Last year, we saw some of the most significant events in the history of cyber attacks, including the largest DDoS attack on record, the Edward Snowden NSA revelations and evidence of nation-state cyber warfare against not only governments but also civilian organizations. What became clear in 2013 is that cyber threats are coming from complex operations funded by nation-states and private enterprises moving so quickly that they have outpaced many of the systems designed to stop them.
Looking forward to the rest of 2014, we see a landscape of highly motivated bad actors continuing to attack organizations of all types. These bad actors are able to execute sophisticated and highly targeted attacks, and will remain an ongoing threat as they continually refine their strategies. Meanwhile, organizations are struggling to protect their confidential assets, and nation-states become more assertive about their offensive and defensive cyber capabilities. With that in mind, here’s what the year could bring:
With cyber espionage fears in the post-Snowden era, some traditionally sensitive nations (Brazil, Mexico) and others who had no hostility to the U.S. (Germany) may grow increasingly nationalistic vis-a-vis the U.S., for both practical and political reasons. As a result, foreign governments and enterprises will try to locate all IT and data infrastructures in-country to better shield themselves from international cyber snooping. Commercial IT, software and security companies will be forced to change their business practices at a significant cost.
Cyber espionage expands globally
There is little prospect of containing this genie: Governments will not relinquish their ability to conduct law enforcement and counterintelligence activities, and the temptation to conduct espionage will always exist. We’ll see emerging markets enter the fray: The revolutionary nature of computers and the amplification power of networks are not exclusive to the world’s largest nations. Further, cyber mini-superpowers will grow, some of them upstarts with means and motive: Poland, Taiwan, Brazil, Japan, India and South Africa. Rogue states like Iran, Syria, North Korea and even non-state actors such as Anonymous, will use cyber attacks to conduct diplomacy and to wage war by other means. (Irony alert: Other world governments will experience their own Snowden affairs, because all governments do it, only on a smaller scale. This will take some focus off the U.S. specifically, and put it on the topic more generally.)
Cyber sabotage will rise
Crime ware is now destroying operating systems as the last step of an attack, for three reasons:
- Cover-up: As European authorities have found success in catching cyber gangs, criminals have decided to add a computer-wiping feature to destroy evidence and avoid arrest.
- Retaliation: For example, when Saudi Aramco was attacked, data on 30,000 computers was destroyed, replacing it with the image of a burning American flag, hinting at cyber retaliation to come.
- Political statement: In March 2013, South Korea was hit with malware that was a throwback to the 1990s — it wiped out computers maliciously. Likely North Korean attackers sent a message: “We can make your life very very hard.”
Financial cyber crime evolves and focuses on equity and capital markets
Like nearly everything else, money has been digitized, and it is possible to transfer it (or steal it) and send it around the world at the speed of light. Equity and capital markets have complex infrastructures — and complexity is the enemy of security. For this reason, most cyber attacks take place long before they are discovered. The more complex the infrastructure, the more likely that criminals will find an exploit.
First major cyber disaster
National critical infrastructures — including everything from electricity to water supplies — are now dependent on the security of the computer hardware and software that manage them. In order to modernize the infrastructure, all these systems are connected to the Web. It is likely only a matter of time before the world sees its first real national or international humanitarian cyber crisis. There are two scenarios:
- Intentional: Stuxnet and Iran’s alleged retaliation against Saudi Aramco have shifted the thinking on cyber war from theory to reality. But these are mere hints of what is likely to occur in the future — the World Wide Web is just one generation old.
- Accidental: We still do not know exactly how the 2010 Flash Crash happened; or why, on the 23rd anniversary of Tiananmen Square, the Shanghai Stock Exchange opened and closed on numbers that uncannily reminded everyone of the 1989 crisis in China. Algorithms are now making most of our daily decisions for us, and they are prone to both malicious manipulation and to making mistakes.
Cyber attacks are nothing new, what we’re witnessing is the combination of immense funding, inexpensive access to massive computing resources and profit opportunity, driving attacks at a pace that is overwhelming our traditional approach to cyber security. As consumers, we put more of our personal information online, and it no surprise that the attacks witnessed in the cyber sphere are starting to seep into our day-to-day lives. Conversations about zero-day threats and APTs, traditionally held in online forums, are making their way into the headlines of major news outlets around the globe, and we need to rethink our approach to managing attacks so we can effectively face these evolving and global threats.
David DeWalt is the chief executive officer at chairman of the board at FireEye, a leader in stopping the new generation of cyber attacks, such as advanced malware, that easily bypass traditional signature-based defenses and compromise more than 95 percent of enterprise networks. Prior to joining FireEye, he served as president, chief executive officer and director of McAfee Inc. before it was acquired by Intel in 2010. DeWalt holds a B.S. in computer science from the University of Delaware. Reach him @FireEye.