What would you say is the biggest threat to national security in the 21st century?
There is, of course, the ongoing threat of nuclear weapons wielded by rogue nations and hostile governments.
Then, as the whole world learned throughout 2020, worldwide pandemics are something to worry about.
But what about a threat that not many think about in their day-to-day lives? It’s something that largely goes unnoticed mainly because its actions go unseen and the incident itself doesn’t become public knowledge until the fallout has already started.
Instances of cybersecurity breaches have been on the rise in recent years, and it paints a picture of a new landscape that will dominate the conversation over the next decade.
With how intertwined modern life and technology are, criminal groups and operatives working on behalf of various governments all over the world are getting increasingly more bold and ambitious with their targets.
It seems like nothing is safe. From critical infrastructure, to food supply chains, to health care facilities and some of the largest, most well-known companies in the world, cybersecurity threats have become a problem for just about everyone.
These threats take on many different forms, and the goals of the attackers behind them are just as varied. It’s with those facts in mind that companies and governments are coming up with ways to fight back against this threat that’s becoming ever more prominent.
That’s why this report is going to look at the varied ways in which cybersecurity threats present themselves, what sorts of effects they can have, and what’s being done to combat them.
There have already been a few high-profile events just in recent memory and it’s almost a guarantee that more will be coming. Because of that, it pays to have a good understanding of just what form these cyberattacks can take.
Ransomware attacks are among the most common types of cyberattacks. When a computer system is hit with this kind of attack, software encrypts the files and the party behind the attack demands a ransom. If the ransom is paid, then access to the files is restored.
Ransoms in these kinds of attacks have often been in the range of a few hundred to a few thousand dollars when the victims were everyday people. They’ve been in the millions when large companies and organizations were targeted. The criminals behind them usually demand payment be made in cryptocurrencies like Bitcoin.
Often, these attacks happen because the person or group behind them tricks an authorized user into giving them access. Other times, the attackers find security holes that allow them to get into the system and do whatever they want. However these attackers manage to gain access, the result is always the same: crucial files are encrypted and a message is displayed saying that access to those files can only be restored with what’s called an encryption key, which is an unpredictable and unique string of bits made specifically to encrypt and decrypt data.
Encryption keys can be cracked, but the longer the key length is, the harder that proves to be. That just goes to show why they are such popular tools when it comes to ransomware attacks.
Think back to May 7th, 2021 and how Colonial Pipeline came under attack. The group behind that incident used ransomware to gain access to the system that carries gas and jet fuel from Texas to New York. This one system is responsible for 45% of the fuel used by the East Coast of the United States, and a hacker group was able to take it down.
This led to a disruption in operations for the pipeline as the company responsible for it scrambled to try and fix the issue. Long lines formed at gas stations in states all along the Eastern Seaboard and Southeastern U.S. as people gave in to panic buying. Pumps ran out of fuel and prices climbed as people filled whatever containers they could get their hands on.
The decision to shut down the pipeline came from the company rather than the hackers, as it was revealed that the group behind the attack, a group called DarkSide, had access to company data rather than the systems needed to affect the pipeline itself.
Still, the company paid the ransom of 75 bitcoins, a value of roughly $5 million, to get the necessary encryption key. The company got its data back and DarkSide got away with it, at least for a while. The FBI managed to get the money back, but the actual attackers are still at large, though the group itself disbanded.
That’s just one instance of a recent incident where ransomware took a major company offline and the attackers made away with millions.
In May 2021, a hacker group called REvil did the same to JBS, the largest meatpacking company in the world. Facilities in multiple countries were shut down and the company was forced to pay the hackers $11 million to regain access to its data.
Beyond that, in 2021 alone, ransomware attacks targeted Ireland’s national health service, water treatment facilities in Norway, and live television broadcasts in Australia, just to name a few. That gives you a sense of the variety of sectors these attacks target and just what kind of data the criminals behind them try to go after.
But ransomware is hardly the only tool these hacker groups use to try and get what they want.
At some point, you’ve probably gotten an email, phone call, or text message from someone who claimed to be from a utility company, insurance company, government office, or some other organization asking you for personal information like your credit card number or social security number so that they could access your accounts.
This is a social engineering tactic called phishing, and it’s what groups of hackers use to steal the identities and finances of hundreds of thousands of people per year.
What usually happens is that the person being targeted will receive a message that impresses a sense of urgency or an offer that’s too good to be true. This can come in the form of saying that the person has won a contest or has been chosen to receive some deal that needs to be acted upon immediately. The person will be told to click a link or open an attachment that will then infect the person’s computer with malware that either leads to a ransomware attack or directs the user to what looks like a legitimate website. That website might resemble the website of the person’s bank or some other institution, and when the victim enters their name and password, the attackers have access and can do whatever they want.
These same methods work for stealing information like credit card numbers, social security numbers, and banking details.
According to the FBI, phishing is the most common type of cybercrime, with 241,324 reported incidents having occurred in 2020. Around 75% of organizations around the world experienced some kind of phishing attack, with the most targeted industries being health care, education, technology, and manufacturing.
Indeed, no company is safe and attackers continue carrying out these kinds of attacks exactly because they know how lucrative they can be. Between 2013 and 2015, for example, Facebook and Google got scammed out of more than $100 million through a fake invoice scam.
A hacker based in Lithuania was able to impersonate a large manufacturer in Asia that both companies do business with and trick the tech firms into paying him for computer supplies. He did this by sending invoices to the companies’ accounting departments and using forged email addresses and corporate stamps.
In 2016, Crelan Bank in Belgium lost 70 million euros to fraud when a hacker used what’s called CEO fraud. In this type of attack, an email is sent to a high-ranking executive or someone in the finance department from a supposed business partner or someone else high up in the company. That email asks for a money transfer to finalize an urgent transaction. Hackers pull these types of attacks off by displaying detailed knowledge of the business, the people they are addressing, and the people they are pretending to be.
In 2020, it seemed like scammers were taking full advantage of the confusion the pandemic caused throughout the postal service to send SMS messages to unsuspecting victims. People would receive text messages telling them that there was important information regarding an incoming delivery and instructed them to click an included link.
Upon clicking that link, the victim would often be taken to a page that would attempt to steal the credentials to their Google accounts. This followed a similar scheme that came about in February of 2020, where hackers sent messages saying they were from FedEx.
As you can see, these phishing attacks take on many different forms and target individuals and organizations alike. It’s become one more tool in the arsenal of criminal groups to try and steal money and personal information from hundreds of thousands of unsuspecting victims every year.
Distributed Denial of Service (DDoS )
A distributed denial of service attack is one in which a targeted server, service, or network is overwhelmed with a flood of traffic, effectively taking it down and silencing the connected website, application, or even entire business if the attack is on a large enough scale.
The resources that make up a computer network, things like web servers, can only have so many requests at once and the channels that connect those servers to the internet only have so much bandwidth. If they get overwhelmed, nothing works the way that it should. Think of it like trying to get onto a busy highway when absolutely every lane is choked with traffic. No one is going to be able to get anywhere for a good while, and even as that happens, more cars will try to enter, making the problem even worse.
Though these kinds of attacks don’t aim to steal money or data, there are still numerous reasons why attackers might carry out a DDoS attack. Companies lose revenue when their services go down and, beyond that, there is damage to the brand. Consumer confidence is everything when it comes to commerce, and an attack that makes service unavailable can derail that confidence.
Likewise, DDoS attacks can be used for political ends, such as to silence movements that campaign against authoritarian governments. It could also potentially be used to disable campaign websites and other online assets friendly to opposition parties in elections. Whatever an attacker’s aim is, the effects of DDoS attacks can last for hours, days, or even weeks in the cases of the most sophisticated attacks.
Companies have been plagued by denial of service attacks for years, and they have far-reaching effects. Consider, for instance, the February 2020 attack against Amazon Web Services. This attack lasted for three days and sent 2.3 terabytes of data at its peak to the IP address of one of the service’s clients. To give some context, that’s about 80 days’ worth of video data.
In 2012, six U.S. banks — Bank of America, JPMorgan Chase, U.S. Bank, Citigroup, Wells Fargo, and PNC Bank — were hit with a series of attacks that generated 60 gigabits of traffic per second. These attacks successfully took the companies’ websites offline, keeping customers from doing any online banking. An Iranian group called Izz ad-Din al-Qassam Cyber Fighters claimed responsibility for the attack and it’s believed that it was carried out in retaliation for economic sanctions that had recently been put in place in response to Iran’s nuclear program.
This incident was significant because the size of it led the U.S. state department to seek the help of other countries in taking down the computers that were flooding the banks with junk data and it showed that these attacks are a tool in the arsenal of groups acting on behalf of enemy governments.
When it comes to cybercrime, the methods above are just a small portion of what governments and corporations are dealing with. The tools and methods that criminal groups and rogue governments use are only going to get more sophisticated, which is why you will start seeing more talk about companies coming up with solutions to counter these threats.
It’s a new dimension of modern warfare, and getting ahead of it early is the best way for companies and countries to safeguard their assets. For investors, it’s the best way to get in early on the potential profits.
With that in mind, here are just a handful of companies who are staking their claims in the sector before it really begins to take off.
IBM (NYSE: IBM)
IBM, or International Business Machines, is a household name when it comes to information technology. Having been in business since 1911, it has been at the forefront of just about every trend in technology that you can think of.
It’s reached that status thanks to work in areas such as blockchain technology, IT infrastructure, cloud computing, security, and other branches of information technology.
Being one of the biggest technology companies in the world, it makes sense that IBM offers its customers a suite of cybersecurity solutions. Over the past few years, the company has especially sought to make gains in the Cloud segment, an area where it lagged behind industry rivals like Microsoft and Amazon. That’s why, in 2019, IBM acquired a company called Red Hat to the tune of $34 billion.
Red Hat, a multinational software company based in North Carolina, was founded in 1993 and specializes in open-source software products for businesses. In becoming a subsidiary of IBM, Red Hat brings what’s called “hybrid cloud” software, which allows private cloud and public cloud to communicate. This makes it possible for companies to deploy more flexible IT infrastructure, using either a public or private cloud as their needs see fit while more easily managing costs.
As far as cybersecurity is concerned, this is an important acquisition because IBM is making the cloud an important part of its business strategy and that will go hand in hand with security services that already form an important cornerstone of its business offerings.
Red Hat has the technology and IBM has the capital, reach, and name recognition to put itself in a place where it will be able to go after the segments of the market where Amazon and Microsoft have thrived for the past few years.
With the pandemic changing the way the world looks at how work gets done, cloud computing is only going to grow as a sector for the foreseeable future. As that sector grows, so too will the cybersecurity threats that seek to exploit companies that use cloud technology. IBM’s security business is built around a broad portfolio of consulting and managed security services that cater to many of the world’s largest enterprises, so it is in position to take advantage of that sector growth in a way few IT firms are.
The company’s recent financials paint it as a good bet for growth in the near future.