High-End Hackers Targeting Security Tools
No attachments for this post
Advanced hackers are increasingly attacking the very cybersecurity tools created to keep them at bay. When these tools are compromised, hackers gain unparalleled access to the IT networks they inhabit. These networks are often owned by organizations that prioritize security, such as government agencies or critical businesses like banks and power suppliers.
A notable hacking campaign, identified as "Volt Typhoon," was recently traced back to China by U.S. officials. This campaign exploited the Fortinet Fortigate firewall, a touted next-gen security tool. The motive was to infiltrate vital service networks in the U.S. Pacific Island territory of Guam, significant due to its U.S. military bases.
By July, two more espionage campaigns emerged, compromising U.S. allies through security flaws in products from Ivanti and Citrix.
The Volt Typhoon event highlights the new battleground of IT networks in global power struggles. Today, hacking isn't merely about information theft. It’s a potential key to military triumph, with cyber-attacks potentially incapacitating U.S. military maneuvers in strategic areas. As U.S. CISA Director Jen Easterly noted, these attacks are shifting from espionage to causing disruption and chaos.
Bryan Ware, an ex-CISA director, underscored an ironic twist: the most security-conscious organizations are at heightened risk when their protective tools are breached.
The reliance on private firms for cybersecurity will see organizations spending over $219 billion worldwide this year on such services, as per IDC, a market intelligence firm.
In addition to Volt Typhoon, two major breaches were reported:
- Norway disclosed that the IT infrastructures of 12 ministries were infiltrated by hackers exploiting the Ivanti security software on government phones. As a result, officials shifted to a new, undisclosed platform, implying a potential four-month compromise of ministry email communications.
- Approximately 2,000 Citrix devices were hacked in July and August, affecting various sectors, including banking and telecommunications, primarily in Germany, but also Japan and the EU. These attacks installed backdoors, remaining even after vulnerabilities were addressed.
These incidents seem to be the work of nation-state hackers, suggests ZeroFox, a private-sector cybersecurity firm.
Targeting security infrastructure is more about long-term strategic goals. Such actors exhibit patience, maintaining a silent presence in breached systems to understand their environment. Although identifying a hacker based solely on their tools is challenging, attacks on security software echo the Willie Sutton principle. As Sutton robbed banks because "that's where the money is," hackers focus on security tools for their extensive access privileges.
SafeBreach, a cybersecurity firm, compares a compromised cybersecurity program to the Iron Dome missile defense system of Israel. If hijacked, the system could be redirected to target civilians instead of defending them.
Despite the promise of cybersecurity tools, flaws remain. SafeBreach aims to ensure that these companies keep their promise, working with them to address any vulnerabilities before making them public knowledge.
Comments on this post
No comments have been added for this post.
You must be logged in to make a comment.