A Cyberattack Swept Across The Globe Last Week. We Should Be Ready For More.
One fallacy about cyberattacks is that they hurt pixels, not people. A cyberintrusion might steal emails, empty bank accounts or compromise identity but probably can’t do real damage in the physical world, or so the thinking goes. There are exceptions: The Stuxnet worm that the United States and Israel unleashed against Iran’s nuclear enrichment centrifuges caused physical damage — compelling the machines to spin too fast and break — but that was a sophisticated sabotage operation, not an everyday occurrence.
Now, the danger has moved closer to everyday. The wave of malware that spread across the globe last week, called Petya by some analysts (and NotPetya by others), suddenly locked up computer systems being used to manage oil companies, airline flights, electrical grids, container ships, ports, banks and government ministries. Even the computers monitoring radiation at Chernobyl, scene of the world’s worst nuclear accident, were silenced. How far away is the moment when a power outage caused by a cyberattack throws a hospital into darkness, causing patients to suffer, or die? Or, leads to even more frightful consequences?
The latest onslaught was a malicious program — a worm — that caused computers to lock up and demand from the user a ransom in bitcoin, the anonymous digital currency. When infected, a computer displays a simple text screen with the chilling first line “Ooops, your important files are encrypted.” It is not clear whether the files were encrypted or just destroyed. Since the email address for paying ransom was swiftly cut off by the provider, it appears the attack was intended to be more destructive than profitable.
Some researchers think it was not really about ransom at all, just intended to sow chaos. The malware displayed clever attributes that allowed it to spread rapidly across networks and reportedly infect computers running the latest Windows operating system, a reminder of how threats in cyberspace can outrun defenses. In this case, it seems the nasty worm was aided by an advanced exploit, or delivery vehicle, named EternalBlue, that had been looted earlier from the National Security Agency. This was the second mass cyberattack using one of these stolen exploits in two months.
No one knows who perpetrated the latest attack, and that is another enduring worry about cyberconflict: Attribution is often difficult, and time-consuming. This might have been a malicious gang, or a nation-state.
There is no magic solution that can stop a threat such as this, one that crosses national boundaries and infects real-world systems. The attack shows once again that, for all the wonders of the digital revolution, bad actors are constantly innovating too, looking for ways to disrupt, thieve and destroy. There is no substitute for vigilance and defense, especially protecting all-important critical infrastructure, hopefully stopping the malware before it manages to turn off more than just pixels.