What cyber threats can we expect in the future?

Mikko Hypponen: What cyber threats can we expect in the future?

Dive into the observations of Mikko Hypponen, researcher from WithSecure (formerly F-Secure), regarding how some modern technologies are a double-edged sword.

We are all living in the middle of the biggest technology revolution in mankind’s history. There are two kinds of us. There are two generations of people. Some of us remember the time before the internet. But not all of us do. The younger people who were born somewhere around 1995 or 1998, somewhere there – they don’t remember the time before the internet. This is the way our generations will be remembered forever. We, our generations, the people who lived in the early 2000s, will forever be remembered as the first generations in mankind’s history who went online. That’s the legacy we have.

And the thing this revolution does for mankind is that it takes away the importance of geography. Yes, geography still matters. But the importance of geography diminishes because of this revolution. And the internet changes everything for the better, and for the worse. In fact, the internet is the worst thing and the best thing which has happened during our generations.

Yes, the upsides are very obvious. Right now, we are seeing faster development in positive things than we’ve ever seen. Over the last 10 years, we witnessed the cloud revolution, how instead of running our own data centers or using local data centers, we are now using global clouds, which gives us magnitudes of better effectiveness and cost savings. That’s a major change.

Over the last six months, we’ve seen massive changes in how machine learning and artificial intelligence, and especially large language models, are becoming practical. And now, they suddenly speak our languages. They understand what we mean. They can write code for us. When I play around with ChatGPT 3.5, I realize that it speaks all languages I speak and that includes all the programming languages I understand, which is pretty significant. So, the rate of development is getting faster and faster and going through the roof.

The flip side of progress is that crime went cyber

Unfortunately, it’s not just the benefits. It’s not just good things. It’s also completely new kinds of risks and completely new kinds of crime. One data point that I think really well underlines this point is the number of bank robberies we have in our history books in Finland. The amount of bank robberies peaked somewhere in the mid-1980s. 30 years ago, when I started working for this company, we had around 120 bank robberies a year in Finland. And when I say bank robberies, I mean robbers walking into a bank with a gun or with an axe or a knife to steal cash from the local bank. So, 30 years ago, two times a week, someone somewhere robbed a bank in Finland.

The last time we had a bank robbery like that in Finland was 12 years ago. Bank robberies are no longer a thing. Why? Because we don’t have banks anymore. We used to have a small bank in every village. I’m sure you had the same thing 30 years ago. Today, there are very few physical banks left, and they are the big headquarters in the big cities, and they don’t have any cash.

So bank robbers have done the same thing we have all done over the last 30 years. We have digitized our work. They have digitized their work. And for bank robbers, that means moving from robbing physical banks to using banking trojans, which insert extra transactions into the flow when users are paying their bills on an infected computer. Or they’ve shifted to using keyloggers, which steal credit card numbers as people are doing online purchases on infected devices. Or they break into cryptocurrency exchanges to steal Bitcoin, Ethereum, Monero, and Zcash.

Robbers no longer need masks
Bank robbers no longer need masks

And the difference between the bank robbers of 1993 and 2023 is that 30 years ago the bank robbers were local. They were from within the 10-kilometer radius of the bank they were robbing. They were robbing their own bank. People woke up Monday morning with a headache and no cash and so they took a knife and went to their bank to steal some cash. That’s what the problem was. And today, the bank robbers are not local at all. They’re not from your country at all. They can literally be from anywhere on the planet. They can be from the other side of the globe. So, we’ve gone from local crime to global crime. That’s the shift. And this will be a permanent problem for us. There is no going back.

Technological innovations are being used, and abused

That’s the same thing which applies to technology innovations. When we invent something, we cannot uninvent it. Let me explain what I mean by this. For example, when people do online crime, they use this online connectivity we’ve built to reach victims in faraway places which they couldn’t reach in other ways. Whenever technology is misused like this, we have a tendency of explaining it away. You know, technology is just innocent, it’s just a tool. It’s a tool which can be used for good or which can be used for bad.

And that’s a really easy, almost too easy an explanation. We’re not always being honest with ourselves when we say that. You see some technologies, indeed, can be used for good and bad, and are used equally for both or mostly for good. But then there are technologies which are mostly used for bad. What would be an example? Well, for example, Monero, the cryptocurrency. The biggest investment cryptocurrency is Bitcoin. There’s around 5,000 other cryptocurrencies in use. One of them is Monero.

Monero is different from Bitcoin because it uses a double-blind blockchain which very effectively loses information about transactions. So, Bitcoin has a public blockchain. When bitcoins are moved around, we can track down the exact moments when exact amounts of bitcoins exchanged owners. We cannot do that with Monero. The original design for Monero was built like this to preserve privacy.

So, people who don’t want the big banks or the government to track their private money can use currencies like this, which are more anonymous than Bitcoin. Well, you know where this is going. Sure, privacy preserving – people love that. You know who loves it even more. Criminals. I’ve seen Monero used over and over and over again for the last five years for shady things. I don’t think I’ve ever seen it used for anything beneficial or if I have it’s been very small use cases. It’s almost always being used by criminals for drug trade, gun trade, exploit trade, malware trade. And that’s an example of an invention which is not neutral. It’s not just a tool which can be used for good and bad. Yes, it can be used for both, but it’s mostly used for bad.

You could say the same thing about, I don’t know, Tor hidden service. Yes, I know exactly how Tor hidden service was originally created. And yes, I know there are people using Tor hidden service for working in totalitarian countries where open communication is impossible. I know that. And I’m still saying that the majority of the use of Tor hidden service is bad. It’s used to run forums where people discuss awful things. It’s used to run mailing lists or communication mechanisms where people plan horrible acts like school shootings. And of course, a big part of the drug trade has moved to Tor hidden service.

And when we invent things like this, when we invent Monero or when we invent Tor hidden services, we cannot make them go away. Because we cannot uninvent things. When something has been invented, we cannot put the cat back in the bag. We cannot uninvent it. The best thing we can do is to try to restrict the use of these technologies, which typically means laws and regulations. So if something is bad, we cannot make it go away. We can make it illegal. You’re not allowed to use them. And even that is really problematic.

Let me give you an example. One technology which we all use all the time, and which criminals love, is strong encryption. Strong encryption, uncrackable encryption, typically public key encryption systems which use keys which are so long that you cannot crack the contents of the messages, even if you would use all the computers on the planet. Even if you would use all the computers on the planet to try to crack one WhatsApp message, it would take 300 to 400 million years. And after 300 to 400 million years, our sun has gone out and your WhatsApp messages don’t matter anymore if the sun has gone out. So, this is perfect security. It’s uncrackable encryption. And we all use this kind of encryption every time we use, well, for example, WhatsApp or Signal or HTTPS.

Every time we go to Google search, it’s protected with this level of encryption, which is excellent. It gives us much better security and a much better price. However, terrorists, extremists, school shooters, organized crime, drug dealers – they love strong encryption as well. And because of this, law enforcement cannot track what they do. They cannot figure out what and when is being communicated by criminals or extremists or terrorists. And this regularly becomes a political discussion, where political leaders float the idea that we should change this, that we should somehow make this illegal.

Now, let’s pause here for a moment and let’s just define what we mean when we say criminals. Criminals are people who break the laws, right? That’s what makes criminals criminals. Criminals are criminals because they break the laws. So, if we would pass a law which would make using strong encryption illegal, or which would make using Monero illegal, or which would make using Tor hidden service illegal, then you and me, we wouldn’t be using those. If it would be illegal, we wouldn’t be using Monero, or Tor hidden service, or we wouldn’t be using strong crypto. Strong crypto would be removed from all the products we use, and we wouldn’t try to find products which use that because it would be illegal.

Cybercriminals frequently use Monero as a cryptocurrency
Cybercriminals frequently use Monero as a cryptocurrency

You know who would still be using Monero, Tor hidden service, and strong encryption – the criminals would. Because they’re already breaking the laws. They would break this law as well, and we cannot make the technology disappear. How would you make strong encryption disappear? You can’t. You can walk into any library anywhere in the world and borrow a book which will explain to you in detail how to create uncrackable public key encryption. Every math book has this. We cannot make it go away. So, if we make strong security, strong encryption illegal, then only criminals have it. And that’s not what we want.

So we have a responsibility for the technological innovations that are created during our time. We have to accept that they can be used for good and for bad. But we shouldn’t act that the technologies themselves are innocent, or neutral, or just tools. Because there are technologies which are mostly being used for bad instead of being used for good. And this will apply with all the future innovations we see as well.

Now, if somebody would have told me in the beginning of my career that eventually the enemy will change…. In the beginning of my career, the enemy was very easy, very clear. We were fighting teenage boys who were writing viruses for fun. That’s what the enemy was in the 1990s. Back then, if someone would have told me that after 30 years I wouldn’t be fighting teenage boys, teenage boys wouldn’t be a major problem at all. Instead, I would be fighting organized online crime gangs and nation states, intelligence agencies, militaries and extremists and terrorists who would use offensive cyber weapons to do their sabotage, to wage war, to do spying, to do attacks, and for the criminals to make millions and millions.

That all would have sounded like science fiction. I would not have believed it if someone would have told me this back then when I was analyzing viruses distributed through floppy disks. Some of you may remember those. This seems like an eternity ago, and it’s just 30 years ago. The world, really, has changed in the last 30 years. Just imagine how it will change in the next 30 years. 30 years ago, I had a hard time imagining that every home would have a computer.

Today, of course, every home has a computer. Much more, every pocket has a computer. And not just any computer, the average modern smartphone is a supercomputer. To compare its processing power to what we had just 15 years ago, or 30 years ago. 30 years ago, this would have been the fastest supercomputer on the planet. Fastest supercomputer on the planet 30 years ago. And this thing runs on a battery. I can hold it in my hand. It’s insane. So, imagine where we will be going in the next 30 years. It will be even more insane.

Connectivity is the next electricity

One forecast that I can easily make about the future is that connectivity will become very similar to electricity. The previous biggest revolution in our history was the electricity revolution. Electricity revolution started 150 years ago. Stockholm and Helsinki got their first electricity grids around 152-153 years ago. The first grid replaced the gas lights around the streets of Helsinki with electric lights. Then eventually the electric grid reached homes and went nationwide, and so on. 

And that revolution changed everything. Today, all modern societies stop when there’s a blackout. Electricity has become completely mandatory. Modern societies deteriorate and disappear if electricity disappears, because we can’t feed our people, we can’t communicate, we can’t move around. Electricity is everything. So, in just 150 years after it was invented, this innovation which came from nowhere became completely mandatory for all modern societies. This is exactly the same thing which is happening right now with connectivity.

Connectivity, the internet grid which is all around us, eventually will be nationwide, planet-wide, and it will be invisible. Eventually, we will have connectivity everywhere. Every device will get online every time it wants. The internet will be free, or practically free. And it will be available on the North Pole and South Pole. And nobody will even think about it. It’s going to be like air. That also means that any device we hold, any device we buy will assume that it will always be able to get online. We’re seeing the beginning of the future today in the introduction of smart devices. Smart TVs, smart fridges, smart cars. But that’s just the very beginning.

If it’s smart, it’s vulnerable. That’s a reference to smart devices. When we add functionality and connectivity to everyday devices, they become smart but they also become vulnerable. If it’s programmable, it is hackable. We cannot create unhackable devices. Everything that a man can create, another man can hack. 

This is the same question as if we would ask, can we create an unpickable lock? We want to have a lock in our door which is completely unpickable. Is that possible? No. You can make a really, really safe lock. You can hire the best locksmith on the planet, give him unlimited budget, and he will create a great lock. But then if you would hire 100 of the next best locksmiths on the planet and give them an unlimited budget to pick the lock, they would figure out a way to pick the lock.

Anything man can create, a man can uncreate. So, when we create smart devices, they are always hackable. My favorite example is my watch. It’s an Omega Seamaster 300. It’s 22 years old because I got this as a reward after working for this company for 10 years. Fun fact, I got an Omega because the very first virus we ever analyzed was called Omega. I know because I named the virus. I named the virus Omega because it displayed the Omega sign on screen. So, then we started a tradition that after 10 years with the company you get an Omega watch.

And I know what you’re thinking. You’re thinking that I should have named the first virus I analyzed Ferrari. But I didn’t. So, this Omega is a mechanical watch. No CPU, no internet connectivity, no Bluetooth, no memory, no chips, no nothing. How can you hack this watch? The answer is, you don’t. It’s unhackable. There’s nothing you could hack on this watch. Then we look at smart watches like Apple Watch or Android watch. They are of course all hackable. There’s nothing we could do to prevent them from getting hacked. They might be hard to hack. For example, the Apple Watch is hard to hack. It’s very well built, but it is not unhackable.

And this means that in the future, when everything will be online, not just smart devices, but also stupid devices or dumb devices, our society will grind to a halt exactly as effectively if there’s a connectivity cut or if there’s a power cut. What I’m saying is that a power blackout will stop our society, and an internet cut will stop our society. 

That’s not true yet. Today, a cut in internet connectivity is already pretty bad, but it’s not going to stop our society. If the internet goes out, cars are still driving on the streets, trams are going around, planes fly without the internet. They might have a hard time selling tickets, but our infrastructure works. Factories would still be making goods. We would still be able to feed our people without the internet today. Today, an internet cut is painful and very expensive, but it’s not going to stop our society like a power cut would.

A disruption in internet connectivity will eventually result in a power outage.
A disruption in internet connectivity will eventually result in a power outage

But in the future, it’s going to be exactly the same. It’s going to take 20 years, 30 years, but eventually, a connectivity cut is going to be exactly as bad as a power cut. In fact, eventually a cut in internet connectivity will cut power. Right now, it’s the other way around. If we lose power, routers don’t work without power, we lose the internet. What I’m saying is that one day, eventually, when we lose the internet, we will lose power. Why would that happen? Because everything will be plugged into both the electricity grid and connectivity grid. Every device, everything will rely on the internet being up. That might sound outrageous, but it will happen. It’s going to take a while, but connectivity will be as mandatory as power.

Operating systems – more functionality translates into more attack opportunities

When we look at these smart devices, that’s one of the explanations why the most common operating system on the planet has changed. Linux is today the most common operating system on the planet. There are two reasons why it became the biggest operating system. Number one – smartphones, number two – IoT devices. 80% of the new smartphones that are sold on the planet today are running Android, and Android runs the Linux kernel. That’s a very good explanation. The other explanation is that a very big part of IoT devices are running Linux.

What about Windows? Windows is still, obviously, a very important operating system. Microsoft is the biggest software company on the planet. I’m guessing most of us run Windows one way or another. What’s the most secure version of Windows? Did you know that there is a version of Windows which is much more secure than any other version of Windows? In fact, that’s a version of Windows which, for example, only speaks encrypted IPv6 when it connects to the internet. It doesn’t support any other protocols, only IPv6, which is encrypted.

Did you know that the very same version of Windows only runs white listed applications? It cannot run any arbitrary applications at all. Only a very limited list of signed whitelisted applications are allowed to run. Did you know that this version of Windows only runs on dedicated hardware, which has hardware keys, and it cannot run on any other hardware than this? And in fact, this version of Windows is being used by maybe 10% of you. Has anybody guessed what I’m speaking about? I’m speaking about Xbox. Yes, Microsoft Xbox. The most secure version of Windows, developed by Microsoft, the biggest software company on the planet, is inside a game console.

You would think that the most secure version of Windows would be in some ultra-secure laptop, or maybe in a payment terminal or something. No, it’s on Xbox. Why? Well, the threat model for game consoles is unique, because they have to protect the security of the system against attackers and against the owner of the device. Traditional wisdom in cybersecurity has been that if the attacker gains physical access, if the attacker can touch the device, then it’s game over. If they gain physical access, they can do whatever they want, and whatever software protections we have or anything, it doesn’t matter anymore. The attacker is at the keyboard, they can do whatever they want.

Well, turns out this wisdom was wrong. Xbox and, for instance, PlayStation 5 are examples of devices where the owner has physical access, yet they have been restricted from doing things on that computer. They are not allowed to program that computer. They cannot run arbitrary programs. They cannot change it to run, for example, IPv4 on Xbox. And the way Microsoft and Sony have been able to do this is significant. They’ve gone through great lengths to be able to protect the device against an outside attacker but also against the owner of the device.

And some of you in the audience are wondering why the hell he is speaking about games consoles. It has no importance to our business. Well, I’m speaking about game consoles because the things we use in our everyday communications, like iPads and iPhones, have exactly the same architecture as Xboxes or PlayStations. My iPad here is a great example. This is a very powerful computer. If you compare an iPad Pro and a MacBook, they are very, very similar. You can do exactly the same things on both. The iPad in some use cases is actually faster than your MacBook. When you add a keyboard, it really is like a computer. However, it’s not a computer. Computers are devices where the owner of the computer can program the computer. This is a closed system, just like an Xbox.

Gaming consoles are the most secure devices
Gaming consoles are the most secure devices

And this is a trade-off. Yes, it’s a very limited system, but it’s also a very secure system. This is the reason why you never hear about malware outbreaks on PlayStations, or Xboxes getting hacked, or the same thing happening on iPhone or iPads. Sure, the users of these devices can still be fooled. Users can still do stupid things like give their password to someone else. But the devices themselves are very strongly protected. The reason why game consoles are protected is that Microsoft, Sony, and Nintendo want to prevent piracy and they want to prevent cheating in games. That’s why they’ve gone to all these lengths to protect the device against the owner of the device. But we do get much, much better security on these devices as well.

And for you, this means that whenever your users are using limited devices, you get much better security. When your users are connecting to the corporate network with their iPhone, even with their Android phone, that’s much more secure than connecting with a Windows laptop or with a MacBook. When they are running Excel on iPad Pro, they are much better protected than if they were running Excel on Windows. Or, the same thing applies to Chromebooks. Chromebooks, which only run a web browser, which are limited, where users cannot run arbitrary programs, are much easier to secure, they are much more secure devices and traditional computers. And I do see a future where we are going towards more and more limited devices being used by organizations to enhance their security.

Organizations survive from cyberattacks, but with a caveat

Now, the good news for all of you is that when companies get hacked, they survive. Even if companies get hacked really bad, companies survive. Companies survive surprisingly well. Companies recover surprisingly well, even from really bad cases. I’ve been keeping track of companies which have gone bankrupt because they got hacked, companies which folded just because they were hacked. And yes, there are examples of this happening. In fact, two years ago, one major company in Finland went bankrupt only because they got hacked. So it does happen, but it’s surprisingly rare. This list that I’ve been keeping only has a few dozen companies worldwide.

Most companies recover. Public companies, we can measure their recovery from their stock value. Typically, they’ll recover in a couple of months or in a year. Yes, stocks very often make a major dip if there’s a public hack or major hack, but they will recover. There was one publicly listed major company in Finland which was hacked with a ransomware incident in December 2022. Their revenue for the last quarter of the year dropped by 16% just because of that hack. This is a company which has revenue in the hundreds of millions of euros. So major dip, but they recovered. They are well on their way of recovering the stock valuation as well.

What doesn’t recover when a major company gets hit by a major incident or data breach or ransomware is the leadership. And this is why you should care about getting hacked. Your company will recover, but you won’t. Over and over again we see cases where after a major security breach or incident people in charge of internet security or network security are fired. CIO is fired, CISO is fired, CTO is fired, CFO is fired, CEO is fired. We’ve seen this many, many times. So it is important for us personally, but the good news is that in general companies do recover even from major incidents.

Ransomware remains extremely disruptive

Today, maybe the most disruptive incidents are, indeed, ransomware. Now ransomware has been around for almost 10 years. One thing which has changed over these years is the visibility into how common certain types of hacks are. So you should be now seeing a page from Tor hidden service. This is LockBit. LockBit is one of the cybercrime unicorns, one of the largest cybercrime gangs, headquartered in Moscow. They have several hundred employees working for them. They have multiple offices. They have HR departments for recruiting new employees. They pay bonuses for their criminal hackers. They run their own data centers. They have financial analysts working for them. They have lawyers working for them. And they make all of their money with ransomware. They’ve been doing it for quite a few years already.

When you look at the victims listed on this page, you see that they are from all over the world: from the USA, Canada, Argentina, Costa Rica. For some of the victims, you see how many days they have left to pay the ransom, and for some of the victims you see the ransom demand. There’s one company which has 18 days left to pay $2 million. If they don’t, all of the data stolen from them will be leaked on this website where anybody can download their email archives and document archives.

So, it’s very, very disruptive. One thing which ransomware has changed for security companies is the visibility. Before ransomware was the biggest problem, we would have much poorer visibility into how big the problem was. Because at the time, the problem was mostly keyloggers or data theft, or maybe cryptocurrency miners and things like that. And those are invisible. The victims don’t get notified that they’ve been hacked. The victim’s name is not posted on a website where the whole world can see it. So, a big part of these cases went completely undetected. No one ever knew that someone was hacked. Today, for all ransomware cases, the whole world knows when a company is hacked.

Ransomware is one of the biggest cyber threats of the last decade
Ransomware is one of the biggest cyber threats of the last decade

So, it’s not just a technical problem, it’s also a reputation problem. And the companies which are best equipped to handle these problems recover also in reputation. During the pandemic, we saw one Norwegian software company getting hacked with ransomware. It’s a company specializing in producing software for the Norwegian oil and gas industry. They had just gone public, two or three months before they got hacked by ransomware. And they were able to handle their communication perfectly. They took the initiative, they went public with the information.

On the very first day, they had their CEO addressing the world in a Zoom conference where everybody could ask questions about what had happened. They handled it so well that in fact, when you were following their stock valuation, on the day of the breach, their stock plummeted 15%. And when the conference for the world started, it started recovering. And by the end of the day, it had recovered to where it started and went a little bit higher to where it was, even though the company got hacked.

And that difference from where it was at the beginning of the day to where it was at the end of the day, that’s called trust. This is a symbol for the trust the company was able to build with their investors. They conveyed a message along the lines of – yes, we have been hacked, but we believe we can recover, we know what we’re doing, we have the best people to help us, and you can trust us. And their investors believed them and they did recover.

What are present-day cybercriminals like?

So, the criminals who make attacks like this and make big amounts of money with these attacks – what are they doing with their money? Well, we know what they’re doing. Of course, they go and buy their Ferraris or their Rolls-Royces or their Lambos. But they also do other things. They build their operations better. They invest into running their operations more professionally, like the recruitment part and running their own data centers.

They also do rogue recruitment. There’s a company called Bastion Secure, recruiting penetration testers, fully remote positions with great salaries. The only problem is that this company doesn’t exist. This is actually a front-end for a Russian crime gang called FIN7, which created this website to recruit penetration testers who were working for security companies to join this new startup for great salaries without realizing that this actually wasn’t a security company at all.

If you got hired by Bastion Secure, then you would be tasked to do penetration testing: here’s our new client, please go and spend a week doing a penetration test in their network, write a report about the holes you found from their network, and submit it back to us. And that client had not ordered a penetration test. And of course the report would then be used by the FIN7 gang to breach the security of the target company. When the criminals have money to invest in their attacks, this is the kind of thing we start seeing.

In terms of security, AI is a mixed blessing 

Right now, we’ve worried about the things they’re able to do by investing in machine learning and in artificial intelligence. Security companies have been using machine learning and artificial intelligence for forever. We started building our first machine learning framework in 2005 here at WithSecure, or at the time F-Secure. That’s 18 years ago. 18 years is an eternity in machine learning and artificial intelligence. Today, all security companies rely heavily on machine learning to be able to protect users. The number of samples and exploits and malicious network streams to be analyzed is way too high for human analysts to do. It has to be done by machine learning frameworks, and that’s what we do. We have a framework which you can give any program or any piece of code and it will tell you if it’s good or bad. That’s what we’ve built over these 18 years.

And now, when the barriers for entry are becoming lower and lower, we are on the verge of starting to see criminals use exactly the same technologies. You can imagine a malware campaign, for example, ransomware campaign, which is being controlled by a machine learning framework, which would automatically adjust the attack, change the exploits, change the malicious code, change the binaries which are being dropped, create new websites, create new emails which are being sent. All automatically, all at machine speed. Right now, the attackers are working at human speed, but they will upgrade to machine speed. And we, the defenders, have been working at machine speed for quite a while already. When this happens – and it’s going to happen soon – then we will see if good AI wins over bad AI.

The things we’ve seen so far have been fairly limited, like using large language models to create phishing attacks or romance scams. Maybe some limited examples of deepfake voice and deepfake video which can be used for CEO scams or Business Email Compromise (BEC) scams. Even though that has been fairly limited, we have very few examples of that, but it’s going to get bigger. And the next big shift will be completely automated malware campaigns. And that will be a major headache.

And many of these attackers are ruthless. They are willing to do awful things to make their money. The Australian national healthcare system database Medibank was hacked last November. The attackers were asking for a ransom payment, or they would leak medical information to push Medibank into paying the ransom. They started leaking information, very damaging and destructive information about individual patients. You can see some of the databases they leaked in the screenshot here. Information about people who got abortions was leaked online. Information about people who were recovering from alcohol dependency – their names were leaked online. Very, very nasty attacks.

You really start to imagine what kind of a person does attacks like these just in order to make money. But some of the attackers out there are really cold and really ruthless. We know after seeing the Vastaamo psychotherapy center hit here in Finland during the pandemic, which was also an example where people who were already hurting got hit more by the attack.

Cyber plays a role in the Russo-Ukrainian war

And speaking about ruthless, we recently had the first anniversary, or hopefully the first and last anniversary, of the war Russia is waging in Ukraine. This war has been played out in all the domains where modern wars are played out: on land, on sea, in air, in space, and yes, in cyberspace. That’s where all modern wars are played out today. So, we’ve seen the Russian government launch cyber attacks against Ukraine’s critical infrastructure multiple times during this conflict.

But it’s not just the attacks coming from the government. There are actually three Russian players at play in this conflict. Almost all of the attacks targeting the Ukrainian critical infrastructure have been coming from the Russian government. Then, when we look at the attacks targeting targets outside of Ukraine, but which are coming from Russia, then it’s typically not the government. For example, some of the Russian ransomware gangs have been targeting European energy creation and energy distribution companies. They’re trying to make money with their attacks, but they can sort of hit two flies with one hit. They are making attacks which are beneficial for their motherland. They are benefiting Russia by attacking targets like these, and they also make money for themselves. And it’s highly likely that the Russian government and law enforcement isn’t doing anything to try to stop attacks like that in this situation.

Russian ransomware gangs are carrying out attacks that are advantageous to their homeland
Russian ransomware gangs are carrying out attacks that are advantageous to their homeland

And then the third group are Russian patriotic hackers, or hacktivists. People who are not part of crime gangs, they’re not trying to make money, they’re not part of the government, but they are doing attacks against the West to support their motherland. This includes groups like Noname057, or Killnet, or KillMilk, and other similar groups, many of which have been in the headlines lately over these attacks. To make these matters more complex, some of these groups which hang around on these Russian-speaking forums claim to be from faraway countries. AnonymousSudan has made the headlines quite a bit lately, after the attacks against the SAS Airlines and multiple airports in Sweden.

They claim they’re doing these attacks to protest the burning of the Quran, which might be the case, but it might also be that this is just a cover story for Russian cybercrime gangs or Russian patriotic hackers to explain their attacks and to throw the attention to somewhere else. It’s a complicated scenario, and we don’t really know fully where the attacks are coming from, but it’s also important to remember that these attacks are denial-of-service (DoS) attacks. DoS attacks can be pretty bad, but they’re just denial-of-service. It’s just a traffic jam, and just like a real-world traffic jam it can be really bad, but when the traffic clears out, there is no permanent damage. Nobody broke in, no one stole anything, nothing got deleted. So yes, there can be really bad problems at the time, but there are much smaller problems than data breaches or ransomware or any other more serious kinds of crime.

To recap

So, you and me, we are living in the middle of the biggest technology revolution mankind has ever seen. We will forever be remembered as the first generations in mankind’s history who went online. Mankind walked this planet for 100,000 years offline. We went online during our time, and now we will be online forever. We were just born into this crucial time in mankind’s history. And that changes everything for the better, and everything for the worse. The internet is the best thing and the worst thing which has happened during our lifetime. Online crime is an example of the worst part of this revolution.

And we are making headway into being able to detect these attacks better and being able to defend better and to be able to run limited devices which are harder to hack. But these attacks will not be going away. As long as there are bad people, we will see online attacks and online crime. And they will be using new technologies such as machine learning to make their attacks more effective. The internet is the best thing and the worst thing which has happened during our lifetime.


Please enter your comment!
Please enter your name here