Hacking: The Necessary Evolution of Espionage - Part 2

A run-through of some of the biggest and most relevant recent cyberattacks

Author:
Eric O'Neil
National Security Strategist at VMWare Carbon Black, Bestselling Author, Former FBI
Twitter: @eoneill

I'll begin by running through some recent events in the world of cyberattacks. In December 2020, a foreign intelligence unit, (not cybercrime; this is actually Russian intelligence) went after a global company that provides a networking product to tens of thousands of businesses and government agencies.

This is what we call a supply chain attack. Spies, using one company, to trojanize an update, that goes to a lot of other companies; tacking a private company to get to other companies, and more importantly, government agencies. Everyone who used this company's software was potentially vulnerable.

It began in March of 2020 and continued until it was reported in December. And the malware, by the way, that they used, was unique. It didn't leave any traces on a disc that a typical cybersecurity solution could identify. Now we've gotten better now, but it was a new attack. Nine federal agencies in the United States and approximately 150 businesses were compromised; and that includes, by the way, US Treasury, Commerce, State, Energy, and Homeland Security.

I mean, that is espionage. So when I say there are no hackers. What I'm trying to say is that there isn't some kid in a basement with a hoodie tapping away at a keyboard, right? Who, pounds an energy drink and grabs some bad carbs and then yells at his grandma to leave them alone, and hits one key and says "I'm in".

That's not how it works. These are spies, who are sophisticated, using the best computer equipment in order to go after human beings who will make mistakes. And they are always actively looking to win because they don't get paid if they don't win. And here they won.

In February 2021, a water treatment facility in Florida was attacked. An employee is working early on a Friday morning until he suddenly sees his mouse move across the screen. Now IT is always moving mouses, so he doesn't think anything of it. Except for later that afternoon, it happens again, and he notices the person moving the mouse changed the sodium hydroxide from about 100 parts per million to 11,100 parts per million. So a quick chemistry lesson: when you add that much sodium hydroxide to water, it can become dangerous for people to even touch. So good news that this guy, who should get an award, was paying attention. 

In April, a couple of months later, you probably heard about the gas pipeline attack. A gas distribution company was attacked by ransomware. Once again, early in the morning,  an employee is sitting there looking at a screen and suddenly sees a ransomware note. Everything's locked. By 6:10 pm they shut everything down, and they shut it down for weeks. There was chaos. The bad guys? Dark Side, a global crime group that's targeted a lot of big organizations, and they hold the compromised victim's network hostage until the victims pay a fee.

This is what's interesting about this. The company paid a $4.4 million dollar ransom, and the FBI was able to recover $2 million dollars of that. And this cybercrime group, Dark Side, mysteriously disappeared. Not sure what happened; either maybe they worked for Russia or maybe they just disappeared, but I don't know. Maybe they thought there was too much heat; when the FBI is coming after you, you get a little nervous.