Special shipping required: the new world of cyber security threats

Special shipping required: the new world of cyber security threats

Jens Christian Høy Monrad, Senior Intel Analyst, FireEye iSIGHT Intelligence, discusses the emerging threat to our vital maritime shipping industry, in a piece originally published in February 2017:

Coming out of 2016 I think it is fair to say that the cyber threat landscape is more dynamic and disruptive compared to previous years. We have seen nation-state-sponsored cyber-attacks target ongoing geopolitical conflicts, likely attempt to impact country elections, affect major sporting events, and disrupt countries’ key industries and critical infrastructure. If that weren’t worrisome enough, we saw cyber criminals taking their operations to a new level, replicating legitimate business operations by outsourcing and working professionally with suppliers, distancing themselves from potential risks, attribution and prosecution. So, 2016 truly became a year where the kinetic and virtual worlds collided via cyber threats. While it is too early to talk about actual cyberwar, evidence suggests that the increased resources and money made available for offensive cyber operations and cyber terrorism has led to hybrid types of operations where nation-states and organised criminal groups are empowered by anonymity and their offensive cyberspace capabilities to carry out operations in the real world.

Connected Conundrum

Often labelled the Internet of Things (IoT), connected devices and equipment have become an entry path for cyber-attacks. While this digitalisation makes products easier to use, it opens the door wide to threat actors. In 2016, we saw multiple distributed denial of service (DDoS) attacks against service providers, investigative journalists and enterprises. In these cases, threat actors used poorly configured or secured IoT devices to send millions of requests to victim webservers or other infrastructure, crippling them or overwhelming them to the point that they stopped responding. Taking advantage of IoT devices in these types of attacks is not new, but the volume and bandwidth we saw occurring in 2016 was the highest ever. When I look at digitalisation and the cyber threat landscape, there are two key factors that concern me.

  1. The pace of government digitalisation towards citizens and businesses; and
  2. The adaptation of equipment, digitalising citizens and potential business critical data.

We are seeing governments, especially in Europe, digitalising communications between respective governments and their citizens. This introduces new potential threats where threat actors compromise an infrastructure containing sensitive personal information for various types of criminal schemes and fraud. Furthermore, the digitalised communication between businesses and governments might appeal to threat actors (potentially sponsored by nation-states), who are seeking out sensitive business information meant to enrich or support local markets or state-owned enterprises. While I do support digitisation and the benefits it provides citizens and businesses, I think it is vital for enterprises, organisations and governments to think about how to protect, store, and securely share data…

To read the rest of this article please visit: knect365.com

Jens Christian Høy Monrad, Senior Intel Analyst, FireEye iSIGHT Intelligence speaks at the KNect365 Maritime #Shipping2030 event. FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. FireEye has over 5,000 customers across 67 countries, including more than 940 of the Forbes Global 2000.