Unfortunately, most of us will remember where we were when we found out about the atrocities of 9/11 and the 7/7 bombings. These incidents shook the world and indeed changed society as we know it. With the unprecedented rise of cyber crime and the intelligence of cyber criminals, have you thought about the world outside of your organisations four walls? For a long time, security professionals have predicted incidents on this scale being initiated via a cyber-attack, but now may be the time to take these warnings seriously.
How can these attacks impact our society?
Shutting off basic services
There are several incidents in recent history that have impacted basic services that we all rely upon.
Most of us will be aware of the WannaCry outbreak that hit the NHS on the 12th May last year. The ransomware attack meant care trusts were locked out of computers and networks along with 1,200 pieces of important medical equipment. According to the National Audit Office, more than a third of trusts in England were disrupted by the WannaCry outbreak, leading to 19,494 cancelled appointments according to NHS England.
Could this incident have been prevented? In short yes – The National Audit Office ‘s report concluded that the ransomware outbreak could have been prevented had the NHS followed basic IT practices like patching software and keeping firewalls up to date. It can be argued though that had these practices been followed, the NHS would still not have been 100% safe from a ransomware outbreak of this scale. All it takes is one employee across the NHS’s thousands of staff to click on a malicious link within an email and it could happen all over again.
Could you cope without power a few days before Christmas? On the 23rd December in 2015 this became reality for 200,000 Ukrainian residents as their utility suppliers were targeted using spear-phishing emails riddled with BlackEnergy malware. A separate denial of service attack was also launched simultaneously with the malware, denying customers up to date information on the blackout. The denial of service attack meant call centres were flooded with excess traffic which their networks could not handle, ultimately shutting them down so that no customer queries could be received.
In recent times we have also seen attacks targeting sewage treatment plants (you can guess what happened there), vaccine producing factories and major logistics organisations like Maersk. However these types of organisation are just the tip of the iceberg in a pool of icy cyber crime filled water.
Utilities are a fundamental element in the running of our society, water being the most relied upon. What would happen if water treatment works took the stage for the next high profile cyber attack? Medicine and food production would take a huge hit, almost certainly impacting every household within the UK. In the latest National Cyber Security Strategy report, the government encourages the water industry to view cyber security as an integral part of their design.
Damaging the economy
We will all remember the financial crisis the global economy found itself in almost a decade ago. Although many arguments exist surrounding the factors that led to the crash, from hungry bankers to the Lehman Brothers, one thing is for sure – cyber security was not to blame. But will that be the case for the next inevitable crash? Probably not.
Criminals, cyber or not, have always been on the lookout for ways to infiltrate the financial world through fraud or other means, and it is still a prime target for criminals today who are trialling different attack methods in hope of a big pay day.
We are seeing huge growth in the number of cyber attacks against financial services – from 2017 to 2018, cyber attacks against these services rose by an estimated 85% with experts fearing that high profile attacks on stock markets could have devastating consequences in the form of a ‘run’. Cyber attacks could send customers from all over the globe ‘running’ to banks to withdraw all available funds. The impact of widescale panic like this would send ripples throughout the world economy.
There have also been scares in the recent past of ATM ‘cashout’ schemes, ultimately doing what it says on the tin and orchestrating a series of attacks that cause ATM machines to spill out all of the money they contain. All it would take is one of these attacks to hit the UK to bring the country to a standstill.
Other possible attacks that could cripple the UK economy include targeting Visa payments – we saw a similar issue in June when Visa suffered a series of technical issues that meant Visa payments were down for a number of hours, costing the UK economy huge sums of money. Future attacks are more than likely going to be down to criminal activity though, and not ‘organic’ technical issues.
Changing data, not stealing it
With the introduction of the dearly beloved GDPR, we have already seen a huge rise in the number of reported data breaches. The likes of British Airways and HSBC have already been targeted in this new era of data protection, but who expected to see a shift from stealing data to changing it?
Cyber criminals could change financial information on company accounts, edit health records, change commands going into industrial machinery or cause complete pandemonium among certain industries. Take the financial sector for example. In this space the integrity of data is key, and many financial leaders are more concerned of data being altered as opposed to being lost or stolen.
Particularly within the financial sector, if the ability to trust information coming out from large institutions is brought into question the consequences can be devastating. Think back to the ‘run’ we mentioned earlier, how would you react if your bank reported losses of several million? You would probably head to your nearest branch or ATM as quickly as possible, assuming they haven’t already been targeted…
The altering of data can be particularly dangerous when coupled with other attack methods. Imagine the launch of a Denial of Service attack on a series of high profile institutions – ultimately shutting down communication between them and the outside world. Imagine large news outlets were simultaneously targeted and attackers gained access to their social media accounts? All it would take is a few tweets to imply that an incident has occurred and the result could be devastating. We have already seen a similar scenario to this, where the Associated Press’ twitter account was hacked and sent out a tweet reading ‘Explosions in the White House and Barack Obama is injured’ which saw the stock market instantly fall by 143 points.
Cybergeddon
There is a plethora of films that we could draw upon to summarise this post – iRobot, In Time, The Purge…we could go on. The point is that in each of these films, an event occurred that meant society as we know it changed forever. We are now in a time where the possibility of a world changing event is more of a reality than a fictional film meaning cyber awareness is more crucial than ever.
Do your bit to fight the cause – have a look at our other blog posts that aim to bring your teams up to a level of cyber awareness that can work to combat the ever increasing number of threats that we see on a daily basis. How about this infographic on avoiding phishing attacks?
Hopefully you don’t need to reach for your flux capacitor just yet…