OSIRIS Brief 0.9.0
The first cyberattack related death changes the terms of online competition fundamentally
"Cryptolocker ransomware" by Christiaan Colen is licensed under CC BY-SA 2.0
The First Real-World Fatality from Hacking
A woman in Dusseldorf, Germany died September 17th when an ongoing ransomware attack diverted her to a further hospital. The ransomware attack was inexact, making no specific ransom demand, and seemed to target the affiliated university. The woman was diverted to a hospital 32 km away, and was not treated until she was outside the “golden hour.” The ransomware apparently exploited a known but unpatched vulnerability. The criminals immediately surrendered the encryption key when told they had hit the hospital. Nevertheless, German police have opened a homicide investigation into the attack.
Ransomware attacks are popular among cybercriminals because they are immediately lucrative, but are also somewhat easy to defend against. Ransomware encrypts the targets computer’s files, and the operators only share the decryption key upon receiving the ransom. Other attacks rely on stolen information having value on a secondary market for profit, but in ransomware the attacker need not value the information, as long as the owner does. Prepared users can rapidly recover from a ransomware attack by restoring information backed-up to an outside source. The time required to restore systems may still disabled the hospital long-enough to create chaos.
Killing someone with a ransomware attack is a major shift in the state of cybersecurity. The inability of cyberattacks to “draw blood” is perhaps the final barriers between cyberattacks and real war. If future attacks can deliberately replicate fatal effects, the strategic logic of cyberattacks will more closely approximate traditional military tools.
Rampant Kitten (Iran) Has Tools to Bypass 2FA
Checkpoint Research revealed Iranian APT Rampant Kitten has a toolkit to bypass 2FA, among other capabilities. Rampant Kitten is one of several Iranian APTs, and seems to mostly target domestic dissident groups including associates overseas. The disclosed tool works on Android devices.
Iran is among the most capable state sponsors of APTs, and recent reports highlight their growing capabilities. Iranian APTs can also breach VPNs and sells access to compromised VPNs. As my book explains, authoritarian government APTs primary operate to support domestic control (subscribe for updates). APT capabilities also inherently allow international cyberattacks, which makes them an international threat.
The US Bans Downloads of TikTok
Following through on threats, the US banned TikTok and WeChat from US appstores. The ban came in spite of reports Oracle and TikTok had reached a deal. There has been no official announcement, and there are reports the CCP might block any sale.
The ban has created controversy, and a judge blocked the ban from taking effect on Sunday to allow TikTok’s legal challenges to proceed. Some security experts debate TikTok’s risks, some claiming unmaintained apps are a larger risk. As explained in “The InfoSec Shell Game” the security threats TikTok poses originate in China’s political system. TikTok’s vacuum will not remain unfilled long, as YouTube’s TikTok clone is in beta tests in India.
On the Radar
A Computer Can Guess More than 100 Mil Passwords Per Second by Dowland and O’shea
The Insider Threat by Jambor
David Benson is a Professor of Strategy and National Security focusing on cyberstrategy and international relations. You can reach him at dbenson@osiriscodex.com.
To get more insightful analysis like this in your inbox at no cost please subscribe.
Share this Brief with someone who might appreciate it.
Have a question, a thought, disagreement or idea? Leave a comment!