The world is facing an unprecedented level of cyber risk.
Geopolitical tensions have increased the likelihood and the potential impact of
adverse cyber events. The reality of the cyber threat landscape today, is a
sophisticated underground economy worth in excess of $6 trillion and it has
surpassed drag trafficking as the number one crime of choice by OCG’s
(Organised Criminal Groups).
However, we would be naïve to consider the landscape is made up of only criminals with the motivation of profit. There are blurred lines between cyber threat actor groups. Criminals work alongside nation states and other groups with dark motivations. There are no morals or ethics in the ecosystem of cyber threat actors.
One of their keys to success is the efficient and supportive, innovate community they all thrive on. Think of a petri dish of evil all feeding off each other, they grow stronger and more dangerous by the day.
However, we would be naïve to consider the landscape is made up of only criminals with the motivation of profit. There are blurred lines between cyber threat actor groups. Criminals work alongside nation states and other groups with dark motivations. There are no morals or ethics in the ecosystem of cyber threat actors.
One of their keys to success is the efficient and supportive, innovate community they all thrive on. Think of a petri dish of evil all feeding off each other, they grow stronger and more dangerous by the day.
Drag to resize
So where is Ireland in all this? Are we a target for nation
state actors? are we prepared? What should we be doing?
Drag to resize
Around St Patricks Day last year, the “bad guys” apparently
sent a malware link to a user on the HSE network which eventually led to the
infamous “HSE Cyber Attack”. Keep in mind it was May before the attack was
noticed giving the malefactors plenty of “dwell time” on the HSE digital estate
before being noticed and even then, it was only when the criminals notified the
HSE. The criminal group responsible is a highly organised efficient
organisation known as the “Conti” ransomware group.
This group operates like a successful efficient silicon valley tech co, they have a C-level structure, a business plan and even a marketing department. They have 62 staff on payroll and last year turned just over $180 million. A very successful business model indeed no doubt fuelled by the decision for cyber insurance companies to pay ransoms.
So if we know so much, why have they not been arrested? Well the “Conti” ransomware group are “protected” by the GRU (Russian Military Intelligence) and they pay for this protection in many ways, including doing “favours” for their overlords. The GRU works with the FSB (Russian Counter Intelligence Service (ex KGB)) in carrying out cyber attacks on nation states, organisations and individuals around the world.
All of these organisations answer to one overlord, Vladimir Putin. By way of an example of this nefarious symbiotic relationship, consider the fact that the Conti ransomware group has a premium section on their website to announce the latest victims of their attacks. The HSE had pride of place there in May 2021, listed for the world to see as a victim of a ransomware attack. The day Russia invaded Ukraine, the Conti Ransomware group used that premium space to tell the world, Vladimir Putin had their “FULL SUPPORT” against Ukraine. Subsequent evidence has illustrated even more than tenuous links between the most dangerous and successful cyber threat actor groups and Russia.
However, we must remember these blurred lines between criminality and nation states is not exclusive to Russia. There are military units such as Unit 61398 of the PLA Peoples Liberation Army in China, the North Koreans and many more around the world that at the very least provide safe harbour for cybercriminals in order to “use them” when required. The reality of military units being engaged to “hack” legitimate businesses around the world means it is essentially an “unfair fight” for individuals and organisations that wish not to get caught up as collateral damage in cyber skirmishes.
So as I write this article, countries and regulatory bodies around the world have issued “cyber warnings” AKA batten down the cyber hatches. In Ireland we have received these warnings from sector specific regulatory bodies such as the Central Bank of Ireland.
This group operates like a successful efficient silicon valley tech co, they have a C-level structure, a business plan and even a marketing department. They have 62 staff on payroll and last year turned just over $180 million. A very successful business model indeed no doubt fuelled by the decision for cyber insurance companies to pay ransoms.
So if we know so much, why have they not been arrested? Well the “Conti” ransomware group are “protected” by the GRU (Russian Military Intelligence) and they pay for this protection in many ways, including doing “favours” for their overlords. The GRU works with the FSB (Russian Counter Intelligence Service (ex KGB)) in carrying out cyber attacks on nation states, organisations and individuals around the world.
All of these organisations answer to one overlord, Vladimir Putin. By way of an example of this nefarious symbiotic relationship, consider the fact that the Conti ransomware group has a premium section on their website to announce the latest victims of their attacks. The HSE had pride of place there in May 2021, listed for the world to see as a victim of a ransomware attack. The day Russia invaded Ukraine, the Conti Ransomware group used that premium space to tell the world, Vladimir Putin had their “FULL SUPPORT” against Ukraine. Subsequent evidence has illustrated even more than tenuous links between the most dangerous and successful cyber threat actor groups and Russia.
However, we must remember these blurred lines between criminality and nation states is not exclusive to Russia. There are military units such as Unit 61398 of the PLA Peoples Liberation Army in China, the North Koreans and many more around the world that at the very least provide safe harbour for cybercriminals in order to “use them” when required. The reality of military units being engaged to “hack” legitimate businesses around the world means it is essentially an “unfair fight” for individuals and organisations that wish not to get caught up as collateral damage in cyber skirmishes.
So as I write this article, countries and regulatory bodies around the world have issued “cyber warnings” AKA batten down the cyber hatches. In Ireland we have received these warnings from sector specific regulatory bodies such as the Central Bank of Ireland.
Empty space, drag to resize
Empty space, drag to resize
So to answer the question of “Where is Ireland in all
this? We are bang in the centre of the cross hairs of the cyber threat
actors. Ireland is the European home to most of the largest US “born on
the Internet” tech giants. We host most of Europe’s personal data and as
a neutral non-military state we do not have the same “protections” that
other countries have. So yes, we are a target for cyber criminals and
nation state actors. Cyber security companies in Ireland are protecting,
defending and responding to incidents on a daily basis with their
clients.
So what about the Irish
Government? Well on 16th Dec 2020, the EU released a Cyber Strategy.
This is supported by an unprecedented amount of funding in excess of
€4.5 billion. The EU Strategy is comprised of key strategic pieces of
legislation such as NIS 2.0, CER and DORA. These are instruments that
will essentially become the law of the EU cyber land. They effect how
businesses will operate and the safety of our digital society. The can
drive efficiency, reduce risk, increase harmonisation and fuel the
digital economy.
In 2011 the NCSC -
National Cyber Security Centre was established in Ireland and they sit
under the Department of Environment, Climate and Communications. No
doubt for historic reasons but far from an ideal position today
considering the holistic societal risks posed by cyber threats that
include but are not limited to legal and military. If Covid has taught
us one thing, we are interconnect and interdependent. It has also
accelerated digital transformation and our reliance in a digital “way of
life”. So getting cyber security to be treated from a “techno – socio”
perspective is an imperative.
Ireland
has already demonstrated we are NOT prepared for significant attacks on
our critical infrastructure and still paying the prices for the HSE
attack, estimated by many to surpass €100m, not to mention the human
impact on a health sector. For businesses and individuals outside of
government, it must feel like they are operating in the dark. What
should they be doing? Where is the leadership? The key to defeating
cyber threats is leadership and collaboration!
As
President of the ICTTF International Cyber Threat Task Force, in April
we hosted a national discussion on cyber security at the Cyber Expo
conference. We heard from Senator Craughwell, Pat Larkin, Kevin
O’Loughlin, Desiree Lee and Michael Conway. There was a call to
establish a NCAB National Cyber Advisory Board. An entity made up of
various sectors and perspectives of society that could challenge, inform
and support the Governments cyber strategy in Ireland. More at
www.cybertaskforce.ie
Empty space, drag to resize
Empty space, drag to resize
An inaugural meeting took place in May and those present share a passionate desire to protect and support all facets of Ireland from cyber threats. NCAB have written to the NCSC to seek a meeting in order to explore how best it can assist the NCSC with their mission.
When it comes to cyber threats, I need you to consider the “unattended bag” at an airport. You see it, you sense it may be a risk to you and to others. What do you do? You notify security, as safety is everyone’s responsibility. We need to think like that when it comes to cyber threats. Or even consider “Covid” by working together we reduced the risk.
As we all take responsibility for our personal and business “cyber hygiene” it makes it harder for “cyber evil” to propagate. The “bad guys” operate as a network, they support, train and collaborate. Well we believe “It Takes a Network to Defeat a Network" and the ICTTF will continue on its mission to defeat cyber evil, we welcome our input and support.
When it comes to cyber threats, I need you to consider the “unattended bag” at an airport. You see it, you sense it may be a risk to you and to others. What do you do? You notify security, as safety is everyone’s responsibility. We need to think like that when it comes to cyber threats. Or even consider “Covid” by working together we reduced the risk.
As we all take responsibility for our personal and business “cyber hygiene” it makes it harder for “cyber evil” to propagate. The “bad guys” operate as a network, they support, train and collaborate. Well we believe “It Takes a Network to Defeat a Network" and the ICTTF will continue on its mission to defeat cyber evil, we welcome our input and support.
Empty space, drag to resize
Paul C Dwyer is recognised as one of the world’s foremost
experts on cyber security, risk and privacy - www.paulcdwyer.com
He serves as President of the ICTTF - International Cyber Threat Task Force and is CEO of Cyber Risk International www.cri.ie
He serves as President of the ICTTF - International Cyber Threat Task Force and is CEO of Cyber Risk International www.cri.ie
HEAD OFFICE
-
ICTTF Ltd
Unit 8, Kinsealy Business Park,
Kinsealy Lane,
Malahide,
Co Dublin
K36 CX92 -
info@icttf.org
support@icttf.org -
+353 (0)1 905 3263
Copyright © - All Rights Reserved - ICTTF Ltd. - Registered Company in Ireland: 567446 - VAT No IE3395678DH