Malicious programs highlight the paradox of internet security: individual defenses against global threats

An employee of the headquarters of the National Cyber ​​Security Center of the United States (CISA), in front of a monitor of attacks and threats.REUTERS

The number of cyberattacks, their complexity and their objectives are constantly growing.

According to the expert panel of ENISA, the Cybersecurity Agency of the European Union, malicious programs (

) are the greatest threat in the digital world and have been perfected, to the point of becoming undetectable, such as the recent Black Lotus that is being sold on the dark or clandestine web.

The actions with the highest growth are identity theft (

), theft and kidnapping with extortion (

).

And not only the vectors (the means to transmit malicious code) have multiplied, but also their consequences.

Faced with this globalization of attacks, according to the participants in the last European Forum on Cyberpolitics, the response continues to be mostly individual, despite attempts to articulate joint actions.

"It is absolutely necessary and very critical to find a clear and common political line," warns Dennis-Kenji Kipker, a professor at the University of Bremen (Germany).

More information

Cybersecurity advice before the war in Ukraine: "No service or technological system is risk-free"

Cybersecurity is not just a problem for large companies or critical infrastructures, nor are its gaps limited.

Christos Douligeris, Professor of Computer Science at the University of Piraeus (Greece), warns that "it affects everything in life, from desktop control systems to medical devices, cardiac pacemakers, social networks or driving".

“It is a war and, unlike the conventional military, there are many actors, many parties involved, from States to private entities.

In many countries we do not know what is happening.

We have to find cooperative solutions in the international arena,” he adds.

Despite attempts such as those of ENISA, the agency created to guarantee the reliability of products, services and communications, as well as to collaborate with European countries in cybersecurity, Christian Funk, head of Global Research and Analysis at Kaspersky, the organizing entity of the forum, observe a "fragmented landscape", with large dark areas, such as China, or spaces that are difficult to control, such as the

(a network outside the public internet).

Black Lotus has all the necessary functionality to persist and operate indefinitely within an environment without being detected.

Scott Scheferman, Computer Security Researcher

In this sense, the researcher Scott Scheferman has warned of the presence in the underground cybercrime market of a program called Black Lotus that, for a price of 5,000 euros, offers advanced persistent threat capabilities and is undetectable by current defense systems. .

As Scheferman writes, Black Lotus “has all the necessary functionality to persist and operate indefinitely within an environment without being detected.

This represents a leap forward in terms of ease of use, scalability, accessibility and, most importantly, a greater potential impact on forms of persistence, evasion and destruction.”

Added to this sophistication of digital weapons is the broadening of the spectrum of their consequences.

"Even if an attacker's intent is a specific target, the actual reach can extend much further," Funk notes.

One example is the group known as Vice Society, which has been alerted by the United States Cybersecurity and Infrastructure Security Agency and the FBI for its "disproportionate" kidnappings and extortion of education and health systems.

However, its effects are greater.

In a recent attack on a New Zealand health district this summer, it caused flights to be canceled as crew members' negative covid test results were inaccessible.

Kipker admits certain advances in the vision of cybersecurity, which has passed, in his opinion, to a more transversal action after having focused on critical infrastructures and digital services, such as cloud computing or digital markets.

But he warns of a major technological gap in Europe that impedes its sovereignty and makes it dependent on external actors.

This is the case of the current semiconductor crisis, aggravated by the “increasing conflict between China and Taiwan”.

In this sense, the German professor warns that digital security does not depend only on programming, but also on the essential components of devices with critical functionalities.

The United States Cybersecurity and Infrastructure Security Agency and the FBI have alerted Vice Society for its "disproportionate" kidnappings and extortions of educational and health systems

Everyone agrees that the only solution lies in "facilitating and accelerating the exchange of cyber security information in an effective and reliable way", as summarized by the professor from Bremen.

“As much as possible, yes please,” adds Funk.

Douligeris joins this demand and extends it to the whole world: “We have to know what is happening in other places and what the problems and their needs are.

Generally, we focus only on China and Russia, but not on Africa or Southeast Asia or other developing countries.”

In this sense, the Greek professor admits that "each country has its own approach and there is a different commitment to cyber security."

He points out that the United Nations has created a working group (Open-ended work group, OEWG) to which all member countries are invited, but that it is basically a team of experts with difficulties in influencing legislation. , as he warns.

However, he admits that, "at least they give some ideas to have a modern legislation on cybercrimes and, if possible, at a global level."

Cooperation, a lot of dialogue, trust and “open doors” defend experts as the only way to deal with global digital attacks, some of which have been active for more than a decade with mutations to become more invisible and sophisticated, according to Funk.

For the German researcher, one of the obstacles to achieving this is the “increasing regionalization” that decreases trust between countries: “We do not trust anything that comes from foreign countries and, in my opinion, we cannot stop this at the moment;

It's not really possible."

Fragmentation or global response

Faced with this fragmentation of response possibilities, advanced persistent threats (APTs) are multiplying —"they are continually improving, they are more effective and they are reinventing their offensive cybernetic arsenal," Funk explains— and so are simple attacks.

In this sense, an Israeli study showed that a relatively small number of computers can carry out DDoS (Distributed Denial of Service) attacks on a massive scale with an incessant campaign of false requests for information and with the aim of rendering basic infrastructure inaccessible.

One of these examples has been the attack suffered in October by three Catalan hospitals, which not only caused the temporary loss of access to services, but also compromised the confidentiality of data, as recognized by the Consorcio Sanitari Integral (CSI ).

The dispersion of response capacities does not only affect the public sphere.

Funk warns that "most small and medium-sized businesses, while increasingly fearful of cyberattacks, are curiously not prioritizing their defenses."

“Many organizations,” he adds, “treat security incidents as completely out of control or rely on insurance to minimize damage.

They face them with a feeling of helplessness and, if this phenomenon spreads, it could lead to public acceptance and the consequent paralysis.

"Let's not fall for this when we can do better," she concludes.

The head of security at Proofpoint, Lucia Milică, outside the European forum, agrees on the need for global action: “From a broader perspective, beyond individual organizations, we see the growing need for the public and private sectors to come together to increase our resilience and address urgent cybersecurity issues.”

Christos Douligeris adds that there is no need to be afraid to start from scratch and advocates for cybersecurity education from the lower levels and for promoting cybersecurity-related careers.

"People are missing," he says.

The Spanish situation is similar.

According to data from the National Institute of Statistics and the Spanish Association for Digitization, there are 120,000 unfilled technological vacancies.

Safety is one of the priority demands of this sector.

You can write to us at

Subscribe to continue reading

read without limits

Keep reading

I'm already a subscriber