Cyber threatscape moving in new directions
The imagination of those behind the development of malicious code and those involved in the design of cyberattacks makes it nearly impossible to describe the expansive cyber threat domain.
Creativity and innovation are key elements in the design of offensive cyber weapons and defensive cyber measures. The imagination of those behind the development of malicious code and those involved in the design of cyberattacks makes it nearly impossible to describe the expansive cyber threat domain. That being said, it seems like the creative minds of cyberattackers and security researchers have been working overtime in the past few months. Below are listed three of the “best of the best” innovative approaches to cyberattacks.
Example 1. Cyber threat investigators disclosed that they were able to remotely access a laser printer, continuously hack the fuser (heater) unit and cause it to overheat and catch fire. Could this be used by an arsonist to set fire to a facility? Yes. Would this even enter the mind of a fire/arson investigator in the course of their work to determine the cause of a fire? Probably not. They would likely track the source of the fire back to the printer and probably identify the cause as an accident attributed to a printer malfunction. The printer would indeed be the fire’s point of origin, but the conflagration would not have been accidental. It would have been arson caused by hacking the printer. We would be naive if we think this method of arson is taught to fire investigators.
Example 2. Researchers demonstrated their ability to hack into a vehicle moving at 60 mph. We all know the vast number of microchips and computers in use in the modern car. If you can hack and access those computers, you can take control of the vehicle. You could disable the vehicle’s brakes or cause it to accelerate, which could result in a crash. Would accident investigators go as far as to investigate this possibility? Are they trained to consider this? Probably not.
Example 3. Cybersecurity experts have issued warnings about the vulnerability to cyberattack of medical systems and treatment devices that use wireless communication to connect to networks or have a cellular dial-up modem built in. Many of these devices are behind in applying software patches due to the stringent testing requirement. Forget patch Tuesdays. These requirements make it impossible to apply patches in a timely manner to the common operating systems.
There have been reports that the head of one organized crime entity in Europe was killed while being treated in a hospital for gunshot wounds. The report stated that someone hacked into the hospital system and modified his prescribed medication. When those medications were administered, they killed the patient. That incident, coupled with the report, “Attack Surface: Healthcare and Public Health Sector,” from DHS’ National Cybersecurity and Communications Integration Center, moved this cyberattack vector to the top of the list of concerns of many health care chief information security officers.
It takes a great imagination to really get our arms around the plethora of threats emanating from cyberspace. We must open our cognitive processes up to discover new threat concepts. One of these is the creation of virtual states. We must stop regarding computers as simply boxes on our desks, or just think of our laptops, smart phones and tablets as the only equipment that contains microprocessors and microcontrollers. This is the only way we can move to a more proactive position toward cyber threats and away from the last-minute reactionary posture that has dominated our approach to security for years. After all, Einstein reportedly said, “Insanity is doing the same thing over and over again but expecting different results.”