies and organizations that have been attacked have valuable information that is of great importance for the Chinese capital Beijing, the Guardian writes.
Alexander Pisemsky, Deputy General Director of Group-IB, explained to BFM.ru that the cyber attack, which is being talked about this time, belongs to targeted threats (Advanced Persistent Threat, APT). Such attacks require large financial expenditures by the attackers. Therefore, experts think that such attacks are performed under the order. This is explained by the fact that independent hackers will never start to do business if the value of the information obtained in the course of the attack does not pay back the money spent on the theft of this information. Therefore, there must be a customer to whom this data is to some extent necessary.
To perform such tasks, a team is formed, which consists of highly qualified specialists. Such a cyber attack is conducted simultaneously in several areas, therefore, the team should consist of malware developers, hack masters, zero-day vulnerability professionals, and so on, ending with experienced psychologists and social engineers. Also, an accomplice may be present in the attacked company. He is usually called an insider. Working in the company itself and having access to all systems, it helps hackers to find the information they are interested in and overcome all the difficulties on the way to stealing this important and secret information.
When it comes to attacks across the state, it is very difficult to assume that a hacker group for several years will be able to steal information from government agencies and go unnoticed and unnoticed, experts say.
Sergey Golovanov, a leading antivirus expert at Kaspersky Lab, explained that it is very difficult to learn about hacking in such cyber attacks. Hackers will not leave a single trace behind. If criminals steal confidential information, they will use it very carefully, because they do not want to cause even the slightest suspicion about the origin of informational data.
“At the moment, it is extremely difficult to detect penetration into the network of botnets. This is possible if they start responding to commands from the control center. It is likely that the last five years of the attack were not massive, but pinpoint. That was the main obstacle to finding a network of infected computers, ”said Mikhail Bashlykov, head of information security at Krok, said.
The company G Data Software believes that any intelligence of the world is dreaming about creating a channel for receiving information from the government of enemy countries and quietly using them for their own purposes for several years. But this is not proof that any country orders such attacks. Such information is quite well can be used in many large corporations in the world.
The level of protection and value of the data determines the amount of money spent on a targeted large-scale cyber attack.
“For such an operation, real professionals, good technical equipment, the need to prevent any information leakage, a sufficient level of conspiracy, as well as many other things will be required. In order to protect against novice hackers, you will only need to install a good antivirus with a firewall on your computer, but if professionals took up this business, this could be similar to the operation of special services with huge funding, ”said a corporate sales manager. G Data Software segment in Russia and the CIS Alexey Demin.
“The cost of the operation consists of payment for the work of hacker specialists and the purchase of necessary equipment. Suppose the group consisted of five people. Each of the hackers could estimate the value of their work at 1 a million dollars a year for a trial operation. Purchase of equipment will cost about the same money (1 million dollars a year). Consequently, a potential customer will give about 30 millions of dollars over five years, ”such calculations were made by Sergey Golovanov.
Alexander Pisemsky confirmed the words of Sergey Golovanov: “It is not easy to give an accurate assessment in this case, because everything depends on the tasks set for the hackers. You can rely only on experience in investigations of computer crimes, which tells me that here you can operate with tens of millions of dollars. ”
The huge costs of such attacks are not within the power of every commercial organization. Therefore, experts conclude that it is the special services of certain countries that order such large-scale cyber attacks. “One of the confirmations of this hypothesis is that, mainly, the objects of attacks are the IT infrastructures of state organizations. But all of this is circumstantial evidence, and no one has yet succeeded in catching the criminal without a hitch, ”said a representative of Group IB.
Who is the customer?
One of the experts at Kaspersky Lab believes that it is impossible to establish who organized such a cyber attack. However, states that may be customers may experience complications with their neighbors. And companies that have committed theft of commercial information are on the verge of financial loss and reputational risk.
Representative G Data Alexey Demin agreed with this opinion. He predicts: “If a state is a customer, no one will be allowed beyond its borders. Local providers will be instructed, traces are visible. Probably, everyone will “hang” on a handful of beginners, but very promising hackers. And after that everything will be calm, until the next large-scale cyber grab. ”
Mikhail Bashlykov agrees with this position: “Unfortunately, it is impossible to find out exactly who organized such a cyber attack. Often transnational groups commit similar actions. There is no evidence that the customer is a specific state. Criminals can operate through control centers located entirely in different countries. ”
Alexander Pisemsky believes that examples of the above-described cyber attacks and similar cases show that the current state needs a certain strategy during possible cyber conflict. The government also needs special forces that will counteract cyber attacks on the infrastructure of important objects of the national economy.
“Thank God, there has not yet been large-scale cyber war. All cases known to date can be described as a rehearsal. But at the moment we can say that the development by the United States and Great Britain of official concepts for protection against cyber attacks and the creation of “information troops” in India is a direct reflection of the threats, ”the deputy remarks. Director of Group-IB.
In this regard, we can conclude that the world powers are preparing for cyber attacks. In the United States, attacks on state-level computer systems are equated to armed attacks, as they also have devastating consequences.
Everyone has long known that special units for conducting cyber attacks are created with the United States, China, Iran, France and in several other countries. According to official data, there is no Russia in this list, but there are specially trained people in our country, experts say.
The National Anti-Terrorism Committee of Russia is developing a set of measures for the security of very important objects, including those of state power, against threats of cyber-terrorism.