From power grids, to major corporations, nothing in the world is immune to cyberattacks. The reason, said cyber security experts, is the growing dependence on the internet.
“The internet is becoming more and more integrated into our lives every single day, and we as citizens and we as corporations and governments are becoming more interconnected and using the internet as part of that backbone of communication and collaboration. This means that there’s increased attack surface for those who wish to be malicious,” said Jonathan Homer, with the U.S. Department of Homeland Security's National Cybersecurity and Communications Integration Center.
Homer works with a team that supports federal agencies, local governments and those who are part of the critical infrastructure within the U.S. to help them get back online and help prevent future attacks.
“On a weekly basis, we fly out and respond to organizations that are going through the once in a lifetime cyberattack,” Homer said.
Greater financial gain
More digital information on the web means greater financial gain for criminals. In the last year, there has been an increase in cases of ransomware, an attack that locks a computer until a payment is made.
“It’s becoming easier and easier in part because the tool kits needed to break into many of these systems are becoming more readily accessible on the dark web,” said Clifford Neuman, director of the University of Southern California Center for Computer Systems Security.
Tracking down the criminals has not been easy for law enforcement.
“We do think that reporting cyber intrusions is underreported to law enforcement, whether it’s the FBI, Secret Service or another entity,” said John Brown, special agent in charge of the Federal Bureau of Investigation’s Los Angeles office.
“I think it’s a business decision. They’re concerned about the publicity, which we completely understand. There they have customers, et cetera that may not do business with them if like, hey, there’s an issue with their cyber defense,” Brown said.
Federal laws on reporting breaches are vague and many state laws require reporting when personal information is compromised, but there are gray areas.
"Much of what happens in the case of businesses is they don’t necessarily know what information has been disclosed, and they sort of, perhaps intentionally, lay a blind eye to that to say, 'Well, we don’t know personal identifiable information has been disclosed. All that we know is someone got into our system,'" Neuman said.
Range of online perpetrators
The FBI says the online perpetrators range from criminals who want money to hackers with geopolitical motivations.
“Clearly there are nation states that are involved in cyber activity who are interested in stealing our trade secrets, our proprietary information that our companies are developing, our secrets within our government,” Brown said.
A Chinese national, Yu Pingan of Shanghai, was arrested and charged this week for allegedly distributing malicious software known as Sakula. The malware has been linked to hacks against U.S businesses.
Sakula has also been linked to the 2014 and 2015 cyberattacks at the U.S. Office of Personnel Management (OPM), where personal information of millions of federal employees was stolen. The federal court filing, however, against Yu does not mention the OPM hacks.
U.S. officials have blamed the Chinese government on those attacks.
“Most cyberattacks require multiple weaknesses or vulnerabilities of some form in order to be able to reach the final goal of the attacker.One of the greatest weaknesses of any corporate network is the human element,” said Homer.
Neuman said it is not a matter of if an attack will happen, but when.
“I think that most companies are not prepared to handle the zero day, the newest attack that occurs because it’s like fighting the last war. You don’t know what the particular new techniques are that are going to be applied,” Neuman said.
For the FBI, building partnerships with private industry is critical.
“It’s really about building those relationships before the intrusion. So, what we ask companies to do is to call us and to basically just say, 'Hey, let’s talk about what would happen if we did have an intrusion. Let’s work through that,'" Brown explained.
Another way to prepare for a cyberattack is to rethink how systems on the web are designed, Neuman said.
“Where we really need to be going is in a way where we design our systems to be more resilient against the inevitable hack," he said. "Understand that individuals are going to get in, but make sure that the structures of the systems are designed to contain the damage that can occur. And that’s a much more difficult problem to solve because it requires changing the way we design our systems overall.”