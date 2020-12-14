A recent study by the consulting firm Deloitte shows that many of their customers are concerned about the risks of cyber attacks in connection with the provision of 5G networks. Increased risks or simply changes in the habits and customs of pirates, the questions are numerous and legitimate. To shed some light on this subject, Siècle Digital met Pierre Delcher, now a researcher at Kaspersky, a Russian company specializing in computer security with ten years of experience with the French government.

Today advanced persistent threats (APT) take center stage. An APT is characterized by two main vectors: a duration of the attack that extends over several months or years – it is often difficult to define the arrival of an intruder – and the fact that it has advanced, that is, it is concerned to have multiple infrastructures or targets that are difficult to access. For example, an advanced attack affects a state, while a so-called non-advanced attack affects a person’s banking information. Nowadays, cyber attacks, in most cases, take two forms: ransomware and industrial espionage. The first concerns the theft of documents used as currency for a ransom, while the second is characterized by network intrusion for espionage purposes.

In the same category

Several US government agencies were likely victims of a massive Russian cyber espionage operation

5G: “There is no need to be more dangerous, but it takes effort.”

Cybersecurity risks are increasingly being discussed publicly, but they are nothing new. Alan Turing, who created the ancestor of the computer, was also a hacker. During the Second World War he deciphered the messages of the German Enigma machine and thus gave the Allies a decisive advantage. If APTs are of interest to security professionals, the researcher from Kaspersky’s Global Research & Analysis Team (GReAT) says they were employed as early as the 1990s to 2000s. What changes have the defense methods? and attacks that evolve with technology and increasingly challenge cybersecurity companies, what the researcher calls “firefighters and computer security hospitals.”

The Deloitte study highlights: Companies are concerned about the security implications of using 5G. For the Kaspersky researcher, it is not the network itself that increases the risks, but its use. Indeed, 5G will mark the rise of the Internet of Things (IoT). In this way, private 5G networks connect devices that were previously isolated from the networks. Specifically and simply, files are stolen today during a ransomware attack. Tomorrow, with 5G, robots in a factory are likely to be shut down. “A major vulnerability is open,” warns Pierre Delcher. Basically, with 5G, everything can be done remotely before you had to move around a factory to control or hack a device. “It reveals systems that weren’t there before,” concludes the unaffected Kaspersky researcher: “There’s no need to be more dangerous, but it takes effort.” “.

Hospitals “cannot afford not to pay the ransom”

The line between ransomware and industrial espionage is getting thinner. For “the means of defense that many have in common,” affirmed Pierre Delcher. Indeed, both require network edge protection. However, the purpose of security teams’ work depends on the attack. With ransomware, the goal is to regain control of the data as quickly as possible. The challenge during industrial espionage is figuring out what the hacker was looking for or how long it was monitoring. There is therefore an interest and even a need for observation.

Life and death can affect health data. Hence, hospitals are an ideal target for hackers looking to make money off of ransomware quickly. Hospitals “cannot afford not to pay the ransom,” says Pierre Delcher. They also embody an easy goal: They often lack the time, technical or financial resources that lead to weak points in their infrastructure.

In addition, the industry has relied on technology for many years, but not always in a sufficiently controlled manner. In particular, this has resulted in a “stack” of technologies that make accessing their systems even easier. Beyond ransomware, hospitals can also be the target of economic espionage, as in the case of the Covid-19 vaccine race, to track and learn from their competitors’ research.

During the SARS-CoV-2 pandemic, the health systems of France, Italy and the Czech Republic were affected by cyber attacks. In light of this worrying situation, Kaspersky has given some hospitals free access to security licenses for a period of 6 months. An altruistic gesture that at least resembles a well-developed communication strategy: “Kaspersky is not yet a foundation or an association,” jokes the researcher.

A cybersecurity company that is a victim of a cyber attack: Risk 0 does not exist

The education sector could also suffer a growing number of cyber attacks. The Covid-19 crisis is democratizing distance learning courses and general online training and thus the use of networked platforms and software. As a result, the possibility of cyber attacks increases. APTs are not particularly to be feared, the risks mainly concern phishing campaigns. Having access to more data makes them more efficient. In fact, these attacks take advantage of the gullibility of their targets to trick them into clicking malicious links. Knowing the victims better allows hackers to better personalize these messages. If there are awareness-raising campaigns on this subject, e.g. B. “Before you click”, hackers are exploiting an audience that is not yet well informed.

Education services can also be exposed to ransomware attacks and theft of personal data in order to access online services. In rarer cases there may be APTs for certain profiles, such as the “next Iranian nuclear researcher”, illustrates Pierre Delcher.

As the latest attack on the cybersecurity juggernaut FireEye shows, cyber attacks do not spare the IT security industry. So few details are known about the subject of this attack that it is obvious to Pierre Delcher that this type of structure, like the GReAT, is of interest to hackers. Simply to adapt your strategies to advances in cybersecurity research. “We have the feeling that the entire industry is affected,” complains Pierre Delcher.

The cloud and the services of the technology giants, synonymous with better protection?

The cloud, still an abstract area for many people, benefits the security of organizations that do not have enormous resources to ensure the protection of their networks. It goes without saying that AWS, Microsoft Azure, or even the Google Cloud have far more resources than most companies to ensure security.

If a cloud hosting protects the data of organizations from hackers, this also leads to a data exchange with the provider company, which is subject to the laws of his country. The State Council recently issued a warning about the partnership between Health Data Hub, a French open data platform based on health data, and the Microsoft cloud. “If the risk that the American secret services cannot request access to this data cannot be completely ruled out, this does not justify the suspension of the platform in the short term, but requires special precautionary measures under the supervision of the CNIL,” the State Council agrees in an article.

The discreet establishment of the Health Data Hub in November 2019, followed by the signing of a contract with Microsoft on April 15, 2020 for a cloud service, had generated strong reactions from a dozen associations that “accuse the French authorities” after they gave their American colleagues access to medical data through a US-based company, “says Le Monde. The concerns of these associations led to a seizure of the State Council and the exclusion of Microsoft as a cloud provider. In addition, the associations emphasize that the centralization of health data, which essentially comes from personal data, could enable mass processing. While the focus today is on malicious hackers, it has already been shown that the use of US services can be used to establish global surveillance. Hackers or states, in both cases the right to privacy remains shaky.

“We are in the landscape of cybersecurity actors [Kaspersky] shows transparency “

Although little known to the public, Kaspersky has caught the attention of Western governments. In 2015, the Trump administration accused the company of stealing data from the NSA using a Kaspersky tool installed on the computer of a subcontractor of the American agency on behalf of the Kremlin. If these comments were rejected by Eugene Kaspersky, the founder of the company that cut his teeth at the Institute of Cryptography, Telecommunications, and Computer Science at the KGB Technical Faculty, it failed to convince all of the United States’ allies. For example, Lithuania, the Netherlands and Hungary have taken steps to ban Kaspersky software from their government networks. In June 2018, the European Parliament passed a resolution calling on its member states to ban Kaspersky software.

However, the Russian company claims to be 100% private and independent from the Kremlin. From November 2020, the data of European users as well as some Asia-Pacific customers such as Australia, New Zealand, South Korea, Japan and India will be stored in Zurich in Swiss. The choice of this country, which is not a member of the European Union, is based on its neutrality status and its expertise in the banking sector. The latter also requires a high level of data security. In addition, the researcher emphasizes that Switzerland embodies a first-class technical location thanks to a very good network connection. Pierre Delcher confirms that no personal data stored in Switzerland is currently passing through Russia. For statistical purposes, for example to determine the most frequently recurring attacks, anonymized data can be processed in Russia.

“In the landscape of cybersecurity actors, we show transparency,” says Pierre Delcher. Even if it remains too unusual, digital has the opportunity to demonstrate this, especially thanks to open source. Kaspersky does this with its customers by giving them access to the source code of their tools. Obviously, their activity is incompatible with the public distribution of their source codes. If they were, hackers could get in, and it would be like bringing the wolf into the herd … after weeks of fasting.