What is '9.11 in cyberspace' that security experts are concerned about?

by Richard Patterson

Today everything is controlled by computers, which is becoming convenient, but the threat from cyber attacks is on the rise as well. Cyber ​​security experts believe that the possibility of " 9.11 in cyberspace" occurring is not zero, and we are predicting what attacks hackers will launch.

'Cyber ​​9/11' scenarios: power outages, bank runs, changed data
https://www.cnbc.com/2018/11/18/cyber-911-scenarios-power-outages-bank-runs-changed-data.html

◆ Destruction of Public Service <br> Public services such as electricity, water and gas are also managed by computers in modern times, and a precise and efficient system is built. Cyber ​​attacks on public services indispensable for the lives of such people are said to be realistic threats in which several cases exist in the past.

For example, in 2000, a man working in a sewage treatment plant in Queensland, Australia raised a complaint to the workplace and hacked the management system of the sewage treatment plant, causing the actual drainage of sewage to the public place Occurred. Also, in 2007, the telecom system of Estonia was attacked by a cyber attack resulting from the conflict with Russia, the whole country developed blackouts. Furthermore, Ukraine's electricity transmission network ceased to function due to cyber attacks in 2015, and 250 thousand inhabitants were unable to use electricity for several hours.

In this way, as a reality, attacks on public services can occur, and the possibility of attacks by malicious individuals, not just national attacks, is not zero. For example, it was popular in the 2017 " NotPetya malware that" intended to require the Bitcoin by encrypting the data, consumer goods manufacturer in Germany Reckitt Benckiser stop some of the product shipment, logistics giant AP Moller · Many physical injuries are realistically occurring , including Maersk 's ship being unable to depart and receiving a $ 300 million (about 34 billion yen) blow.

Peter Beshar, a major insurance company's consultant lawyer at Marsh & McLennan , says damage caused by blackouts and water supply cutoffs is predicted as a cyber attack on public services. "Not only blackouts but also water are indispensable to human life and if all the water purification people use stops it will affect all industries that use water," Beshar said. I talked.

by fatmanwalking

◆ Attacks to financial institutions Cyber ​​attacks against financial institutions such as banks and stock exchanges are also items of concern to experts. In particular, finance is easy for people to panic. For example, as soon as it becomes apparent that an attack has been applied to a system of a bank, many people who deposit money at the bank try to withdraw deposits There is a possibility of causing a panic. Even if it is possible to recover soon after the deposit can not be withdrawn from the ATM or the credit card can not be used temporarily, there is a danger that users will grow uneasily at a stroke.

There are already some countermeasures taken by financial institutions in preparation for cyber attacks. Sheltered Harbor , a non-profit subsidiary of the Financial Services Information Sharing Analysis Center (FS - ISAC), is hosting 70 companies including Morgan Stanley and Goldman Sachs to prepare for cyber attacks.

In Sheltered Harbor, banks and financial institutions always access the correct accounts and financial information of customers and aims to create a mechanism not to stop financial transactions even if they receive a fatal cyber attack. Especially, I am focusing on countermeasures against damage which severely damages data and stops the system operation for a long time. Sheltered Harbor provides a mechanism for backing up financial data generated every day to the financial institution to which it belongs, and seems to make it possible to immediately restore the lost data.

by Ervins Strauhmanis

◆ Rewriting the contents of important data <br> Criminals and hostile countries not only steal confidential information of opponents but also rewrite the contents of important information such as programs of industrial machinery and financial information on balance sheets There is also a possibility to set off an attack of. Dmitry Samartsev , CEO of BI.ZONE , Russia's cyber security company, said, "The worst case scenario is when you've got multiple types of cyber attacks at once."

For example, an attacker adds an attack of "pausing net service" to a specific company. If only this is enough, the user will only be temporarily unable to use the service, but suppose that it combines with fake news that "This company is in danger of bankruptcy and can not maintain the service anymore" with SNS, media etc. . Then, a user who is witnessing a state where the service can not actually be used increases the possibility of believing in fake news and may fall into a panic.

For example, in the case that a system failure of the Bank of New York / Mellon of a major trust bank caused erroneous evaluation on several securities in 2015, the automated trading algorithm was confused and the stock price I fell down quickly. In 2013, the Twitter account of AP communication was hijacked, and erroneous information such as "there was an explosion at the White House and President Obama was injured" was sometimes dropped . Even in this case, the influence that the stock price of Dow sharply drops out.

Tom Kellermann, former manager of the cyber security department of the World Bank , acknowledges that rewriting data is a threat than data destruction and leakage. "Data integrity is the key - if the reliability of the data submitted by the finance department is compromised, things will worsen at a stretch," Kellermann said.

by Christoph Scholz