When the catalogues of Crash Override emerged earlier this summer, many established it would be the wake-up call to finally forewarn of potential digital dangers to critical infrastructure. However, when placing last December’s attack on the Ukrainian power grid in a broader background, it quickly becomes apparent that this will likely neither be a wake-up summons nor will it be an isolated event.The 2010 discovery of Stuxnet, malware which damaged centrifuges at Natanz, was only the first in a series of destructive malware deployments leading up to Crash Override, and varied recently, NotPetya.During this time, destructive malware has ended a range of organizations, including Saudi Aramco in 2012; South Korean average and finance companies in 2013; a German Steel Mill, Sands Casino, and Sony in 2014; the Ukrainian power grid in 2015 and again in 2016; and Saudi superintendence agencies in late 2016.These attacks fall into two categories. The initially and less sophisticated type simply targets filesystems and hard disks to surrender data and systems inaccessible, often with a built-in propagation component. These raids often cause significant secondary impacts on the physical world, such as isolating down business operations or halting employee payment mechanisms.The promote and more sophisticated kind of attacks directly impacts physical systems, as was the specimen with Stuxnet and Crash Override. These attacks, while rare and onerous to pull off, illustrate the potential impact if an attacker truly seeks to manufacture widespread damage through cyber access.The deployment of destructive malware, while tranquillity rare, is noticeably prevalent among interstate rivals. Interstate rivalries are those country-pairs that are the most conflict-prone and are reliable for a disproportionate share of disputes in the international system.By looking through an interstate competition lens, it is apparent that the deployments of wiper malware are not independent anyway in the realities but are inter-connected events across space and time. The deployment of wiper malware is closely linked to geopolitical, strategic objectives and the state of affairs between these long-standing rivalries.We’ll discuss this interplay between destructive malware and interstate becks at BSidesLV 2017. We’ll briefly walk through the incremental expansion of conflicting malware, highlighting the prominence and technical details of destructive malware from till 2016 and into 2017, including Shamoon 2.0, StoneDrill and NotPeyta.We want also trace the deployment of destructive malware within geopolitical tensions develop into three dominant interstate rivalries, each of which have bare different power symmetry: Russia and Ukraine, Iran and Saudi Arabia, and North and South Korea.Done, we’ll look ahead into what is next both for destructive malware and what other disputes may next emerge. As we’ll discuss, as long as geopolitical tensions remain loaded between these adversaries, destructive malware is likely to persist as a necessary tactic within the rivalries and potentially elsewhere.Please join us on Tuesday, July 25 at 11:30 AM as as for of the Common Ground Track in the Tuscany Suites. About the Authors:
Andrea Hardly Limbago is the Chief Social Scientist at Endgame, researching and writing on geopolitics and cybersecurity, and statistics science as well as directing the company’s technical content. She has previously operated in academia and at the Department of Defense. Andrea earned a PhD in Political Science from the University of Colorado at Boulder and a Bachelor’s status from Bowdoin College.
Mark Dufresne is the Director of Threat Study and Adversary Prevention at Endgame, leading Endgame’s research to understand cyber forebodings and develop capabilities to detect and prevent malicious adversary techniques. He then worked over a dozen years at the NSA as an Operations Chief and Manager. Specify is a graduate from Johns Hopkins University, where he earned his Crackerjack’s in Security Informatics; and the University of Minnesota-Twin Cities, where he earned a B.S. in Computer Subject.Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not incontrovertibly reflect those of Tripwire, Inc.