The $5,000-malware program exposing global cybersecurity weaknesses
Experts at the European Cybersecurity Month warn that a common line of action is needed to address the increasingly complex cyberattacks that affect everything from desktop control systems to medical devices
Cyberattacks just keep on growing: in number, in complexity and in victims. According to the panel of experts from ENISA, the European Union Agency for Cybersecurity, malware is the greatest threat in the digital world and has been perfected to the point of becoming undetectable. This is true of the Black Lotus program that is currently being sold on the dark web.
The fastest growing attacks are phishing and ransomware; and not only are there more vectors (the means of transmitting the malicious code), the consequences have become more serious. Faced with this globalization of attacks, the response continues to be mostly individual, despite the attempts to organize joint actions, according to the participants of the European Cybersecurity Month. “It is absolutely necessary and time-critical to find a common clear line,” warns Dennis-Kenji Kipker, a professor at the University of Bremen, in Germany.
Cybersecurity is not just a problem for large companies or critical infrastructures. Christos Douligeris, professor of computer science at the University of Piraeus, in Greece, warns that this problem affects everything in life, from desktop control systems to medical devices, pacemakers, social networks and even driving. “It’s a war,” he says; one with many actors and many parties, from governments to private entities. That is why it is important to find cooperative solutions in the international arena.
Despite efforts such as those of ENISA, an agency specifically created to guarantee the reliability of products, services and communications, as well as to collaborate with European countries in cybersecurity, Christian Funk, head of Global Research and Analysis at Kaspersky – the organizer of the event – sees a fragmented landscape with large dark areas, such as China, or spaces that are difficult to control, such as the dark web.
Researcher Scott Scheferman warns of a program called Black Lotus that can be found in the underground cybercrime market. For up to $5,000, it offers advanced persistent threat capabilities, and is undetectable by the current defense systems. Black Lotus, explains Scheferman, has all the necessary functionality to persist and operate indefinitely within an environment without being detected. This represents a leap forward in terms of ease of use, scalability, accessibility, evasion and destruction potential.
As digital weapons have become more sophisticated, the impact of their effects has broadened: even if an attacker goes after one specific target, the actual reach can extend much further, Funk notes. One example is the group known as Vice Society, which the Cybersecurity and Infrastructure Security Agency and the FBI have warned about for disproportionately targeting the education and health sectors with ransomware attacks. However, the repercussions are greater. In a recent attack on a New Zealand health district, for example, it caused the cancellation of flights, as the negative Covid-19 test results of the crew were inaccessible.
Kipker is pleased that the approach to cybersecurity has become more transversal, after being focused on critical infrastructure and digital services, such as cloud computing or digital markets. However, he warns of a major technological gap in Europe that makes it dependent on external actors. This is the case of the current semiconductor crisis, aggravated by the conflict between China and Taiwan. In this sense, the German professor warns that digital security does not depend only on programming, but also on the essential components of devices with critical functionalities. That is why the European Union must become more self-reliant when it comes to the production of key digital technologies. This shift, he says, would make it is less dependent on international companies.
The cybersecurity experts all agree that tackling the problem involves facilitating and accelerating the exchange of cybersecurity information in an effective and reliable way. Douligeris points out that the United Nations has already created the Open-ended Working Group, to which all member countries are invited. Although it is not easy for this team of experts to influence legislation, they do provide some ideas for a modern cybercrime legislation at a global level.
For the experts, cooperation, communication and trust hold the key to dealing with global digital attacks, some of which have been active for more than a decade with mutations that make them more sophisticated and harder to detect.
The attacks known as Advanced Persistent Threats are multiplying, continually improving, becoming more effective and reinventing their offensive arsenal, Funk explains. Simple attacks, too. An Israeli study shows that a relatively small number of computers can carry out DDoS (Distributed Denial of Service) attacks on a massive scale with a relentless campaign of false requests for information, with the aim of rendering basic infrastructure inaccessible.
The matter of the different response capacities goes beyond the public sphere. Funk warns that most small and medium-sized businesses, while increasingly fearful of cyberattacks, are not prioritizing their defenses. Many organizations, he explains, treat security incidents as something beyond their control, or rely on insurance to minimize damage, facing the problem with a feeling of helplessness. This could lead to public acceptance and paralysis.
Christos Douligeris adds that there is no need to be afraid to start from scratch; he advocates for cybersecurity education from the lower levels and for promoting cybersecurity-related careers among young people.