Things are bad in the cyber-security world, and they are getting worse, according to Eugene Kaspersky, head of international cyber-security firm Kaspersky Lab and one of the world’s foremost experts on cyber-crime.
“Each year, the hackers get more bold and their attacks become more dangerous, and many companies, institutions, governments, hospitals and many more are vulnerable. What is needed is an army that will have the weapons to battle cyber-criminals and cyber-terrorists – and we intend to build that army in Jerusalem.”
That “army” will be part of a new Expert Center Kaspersky plans to open in Jerusalem. The decision to open the center in the city came as part of a cyber-security conference held in the city this week, after consultations with Jerusalem Mayor Nir Barkat and other officials, Kaspersky said, although no date has been yet announced for the established of the center.
The need for such an institution is great, said Kaspersky, whose researchers helped discover major cyber-attacks like Stuxnet and Flame.
“CaaS (crime as a service) is becoming a major industry,” he told journalists in Jerusalem Monday. “Anyone can find a group of hackers online to raid bank servers or to hold data hostage as part of a ransomware attack. They even do it to hospitals – seizing the data to prevent treatment of sick people by staff. That is how low they are prepared to sink for money.”
While online criminal scams have increased exponentially in the past two years, other attacks – by hacktivists, governments, and even terror groups – are becoming more common.
The biggest problem, however, are the aging SCADA (Supervisory Control And Data Acquisition) automated low-level computer systems that control machinery, transportation systems, gas stations, utility systems, and much more), security installations, and more. Among the scenarios that have already taken place: Criminal hackers successfully hijacking ATMs to suck out money from them.
“They don’t bother with credit card or bank card data to get cash, but instead attack the ATMs themselves, opening up the money spouts to extract as much cash as they can get away with,” said Kaspersky.
Another scenario described by Kaspersky involves breaking the codes to security systems at seaports, in order to enable illicit cargo to pass security inspections.
In one recent case, Kaspersky said, “hackers changed the security protocol at Antwerp port, with crates containing cocaine declared automatically as inspected.”
One scenario that hasn’t happened yet, but could at any moment: Prisoners or their confederates hacking into prison systems to open the doors of the jails, releasing criminals wholesale. “There’s no reason they couldn’t do it if they tried,” he added.
The good news is that cyber-attacks are preventable. In fact, if a company or organization puts its mind to it, it can make itself immune to cyber-attacks, said Kaspersky. “There is a six point plan for organizations to follow, and if they can successfully implement these measures, they will not get attacked.”
Among the measures: whitelisting (allowing organization members to visit only approved sites), traffic monitoring, solidifying network security, preventing workers from connecting devices to physical networks – and most important, developing a strategy to defend an organization’s network.
It sounds easier than it is, said Kaspersky. “We just don’t have enough hands and brains to do this on a widespread basis. That is why we are partnering with the Jerusalem municipality and others in Israel to develop a center here that will enable organizations to develop these methods for themselves.”
As a center of cyber-security technology, Israel is the perfect place for a project like this, said Kaspersky.
“We’re all used to the idea of products as a way to solve cyber-security problems – just press a button and fix things. It doesn’t work that way. You need products, strategies, engineering knowledge, and technical knowledge to protect systems, and that only comes with training – the kind of training we hope to give to personnel who work with our new Jerusalem organization.”
Kaspersky’s “immunity method” – the various steps and strategies needed – is designed “to make an attack more expensive than the likely profit a cyber-attacker will realize.” That is the only way to keep attackers away, he said, “and the techniques we develop at the Jerusalem center will provide a way for all companies that use this method to protect themselves.”