Ryan told V3 that during his tenure at the FBI and current role at Kroll he has seen an alarming spike in the number of hackers only interested in causing harm.
"Thirty years ago hackers would make your computer do funny things, just to prove they could. Then we had a group that wanted to monetise hacking, stealing money from banks. Somewhere in between there's also always been national security-level espionage going on," he said.
"But lately we're seeing individuals not interested in data for money, but those who are more ideologically focused and in some case only want to destroy the company or the organisation. To do this, they'll do everything from DDoS [distributed denial of service] to data destruction and wiping servers."
The Kroll director said that the new wave of hackers are likely come from a range of backgrounds, which makes it difficult to effectively track them or know their exact motivations. "I think some of the ideologically motivated data destroyers are lone wolf, but some are also state sponsored. They're attacking dissident groups, they attack rival political parties, or they're trying to hurt other countries by doing things like destroying the data of their banks. I think the emergence of these data destroyers is our most pressing threat right now."
The ex-FBI agent's comments follow discovery of several hyper-sophisticated espionage-focused cyber campaigns, like Flame, Operation Red October and Operation NetTraveler. Ryan said data destroyers' overt intention to only cause harm makes them markedly more dangerous than most of the hyper-sophisticated espionage-focused attacks currently being reported in the news.
"It's unclear to me, both from my experience at the FBI and with Kroll, if some of the data stolen by nation states is actually used by nation states. Sometimes I think there's so much data they're collecting in a language that's foreign to them, they may have a problem utilising all of it. When we're talking about other things, like insider threats, the harm is more manifest. You can very easily see the harm to the company," he said.
"But if some nation state steals the CEO's email, the immediate harm facing the company is unclear. No one wants the CEO's email getting out but it's unclear if that emails getting out will cause harm, especially if that nation state isn't going to publicise it to the world."
Ryan said the data destroyer attacks are also, generally, fairly unsophisticated and only succeed due to ongoing issues in most businesses' threat alert systems. "I think that while we've seen some pretty advanced malwares, the vast majority don't reach that level of sophistication. I think it's just most IT workers are being overloaded with the amount of information they're seeing every day. There's this constant white noise of threats. It's very difficult for IT departments to know what the most pressing thing they need to do that day is."
He added that businesses will need help from the government to solve the security issues, calling for increased efforts to create a more centralised threat alert and information-sharing security service that crosses the public and private sphere. The creation of such a solution has been top of many countries' agendas.
Within the UK the government recently implemented a slew of reforms and initiatives designed to increase information-sharing between government agencies and the private sector about cyber threats. Most recently, the government launched its Cyber Security Information Sharing Partnership (CISP) in May.
No comments:
Post a Comment