There is a reason that the military conducts repeated simulated training exercises: To ensure that the armed forces will be able to respond to military attacks immediately and effectively. Little wonder then that governments around the world have been doing the same when it comes to a nation’s cyber security. Interestingly, that while the threat of a physical invasion of any western country decreases each year, the threat of cyber-attacks, increases dramatically. A cyber-attack has the potential to decimate many countries’ vital systems including transport, infrastructure (power, water, banking, and healthcare) and ‘cyber war games’ help governments plan against attacks, increase security and lower the chance of complete decimation.
The Cyber Storm – 2006 War Games Begin
One of the earliest tactical training exercises and simulated ‘war games’ was called ‘Cyber Storm’ which took place over the course of a week in February 2006. It was the first ever cyber security exercise to take place and enabled the Department of Homeland Security to prepare for future attacks by highlighting vulnerabilities and weaknesses not only in electronic systems, but in their response to an attack.
Cyber Storm – Attacks on All Fronts
One of the principal objectives was to ascertain the preparedness and response times of different systems and departments to an attack on all fronts. The simulation sought to disrupt key targets, and thwart the government’s ability to respond. Unfortunately it was successful.
The controlled and simulated attack was leveraged against key targets around the world including Washington DC’s metro transport system, hazardous materials in Philadelphia, Chicago and on London’s Underground. People on ‘no-fly’ lists appearing at several airports across the US, utility disruption in Los Angeles and planes flying too close to strategic targets.
The outcome of the exercise highlighted the inability of systems and departments to connect attacks fast enough and not being able to focus on the entirety of the attack, but rather on specific incidences. Overall it was found that, if under cyber-attack, the US may not be able to adequately defend itself fast enough.
Think twice before you click on any adverts while browsing your favourite websites. The latest malicious software has been found embedded in banner adverts on high profile news and information sites.
Stegano – the Exploit Kit That Takes over Your System
Traditional viruses have been known to exploit local systems, infiltrate files and even corrupt hard drives. Stegano takes cybercrime one step further by distributing a malicious software exploit kit called DNSChanger in your computer. This infamous code kit made its first appearance back in 2012, infecting millions of computers.
How DNSChanger Works to Cause Mayhem
As hinted by its name, once it has infiltrated your computer this vicious exploit kit works by changing DNS server entries and pointing them at servers that are controlled by the cyber attackers. In other words, once your computer is infected, you may think you’re going to your daily news site, or social media website, but in actuality, you’re being redirected to a fake site where your personal information may be compromised.
It Gets Worse…
The combination of Stegano and DNSChanger also enables attackers to gain control over your unsecured routers. So far we know of more than 166 models that are vulnerable to the attacks. Makes that have been affected include: D-Link, NetGear, COMTREND ADSL Router and Pirelli. Once the virus is in your router, all devices connected to it – tablets, phones, gaming consoles, etc. – are in danger. Though the scope of the damage caused by the Segano-DNSChanger combo is yet to be uncovered, previous attacks have been known to infect over a million devices per day.
How to Protect Yourself Against Attacks
First of all – do not click on ads and banners, no matter how legitimate they seem, no matter how trustworthy the site hosting them is, just don’t. Next – make sure that your router software is up to date and ensure that your router password is strong enough to withstand a brute force attack. You could also try disabling your remote admin settings and updating or changing your local IP address to help combat any malicious software gaining entry to your system.
A lawsuit was recently filed in which allegations of conspiracy, market manipulation, and false statements were made against MedSec and other companies and individuals.
Alleged Security Flaws Making Headlines
In August 2016, MedSec released shocking information to the media about the medical device making company, St. Jude. According to MedSec, a company that provides vulnerability research solutions, major security vulnerabilities were discovered in St Jude’s defibrillators and pacemaker. MedSec also claimed that these vulnerabilities could put patients’ lives in danger if exploited by hackers.
Shimon Sheves truly embodies the adage, “Think Global, Act Local”. He is deeply passionate about his homeland of Israel and works tirelessly to support his community. Sheves is also the founder and chairman of HolistiCyber company that provides nation-state level cyber protection.