Clearly, we want to ensure our devices are never infected by malware. In the worst case scenario a successful malware attack could be devasting such as hackers get into your bank account taking out loans in your name and even mortgages. In the least damaging instance, you could find yourself blitzed with a wave of unwanted emails because someone, somehow has gotten your email address. And everyday millions of these types of attacks are launched each day.
But sometimes attacks take place that are so far reaching, so ambitious in their scale and so damaging in their consequences they have ripple effect, spreading out and affecting millions of people.
Two recent events are prime examples. The Costa Rican government was recently hit with a ransomware attack on the government's computer systems which also exfiltrated data and which could have destabilized the country as it transitions to a new administration.
- In Costa Rica among those affected by the attack were the Ministry of Finance and the Treasury's customs platforms. Hackers accessed sensitive historical data related to taxpayers, causing bottlenecks in imports and exports that are thought to have cost hundreds of millions of dollars.
- The government refused to give into the ransomware demands but its Finance Ministry warned citizens to be on their guard against phishing attacks, bogus phone calls, and other attempts by criminals to commit fraud following the data breach.
- The Finance Ministry also said it had been contacted by members of the public who have received bogus messages claiming to come from the government, trying to trick recipients into handing over their passwords.
The notorious Conti ransomware group claimed responsibility for the attack that hit six public institutions, demanding that a $10 million ransom be paid to prevent exfiltrated data from being leaked onto the internet.
Conti operates much like a regular company, with salaried workers, bonuses, performance reviews and even “employees of the month. Some Conti workers were told they were working for an ad company and were unaware who was employing them.
The other event was the US Department of Justice’s indictment of four Russian hackers who launched campaigns that targeted energy companies around the world, while working for the Russian government.
The US four Russian nationals are alleged to have installed backdoors and launched malware attacks designed to compromise the safety of energy facilities and to enable future physical damage with potentially catastrophic effects.
- In one case they planted malware on a safety system, designed to prevent the refinery's safety systems from operating properly, allowing potentially catastrophic damage to be caused at the Petro Rabigh refinery complex in Saudi Arabia.
- The malware was designed to give the attackers complete control of infected systems, and could have resulted in the release of toxic gas or an explosion, causing physical damage to the facility and loss of life. However, a fault in the malware's deployment resulted in the safety systems at the refinery automatically initiating emergency shutdowns of its operations.
- One attack targeted the computers of a US company managing similar critical infrastructure in the United States and others also infected equipment controllers used by oil and gas firms, nuclear power plants, and utility companies around the world. One of the targets was the Wolf Creek nuclear power plant in Kansas, which failed to have any negative impact.
The attacks are said to have taken place between 2012 and 2018 though the indictment was just made several weeks ago, proving how laborious and difficult it can be to track attacks and identify the individuals behind them. Of course it’s unlikely the four individuals behind the attacks will ever appear in a US court. But it does offer a glimpse into the hidden world of nation stated sponsored attacks. We can point a finger at Russia and China as being prolific sources for these types of attacks but the truth is that all major nation states are doing the same.