A few weak computer passwords can put national security at risk


Passwords are a weak form of protection and complacency is high. We may not think that as individuals we are unlucky enough to be attacked by hackers, or that we are even worth hacking. But that complacency extends from smartphone-loving citizens to government contractors and multinational corporations.

This week, Microsoft announced that there was a surge in activity by a suspected government-sponsored group of hackers believed to be from Iran and targeting companies in the Middle East involved in defense, fossil fuel and marine transportation. His strategy? Guess the passwords of Microsoft Office 365 users. His success rate? Fewer than 20 systems out of more than 250 targets were compromised. The prey? Data such as ship plans, logs and satellite images that Microsoft says could help develop the Iranian satellite program.

It wasn’t a sophisticated attack, but it was an effective one. Microsoft says it used a freely available research tool to blow up a number of commonly used passwords on vulnerable systems. This technique, known as password spraying, is more about brute force than subtlety, but any large business will inevitably have a small number of systems that are protected by weak passwords, and they are incredibly convenient Entry point. A survey conducted earlier this year by software company Keeper Security found that more than a third of employees had their company name integrated into a new work-related password. The company also reported high use of family names or dates of birth. For government sponsored hackers who have a wealth of tools at their disposal, accounts like this are the lowest fruit.

Such hackers are known as APTs, or Advanced Persistent Threats, and security watch groups code them accordingly. For example, North Korean APT38, also known as Lazarus Group or Zinc, has traced a number of successful, high-profile attacks – including a crippling one on Sony Pictures – back to 2009. Their goals and strategies are self-evident – obvious: they have specific goals to disrupt, steal, or observe – usually for political or economic purposes – and most importantly, they have the skills, time, and resources to be successful.

It is difficult to prove that nation states are behind APTs and their attacks; The origin of any single cyberattack is difficult to pinpoint and responsibility for it is easy to deny. But the label “state sponsored” can cover a large number of different commitments; Some groups of hackers may be tightly integrated into government departments while others could be third parties that governments turn a blind eye to because their targets happen to be very well aligned. According to Microsoft, the current world market leader in hacking is Russia, as 58 percent of the attacks from July 2020 to June 2021 originated there, followed by North Korea (23 percent) and Iran in third place (11 percent). The USA and Ukraine were besieged the most by cyber attacks with 46 and 19 percent respectively.

The coronavirus pandemic has seen nefarious activity escalate, with Google reporting bad actors using “Covid-related issues” to attack US government employees

The latest attack on a handful of systems via Microsoft Office seems at first glance to be a comparatively minor incident. But the last decade has shown the potential of government-sponsored hackers to wreak havoc. In 2017, the so-called “WannaCry” attack, believed to have originated in North Korea, caused healthcare in the US and the UK, as well as Russian banks and companies like Nissan. In 2018, hackers based in Russia carried out a mass cyber campaign against home routers and ISPs around the world, with weak passwords again giving them easy choices. In 2017, Iran was suspected of a malware attack that resulted in the shutdown of critical infrastructure systems in Saudi Arabia. The connectivity has brought weak points with it.

The coronavirus pandemic has sparked an escalation in nefarious activity, with Google reporting nasty actors using “Covid-related themes” to target US government officials (including labeling them as fast food chains) through phishing scams while Microsoft reported a Russian hacking group called Strontium (APT28) using password spray to infiltrate medical facilities working on a vaccine.

It is particularly important that hackers get hold of a weak password when they gain access rights to other systems within the company. In July, in response to the increased frequency of malicious cyber activity, the US government offered rewards of up to $ 10 million for information that would help authorities track down those responsible.

Multi-million dollar rewards can be quite helpful in fighting these attacks, but Microsoft and Google are also working with corporations to keep something as critical as national security from hanging on something as flimsy as a weak password. Microsoft is pushing for greater use of two-factor authentication (which requires an additional passkey in addition to a password) or preferably sign-in methods that use no passwords at all. It recently encouraged the wider use of an app, Microsoft Authenticator, that neatly logs in with increased security. This week, Google provided free USB security keys to 10,000 users at high risk of government sponsored attacks (activists, journalists, government employees) to completely replace their passwords.

Of course, security enhancements only make hackers more resourceful. Some dispute the validity of the term “cyberwarfare” because the cyberattacks are neither the scale nor the brutality of an actual war. But both sides are pooling all their resources and the struggle, as we can see, is undoubtedly real.

Updated: October 13, 2021, 9:27 a.m.

Source link


About Author

Leave A Reply