Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

What Public Disclosures are Revealing about Cyber War Threats

May 29, 2019

  • Blog
  • Archive

If you follow cybersecurity news on a regular basis, the realization of what is coming for a true cyber war is downright frightening. For many who may be reluctant to view the looming threat head on, the quote from Jack Nicholson in the movie, A Few Good Men, may apply -- “you can’t handle the truth!”

Some may argue that we are on the brink of a cyber war, while others assert that what we see in the public sphere is only a mere fraction of the cyber-offensive capabilities of many nation states. The opportunistic ransomware incidents of this month, like in the city of Baltimore, reveal how paralyzing cyber threats can be—even if they are not nation-state backed attacks. And, Israel has even bombed a suspected cyber warfare center, bridging the gap of suspected cyber terrorist sources with physical military action. The signs are all around us of what the devastating end results could be.

What Kind of Damage Could a Cyber War Wreak?

A true cyber war could be nearly as devastating as conventional bombs and weapons in terms of human life and destruction to infrastructure and the economy. If you think that this is farfetched, consider these real world examples of the escalation of sophisticated cyberattacks targeting critical infrastructure:

  • Triton: In December 2017, an unidentified power generation facility, believed to be in Saudi Arabia, was compromised when the Triconex industrial safety control system made by Schneider Electric SE was exploited in what was reported to have been a state-sponsored attack. The malware, known as "Triton", exploited a vulnerability in computers running the Microsoft Windows operating system, and potentially allowed the threat actors nearly full control of the safety systems for the power plant.
  • GPS Manipulation: According to a study conducted by The Center for Advanced Defense Studies, the Russian Government is actively hacking the global navigation satellite system to confuse thousands of ships and airplanes regarding their current location. As an example of this potential threat reported by the UK Space Agency, Britain’s entire critical infrastructure relies on the GNSS and GPS for operations.
  • GHIDRA: Ghidra is a software reverse engineering framework developed by National Security Agencies Research Directorate to support ongoing United States government cybersecurity missions. The tool helps analyze malicious code and malware, and can give cybersecurity professionals a better understanding of potential vulnerabilities in their networks and other advanced file-based threats. The tool was released to the public on April 4th, 2019.
  • Medical Devices: The earliest attacks on medical devices can be linked back to the late researcher, Barnaby Jack (a former colleague of mine at eEye Digital Security, now BeyondTrust). As early as 2011, demonstrations on the vulnerabilities in medical devices were published and raised awareness of the potential risks when IT meets implanted medical equipment. This threat has become vastly more prevalent as mhealth and IoT have exploded in popularity. Some IT-enabled medical devices still have default, embedded passwords, which is a particularly risky practice.
  • HOPLIGHT: According to the US-CERT, this malware was created by the North Korean government and is designed to inventory a host, collect targeted information, and relay that data to a list of addresses on the Internet. This default payload contains a reconnaissance tool, but future versions are speculated to use this information for deeper, targeted attacks based on attributes discovered on a host system.

Reflecting on the Real Threats to Critical Infrastructure Security

It is clear that we are dealing with much more than ransomware given the sophistication and sources of these attacks. In summary, these cyberattacks and malware have the capability to:

  • To penetrate infrastructure (Triton) and inflict wide-ranging damage—from service disruption to catastrophic systems failure, and even extreme damage to critical infrastructure
  • Misdirect commercial navigation (GPS) that could cause collisions in dependent services, like shipping, aviation, and civil rescue
  • Reverse engineer attacks for countermeasures and new attack vectors (GHIDRA)
  • Target individuals with medical history (medical devices) for assassination
  • Provide reconnaissance and surveillance of foreign activities (HOPLIGHT) to reveal sensitive information and plan for future attacks, both physical and cyber
  • Impact devices from computers to IoT, IIoT, SCADA, and ICS that could devastate a company or public, critical infrastructure.

If we consider that these are only a fraction of what nation states wield in their cyber war arsenal, we should all take note. We “need to handle the truth” and not ignore the potential threats against our critical infrastructure, homes, businesses, personal well-being, and government systems.

Resources on Securing Critical Infrastructure from Cyber Threats

IIoT Security: Managing Identities and Privileges (guide)

Mapping BeyondTrust Solutions to NERC Critical Infrastructure Protection (CIP) (white paper)

Secure IoT/IIoT Devices with BeyondTrust solutions (datasheet)

Four Pillars to Securing UK National Infrastructure (blog)

Securing IoT with Privileged Access Management (blog)

Morey J. Haber

Chief Technology Officer and Chief Information Security Officer at BeyondTrust

Morey J. Haber is Chief Technology Officer and Chief Information Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four Apress books: Privileged Attack Vectors (2 Editions), Asset Attack Vectors, and Identity Attack Vectors. In 2018, Bomgar acquired BeyondTrust and retained the BeyondTrust name. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. Morey currently oversees BeyondTrust strategy for privileged access management and remote access solutions. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 25, 2021

Customer Tips & Tricks: Remote Support for Android

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.