NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

What Public Disclosures are Revealing about Cyber War Threats

May 29, 2019

  • Blog
  • Archive

If you follow cybersecurity news on a regular basis, the realization of what is coming for a true cyber war is downright frightening. For many who may be reluctant to view the looming threat head on, the quote from Jack Nicholson in the movie, A Few Good Men, may apply -- “you can’t handle the truth!”

Some may argue that we are on the brink of a cyber war, while others assert that what we see in the public sphere is only a mere fraction of the cyber-offensive capabilities of many nation states. The opportunistic ransomware incidents of this month, like in the city of Baltimore, reveal how paralyzing cyber threats can be—even if they are not nation-state backed attacks. And, Israel has even bombed a suspected cyber warfare center, bridging the gap of suspected cyber terrorist sources with physical military action. The signs are all around us of what the devastating end results could be.

What Kind of Damage Could a Cyber War Wreak?

A true cyber war could be nearly as devastating as conventional bombs and weapons in terms of human life and destruction to infrastructure and the economy. If you think that this is farfetched, consider these real world examples of the escalation of sophisticated cyberattacks targeting critical infrastructure:

  • Triton: In December 2017, an unidentified power generation facility, believed to be in Saudi Arabia, was compromised when the Triconex industrial safety control system made by Schneider Electric SE was exploited in what was reported to have been a state-sponsored attack. The malware, known as "Triton", exploited a vulnerability in computers running the Microsoft Windows operating system, and potentially allowed the threat actors nearly full control of the safety systems for the power plant.
  • GPS Manipulation: According to a study conducted by The Center for Advanced Defense Studies, the Russian Government is actively hacking the global navigation satellite system to confuse thousands of ships and airplanes regarding their current location. As an example of this potential threat reported by the UK Space Agency, Britain’s entire critical infrastructure relies on the GNSS and GPS for operations.
  • GHIDRA: Ghidra is a software reverse engineering framework developed by National Security Agencies Research Directorate to support ongoing United States government cybersecurity missions. The tool helps analyze malicious code and malware, and can give cybersecurity professionals a better understanding of potential vulnerabilities in their networks and other advanced file-based threats. The tool was released to the public on April 4th, 2019.
  • Medical Devices: The earliest attacks on medical devices can be linked back to the late researcher, Barnaby Jack (a former colleague of mine at eEye Digital Security, now BeyondTrust). As early as 2011, demonstrations on the vulnerabilities in medical devices were published and raised awareness of the potential risks when IT meets implanted medical equipment. This threat has become vastly more prevalent as mhealth and IoT have exploded in popularity. Some IT-enabled medical devices still have default, embedded passwords, which is a particularly risky practice.
  • HOPLIGHT: According to the US-CERT, this malware was created by the North Korean government and is designed to inventory a host, collect targeted information, and relay that data to a list of addresses on the Internet. This default payload contains a reconnaissance tool, but future versions are speculated to use this information for deeper, targeted attacks based on attributes discovered on a host system.

Reflecting on the Real Threats to Critical Infrastructure Security

It is clear that we are dealing with much more than ransomware given the sophistication and sources of these attacks. In summary, these cyberattacks and malware have the capability to:

  • To penetrate infrastructure (Triton) and inflict wide-ranging damage—from service disruption to catastrophic systems failure, and even extreme damage to critical infrastructure
  • Misdirect commercial navigation (GPS) that could cause collisions in dependent services, like shipping, aviation, and civil rescue
  • Reverse engineer attacks for countermeasures and new attack vectors (GHIDRA)
  • Target individuals with medical history (medical devices) for assassination
  • Provide reconnaissance and surveillance of foreign activities (HOPLIGHT) to reveal sensitive information and plan for future attacks, both physical and cyber
  • Impact devices from computers to IoT, IIoT, SCADA, and ICS that could devastate a company or public, critical infrastructure.

If we consider that these are only a fraction of what nation states wield in their cyber war arsenal, we should all take note. We “need to handle the truth” and not ignore the potential threats against our critical infrastructure, homes, businesses, personal well-being, and government systems.

Resources on Securing Critical Infrastructure from Cyber Threats

IIoT Security: Managing Identities and Privileges (guide)

Mapping BeyondTrust Solutions to NERC Critical Infrastructure Protection (CIP) (white paper)

Secure IoT/IIoT Devices with BeyondTrust solutions (datasheet)

Four Pillars to Securing UK National Infrastructure (blog)

Securing IoT with Privileged Access Management (blog)

Photograph of Morey J. Haber

Morey J. Haber, Chief Security Officer, BeyondTrust

Morey J. Haber is the Chief Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored three books: Privileged Attack Vectors, Asset Attack Vectors, and Identity Attack Vectors. He is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud based solutions and regularly consults for global periodicals and media. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition where he served as a Product Owner and Solutions Engineer since 2004. Prior to eEye, he was Beta Development Manager for Computer Associates, Inc. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.