The European Centre of Excellence for Countering Hybrid Threats

“Hybrid by Name,

Hybrid by Nature”

The Cyber Space is a global system of interconnected computer networks that use the standard Internet Protocol Suite (TCP/IP) to serve billions of users worldwide.The Cyber Space (Internet) can´t whether be owned, sold nor destroyed by someone.

What is the Cyber Space?

… our information society in figures ….

• Internet users in the world: ~ 4,9 Billion (est. pop. of 7,8 bill.)• Broadband subscriptions in the world: ~ 4,0 billion

• There are 5,9 bill. Mobile phones in the world, already ~ 4,3 Bill. of it are with Internet• 750 million Mobile phones in the EU

• 107 trillion emails per year

(~ 90 % are spam!)

• ~ 2,3 bill. user of Facebook

• ~ 1 bill. user of Instagramm

• ~ 500 mio user of Twitter

trojan malware

polymorphism

file infectorexploiting

high

1980 1985 1990 1995 2000

self replicating code

macro virus

backdoors

snifferpacket manipulation

worms

bot nets

denial of service

mobile malware

rootkit/stealth malware

platform independent malware

2010

longrider attacks

DNS spoofing

autonomous bot networks

Construction Kits

2015

fast flux

MPACK

law

XSS

SQL inj.

Decreased understanding of

system architecture

2020

drive by infection

0-day exp.

???

Increasing complexity of successful attacks

IP to HomeIP to MobilityIP to Industry

IP to armed ForcesIP to anything/everybody

Increasing degree of crosslinking (progressive integration of IP-based systems)

Danger

The Threat

StuxnetKedi RAT

WannaDecrypt0r

Evolution of warfare

What are we dealing with?

• 1. Cyber crime – such as identity theft/fraud. In essence this consists of conducting cyber attacks against individuals or private institutions for financial gain.

• 2. Cyber espionage – This is operations conducted for the purposes of information gathering. Targets can include government departments or private sector industries.

• 3. Cyber disinformation/black propaganda - is false information. It istypically used to vilify, embarrass or misrepresent someone/the enemy.

• 4. Cyber terrorism – Defining terrorism itself is difficult and controversial. Defining cyber terrorism is all the more so.

• 5. Cyber warfare – These are military operations by state or non-state actors conducted in cyberspace; for instance an attack on critical infrastructure carried out to achieve political/military aims.

Every state/society can be a target

POLITICAL

MOTIVATION

ECONOMICAL

MOTIVATION

PERSONAL

MOTIVATION

IDEOLOGICAL

MOTIVATION

STATE-SPONSORED CYBERCRIME FAME, RECOGNITION HACKTIVISM

APT

Case Studies (1) – Cyber Terrorism

April 27th, 2007: Cyber attacks against Estonia

Impact: Estonian parliament, banks, ministries, newspapers and broadcasters could not work anymore, telephony from fixed line and mobile failed

Affected: Estonia – Society, Economy, Politics, etc.

Cause: 107 % cell phone coverage, 97 % electronic banking, internet connectivity in all schools and universities, and widely used e-voting and e-governement as evidence of the extent of Estonia’s national networking capacity. Estimated Loss (worldbank): 8 bn Euro in two weeks (!)

First huge DoS-Attack against a country

Case Studies (2) – Attacks against Infrastructure

Aug 14th, 2003: Power failure in the US and Canada

Impact: Public transport broke down; water supply as well as telephony from fixed line and mobile failed, - NO electricity

Affected: ~ 50 Mio people in NY, Detroit, Ottawa, Toronto

Cause: 21 power plants have been closed because Computer-controlled decoupling failed, based on SCADA Systems. SCADA is based on COM/DCOM for Windows

Aug 11th, 2003: First notice of the Blaster-worm, spread on computers running Windows operating systems and using vulnerabilities in the COM/DCOM – switch

Defenders have to protect against all possible channels of attack.

The attackers only have to find one weak point to attack at a time and place of their choice, and that everything even anonymous.

Case Study (3) – Cyber Crime: Ransomware

May, 2017: Thousands of companies worldwide have been

blackmailed

Impact: The Ransomware called WannaDecrypt0r 2.0 encrypts

the data on the attacked computers and makes them

and the network unusable. The user/company has to pay

€ 275 ($ 300) in the internet currency Bitcoin within two

days. If no payment is made after seven days, the data

will be forever encrypted and unusable. The blackmail

letter was written in 28 languages (also Fin) , -

infections in 152 countries.

The biggest blackmail campaign ever

Col Josef Schroefl, PhDMobile +358 40 5540482josef.schroefl@hybridcoe.fiwww.hybridcoe.fi