cybersécurité, attaques informatiques, attacks

Governments, banks, and hospitals: all victims of cyber-attacks

Hervé Debar, Télécom SudParis – Institut Mines-Télécom

Cyber-attacks are not a new phenomenon. The first computer worm distributed via the Internet, known as the “Morris worm” after its creator, infected 10% of the 60,000 computers connected to the Internet at the time.

Published back in 1989, the novel The Cuckoo’s Egg was based on a true story of computer espionage. Since then, there have been any number of malicious events, whose multiple causes have evolved over time. The initial motivation of many hackers was their curiosity about this new technology that was largely out of the reach of ordinary people at the time. This curiosity was replaced by the lure of financial reward, leading firstly to messaging campaigns encouraging people to buy products online, and subsequently followed by denial-of-service attacks.

Over the past few years, there have been three main motivations:

  • Direct financial gain, most notably through the use of ransomware, which has claimed many victims.
  • Espionage and information-gathering, mostly state-sponsored, but also in the private sphere.
  • Data collection and manipulation (normally personal data) for propaganda or control purposes.

These motivations have been associated with two types of attack: targeted attacks, where hackers select their targets and find ways to penetrate their systems, and large-scale attacks, where the attacker’s aim is to claim as many victims as possible over an extended period of time, as their gains are directly proportional to their number of victims.

The era of ransomware

Ransomware is a type of malware which gains access to a victim’s computer through a back door before encrypting their files. A message is then displayed demanding a ransom in exchange for decrypting these files.

Kaseya cash register software

In July 2021, an attack was launched against Kaseya cash register software, which is used by several store chains. It affected the Cloud part of the service and shut down the payment systems of several retail chains.

The Colonial Pipeline attack

One recent example is the attack on the Colonial Pipeline, an oil pipeline which supplies the eastern United States. The attack took down the software used to control the flow of oil through the pipeline, leading to fuel shortages at petrol stations and airports.

This is a striking example because it affected a visible infrastructure and had a significant economic impact. However, other infrastructure – in banks, factories, and hospitals – regularly fall victim to this phenomenon. It should also be noted that these attacks are very often destructive, and that paying the ransom is not always sufficient to guarantee the recovery of one’s files.

Unfortunately, such attacks look set to continue, at least in the short-term, given the financial rewards for the perpetrators: some victims pay the ransom despite the legal and ethical questions this raises. Insurance mechanisms protecting against cyber-crime may have a detrimental effect, as the payment of ransoms only encourages hackers to continue. Governments have also introduced controls on cryptocurrencies, which are often used to pay these ransoms, in order to make payments more difficult. Paradoxically, however, payments made using cryptocurrency can be traced in a way that would be impossible with traditional methods of payment. We can therefore hope that this type of attack will become less profitable and riskier for hackers, leading to a reduction in this type of phenomenon.

Targeted, state-sponsored attacks

Infrastructure, including sovereign infrastructure (economy, finance, justice, etc.), is frequently controlled by digital systems. As a result, we have seen the development of new practices, sponsored either by governments or extremely powerful players, which implement sophisticated methods over an extended time frame in order to attain their objectives. Documented examples include the Stuxnet/Flame attack on Iran’s nuclear program, and the SolarWinds software hack.

SolarWinds

The attack targeting Orion and its SolarWinds software is a textbook example of the degree of complexity that can be employed by certain perpetrators during an attack. As a network management tool, SolarWinds plays a pivotal role in the running of computer systems and is used by many major companies as well as the American government.

The initial attack took place between January and September of 2019, targeting the SolarWinds compilation environment. Between the fall of 2019 and February 2020, the attacker interacted with this environment, embedding additional features. In February 2020, this interaction enabled the introduction of a Trojan horse called “Sunburst”, which was subsequently incorporated into SolarWinds’ updates. In this way, it became embedded in all of Orion’s clients’ systems, infecting as many as 18,000 organizations. The exploitation phase began in late 2020 when further malicious codes downloaded by Sunburst were injected, and the hacker eventually managed to breach the Office365 cloud used by the compromised companies. Malicious activity was first detected in December 2020, with the theft of software tools from the company FireEye.

This has continued throughout 2021 and has had significant impacts, underlining both the complexity and the longevity of certain types of attack. American intelligence agencies believe this attack to be the work of SVR, Russia’s foreign intelligence service, which has denied this accusation. It is likely that the strategic importance of certain targets will lead to future developments of this type of deep, targeted attack. The vital role played by digital tools in the running of our critical infrastructure will doubtless encourage states to develop cyber weapons, a phenomenon that is likely to increase in the coming years.

Social control

Revelations surrounding the Pegasus software developed by NSO have shown that certain countries can benefit significantly from compromising their adversaries’ IT equipment (including smartphones).

The example of Tetris

Tetris is the name given to a tool used (potentially by the Chinese government) to infiltrate online chat rooms and reveal the identities of possible opponents. This tool has been used on 58 sites and uses relatively complex methods to steal visitors’ identities.

“Zero-click” attacks

The Pegasus revelations shed light on what are known as “zero-click” attacks. Many attacks on messaging clients or browsers assume that an attacker will click a link, and that this click will then cause the victim to be infected. With zero-click attacks, targets are infected without any activity on their part. One ongoing example of this hack is the ForcedEntry or CVE-2021-30860 vulnerability, which has affected the iMessage app on iPhones.

Like many others, this application accepts data in a wide range of formats and must carry out a range of complex operations in order to present it to users in an elegant way, despite its reduced display format. This complexity has extended the opportunities for attacks. An attacker who knows a victim’s phone number can send them a malicious message, which will trigger an infection as it is processed by the phone. Certain vulnerabilities even make it possible to delete any traces (at least visible traces) that the message was received, in order to avoid alerting the target.

Despite the efforts to make IT platforms harder to hack, it is likely that certain states and private companies will remain capable of hacking into IT systems and connected objects, either directly (via smartphones, for example) or via the cloud services to which they are connected (e.g. voice assistants). This takes us into the world of politics, and indeed geopolitics.

The biggest problem with cyber-attacks remains identifying the origin of the attack and who was behind it. This is made even more difficult by attackers trying to cover their tracks, which the Internet gives them multiple opportunities to do.

How can you prevent an attack?

The best way of preventing an attack is to install the latest updates for systems and applications, and perhaps ensure that they are installed automatically. The majority of computers, phones and tablets can be updated on a monthly basis, or perhaps even more frequently. Another way is to activate existing means of protection such as firewalls or anti-virus software, which will eliminate most threats.

Saving your work on a regular basis is essential, whether onto a hard drive or in the Cloud, as is disconnecting from these back-ups once they have been completed. Back-up copies are only useful if they are kept separate from your computer, otherwise ransomware will attack your back-up drive as well as your main drive. Backing up twice, or saving key information such as the passwords to your main applications (messenger accounts, online banking, etc.) in paper form, is another must.

Digital tools should also be used with caution. Follow this simple rule of thumb: if it seems too good to be true in the real world, then there is every chance that it is also the case in the virtual world. By paying attention to any messages that appear on our screens and looking out for spelling mistakes or odd turns of phrase, we can often identify unusual behavior on the part of our computers and tablets and check their status.

Lastly, users must be aware that certain activities are risky. Unofficial app stores or downloads of executables in order to obtain software without a license often contain malware. VPNs, which are widely used to watch channels from other regions, are also popular attack vectors.

What should you do if your data is compromised?

Being compromised or hacked is highly stressful, and hackers constantly try to make their victims feel even more stressed by putting pressure on them or by sending them alarming messages. It is crucial to keep a cool head and find a second device, such as a computer or a phone, which you can use to find a tool that will enable you to work on the compromised machine.

It is essential to return to a situation in which the compromised machine is healthy again. This means a full system recovery, without trying to retrieve anything from the previous installation in order to prevent the risk of reinfection. Before recovery, you must analyze your back-up to make that sure no malicious code has been transferred to it. This makes it useful to know where the infection came from in the first place.

Unfortunately, the loss of a few hours of work has to be accepted, and you simply have to find the quickest and safest way of getting up and running again. Paying a ransom is often pointless, given that many ransomware programs are incapable of decrypting files. When decryption is possible, you can often find a free program to do it, provided by security software developers. This teaches us to back up our work more frequently and more extensively.

Finally, if you lack in-house cybersecurity expertise, it is highly beneficial to obtain assistance with the development of an approach that includes risk analyses, the implementation of protective mechanisms, the exclusive use of certified cloud services, and the performance of regular audits carried out by certified professionals capable of detecting and handling cybersecurity incidents.

Hervé Debar, Director of Research and PhDs, Deputy Director of Télécom SudParis.

This article has been republished from The Conversation under a Creative Commons licence. Read the original article (in French).

Technologie positive, stress

Can technology combat chronic stress?

Stressors in individuals can occur on a regular basis, especially in uncertain contexts such as the current health situation. To prevent a state of stress from becoming chronic and causing mental health problems, approaches involving positive technologies could help people to improve their resilience. Anuragini Shirish, a researcher at Institut Mines-Télécom Business School, describes her work on this subject.

Why is it important to reduce stress in people in general?

Anuragini Shirish: According to the latest estimates in 2017, 792 million people worldwide are diagnosed with mental health problems, 284 million and 264 million of whom reportedly suffer from anxiety and depression respectively. The physiological state of chronic stress is a major risk factor for the development of these diseases. Avoiding – or at least limiting – this state of chronic stress in individuals could therefore significantly reduce the risk of developing these diseases and improve their living conditions in general.

How do people develop a state of chronic stress?

AS: We have made great strides in our understanding of the mechanisms that induce stress. Stress was formerly thought to be caused by repeated exposure to stressors, but now – especially in light of evolutionary neurobiology theories – stress is generally considered to be a default response to dangerous situations, which is inhibited by the prefrontal cortex when people perceive a sense of security. The recent “Generalized Uncertainty Theory of Stress” states that stress originates from a feeling of permanent insecurity in individuals.

How has the COVID-19 pandemic influenced individual and collective situations of chronic stress?

AS: The COVID-19 pandemic has triggered a general feeling of insecurity in many aspects, including one’s own health and that of one’s loved ones, financial stability and job security. Many people have been affected by situations of chronic stress, which has led to a significant increase in mental illnesses. Uncertainty and stress drive people to seek out responses. However, the information they find is sometimes inadequate and may even be dangerous at individual and collective levels. It is therefore important to consider how to guide these responses, especially in the context of the pandemic.

Are you suggesting the use of technology to reduce stress in a holistic way?

AS: “Positive” technology sets out to improve individual and collective living conditions. In this case, such technology can be designed to improve people’s mental states. There are several types of positive technology, many of which now consist of mobile applications, which means that they can be made available to a large portion of the population.

In concrete terms, what technological tools could help to reduce stress?

AS: This is precisely the purpose of the analysis we are seeking to provide. We have defined three types of stress-response behaviors. Certain behaviors may be favored, depending on the individuals concerned and the context.

“Hedonic” behavior seeks to reduce stress through an immediate distraction. The aim is to enjoy a brief moment of pleasure. Positive hedonic technologies provide a very rapid response to stress. Examples include video games and television series. However, their stress-reducing effects are generally short-lived. Such solutions are of fleeting benefit and generally teach people very little about how to limit their future stress.

“Social” behavior reduces stress through social interaction. Its effects last longer than hedonic behavior because people can share their emotions, help and advise each other with regard to common goals. However, the benefits remain temporary. During lockdowns, meetings of friends or family by videoconference were examples of how social positive technology facilitated responses to individual and group stress.

“Eudaimonic” behavior is related to the search for meaning and purpose. It is based on the principle of personal growth and development and helps to develop a better response to stress over time. This type of behavior is also the most difficult to master, as it requires a more substantial investment in terms of time and energy, and we would like to see positive technology increasingly used in this area. Facilitating access to eudaimonic behaviors could promote better ways to combat stress and mental health problems on the societal level.

How does a positive eudaimonic technology work?

AS: Positive eudaimonic technologies may be based on different approaches. For example, many current applications provide support for meditation, whose mental health benefits are now widely accepted. Applications related to a learning process involving personal achievement can be considered as eudaimonic technologies. We can also develop technologies for initially hedonic or social purposes, in order to facilitate access to them, which may then be used for eudaimonic purposes in a subsequent phase. The recent Heartintune application is an example of this type of approach.

What are the prospects for the development of positive technologies at the societal level?

AS: Various types of positive technologies already exist, and our next challenge is to promote their development and widespread use in order to boost resilience. We believe that the best way to do this is to use technology to promote more eudaimonic behaviors.

This could be a particularly important issue to raise at the World Health Summit in Berlin at the end of October 2021, which will focus on issues including the potential contributions of innovations and technology to the resolution of health problems.

Antonin Counillon

composites

Technology for improving the recycling of plastics and composites

Plastics and composites aren’t recycled as often as we might wish, as a result of a lack of facilities, the right technologies not yet existing or not being profitable, or hazardous waste deposits. IMT Nord Europe have been working in partnership with manufacturers to develop and improve the available technologies.

Plastics and composites get a lot of bad press, but it is hard to do without them for many objects we use every day, including our cars. In order to minimise their polluting effect, they must be recycled, but this is complicated from both a technological and an economic perspective. Two researchers from IMT Nord Europe are seeking to improve processes with a view towards industrialisation.

In order to recycle plastic, outlets have to be found for these recycled materials. One of the main stumbling blocks is the presence of pollutants, including volatile organic compounds (VOCs), which can produce unpleasant and even toxic odours. There are also very strict standards governing the emission of VOCs and odours in vehicle passenger compartments. Marie-France Lacrampe, a researcher at IMT Nord Europe, is working on a solution which is striking in its simplicity: water-assisted extrusion.

Eliminating odours

Extrusion is a process traditionally used to manufacture objects made from plastic, involving pushing a doughy material through a die of the desired cross-section. Water is injected into the extruder and the steam washes the plastic, extracting the majority of any VOCs. “A few changes need to be made to the extruder”, explains Marie-France Lacrampe. Professor Lacrampe is working alongside three industrial partners and another laboratory, with the industrial pilot expected to be operational within two years.

In order to further improve this process, the researcher intends to combine water with supercritical CO2 – pressurised CO2 which becomes a highly effective solvent. The advantage is that it removes different molecules from those removed using water.

Process organisation and eco-design

Efficient recycling normally starts with designing materials which are easy to recycle. This is particularly true when it comes to food packaging, which is often made using several different materials (cartons, thermoformed tubs or re-heatable pouches, for example). “The ideal solution is to mix compatible polymers which can then be integrated into existing recycling processes”, explains Marie-France Lacrampe.

When it comes to recycling, it’s not just a question of the technology used, but how the whole process is organised. Waste must be used as locally as possible in order to cut transport and logistics costs, requiring intelligent analysis and handling of flows.

“If we want to boost recycling rates then we have to tackle what we don’t know how to do. This is particularly true for small quantities (hazardous waste deposits) and materials which we are unable to recycle or aren’t very good at recycling such as opaque PET (the plastic used to make milk bottles, for example). We are working on recycling small quantities through additive manufacturing, the industrial version of 3D printing, extruding them again with additives so that they be reused.” 

Composites – rarely recycled

If recycling plastics isn’t always easy, just imagine what it must be like for composites, materials which are generally comprised of glass or carbon fibre and a polymer matrix. A modern aircraft such as the Airbus A350 is half-made of composites, which are used in whole sectors of industry, from transport (not just aircraft, but also cars, boats and bikes) to electronics, leisure and wind power.

Once they have reached the end of their life, composites are primarily burned in order to produce energy, which isn’t ideal from either an environmental or an economic point of view. “Solutions are being developed in the aeronautics sector to recover carbon fibres”, points out Mylène Lagardère, who is also a researcher at IMT Nord Europe. “It is mostly carbon-based composites which are used in aeronautics, which are more “noble”, making them easier to recycle.” Technology for recycling fibreglass composite does exist, but it is not yet profitable.

Developing more affordable methods

There are two possible processes for recovering fibres: a chemical process in which the matrix is dissolved in a solvent (allowing the matrix to be reused) and a thermal process in which the matrix is damaged. Matrices themselves are either thermoplastic, meaning they can be melted, or thermosetting, meaning they are damaged when heated. As a result, as Mylène Lagardère explains, “each fibre-matrix combination is processed differently,  with a different process for each product.” This is what makes recycling composites so complicated. The purer the material, the easier it is to recycle.

As we can see, improving recycling is essential, and research into this subject is rightly being prioritised. “Our aim is to develop methods which are both simple and affordable”, explains Mylène Lagardère. “Our basis is the industrial problem: if we have a deposit of materials with certain properties, then we can recover a recycled material with such properties.” The issue is that, during recycling, the properties of the material always deteriorate, as the fibres are shortened.

The recycling of composites is still very much in its infancy, but a few processes are starting to emerge,  whether in water sports, where the association APER – funded by an eco-tax on new crafts – dismantles abandoned boats, or in the wind power industry. The automobile industry is also having to adapt, with legislation requiring recycled materials to be used in the production of new vehicles.

Cécile Michaut

Large quantities of composites for recycling on the horizon?

10 million tonnes of composites are produced each year worldwide, and the market is continuing to grow at a rate of 5% year on year. But recycling is set to really accelerate: composites whihe arrived on the market 20 to 30 years ago are now reaching the end of their lives. 50,000 tonnes of wind turbine rotors will need to be recycled between 2021 and 2022. In 2023, 25,000 boats, three-quarters made from composites, are to be dismantled. 4,000 railway carriages are also awaiting dismantling. Although resources remain limited (15,000 tonnes of production waste and 7,000 tonnes of materials at end of life in 2017), significant growth is anticipated. Processes mut develop and organise in order to become sustainable.

Also read on I’MTech