Major changes to cyber attack threat levels
(Fornebu, 11 January 2017) In 2016, the USA revealed that Russian intelligence attempted to influence the American presidential election through stealing and leaking information. Norwegian companies lost hundreds of millions of kroner and masses of data were taken as ‘digital hostages’. In Norway, we still have not experienced any serious, devastating attacks.
Article by Hanne Tangen Nilsen, Chief Security Officer at Telenor Norway.
In 2016, we saw increased professionalisation of organised cybercrime, and the sale of advanced malware on both the grey and black markets is now worth billions of kroner.
The majority of Norway’s data traffic passes through Telenor Norway’s network. Every year, Telenor’s security centre deals with and averts thousands of cyber attacks and countless attempts at fraud, but it is impossible to stop them all.
Going for the big money
Organised criminals see the opportunity for big profits and lower risk when committing crime through their keyboards. The biggest streams of cash are to be found in industry. There are two scams that Norwegian businesses were particularly prone to during 2016:
Targeted phishing, also known as CEO or director fraud. This method is based on faking an email to look like it comes from the top boss of a company. The email is typically sent to employees instructing them to make a large payment to a foreign account. Some fraudsters combine the email with a phone call in which they put pressure on the employee to approve the payment of major sums. Criminals are often very familiar with the company’s structure and aware of which negotiations it is involved in. Many Norwegian business have been scammed and millions of kroner have been lost.
Ransomware has become even more widespread. Thousands of servers and PCs were infected during 2016, and their contents were subsequently encrypted and made unreadable to their owners. Shortly after, the owner is contacted and asked to pay large sums of money to regain access to their data. This can take down a company altogether. If you pay a ransom, you can never be certain that what you get back is the same as what originally disappeared. Private individuals have also been affected. In the final weeks of the year, several people were tricked into clicking on malicious links purporting to link to post office parcel collection notification forms.
The cyber attacks that changed the world
Last year saw cyber attacks really become part of public debate. The case concerning the Russian operations directed at the American elections is currently still being played out in public. Espionage against other countries and institutions has always existed. The new aspect is that information is released on a large scale in order to affect democratic processes, and the information war is taking place in the public eye. American President Barack Obama has officially accepted that Russia is behind the attacks, and has implemented sanctions against the country following the incidents.
The attacks from the so-called Mirai botnet set new records in terms of the scope of a distributed denial of service attack (DDoS attack). The botnet consists primarily of DVR video recorders and surveillance cameras that are directly connected to the Internet without any firewalls. By infecting and remotely controlled all these units, attacks at rates of up to one terrabyte per second can be carried out. In October, an attack against the American Internet service provider Dyn led to services such as Twitter, Spotify, Netflix and PayPal experiencing downtime of several hours.
Last year also saw millions of usernames and password stolen from companies and published. Among the best known are LinkedIn, Yahoo and Tumblr. Password are often used for more than one service, and the publication of this data therefore led to further data breaches and identity thefts.
‘Around 80 per cent of all data traffic in Norway passes through Telenor Norway’s network. Every year, our security team deals with and averts thousands of cyber attacks and countless attempts at fraud, but it is impossible to stop them all,’ says Hanne Tangen Nilsen. Photo: Martin Fjellanger, Telenor
2017: threats new and old
Today there are approximately the same number of units connected to the Internet as there are people on the planet. This will increase fivefold by 2025. As an increasing number of items go online, there will be more and more data that can be obtained from these, and we will be dependent on them. In 2016, we saw attacks against cars which meant that they could partially remotely controlled via the Internet. The number of attacks of this kind, as well as the degree of seriousness, are guaranteed to increase in future.
Ransomware and CEO fraud will also continue. Up to now, we have seen relatively few examples of targeted ransomware attacks against Norwegian businesses. We expect this to increase in 2017. Companies may have to pause business for several days while data is restored. CEO fraud will also continue, as it is relatively easy to carry out and can generate big profits for criminals.
The cost of digitisation
However, not everything is negative. Digitisation is creating a better, safer and more enlightened world. Knowledge sharing has enormous positive ripple effects. Yet, it is important that we face up to the consequences of moving all our assets - those critical to society, financial and private - into the digital world.
As an owner and operator of civic infrastructure, Telenor Norway has great responsibility. Hospitals, power companies and banks are dependent on us to function. We take this seriously. That is why we are making major investments in technology and expertise to defend our network from the ever increasing cyber threat.
Fortunately, Norway has still not seen any serious cyber attacks that have taken out critical societal functions, as was witnessed in Ukraine during 2015 when a cyber attack took down parts of the national power grid. This demonstrates how important it is that the Norwegian authorities, infrastructure owners and critical societal functions equip themselves to deal with attacks of this kind.
My wish for 2017 is that the authorities, as well as public and private sector owners of infrastructure that is critical to society come together to ensure they have a common understanding and goal for how we can defend our digital assets.