Cyber Criminals Will Attack Critical IT Infrastructure
A survey of top cyber security professionals reveals that they fear a massive cyberattack on U.S. critical infrastructure. And many believe that this massive attack is not far away. They lament the U.S. government’s lackadaisical approach to cybersecurity and failure to take adequate measures to protect its infrastructure.
The government may issue statements saying all “critical infrastructure” is protected. But leading cyber security experts fear otherwise. The recent WannaCry and NonPetya attacks prove that nation states with significant resources are unleashing targeted cyber attacks on government infrastructure of other nations – cyber warfare. And these cyber attacks have been quite successful too. These targets did have cyber security, but somehow vulnerabilities were found, which enabled hackers to penetrate and bring down the systems.
Cyber Warfare Tools
The day when the NSA’s and CIA’s own cyber warfare tools (hacking tools – which have since been leaked and are available on dark net forums) are used against them may not be far away. These tools developed the blueprint and armed many a “not-so-skilled” cyber criminal with highly potent tools. And when nation-state actors possess these tools, it is a serious danger.
Perceptions of Cyber Attacks
Cyber security experts fear that the U.S. administration will not focus on enhancing cyber security measures, but continue in the belief that they are impregnable. A belief that seems increasingly delusional as evidence that Russia interfered in the latest US presidential elections emerges. In another incident, in April 2017, cyber criminals hacked 156 emergency sirens in Dallas, Texas, and made them blast for approximately 90 minutes. This incident took place around midnight and residents of Dallas actually feared a missile or bomb attack.
Another well-known case is of hackers enrolling IoT security cameras as part of their bot network to unleash DDoS attacks on targeted websites. Prominent websites suffered.
Data breaches are on the rise since 2016, and they are likely to rise even further. Enterprise defenses, targeted cyber attacks, and social engineering are considered to be the weakest links that hackers try and will try to attack and penetrate. While robust antivirus/endpoint security, firewall, etc. may be implemented, the human element at the endpoint is the weakest point. Why common users may not be savvy to the intricate ways of spoofing, phishing, and spear-phishing, it has been observed in high-end breaches that even tech-savvy personnel have fallen for targeted phishing attacks such as “CEO mails.” These types of vulnerabilities do exist and will continue to exist.
Cyber security experts believe that insiders, well-funded organized criminal gangs, and nation states should be the most feared. ATM theft attacks and ransomware attacks have been attributed to well organized criminal gangs that have even been offering ransomware-as-a-service. But, as the latest NonPetya attacks show, it is probably nation states that had unleashed data destroyers under the guise of ransomware attacks.
As stated earlier, top cybersecurity experts are of the opinion that US critical infrastructure is very much at risk, and they strongly fear that the administration would not be able to tackle any cyber attack that would cripple the infrastructure.