Years ago hackers planted malicious software on computer systems that control parts of the United States’ critical infrastructure, including pieces of the electrical grid, gas and water systems. The malware, which the Department of Homeland Security warned about only last month, was dubbed BlackEnergy and traced back to the Russian government.
Whatever they were up to, the cyber-infiltrators didn’t use the digital weapons they’d planted to do any damage.
“This suggests that attackers are collecting detailed information on systems and processes running the vital infrastructure of the U.S ... to coordinate further attacks,” says Pierluigi Paganini, a security analyst who publishes the blog SecurityAffairs. The DHS conjectured that attackers planted the threat to deter a future U.S. attack. (Remember Stuxnet?)
The BlackEnergy intrusion is the kind of stuff that national governments typically do in attacks against one another, but it was also reminiscent of a recent corporate hack that hit banking giant JPMorgan last summer. Intruders nosed around the bank’s systems from June to August, undiscovered and uninterrupted. They didn’t take sensitive information like credit card and Social Security numbers, the stuff that sells for a lot of money on the black market. But they did leave malware in the network that could possibly let them further exploit or control the company’s system any time they wanted.
BlackEnergy and the JPMorgan hack have given researchers, government authorities and corporate guardians ample reason to wonder if we’re watching a nascent but significant shift in the security landscape — one that suggests that corporate America is now subject to cyberhacks and cyberattacks once reserved for governments and critical infrastructure.
The recent hacks, as well as others involving Target and the U.S. Postal Service, show that attackers can squat on a network, undetected, for months. If motivated to do so, they could enter a system, study it and learn how to do more than just steal information.
David Cowan, a cybersecurity investor at Bessemer Venture Partners, said it’s a trend he’s watching closely. Some security professionals believe we’ll see corporate attacks become more destructive over the next year.
Most criminals infiltrate a system to steal and sell data. It’s rare to see an attacker try to shutdown or harm a company.
“To take down a target, you put a price on your head,” says Jeremy Pickett, the head of threat research at the startup vArmour and a former infosec engineer at PayPal. “People hack for financial gain to make getting caught worthwhile. Ideologically motivated attacks only occur in extremely polarized areas, like Iraq.”
We’re living in what appears to be an increasingly polarized world, where relationships between large countries like the United States, Russia, China and Iran are becoming increasingly strained. That’s why Paganini likens the changing online threat to the arms race and acts of espionage that marked the Cold War battle that Russia and the U.S. waged after World War II and through the 1980s.