‘I’ll be back’ brings down 2,000 sites in Georgia

The recent ‘I’ll be back’ cyberattack in Georgia knocked out more than 2,000 websites, with over 15,000 pages affected, including the presidential website, non-government organisations and private companies. The defaced sites featured a picture of former President Mikheil Saakashvili (a pro-western reformer) and a banner stating: ‘I’ll be back’. It was reminiscent of the Shamoon attack in 2012 on Aramco, when a burning American Flag was displayed on infected computers.

While no one has claimed responsibility for the Georgia attack, fingers have started to point at Russia, due to the previous (2008) attacks on Georgia that many cyber specialists believe involved the Russian foreign military intelligence agency (GRU) and federal security service (FSB).

As the Georgia interior ministry start their investigations, it’s time for cloud and infrastructure providers such as Proservice, which had their servers attacked in the Georgian outage, to raise their levels of awareness and proactive security posture. Otherwise, as Tim Dunton (Nimbus Hosting) stated: “…the ‘I’ll be back’ signature is ominous, and I have no reason not to believe that they won’t be, unless the nation of Georgia makes some serious changes to their cybersecurity protocols.”

Who are you protecting your organisation from?

Many users assume that the 330,000 web hosting providers globally (as of 2018) have the required systems and data security to maintain non-disruptive operations. But who are they securing your operations from? The persona of a cyber criminal has changed and widened:

  • professional white-collar cyber criminals operate from glass walled offices
  • activists have more tools available to them than ever to disrupt your operations
  • disgruntled employees who has access to the company’s system, combined with a behavioural liking for computers, can be invisible in their response to workplace conflicts
  • juveniles can hack for fun, and keep probing how far they can go before law enforcement or organised criminal gangs identify them
  • the Nation State actor, driven either by their duty or love for their country can attack individual companies or entire economies. Governments no longer need to use bullets or to put their armed forces in harm’s way. They can now send a digital package with first-strike superiority from the comfort of a command-and-control centre.

Is it time for Governments to take a strong-arm approach to cyber security in the public and private sector?

The world is digital, and its citizens now rely on digital systems to conduct normal business and social experiences.

The vast majority of certifications, however, are voluntary, providing another plaque to be displayed for the emotional comfort of customers and employees. As we add yet more technology, combined with artificial intelligence, how does the citizen know that businesses, connected devices and our data will not experience:

  • SIM swap attacks, such as the one that Michael Terpin alleges resulted in crooks stealing almost $24 million worth of cryptocurrency after they fraudulently executed a ‘SIM swap’ on his mobile phone account in early 2018. Or like the one that saw a UK citizen having £2,000 taken from her bank account, after a fraudster managed to successfully request a replacement SIM for her mobile number without her knowing anything about it
  • Business Email Compromise, which recently resulted in The Belgian Crelan Bank becoming the victim of a EUR70 million fraud that was launched from another country
  • Data breaches from disgruntled employees, such as that experienced by Coca Cola, which had to inform 8,000 individuals whose personal information was included in computer files that a former employee took with him when he left the company.

These sorts of incidents have a serious impact on the affected individuals’ private lives, including humiliation, discrimination, financial loss, physical or psychological damage or even threat to life.

Omnisperience View

Omnisperience believes that B2B service providers should be giving serious consideration to the recent attack in Georgia, as well as the other known attacks that have contributed to the 10 billion (yes, billion) data records that have been breached so far in 2019 (ITGovernance). Waiting until you need to deploy your incident response capability puts you in a defensive stature to events rather than taking a proactive defence strategy and treating cyber attacks in the same way you treat communication service levels – a priority!

Even with the best will in the world, you won’t stop everything; because a blanket lock-down strategy is not only cost prohibitive but could also strangle the functionality of your business and those of your customers. However, since you don’t know what attacks will be coming, focus on what is known.

Look inside first, as this is something that you and your customers know and can control. Look at your infrastructure: your [secure] cloud deployments, your [secure] movement of data to external parties, your [secure] movement of data within departments of your organisation and finally the easiest one and highest priority (as well as the #1 focus of the cyber criminal), your communication platforms to the outside world.

B2B service providers can compete equally with the security and data centre providers by utilising their vast infrastructures to provide additional revenue streams such as managed security provision, detection and response, email security and phishing detection. But to do this you will need to prove to your future client base that you ‘eat your own dog food’ and have a secure environment for your primary business. This will build confidence with prospects that the services you provide, and the data you hold, can be extended to provide a secure platform for enterprise organisations.

 

Posted by Kevin Bailey

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s