Of course Cyber Command has the resources to go far beyond what cybercriminal groups are capable of, which means the possibility of more complex, multi-layered attacks, says Ed Cabrera, vice president of cybersecurity strategy for Trend Micro.
As an example of this type of sophisticated attack - carried out by unknown actors - he points to the attack on a Ukrainian power grid last year. The attack started with phishing then incorporated BlackEnergy3, an updated version of a crimeware toolkit that has been around for years. In this case it was embedded in macros in a Word document.
Once there, attackers moved laterally in the power company business network and stole credentials that gave access to the grid-control network.
But the attack had more layers:
- Installing rewritten firmware that blocked all but manual attempts to restore power
- Disabling backup power supply so the operations center couldn’t function
- DoS attacks against customer-service phones to stop calls reporting outages
- Use of KillDisk to prevent computers needed by grid operators from booting
Cabrera says he has no knowledge of what cyber weapons the U.S. has in its arsenal, but given that this type of layered attack can be fashioned from known exploit tools, it’s conceivable it could create similarly sophisticated attacks using newly devised methods. “They’re only limited by their imaginations,” he says.
For example, says Barnett, the 2009 Stuxnet attack against the Iranian nuclear program was created specifically to damage centrifuges used to refine nuclear material by attacking a specific type of industrial control gear. Stuxnet was a weapon that did physical damage to a specific target, and employed custom-made tools.
So far, ISIS hasn’t shown itself to be much of a cyber threat, Barnett says. ISIS has made threats to use cyberwar but its efforts have amounted to cyber vandalism. He’s certain the group will come up with more sophisticated attacks, but hasn’t seen evidence that the group can take down an electric grid using cyberattacks, for instance.
U.S. officials talking openly about actually engaging in cyberwar is new, and that public commentary could be political, to assure U.S. citizens and allies that the U.S. is taking on ISIS every way it can. Or it may be to get in the heads of ISIS leaders to make them wonder whether their communications can be trusted or whether their data has been corrupted. “They may be toying with them a little bit,” Barnett says.
Regardless, no one should have doubted that cyber tactics were being used, he says. “Cyber offense is critical to any type of military operation,” he says. “It’s inconceivable that we would not use it. It’s conventional now. It’s fully integrated now.”
Sign up for Computerworld eNewsletters.