Cyberwarfare: How foreign wars can affect us at home

On April 13, 2024, for the first time from their own country, Iran launched a huge missile and drone attack against Israel. This is all over the news, but did you know there was a cyber-attack prior to the strike against the Israeli radar systems? The pro-Iranian cyber gang known as Handala claimed to have breached radar systems and sent 500,000 text messages to Israeli citizens. The attack was meant to soften up the Israeli defense system and intimidate citizens, although it appears not to have had the desired effect.

More and more, cyberwarfare is part of the multi-pronged attack in kinetic warfare. So far, it has not been something that wins wars directly, but it contributes to the effects of other strategies. Cyberwarfare encompasses a range of activities, from espionage and sabotage to propaganda and disinformation campaigns. It is characterized by its low visibility and high impact, making it an attractive tool for state and non-state actors seeking to achieve strategic objectives without resorting to conventional military force. Additionally, the cyber domain offers a level of deniability and the ability to strike at the heart of critical infrastructure and societal functions.

There are three types of cyberwarfare commonly used today: wipers, distributed denial of service (DDoS), and defacement. The objective of wipers is to delete information from a network. This denies users access to their own data. Wiper attacks may include ransomware. A DDoS attack aims to take down a website or online resource by overwhelming it with malicious traffic. This is usually done with botnets (remotely controlled malware infected computers). Both types of attacks deny the end user access to their information or network. The third type of attack goes about their objective slightly different. Defacement deletes or modifies information on a website. The objective is to mislead the public into thinking the malign planted news is reliable with the hopes of that news going viral. This can be part of a wider psychological operation in the campaign.

There are estimates that the Iranian Ministry of Intelligence (MOIS) carried out more than 2,000 attacks each in the first week of April. Together, they operate more than 10 different attack groups. A cybertracker from CyberKnow reveals that 65 groups were involved in the campaign against Israel from the 1st to the 8th of April 2024, carrying out DDoS, defacement, and other types of attacks.

The targets of these attacks are not always digital. During the April 13th missile attack, Iranian-backed hacktivist group, the “CyberAv3ngers,” caused power outages in several Israeli cities. The CyberAv3ngers became famous in the U.S. in November and December 2023 for targeting U.S water facilities. Water utilities in Pennsylvania, Texas, and Florida were compromised. Although the consequences of the compromises were not dire, the group was sending a message that it could compromise high value targets and do damage if it wanted. The group targeted U.S. utilities for the U.S. support of Israel.

Although Iran’s cyber-attacks are noted above, it is not specific to that country. Cyberwarfare is being employed by all major powers across the globe. Israel, the U.S.A, China, Russia, North Korea, the UK, and European Union countries use these activities as part of their wider strategy to affect their influence.

Even though a kinetic war is being waged over 6000 miles away, cyber-attacks can affect us at home. Public utilities should especially be cyber prepared for anything in this environment.

You can find the original article here from the Sierra Vista Herald.

Supply Chain Security: Safeguarding Critical Infrastructure from Cyber Threats 

Imagine you invented a hypoallergenic egg. For one, you’d be a zillionaire. For another, you’d be the hero for everyone who loves lemon merengue pie but is allergic to eggs. Now imagine a psychopath who wanted to hurt your customers. All they need to do is insert regular eggs into one of your delivery trucks. Mayhem and disaster would be the result. 

In today’s interconnected world, supply chains form the backbone of the global barnyard. Supply chains enable the seamless flow of goods and services around the world. But the increased reliance on digital technologies and third-party suppliers means supply chains have become prime targets for cyber-attacks. This poses significant risks to critical infrastructure and services (like electrical distribution grids). As organizations struggle with the challenges of supply chain security, the importance of building resilience to cyber threats has never been more apparent. 

Supply chain vulnerabilities, particularly those stemming from third-party software and hardware suppliers, present many cybersecurity risks. These risks vary greatly. Malicious actors inject malware into supplier networks to compromise the integrity of software or hardware components. And don’t forget about the everyday users who inadvertently expose sensitive data to unauthorized users. The interconnected nature of supply chains amplifies the impact of these vulnerabilities. A break in one link of the supply chain can cascade through the entire chain. This disrupts operations and causes widespread damage. 

One of the key challenges in supply chain security is the lack of visibility and control over third-party suppliers. Many organizations rely on a complex network of suppliers, each with their own cybersecurity practices and vulnerabilities. This diversity makes it difficult to enforce consistent security standards across the supply chain, leaving organizations vulnerable to exploitation by cyber adversaries. Outsourcing critical functions to third-party providers further complicates the security landscape. Sometimes it’s necessary to allow external partners access to sensitive data and systems. 

To address these challenges, companies need to recognize and accept the need to strengthen the supply chain. They must take steps to fortify cybersecurity strategy. This will involve adopting a proactive default-deny zero-trust approach to access, rather than merely reacting to incidents after they occur. Key elements of a zero-trust supply chain include: 

  • Access control: Creating a policy of default-deny for applications, users, networks, and devices. 
  • Risk Assessment and Management: Conducting thorough risk assessments to identify vulnerabilities and dependencies within the supply chain, and implementing zero-trust-based risk management measures to mitigate potential threats. 
  • Vendor Management: Establishing robust vendor management processes to vet suppliers, monitor their security posture, and enforce compliance with cybersecurity zero-trust standards and best practices. 
  • Supply Chain Monitoring and Intelligence: Implementing continuous monitoring and threat intelligence capabilities to detect and respond to cyber threats in real-time, both within the organization and across the supply chain. 
  • Contingency Planning and Response: Developing contingency plans and response strategies to minimize the impact of supply chain disruptions, including alternative sourcing options and incident response protocols. 
  • Collaboration and Information Sharing: Engaging in collaborative efforts with industry partners, government agencies, and cybersecurity organizations to share threat intelligence and best practices for supply chain security. 

By investing in these proactive measures, organizations can strengthen their supply chain resilience and reduce the risks posed by cyber threats. In a time of escalating cyber-attacks and supply chain vulnerabilities, safeguarding critical infrastructure and services requires a coordinated effort to fortify the weakest links in the supply chain. 

Supply chain security is paramount in safeguarding critical infrastructure and services from cyber threats. As organizations navigate the complexities of global supply chains, building resilience to supply chain vulnerabilities becomes imperative. By adopting a proactive approach to supply chain security and implementing robust risk management practices, organizations can mitigate the risks posed by third-party suppliers and ensure the continuity of operations in an increasingly interconnected world. 

You can find the original article from the Sierra Vista Herald here.

Locals At Risk Due to Data Breaches – How to Protect Yourselves 

A data breach that occurred in 2021 could be affecting readers today.  On the dark web, a hacker named ShinyHunters is attempting to sell personal data of 73 million people who were customers of AT&T.  After initially denying the data was theirs, AT&T confirmed that the data appears to be from 2019 and impacts approximately 7.6 million current AT&T account holders and 65.4 million former account holders.   The data includes names, address, phone numbers and for some, even social security numbers (SSN) and birth dates.   Additionally, the security pass codes for 7.6 million accounts were also leaked.   If you were a DirectTV customer, your data may be included.   The subscriber base at the end of 2019 was almost 202 million subscribers, so it appears to be a partial data dump. 

At this point you may be thinking, “Big deal, that was 5 years ago. What use could that information be for hackers?”  Good question.  There is a treasure trove of data that hackers can use that may impact you.  First, hackers could have access to your current account if your security passcode has not changed since then.  AT&T is aware of this and are reaching out to these customers.  Hackers can use phishing and other social engineering techniques claiming to be AT&T support.  If you get an email or SMS text from someone claiming to be an AT&T representative, we recommend that you go “out of band” instead of replying or clicking the link.  Go to AT&T’s website that you know is valid. Contact them through the methods provided on their website.   

One of the biggest dangers of this breach was the stolen SSN and birth date information.  Along with your name and address, hackers can apply for credit cards in your name and run up debt in your name.   Hackers can use your SSN to access your bank accounts.  They could pose as you with the bank’s customer support performing fraudulent transactions and transferring funds.   Using your SSN, a hacker can access your credit reports and subsequently apply for a loan for themselves in your name.  There’s more, but you get the point. 

Vigilance is the optimal option.  We recommend setting up multi-factor authentication on all accounts that offer the option.  Your bank and your credit cards definitely have this available.  It is a little more work to access your account but more than worth the effort. Most accounts use a username and password for access.  Multi-factor authentication uses a second method to verify that the user is authorized.  This may come in the form of a code sent via email or text or using an application like DUO or Authenticator.  Monitor your credit card and bank accounts regularly.  Report suspicious activity right away.  Consider using credit monitoring services. 

Of course, good cyber hygiene with your passwords is always recommended.  Do NOT reuse the same password on multiple sites.  That makes it very simple for hackers to try that password on other accounts. If your information was part of a breach, change your passwords.  To see if your email address has been involved in a breach, visit this site, https://haveibeenpwned.com, and enter your email address.  This provides a list of breaches the account was involved.   

If the AT&T hack is too old to have you concerned, Circle K was hacked in January of this year.  Loyalty data and partial credit card information was revealed. 

Don’t think that you are not a big enough target.  Hackers go for the low hanging fruit. If it’s too easy to pass up, they will not.  The old adage, “an ounce of prevention is worth a pound of cure,” rings very true in the cyber world.   

You can view the original article from the Sierra Vista Herald here.

Is the world headed towards Central Bank Digital Currency? 

The Bank for International Settlements (BIS), is the governing body for most of the world’s Central Banks, including the United States Federal Reserve Bank. The BIS plays a pivotal role in the global financial system and has been actively involved in discussions and research regarding Central Bank Digital Currencies (CBDCs). One of the potential applications of CBDCs, as highlighted by the BIS and other financial authorities, is to enhance the monitoring and regulation of financial transactions to combat illicit activities such as money laundering, terrorism financing, and tax evasion. Here’s how CBDCs could facilitate this: 

Digital Traceability: CBDCs inherently possess a digital footprint, allowing transactions to be recorded on a blockchain ledger (think of it like an accountant’s ledger book), which could be either centralized or distributed. This digital traceability means that unlike cash transactions, which are anonymous and untraceable, CBDC transactions can be monitored and audited by the issuing central bank and other regulatory authorities. This makes it more challenging for individuals or entities to engage in illicit financial activities. 

Enhanced Regulatory Oversight: With CBDCs, central banks and financial regulatory bodies could have real-time or near-real-time access to transaction data. This capability would significantly enhance regulatory oversight, making it easier to identify suspicious transactions as they occur and take swift action. Advanced analytics and AI algorithms could be employed to detect patterns indicative of money laundering or other forms of financial crime. 

Implementation of Compliance Checks: CBDC platforms can be designed to automatically enforce regulatory compliance. For instance, transactions exceeding certain thresholds can be programmed to require additional verification before they are processed. Similarly, transactions involving entities on watchlists or sanctions lists can be automatically flagged or blocked, ensuring compliance with anti-money laundering (AML) and counter-terrorism financing (CTF) regulations. 

Reduction in Anonymity: While the reduction in anonymity might raise privacy concerns, from a regulatory perspective, it limits the ability of criminals to operate undetected within the financial system. CBDCs can be designed to strike a balance between privacy and transparency, ensuring that while individual privacy is respected, there is enough transparency to deter and detect illicit activities. 

Global Cooperation and Cross-Border Payments: CBDCs can also facilitate improved cooperation between countries on financial oversight. With CBDCs, cross-border payments can become more transparent and faster, reducing the time window that criminals must move illicit funds across jurisdictions. Enhanced data sharing and cooperation between central banks and international regulatory bodies could further strengthen global efforts to combat financial crime. 

It’s important to note that while CBDCs offer these potential benefits for combating illicit financial activities, the implementation of such systems must carefully consider privacy rights and data protection laws. The challenge lies in designing a CBDC system that maximizes the effectiveness of regulatory oversight and crime prevention without infringing on individual privacy and freedoms. 

On October 19, 2020, the BIS General Manager, Agustin Carstens, called for “a unified programmable ledger in a public-private partnership”. He was talking about CBDC. Think of it as Bitcoin (blockchain) but without the privacy blockchain currencies afford. Mr. Carstens further stated, “for example, we don’t know who’s using a $100 bill today, we don’t know who is using a 1000 peso bill today. A key difference with the CBDC is that the central bank will have absolute control on the rules and regulations that will determine the use of that expression of central bank liability and also we will have the technology to enforce that.”  

So, in essence, Mr. Carstens is talking about a bank account with digital money which can be programmed for specific use. For example, the entity which controls the digital $100 in a given bank account could put an expiration date on the money thus ensuring it will be spent by a specific date. Or it could be programmed so it can only be spent on food, or rent, or gasoline. This programmability is only limited by the imagination of the controlling entity. 

Whether this is a good thing or not is conjecture. Either the BIS will restrict itself to a reasonable amount of control over every digital dollar and allow citizens of each nation to continue private individual control of their own private earnings or they won’t. 

The original article from the Sierra Vista Herald can be found here.