Every day, the line between cyber-threats and physical threats grows thinner – blurring the crucial distinction between attacks on networks and attacks on materials objects. 225,000 Ukrainians learned this in January of 2016 when they lost power following a cyber-attack on a Ukrainian power grid. The rise of the Internet of Things (loT) has expanded this threat from nation-state interactions out into the realm of cyber-enabled crime against companies and individuals. For example, cybersecurity researchers have shown how anything from sniper rifles to your car’s brakes can be hacked.
Greater connectivity—whether between public utilities or between your phone and car’s sound system – makes life easier and more efficient. But that ease often comes at the cost of security, and the problem is only growing worse. Arguably, the two most distressing manifestations of cyberspace intruding on the physical world are the rise of ransomware and the proliferation of threats to the supervisory control and data acquisition (SCADA) systems that underlie much of our critical infrastructure.
Ransomware is malware that encrypts files on a system and holds them hostage until a ransom is paid. It has been changing the world of cybercrime substantially by incentivizing a mass targeting approach, which requires so little effort or investment that it becomes very easy for the cyber-criminal to make a profit. Ransomware has emerged as a major threat, since its development is coinciding with the rise of the Internet of Things (IoT).
The IoT has vastly expanded the number of everyday devices that a criminal can target with ransomware. At this point, cars, household lighting, wireless access points, and a growing number of everyday household appliances are vulnerable to being locked down or disrupted by ransomware attacks. In a very real sense, ransomware has allowed cybercriminals to access a new level of sophistication in their activities that was previously only available to nation states: the ability to manipulate physical infrastructure purely through cyber means.
Steven Grobman, the Chief Technical Officer at Intel Security, told The Cipher Brief that ransomware is moving towards the ability to inflict damage, rather than just holding information hostage – and that will be even worse for business moving forwards. According to Grobman ”preventing the ability to use networks, to use equipment, to use a factory, is clearly bad. Having the threat of permanently damaged equipment is far worse.”
While ransomware is primarily a criminal issue, the threats to SCADA systems are threats to national security. SCADA systems form a central part of the systems that monitor and regulate critical infrastructure – everything from the power grid, to water services, to manufacturing. When adversaries want to launch an attack on critical infrastructure – such as the blackout in Ukraine – SCADA systems are a primary target.
For a long time, developing access to these systems was extremely difficult, and that difficulty helped to keep them safe. But new research has shown that that protection might be failing. A recent Booz Allen Hamilton report found that SCADA-Access-as-a-Service – where more sophisticated hackers figure out how to break into SCADA systems and then sell that access to others – is expanding rapidly among cybercriminals. Much as with ransomware, this demonstrates a falling barrier to entry for entities that want to disrupt the vital services that depend upon SCADA systems.
However, while the danger is rising, not all experts have a pessimistic view of the current state of affairs. Tom Parker, CTO and co-founder of FusionX, told The Cipher Brief that “in fact the breaches that you are really seeing are not touching control systems at all. They are breaching the enterprise environments.” This means that many infrastructure breaches have not been able to actually disrupt the functions of their targets. That being said, Parker also admitted that “while they may not be actually touching the control systems, they’re interested in them.”
The primary reason for this interest is believed to be so that adversarial nation states can preposition malware in critical systems. That way, in the event of a conflict with the United States, they can just trigger the malware and cause significant damage or malfunctions in key sectors of the U.S. economy.
Too often, cybersecurity issues are treated as being solely the concern of IT departments, but the reality is that cyber-threats are quickly becoming physical threats. Ransomware and SCADA-focused cyber-attacks are just two ways in which malware can have a dramatic impact on material infrastructure. Many people realize this danger and are working to make cybersecurity issues more thoroughly integrated into how organizations approach security in general. These cyber-threats are also still in their infancy, so it remains to be seen how well the cybersecurity industry – and the organizations that depend upon them – can adapt as they continue to mature.
Luke Penn-Hall is a Cyber and Technology Producer with The Cipher Brief.
