The move comes after the attack on the US oil and gas shipping company Colonial Pipeline and the growing damage caused by cybercriminals. The US raised the level of investigation into the crime of extortion hackers to the level of ‘terrorists’. Photo: REUTERS In an internal guideline document sent to law offices across the United States on June 3, the US Department of Justice directed that investigations into ransomware should be coordinated with the central government, specifically: A new task force was established in Washington. “This will be a specialized process to ensure we can track all cases of extortion hackers regardless of where they happen in the US, so we can capture the connection between subjects and proceed to break the whole link,” said Deputy Attorney General John Carlin. Previously, in May, the largest US oil pipeline system, the Colonial Pipeline, was crippled by hackers. Colonial Pipeline has decided to pay hackers who have compromised their systems nearly $5 million to regain access. According to the Reuters , the DOJ’s guidance document specifically mentions the Colonial attack as an example of “the growing threat posed by cybercriminals and digital ransomware to the nation.” . “To ensure we can uncover connections between incidents and investigations across the country and globally, and to paint a big picture of national security and economic threats, The economy we face, we must strengthen and focus our internal monitoring,” the guidance document states. Reuters Citing US officials, the decision to include ransomware attacks in a special process by the Department of Justice shows that the issue is being prioritized. “We’ve used this model in the past for counterterrorism, but never with ransomware,” said Carlin, adding that the process typically applies to cases involving direct national security. In practice, this means that investigators at US attorneys’ offices dealing with ransomware cases will have to share both up-to-date case details and technical information with officials in Washington. The guidelines also require offices to review and report other investigations related to the large-scale cybercrime ecology. According to the guidelines, the list of investigations currently required to be reported to the central government includes: anti-virus services, illegal online forums or marketplaces, cryptocurrency exchanges, cybercriminal server services, botnets, and online money laundering services. “We would like to emphasize that prosecutors and criminal investigators need to report and conduct monitoring of cryptocurrency exchanges, illegal online forums or marketplaces for trading hacking tools. , as well as tracking botnets that serve a variety of purposes,” said Carlin. According to Mark Califano, a former US attorney and cybercrime expert, raising the level of investigation could allow the US Justice Department to “deploy resources more effectively” and “identify common exploits” variables” used by cybercriminals.

Illustration. The cybersecurity situation has undergone drastic changes in recent times, especially in the context of the Covid-19 epidemic and the trend of remote working. This manifests itself in large-scale and increasingly complex attacks. Hackers perform an average of 50 million password attacks per day, 579 attacks per second. AGAINST MALWARE AND RAMSOMWARE WITH DEVELOPMENT Microsoft’s telemetry results released over the weekend showed that the prevalence of malware and ransomware infections in Asia-Pacific has been increasing over the past 18 months, stretching back to before the Covid-19 pandemic. -19 outbreak to date. Specifically, in Australia it is 23%; China is 80%; India 15%; Japan 16%; New Zealand 19%, Singapore 43%, Hong Kong 38%, South Korea 22%, Malaysia 2%, Philippines 15%, Taiwan 16%, Thailand 3% and Vietnam 7%. Among them, Indonesia alone has a 24% decrease in malware infection rate. The number of cyber attacks and the number of Vietnamese IP addresses in botnets increased in March 2021 due to hackers taking advantage of the increasing demand for Internet use by users as well as people’s interest in translation information. Covid-19. During the same period, the number of ransomware infections (a subset of malware) also increased by 453% in Australia; China (463%); India (100%); Japan (541%); New Zealand (825%); Singapore (296%), Hong Kong (179%), Indonesia (31%), South Korea (64%), Malaysia (72%), Philippines (70%), Taiwan (407%), Thailand (6%) ). This figure in Vietnam is recorded at 15%. In Vietnam, in March 2021 alone, the Information Security Administration recorded 491 incidents of cyber attacks on information systems, an increase of 8.15% compared to February 2021. In which, the number of Malware attacks is 180, while Phishing and Deface attacks are 164 and 147, respectively. In the first quarter of 2021, although compared to the same period in 2020, the number of cyberattacks causing problems on information systems decreased by 20%, but from the beginning of 2021 to now, the number of cyberattack incidents has decreased by 20%. is still in an uptrend. Experts believe that the reason for the increase in the number of cyberattacks and the number of Vietnamese IP addresses in botnets in March 2021 was because hackers took advantage of users’ increasing demand for Internet use as well as the interest People’s attention to information about Covid-19 epidemic. Therefore, the number of Phishing and Malware attacks on systems has increased to cheat, destroy and steal information illegally… It can be seen that, in the context of complicated epidemic developments, when more and more organizations, businesses and individual users work remotely, work from home, they are creating an environment for bad guys to exploit vulnerabilities, Attacks, information theft, large-scale cyberattacks take place in Vietnam and around the world. ABOUT 3.5 MILLION SECURITY PROFESSIONALS IN 2021 Experts say that even as more people begin returning to the office, hybrid work is forecast to remain the norm in the future. According to Forrester, as people gradually settle into a new working model after the pandemic, we will still see an increase in the proportion of employees working remotely compared to before the pandemic, at 300%. And the current Job Trends Index report shows that 53% of respondents in Asia plan to move to a new place because they can work remotely, compared to 46 percent globally. %. That change has been demanding an urgent need for new security solutions to meet the way of working, especially when the network of organizations is no longer limited to the “office wall”. This requires a very different mindset from the traditional “network is the border” and “device protection” approaches. Organizations and businesses need to take data and authentication as the center. While there are many other ways to secure these days, addressing identity, authentication, and information management issues is still critical. Experts have pointed out 4 main pillars to protect users against new work era cyber threats, including: identity protection, Zero Trust mindset, cloud application, and resource investment. security personnel. The network of organizations is no longer limited to the “office wall”. This requires a very different mindset from the traditional “network is the border” and “device protection” approaches. As recent attacks have shown, identity will be the “battlefield” for future attacks. Microsoft Vice President of Security, Compliance, and Identity Vasu Jakkal said that, in a world where identity is the new battleground, adopting a Zero Trust strategy has become a must for businesses. Karma. The hybrid workplace is virtually borderless, so it’s important to establish protective “barriers” around identities and devices. As part of his journey to building a Zero Trust mindset, the expert emphasized that “passwordless authentication will be the trend of the future and that transformation will be seen this year”. Besides the application of technology, experts also emphasize the special importance of people and skills in ensuring information security of each business organization. However, the lack of security professionals and the lack of diversity in security teams are two weaknesses that attackers will find to hit next year, the expert said. It is estimated that the information security industry will be short of about 3.5 million security professionals this year.

The first mass attack on Apple’s mobile platform came to light when researchers discovered 40 malicious apps that existed on the App Store. Apple was silent about the biggest attack on the iOS platform. Photo: Getty Images. When the scope of the investigation was expanded, this number was eventually determined to be 4,000. They contain malicious code that makes iPhone and iPad part of the botnet. Simply put, the iPhone infected with malicious code becomes the iPhone “zombie”, manipulated for many malicious purposes. Malware infiltrated 128 million iPhones This shocking information has just been revealed by Epic’s lawyers, a few days before the trial of the antitrust lawsuit between the game maker and Apple. Accordingly, on the afternoon of September 21, 2015, about a week after Apple launched iPhone 6s / 6s Plus, Apple leaders discovered 2,500 malicious applications on the App Store, which were downloaded by 128 million users, total plus 203 million visitors, of which 18 million users in the US. Thousands of malware appeared on 128 million iPhones. Photo: Bankinfosecurity. “Joz, Tom and Christine – the number of affected customers is very large, should we email all of them?”, Apple’s Senior Vice President of Global Marketing, Greg Joswiak team members by email. “If so, Dale Bagwell from the Customer Experience team will take care of it. It should be noted that it is difficult to translate emails into the local language, as the application is downloaded in many different countries around the world. About 10 hours later, Bagwell joined the discussion on this matter. Obviously localizing the content, especially the exact name of the application, is not easy. Finally, no emails are sent to the client. Apple quietly posted a simple Q&A document, which generally lists the series of malicious codes appearing on the App Store and the 25 most downloaded names of these. Currently the post has also been deleted. Malware impersonates Apple’s development tools The biggest attack in iOS history came from developers writing apps using fake Xcode – Apple’s iOS and OS X software development tools. The version called XcodeGhost stealthily inserted malicious code alongside the normal functions of the application. Since then, the infected applications cause the victim’s iPhone to be controlled and controlled by the server, and provide a lot of information about the device, including name, identification code, network information, details in ” IDfierForVendor ”… XcodeGhost has embedded the malicious code in popular applications. Photo: Hackread. In China, XcodeGhost promises to load faster than the Xcode toolkit provided by Apple. When developers use the fake version, they receive a warning from Gatekeeper, the macOS security feature requires the app to be verified by a reputable publisher. Eventually, however, thousands of apps developed from the fake toolkit still appeared on the App Store. Disappointing behavior of Apple According to the Wired The Cupertino giant has long made security and privacy a top priority on its devices. Therefore, they need to report directly to the users affected by this serious incident. Google has a bad reputation for being silent when users download malicious apps on Android or the Chrome browser, now it’s Apple’s turn. This is not the first malware scandal on the App Store that eventually falls silent. From 2013, page ArsTechnica found that the application “Jekyll” passed an Apple rating but ultimately contained malicious code. The leaders of Apple have forwarded back and forth, discussing a lot about the method of controlling and approving applications on the App Store. However, all are kept internally confidential without public notice to affected users. IOS 15 build with many new features The new iOS build integrates quite a few features that users have been waiting for.

The modern world is being “digitized” at a rapid rate. Almost every service, every industry, from finance, industrial enterprises, … to the armed forces, is already networked at one level or another. In the “smart home” with TVs, refrigerators, vacuum cleaners, washing machines, microwave ovens …, and even smart light bulbs are becoming common; On the street, there were the first cars with autonomous driving systems.

Such devices are expected to make people’s lives easier, but certainly these technologies will also be applied in other areas as well. While digital systems and services make the quality of human life much better, in theory all digital systems can be hacked – which is already in practice. positive.

Computer virus

Theoretical basis for the development of the “computer virus” was formed almost simultaneously with the emergence of the computer itself in the mid-20th century. In 1961, engineers Viktor Vysotsky, Doug McIlroy and Robert Morris of the Room Bell’s telephone experiment had developed programs that could make copies of themselves – the first viruses. They are created in the form of a game that engineers call “Darwin”, the purpose of which is to send bots to friends to see which will destroy more of the competitors’ programs and create more copies of itself to fill someone else’s computer.

Cyber ​​weapons are said to be equally complex and are weapons of mass destruction; Source: topwar.ru

In 1981, Virus 1,2,3 and Elk Cloner appeared on Apple II personal computers; a few years later, the first anti-virus programs appeared. The word “computer virus” in fact includes many types of malware: worms, hijackers (rootkits), spyware, zombies, adware, virus blocking (winlock), Trojan viruses (trojans) and their combination. If the first viruses are often written for entertainment, over time they begin to be “commercialized” – to steal personal and financial data, disrupt device operations, encrypt the data. for the purpose of blackmail …

With the advent of electronic money, computer viruses received a new function – bringing the user’s computer “as a slave” to mining cryptocurrency, forming a huge network of computers. botnet infection (before that, botnet also existed, such as to send spam mail or DDoS attack). Opportunities like this cannot help but make the military and intelligence agencies in general with missions – steal something, destroy something …, care.

Computer virus – a strategic weapon

On June 17, 2010, for the first time in history, the win32 / Stuxnet virus – a computer worm that infects not only computers running the Microsoft Windows operating system, but also industrial systems that control the processes. automatic production, detected. This worm can be used as a means of gathering unauthorized data (spying) and sabotaging automated process control systems (APCS) of industrial enterprises, power plants, boilers, etc.

According to cybersecurity experts, this virus is the most complex software product, developed by a professional team of dozens of experts. In terms of complexity, it can be compared to a Tomahawk cruise missile, and is designed for cyber operations. The Stuxnet virus has damaged some uranium enrichment centrifuges, slowing down Iran’s nuclear program. Intelligence agencies of Israel and the US are suspected of developing the Stuxnet virus.

Industrial facilities, infrastructure, services … all can be targets of cyber weapons; Source: topwar.ru

Later, other computer viruses were discovered, with a degree of complexity similar to that of win32 / Stuxnet (most suspected of being an Israeli / US product), such as: Duqu, designed to collect confidential data in a confidential manner; Wiper (late April 2012), destroyed all information on some of the servers of one of the largest oil companies in Iran and completely paralyzed its work for a few days; Flame, a spy virus, is believed to be developed specifically for attacks on Iran’s computer infrastructure (can identify mobile devices with Bluetooth module, track location, stealing confidential information and eavesdropping on conversations); Gauss, aimed at stealing financial information: e-mail, passwords, bank account data, cookies, as well as system configuration data; Maadi (suspected of Iran) – can collect information, remotely change computer parameters, record audio and transmit it to remote users …

Application

In the Middle East, for example, the largest producer of liquid natural gas (LNG), has an interest that seriously conflicts with the interests of another country. The Middle East country has a network of oil and gas pipelines, LNG production lines and a fleet of Q-Flex and Q-Max tankers designed to transport LNG and has a military base of the third country. three are on its territory. An armed attack directly on a Middle Eastern country could do more harm than good. Then, the solution might be the use of cyber weapons.

Modern oil and container ships are becoming more and more automated; No less automation is used in LNG plants. Therefore, specialized malware is loaded into the control systems of the Q-Flex and Q-Max tankers, or their LPG storage systems, theoretically permissible at a certain time ( or on an external command, if there is a network connection) creates an artificial accident that completely or partially destroys selected tanks / tanks. It is very likely that flaws in the LNG production process lead to neutralization, including potentially destroying the plant.

Cyber ​​weapons can easily have the same effects as the recent Suez Canal clogging; Source: topwar.ru

An explosion of an LNG carrier due to an accident at the entrance to a port or the failure of the LNG storage device can not only result in damage to the vessel itself, but also damage to coastal infrastructure. The goals could therefore be: undermine the energy supplier’s reputation, with the possibility of consumers reorienting the natural gas market of another country; increasing prices for world energy sources, helping to generate more revenue for the national budget; undermining political activity and interfering in the internal affairs of other countries in the region, due to a decrease in the financial capacity of the country in question.

Depending on the economic damage inflicted, a complete shift in ruling elites could occur, as well as a limited conflict between that state and its neighbors, who may want to take advantage of neighboring countries’ weaknesses to change the balance of power in the region. The crux of this activity is secrecy, so that there is no direct blame without clear evidence. The United States has repeatedly been accused of conducting hostile operations against even its most staunchest allies.

Another option for using cyber weapons has been suggested by a recent incident. A giant ship – an oil tanker or a container ship, passing through a narrow canal, suddenly the control system gives out a series of commands to dramatically change the direction and speed of movement, resulting in the ship spinning break and completely block the channel. It can even be flipped, making it extremely time-consuming and costly to rescue it. The Evergreen Group’s container ship blocking the Suez Canal shows how congestion of shipping arteries affects the global economy. It is especially effective if such incidents occur simultaneously on several channels.

Or most recently, Iran is accusing Israel of terrorizing its Natanz nuclear base network … In the absence of a clear trace of the culprit, it would be extremely difficult to establish – anyone can also be blamed for this. Therefore, the development of industrial-scale cyber weapons is considered to be a top priority. Information technology along with nanotechnology and biotechnology are the cornerstones of dominance in the 21st century, but the development of cyber weapons is much cheaper than the development of promising nano biotechnology. and conventional modern weapons ./.