News comes that in recent days, the UK launched a large-scale cyber-attack on Islamic State designed to “hinder and suppress” the group’s ability to co-ordinate and spread their words. While one might find it strange for a sovereign government to openly admit to this kind of provocation, the specific dynamics surrounding IS at least make it understandable on this occasion. But if a cyber-attack was targeting you, would you even be aware?
To understand the degree to which this is a problem still not treated with the full degree of seriousness we need to understand the rationale behind viruses and the intentions (and identities) of their authors. Certainly there are some, like the NotPetya ransomware or the “Iloveyou” destructive virus, that are built to be as public as possible. Indeed, ransomware’s whole existence requires the user to know they have a virus – they would never pay up otherwise. And it is hard not to notice a virus after it has wiped out all of your files. But equally, and more worryingly, are the rise in viruses meant to pass completely unnoticed until such a time when they are needed – or where their job demands that they are never seen at all.
Sometimes these may be standard ‘adware’ viruses like Zango, just happily collecting user data, although such viruses become a good deal more sinister when you consider that more extreme viruses of this nature sit within UK energy firms and ministries, transmitting everything they ‘see’ back to base. Sometimes they may be designed as sleeper viruses, activated only when their specific target (for instance, a particular contract bid or set of data) become obtainable. Indeed the name is most appropriate, for these act entirely like the sleeper agents of old: who would also remain hidden in plain sight.
Malware designed to be hidden is usually driven by two concerns: either from state actors, looking to gain sensitive secrets, or through industrial espionage, where the goal is ultimately pretty much the same thing. Whereas in recent years we might see a destructive virus such as Shamoon wreak havoc for a short period of time, or a smash-and-grab attempt to steal secrets, it is now equally likely that these goals will be pursued through a far more discreet and refined use of cyber warfare.
Even what seems on the face of it to be a brute-force attack may be nothing but a distraction. Constant DDoS, phishing attempts and ‘discovery’ of apparent ransomware viruses can now serve to divert IT teams’ attentions away from a more subtle threat, a literal back door. And for virus scans configured to identify what they know, the problem still remains: the best sleepers disguise themselves as genuine file signatures and so can remain hidden. The best conceivable way to watch out for sleepers is to conduct a full Pen Test and root-and-branch review of your system, looking not only for anything obviously out of place but anything with a function unknown to the CISOs or which they did not install. Plus, ensuring that everyone remains aware of the threat of these ‘unknown unknowns’ and that viruses will not always come screaming through the front door, so to speak. After all, you may not know when you’ve been Zangoed.