Threat Assessments Driven by Business Interests - Nick
Lin - Covert state intelligence agencies tied to
the U.S. imperialist war machine as part of the "Five Eyes" global
espionage network recently issued their annual reports and "threat
assessments." The countries which belong to the "Five Eyes" are the
U.S., Canada, the UK, Australia and New Zealand. Private cyber security
firm the Kaspersky Lab, said to be "Russia-based," also recently issued
an assessment. What are called threats by the U.S.
imperialists and their allies are an indication of which countries will
be targeted for interference and aggression, including cyber warfare.
Such calculations are of interest to the anti-war movement and the
movement to defend the rights of all, so they can draw warranted
conclusions and not lose their bearings. It is important not to become
embroiled in the U.S.-led warmongering by getting sucked into the
scenarios created by the intelligence agencies to justify their latest
assessments of what constitutes a foreign or domestic threat.
 Strikingly absent
from all of these threat assessments are the threats to
privacy and political rights of the people of
those countries by their own governments.
Since the exposure of wide-ranging illegal surveillance by the National
Security Agency of U.S. citizens by whistleblower Edward Snowden in
2013, attacks on the privacy and political rights of the
people of the U.S. and of the other Five Eyes
countries have not been curtailed. They have
become institutionalized and even broader.
One
of the major changes in U.S. legislation since 2013 has been to have
Internet Service Providers (ISPs) divulge metadata concerning their
clients, instituting what is called an obligation to provide a
"back-door" access to metadata. Such metadata can include
personal information, histories, etc. and highly sensitive material.
For their part, ISPs had been campaigning
against illegal intrusions by the state agencies and asking for
protection from state agency intimidation.
Part
of the raison
d'être of the Five Eyes is to spy on
each other's people to get
around the laws of their own countries. Since Canada, for
example, cannot legally spy on its own people, the spying is done by
the U.S. and the result is then "shared." Meanwhile, measures are being
taken to change the laws in each country to permit spying and
recriminations in the name of high ideals. The
threat assessments also have in common that they do not address the
well-documented practice of interfering in the political affairs of
other countries by U.S., Israeli, French, British and other
agencies through cyberattacks and other technical
manipulations. There are double standards
too when it comes to "foreign interference." For example, when the U.S.
openly interfered in the 2019 federal election in Canada through major
media gossip stories, an investigation of this as foreign interference
was not considered. For Your
Information
Canadian Centre for Cyber
Security's "Key Judgments" The Centre for Cyber
Security's "Key Judgments" are: "- The number of
cyber threat actors is rising, and they are becoming more
sophisticated. The commercial sale of cyber tools coupled with a global
pool of talent has resulted in more threat actors and more
sophisticated threat activity. Illegal online markets for cyber tools
and services have also allowed cybercriminals to conduct more complex
and sophisticated campaigns. "- Cybercrime
continues to be the cyber threat that is most likely to affect
Canadians and Canadian organizations. We assess that, almost certainly,
over the next two years, Canadians and Canadian organizations will
continue to face online fraud and attempts to steal personal,
financial, and corporate information. "- We judge
that ransomware directed against Canada will almost certainly continue
to target large enterprises and critical infrastructure providers.
These entities cannot tolerate sustained disruptions and are willing to
pay up to millions of dollars to quickly restore their operations. Many
Canadian victims will likely continue to give in to ransom demands due
to the severe costs of losing business and rebuilding their networks
and the potentially destructive consequences of refusing payment.
"- While cybercrime is the most likely threat, the
state-sponsored programs of China, Russia, Iran, and North Korea pose
the greatest strategic threats to Canada. State-sponsored cyber
activity is generally the most sophisticated threat to Canadians and
Canadian organizations. "- State-sponsored actors
are very likely attempting to develop cyber capabilities to disrupt
Canadian critical infrastructure, such as the supply of electricity, to
further their goals. We judge that it is very unlikely, however, that
cyber threat actors will intentionally seek to disrupt Canadian
critical infrastructure and cause major damage or loss of life in the
absence of international hostilities. Nevertheless, cyber threat actors
may target critical Canadian organizations to collect information,
pre-position for future activities, or as a form of intimidation.
"- State-sponsored actors will almost certainly continue to
conduct commercial espionage against Canadian businesses, academia, and
governments to steal Canadian intellectual property and proprietary
information. We assess that these threat actors will almost certainly
continue attempting to steal intellectual property related to
combatting COVID-19 to support their own domestic public health
responses or to profit from its illegal reproduction by their own
firms. The threat of cyber espionage is almost certainly higher for
Canadian organizations that operate abroad or work directly with
foreign state-owned enterprises. "- Online foreign
influence campaigns are almost certainly ongoing and not limited to key
political events like elections. Online foreign influence activities
are a new normal, and adversaries seek to influence domestic events as
well as impact international discourse related to current events. We
assess that, relative to some other countries, Canadians are
lower-priority targets for online foreign influence activity. However,
Canada's media ecosystem is closely intertwined with that of the United
States and other allies, which means that when their populations are
targeted, Canadians become exposed to online influence as a type of
collateral damage." U.S. Homeland Threat Assessment
The U.S. Department of Homeland Security (DHS) issued its
26-page Homeland Threat Assessment in October. It identifies seven
general categories of threats in the assessment's table of
contents. The following quotes from the report give an idea of what
the categories refer to.
- Cyber: "We are concerned
with the intents, capabilities, and actions of nation-states such as
China, Russia, Iran, and North Korea. Nation-state targeting of our
assets seeks to disrupt the infrastructure that keeps the American
economy moving forward and poses a threat to national security. On top
of the threats to critical infrastructure, cybercriminals also target
our networks to steal information, hold organizations hostage, and harm
American companies for their own gain." - Foreign
Influence Activity: "Threats to our election have been
another rapidly evolving issue. Nation-states like China, Russia, and
Iran will try to use cyber capabilities or foreign influence to
compromise or disrupt infrastructure related to the 2020 U.S.
Presidential election, aggravate social and racial tensions, undermine
trust in U.S. authorities, and criticize our elected officials. Perhaps
most alarming is that our adversaries are seeking to sway the
preferences and perceptions of U.S. voters using influence operations."
- Economic Security: "DHS is specifically
concerned with the direct and indirect threat posed to the Homeland by
the People's Republic of China (PRC). The Chinese Communist Party
(CCP)-led PRC is challenging America's place as the world's global and
economic leader. Threats emanating from China include damaging the U.S.
economy through intellectual property theft, production and
distribution of counterfeit goods, and unfair trade practices. DHS has
a mandate to mitigate these threats [...] with a clear-eyed view that
China is a long-term strategic competitor to the U.S." -
Terrorism: The
DHS presents its concerns about terrorism as two-fold, one aspect being
domestic violent extremism. It says its programs are
"threat agnostic," meaning DHS will decide across a broad
spectrum of "left," "right" and religious views, who and what is a
threat. They claim to be "particularly
concerned about white supremacist violent extremists who have been
exceptionally lethal in their abhorrent, targeted attacks in recent
years."
The other aspect
is to target the people's resistance movement, referring to it as the
"exploitation of lawful and protected speech and protests" and
"anti-government, anti-authority and anarchist violent extremism."
- Transnational Criminal Organization (TCOs):
The DHS says that these groups "continue to profit at the expense of
Americans. Mexican cartels and other TCOs will continue to smuggle hard
narcotics like fentanyl, heroin, and methamphetamine into our
communities, contributing to an alarming level of overdoses in the
United States. " - Illegal Immigration:
The DHS claims that "illegal and mass migration to the United States
[...] during a pandemic [...] poses a more specific threat to the
migrants, the communities they transit, to U.S. border communities, and
to our officers and agents who encounter migrants when they enter the
United States." - Natural Disasters:
The DHS cites here the threat posed by events like storms, wildfires as
well as the COVID-19 pandemic. Kaspersky Lab's
Advanced Threat Predictions for 2021 Kaspersky
Lab is a global cyber security company founded in 1997 with
headquarters in Russia. It issued its Advanced Threat Predictions for
2021 on November 16. A Kaspersky press release highlights the following
areas of concern from those it deems "advanced persistent threats"
(APTs): "- APT threat actors will buy initial
network access from cybercriminals. One of the key, and potentially
most dangerous, trends that Kaspersky researchers anticipate is the
change in threat actors' approach to the execution of attacks. Last
year, targeted ransomware attacks reached a new level through the use
of generic malware as a means to get an initial foothold in targeted
networks. Connections between these attacks and well-established
underground networks such as Genesis, which typically trade in stolen
credentials, were observed. Kaspersky researchers believe that APT
actors will start using the same method to compromise their targets.
[...] "- More countries using legal indictments as
part of their cyber strategy. Kaspersky's previous predictions of
'naming and shaming' of APT attacks carried out by hostile parties has
come true, and more organizations will follow suit. Exposing toolsets
of APT groups carried out at the governmental level will drive more
states to do the same, thereby hurting actors' activities and
developments by burning the existing toolsets of their opponents in an
effort to retaliate. "- More Silicon Valley
companies will take action against zero-day brokers. Following
scandalous cases in which zero-day vulnerabilities [i.e., security
flaws unknown to the software vendor on release date] in popular apps
were exploited for espionage on a variety of different targets, more
Silicon Valley corporations are likely to take a stance against
zero-day brokers in an effort to protect their customers and reputation.
"- Increased targeting of network appliances. With remote
work, organizational security has become a priority, and more interest
in exploiting network appliances such as VPN [virtual private network]
gateways will emerge. Harvesting credentials to access corporate VPNs
via 'vishing' remote workers may also appear. "-
Demanding money with menace. Ransomware gangs have become more targeted
in their attacks and have more often threatened to release stolen data.
Following the success of these strategies, the groups will use the
money they have extorted to invest significant funds into new advanced
toolsets with budgets comparable to that of some state-sponsored APT
groups. These changes in strategy may also lead to the consolidation of
the ransomware ecosystem. "- More disruption will
result from direct, orchestrated attacks designed to affect critical
infrastructure or cause collateral damage, as our lives have become
even more dependent on technology with a much wider attack surface than
ever before. "- The emergence of 5G
vulnerabilities. As adoption of this technology increases, and more
devices become dependent on the connectivity it provides, attackers
will have a greater incentive to look for vulnerabilities that they can
exploit. "- Attackers will continue to exploit the
COVID-19 pandemic. While it did not prompt changes in tactics,
techniques and procedures of the threat actors, the virus has become a
persistent topic of interest. As the pandemic will continue into 2021,
threat actors will not stop exploiting this topic to gain a foothold in
target systems."
This article was published in
Volume 50 Number 49 - December 19, 2020
Article Link:
Threat Assessments Driven by Business Interests - Nick
Lin
Website: www.cpcml.ca
Email: editor@cpcml.ca
|
