The first prediction from AT Kerney’s Global Business Policy Council paper this year was that a crippling cyber attack on critical infrastructure in a major economy will occur. The attacks have just begun.
Hackers across the world stole cyber-weapons developed by the NSA, a military intelligence unit and a constituent of the United States Department of Defence (DOD) and attacked thousands of Microsoft Windows users across 74 nations. The attack was particularly intense in 12 nations including Britain, Russia and India. Avast and Kaspersky the anti virus soft ware providers estimate that 195,000 computers across the world have been affected and the attacks may continue.
The attackers encrypted computer systems of hospitals in Britain locking out doctors from critical patient data and also disrupting the logistic movement turning back thousands of patients from hospitals. In Russia they attacked the powerful ministry of defense and the interior ministry belatedly admitted that a 1000 computers may have been affected. In India the first reports say that police data across Andhra Pradesh has been compromised, but the full effect of the attack on India could be known only after offices open on Monday morning across the country. The ICERT the Indian Computer Emergency Response Team said that around 100 computers are known to be affected so far and the agency was continuously monitoring the damage.
Using weapons stolen from the US cyber arsenal
The NSA has been developing cyber weapons since a decade back to hack and jam computer systems across the world in event of a cyber warfare. Unconfirmed reports say that the NSA had realized that it’s cyber weapons arsenal was raided a few months ago and had informed Microsoft which had issued an alert that recommended the installation of updates in the Microsoft March 2017 Security Bulletin as a means of stopping the spread of the attack.
However the Microsoft patch may not be a full scale defense. While unpatched Windows computers exposing their SMB services can be remotely attacked with the “EternalBlue” exploit and infected by the WannaCry ransomware and are more vulnerable to attack, others are not immune to the ransomware. Edward Snowden blamed the NSA for creating such powerful cyber weaponry that small operators could access and use to launch devastating countrywide attacks.
Collecting ransom in bitcoins
Though nobody has claimed ownership of the attacks, a group called Shadow Brokers had started using the stolen weapons to collect ransom from institutions across the globe since last summer. Typical ransom demanded was $300 in bitcoins ( approximately Rs 19,000) to decrypt one computer system, though some users report to a $600 Bitcoin demands.
Asking ransom through bitcoin is the new trend in cyber warfare as it is digitally movable globally without controls. Though it is not known if the two attacks are related Wipro the Indian software giant was recently threatened with a biotech attack on its campus, and $500 million in bitcoins was demanded as ransom payable by 25 May. Some of the threats made on major IT companies and ransom demanded after attacks made on defense installations, telecom majors shows the level of sophistication and the confidence of the attackers.
A major cyber attack is in the offing says AT Kearney
However experts say these are pilot attacks that were possibly test runs to the big attacks that hit worldwide this weekend the more attacks could be accelerating with new malaware during the summer this year. We must note that the AT Kerney Global business policy council paper this year predicts that a crippling cyber attack on critical infrastructure in a major economy will occur. Such devastating cyber attacks have occurred in the recent past.
In November 2016 the Saudi Reserve Bank was attacked allegedly by Iranian cyber terrorists and thousands of computers were destroyed by digital bombs. This attack was similar to digital bomb attack on the Saudi Aramco the world’s largest oil producer in 2012 with the Shamoon malaware destroying 35,000 computer systems. Attacking modern day infrastructure through cyber warfare is easy, because it only involves detecting a software flaw or planting an operator who can access the backend of a computer system. Exploiting that flaw one can enter and plant a virus in a network that can quickly replicate a command that effects all connected systems. Which is the major economic power that could be attacked. Is it India and in that case what must India do?