This blog post was written by Bruce Snell.
You may have heard recently about US Justice Department’s plans to officially lay blame for the 2013 cyber-attack against a dam in Rye Brook, New York on Iran. For people living in the immediate area it caused a lot of concern, maybe causing a run on sand bags, inflatable boats and flood insurance. For the information security crowd, it caused a bit more concern over attacks on our nation’s critical infrastructure. These are legitimate concerns, but for most people who use their computer for email, filling out their March Madness brackets or checking Facebook, it might not be something that causes that much concern. You may be asking yourself, “why do I care about this dam attack?”.
In movies and TV shows, we often hear things like “we’ve traced the attacker to the third floor of an apartment building in Prague” and then the camera cuts to a scene of someone with a hooded sweatshirt furiously typing away in front of a bank of monitors as they code the attack in real time. Real cybercriminals don’t operate this way. Part of why it takes so long to really figure out who is behind an attack (usually referred to as “attribution”) is because any hacker that’s worth his/her salt will take many steps to hide their point of origin. A common way to do this is to first hack another system and then launch a new attack from this now compromised system. This is typically called “pivoting”.
An attacker could actually do a series of pivots, making it even harder to track the attack back to its point of origin.
So where does the attacker find these systems to use as pivot points? While some cybercriminals might look for unprotected webservers they could take over, there is actually a much easier source for spare computing power to launch their nefarious schemes: your computer. Ok, not your computer, but others like it. One popular tactic for cybercriminals is to install software on an infected system that turns it into part of a connected network of systems known as a botnet. Once a system is part of a botnet, it can be used not only to collect all sorts of information about the person using the infected system (what sites they visit, logins and passwords, even webcam captures), but these systems can now be used to send out spam, spread the infection to other nearby systems, or even launch attacks. There is even an underground economy around botnets where cybercriminals can rent time on a botnet to carry out their own cybercrime operations. Operations like launching attacks at critical infrastructure.
When we go back to the original question of “why should I care about this dam attack?”, it starts to become clear that keeping our computers free of malware can actually weaken the tools of the cybercriminals who want to launch attacks against banks, hospitals and critical infrastructure.
So how do we, as the average Joe, make it harder for the bad guys?
- Remain vigilant: Spam and phishing continue to be a top tool for cybercriminals, so take extra care to not click on a suspicious link or attachment. What makes it suspicious? Maybe it’s an oddly worded email pretending to be your bank asking for more information. It could be an unexpected attachment from someone in your contact list. If you weren’t expecting someone to send you an attachment, call or text them to double check. Cybercriminals will try every trick in the book to get you to click on a bad link so they can infect your device.
- Stay up to date: I don’t mean staying up to date on the news and weather (although that’s also important), I mean keep your system up to date with the latest security patches and updates. At McAfee Labs, we see plenty of older malware still running around and infecting systems years after a patch has been released that stops the exploit. Turn on automatic updates for your device to make keeping up to date easier.
- Use security software: Keeping your system up to date will help you stay safe from older viruses, but you should also install anti-virus on your system to protect against new threats or older threats that haven’t yet been fixed by OS or application updates. Our McAfee Labs team currently sees an average of 5 new threats every second and there is no indication that the bad guys are slowing down. Installing anti-virus is a simple step you can take to help your system from become a tool for cybercriminals.
Attacks against critical infrastructure like dams, electrical grids and gas pipelines are only going to continue in frequency as we move to a more connected world. Manufactures and the security teams who watch these assets are doing their best to keep the attackers at bay, but those of us at home can do our part by keeping our desktops, laptops, tablets and smartphones free of malware that could be used as a tool by cybercriminals. It doesn’t require a degree in IT or a huge amount of time to stay safe, just mix the three tips above with some common sense and you’re on the right track.