Are the Russians watching your network?

Reading Time: 7 minutes

VERY HIGH. That’s the threat level when it comes to Danish authorities and private companies being exposed to cybercrime and spying – according to the Center for Cybersecurity under the Danish Defence Intelligence Service. A large part of the threat comes from Russia. But even though the Center for Cybersecurity is yelling as loud as it can, many organizations don’t know much about the danger – and they aren’t always willing to invest in protection.

Executive summary:

The Cold War lives on in cyberspace and the threat from the Russians is real.
According to the Center for Cyber Security, the threat level towards authorities and private companies is VERY HIGH when it comes to cybercrime and cyberespionage
If top management does not take countermeasures, Russian organizations WILL try to take over and manipulate their networks.
As a management team, there are several possible countermeasures you need to consider putting into practice.

Cyber spying and cybercrime are a major threat against Danish companies and organizations.

It can happen to any organization – even the biggest companies. And in a 2017 report, the Danish Defence Intelligence Service speaks in all-caps when it comes to both seriousness of the threat.

What the Center for Cybersecurity wrote

Cyberespionage against public and private targets remains the most serious cyber threat to Denmark.
There is a very active threat against Danish interests.
The threats from foreign governments are particularly strong.
The threat of cyberespionage against Danish authorities and private companies is VERY HIGH.
The threat of cybercrime is rising in terms of reach and complexity, and organized crime may be involved.
The threat of cybercrime against Danish authorities and private companies is VERY HIGH.

Excerpt from the report: ‘Cybertruslen mod Danmark, Center for Cybersikkerhed, Forsvarets Efterretningstjeneste, February 2017. [1]

Modern warfare: General Gerasimov’s doctrine

In 2013, the Russian publication Voyenno-Promyshkennyy Kurir ran a much-discussed essay by Russian general Gerasimov about how modern warfare has changed. The essay has the subtitle “New challenges demand new thinking about forms and methods of fighting.”

One of the most important points is that the use of military weaponry no longer stands alone, but is supplemented by “political, diplomatic, economic and other non-military” methods – methods that, in many cases, are more powerful than military action.

In the essay, Gerasimov says that secrete military operations include actions that involve conflicting information and conflicting sources.

What does that mean in reality?

Putin and the pirates

The Danish queen Margrethe 1 (1353-1412) was charged with allying herself with pirates in order to hobble the enemy and achieve her goals during a dispute with the Hansa States.

Many things suggest that Putin is using the Queen’s pirate tactics. But just like it was never proved that Queen Margrethe I was behind the pirates in the Baltic Sea, it can’t be proven that it’s actually Putin & Co. orchestrating the present-day pirates and their constant interference in other countries’ affairs – even though the indications are strong. [2]

Most people have heard about how Russian hackers interfered with the American presidential election. But it hits much closer to home.

London Calling: Russian attacks on the British media, telecommunication, and energy sectors

In the U.K, the head of the country’s National Cyber Security Centre recently confirmed that “Russian interference” over recent years has included attacks on:

British media – Twitter has confirmed more than 400 fake Twitter profiles of Russian origin involved in the Brexit debate.
telecommunication
and the energy sector.

“Russia is trying to undermine the international system, that much is certain,” said the head of the NCSC, Ciaran Martin, on November 15 to the newspaper The Guardian.

Russians hacked into the Danish military’s emails

Defense Ministry’s Administrative area.

As a specific example of how the threat from Russia affects Denmark, it can be said that a hacker group with close connections to the Russian state in 2015 and 2016 illegally hacked into email accounts belonging to specific employees in the Danish military.

At the time, the Danish defense minister Claus Hjort Frederiksen told the Berlingske Tidende newspaper:

“What’s happening is very controlled. It isn’t small hacker groups that do this for the fun of it. It is connected to intelligence services or central elements in the Russian government, and it is a constant battle to keep them away,” says the defense minister.

Read Center for Cybersecurity’s report on the ongoing attacks here (in Danish).

Chinese hackers are focused more on industrial espionage

While the threat from Russian hackers (and their government) is most about destabilization, and sometimes from financial crimes like ransomware, China and Chinese hackers are more interested in industrial espionage.

“China has numerous methods for carrying out cyberespionage. Several Chinese authorities, including the Chinese military, have been publicly criticized in the West for being behind extensive spying via the internet against a long list of targets abroad. China is using is cyber capacities to collect information of economic, political and military significance,” writes the CFCS.

An outline of the threats against public and private players

It isn’t only public authorities that are targets of the hackers: private companies are targets too. Industrial espionage or property crimes also make private entities attractive for attackers.

This is the outline of the threats to public and private operators are exposed to, according to the Center for Cybersecurity:

cyberespionage
stock manipulation/leak of insider knowledge
blackmail/destructive attacks

What does Troels Ørting say?

Troels Ørting is the former head of Europol’s European Cybercrime Centre, and is now the head of the security department at the international bank Barclay’s.

“There are three factors criminals look for. What is the risk, what is the profit, and what is the investment? In the case of cybercrime, the profit is high, the risk is low, and the investment is reasonable,” he said to a conference on IT security arranged by the Danish Society of Engineers and reported by the IT-media Version2.

According to Ørting, Cybercrime has entirely changed the traditional rules of crime, in which both the victim and the perpetrator were within the boundaries of one police force’s jurisdiction.

“So the normal resources we have with border control and such don’t work. And because the co-operation between authorities is so poor – both internally and across Europe and around the world – it’s almost risk-free to be a cybercriminal. Police catch a few each year, and they are normally some big fish, but generally it is risk free. I know where we are being attacked from – they usually speak Russian – but I have no one to give the case to,” said Troels Ørting according to Version2.

And when you first begin to dig down, you discover how much you have actually been under attack.

“The more you invest, the more you see,” he said at the conference.

Four possible scenarios

What are some possible scenarios when it comes to Danish companies?

1) One could imagine that player Y is planning a hostile takeover of firm X. Hacker group Z attacks X via a phishing attack and creates a data leak so that the firm’s stock price tanks. The lower stock price makes it easier for player Y to carry out the hostile takeover.

2) One could imagine that Player B speculates that the stock price of Firm C will fall (a short seller). Hacker group D attacks the firm with a DDOS attack and makes it impossible for them to deliver their service to their customers for five days. The stock price falls and Player B takes home a profit.

3) One could imagine that Company M is in a competitive situation with Company L. Via a phishing attack carried out by hackers, Company M can follow along with Company L’s product development and launch a competing product faster.

4) One could imagine that Player H hacks into Company J’s mail correspondence and carries out surveillance on it. By pretending to be Director K, it tricks the accounting department into carrying out a large payment to an illegitimate recipient, so-called CFO fraud.

“We can confirm that Maersk IT systems are down across multiple sites and business units. We are currently assessing the situation.”
Maersk on Twitter at 5:21 am, June 27, 2017.

High threat level, medium consciousness about the dangers

But despite the severe threat level, companies and authorities are not adequately persuaded of the threat.

A global survey of IT professionals [3]

from December 2015 shows a serious mismatch between the threat as IT professionals see it and the knowledge being given to top management as well as the decisions being made by top management.

60% believe that the security of the company they work for can be compromised.
75% name budget as the biggest roadblock to good security
53% of CEOs make decisions without thinking about cyber security
1/3 of CEOs don’t get regular briefings about cyber security
43% of management teams don’t receive security reports

Things have improved since then– but unfortunately not enough:

In PwC’s Cybercrime Survey 2017 [4]

– 250 Danish and 100 Nordic business leaders, IT heads and IT and security specialists shared their various experiences when it came to cybercrime.

The main findings of the survey:

77% of respondents have been hit by a phishing-attack.
74% of those surveyed were more worried about the cyber threat now than they were 12 months ago.
BUT only 32% say they believe that their top management is working to achieve the right balance between the threats the organization faces and the company’s investment in cybersecurity.
The respondents expect an average budget increase of 25% to cyber and information security – a bit of light in the darkness.

At the same time, General Gerasimov and his colleagues have fortified their positions and improved their tactics.

Look at Estonia

Estonia is a European pioneer when it comes to national, organized initiatives to improve cyber security – and it should be an inspiration to others.

In order to strengthen its critical infrastructure protection, Estonia has put together commissions with sector-specific experts and organized a variety of exercises, including realistic cybersecurity exercises for both private and public to practice co-operation and identify potential problems – exercises that have involved more than 20 organizations. [5]

What should your C-level be considering?

Your company can implement these specific initiatives:

Advanced surveillance and analysis of all network traffic
Encrypting your own data
Making security copies and disaster recovery a priority
Introducing 2-factor login methods on everything you can have two-factors on – a password is no longer good enough! (And hasn’t been for a long time).
Carry out full scale security exercises, where you for example suddenly shut down the system.

In my next blog post, I’ll describe the 5 points above in detail. Sign up for the Liga newsletter to receive the next article when it comes out. You can sign up below this article or in the right column of this page.

[1] Read the whole report here (in Danish).

[2] Various examples are described here.

[3] You can read the entire survey here.

[4] Read more about PWC’s survey here.

[5] Read more about Estonia’s preparedness here.

Join the debat?

Go ahead and join the debat at LinkedIn

Of cause you can always either write or call Bjarke at: ba@liga.com at +45 40 13 91 05

Bjarke Alling is the founder of Liga ApS and Liga Software ApS.

You can find the his resent LinkedIn articles here and his LinkedIn profile here.