Two weeks ago, some 30,000 systems at South Korean banks and broadcasters were wiped out in a coordinated attack \u2013 it might have come from North Korea, but investigators are still chasing basic details. \u201cWe judge that there is a remote chance of a major cyber attack against U.S. critical infrastructure systems during the next two years that would result in long-term, wide-scale disruption of services,\u201d wrote U.S. Director of National Intelligence James Clapper. .\u201cOur critical infrastructures are all identifiable: they\u2019ve been probed, and they\u2019ve been mapped,\u201d said Frank Cilluffo, Director of the Homeland Security Policy Institute at George Washington University last week in testimony before the House Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies. Last month security firm Mandiant fingered the Chinese People\u2019s Liberation Army as brazenly running cyber operations out of a 12-story building in Shanghai \u2013 alleging this \u201cAPT1\u2033 unit is one of dozens of hacking outfits run by the Chinese military. Iran is believed to be behind persistent denial-of-service attacks against Bank of America, JPMorgan Chase, Citi, and U.S. government sites during 2011 and 2012, as well as a destructive attack against Saudi Aramco and Qatar\u2019s RasGas last year where malware wiped out more than 30,000 workstations. Where denial-of-service and outright destructive attacks might be a digital form of sabre-rattling for some regimes\u2013 or make for great movie plots\u2013 cyber espionage is the bread and butter of much state-sponsored online action.<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
\u201cIn the last few years we have shown enough data that proves that the number and complexity of these attacks have been increasing steeply,\u201d said Jamie Blasco, manager of the Vulnerability Research Team at open source security firm AlienVault.<\/p>\n
\u201cLegal firms may be the biggest target of nation states because they have so much proprietary information in their systems,\u201d noted Tim Keanini, chief research officer at enterprise security firm nCircle.<\/p>\n
However, last month President Obama signed an executive order giving the Secretary of Homeland Security until mid-July to extend the definition of critical infrastructure to include organizations \u201cwhere a cybersecurity incident could reasonably result in catastrophic regional or national effects.\u201d \u201cThat\u2019s not the same as destruction, but it can have a huge impact on companies that live and breath on just-in-time inventories and the ability to connect with their customers immediately.\u201d<\/p>\n
Sophisticated, highly-modular malware like Flame isn\u2019t produced by a lone hacker pulling in a few all-nighters, but almost certainly represents skills and sustained efforts of well-compensated professional programmers \u2013 or at least a big bankroll and a willingness to ply the black market for exploits. Exploits and techniques developed by state-sponsored efforts can be leaked or reverse-engineered just like any other malware, making their way into the hands of traditional cybercriminals and widely-available exploit collections like Blackhole, Phoenix, and RedKit.<\/p>\n
Engaging hacker groups or online criminals to assist with cyber attacks could give nations a way to deny responsibility; however, it could also mean hackers and cybercriminals may have access to the state\u2019s technical and fiscal resources.<\/p>\n