December 21, 2018
European Union’s communications network, known as COREU, has been compromised revealing sensitive cables and shedding light on its cybersecurity vulnerabilities exploited by attackers.
The trove of disclosed cables exposed data labeled limited and restricted. Considering these are low-level classified documents, it is safe to say that most of them do not hold special significance, but some, nonetheless, touch upon rather sensitive subjects.
Leaked cables contain mission reports, private meetings summaries, and descriptions of conversations between diplomats and country officials on topics such as terrorism, tariffs, and trade.
Fortunately for everyone, EU officials have stated that far more sensitive documents containing secretive communications of higher levels are located on a different system. The information labeled ‘Top Secret’ is stored in a separate database and is disconnected from internet connections.
This, however, does not necessarily explain why the same effort has not been paid to ensure up to par protection of diplomatic communications of European officials.
Curiously, according to the comments made by a former intelligence official to the New York Times, EU had been shrugging off repeated warnings about its dated communications security efforts.
This breach must have rung all the right alarm bells for the European Union and will most certainly lead to immediate revision of discovered vulnerabilities in their legacy systems.
The so-called hack is a separate topic for debate.
First of all, one could argue that, technically, it was not a hack. Hacking implies altering an existing system, software or its features to serve a specific – often malicious – purpose.
And second of all, this is not the type of “hacking” that lead to European Union’s communications network cables leak.
So what really happened there?
It is best explained with a short story.
There were once 2 robbers who have made a bet to see which of them can crack a safe faster. They had the same amount of time to prepare, the same restrictions as to what equipment they could use, and the same safe model they had to crack.
However one of them managed to crack the safe within minutes, while the other took over half an hour and almost got busted on his way out.
How did the first one manage to pull this off so quickly? He prioritized stealing the keycard and passwords while the other guy took it upon himself to saw through the lock using an angle grinder.
In the COREU case, threat actors have focused their effort on obtaining genuine login credentials to access the database of exchanges.
Just like snatching passcodes to crack a safe can be easier than cutting the lock with a grinder, it is easier to steal database login credentials than literally hack one’s way through its security.
And in case you are wondering how the attackers have got their hands on those credentials, the answer is simple.
There is nothing sophisticated about phishing attacks. Again, technically speaking, they require less skill, take less time, and generally prove to be more effective.
Phishing is a technique that preys on human factor.
Quoting Oren Falkowitz, the CEO at Area 1 Security, the firm that discovered the attack, the New York Times reported the phishing campaign targeted diplomats in Cyprus. After piercing the Cyprus system, threat actors have gained access to the passwords they needed to connect to European Union’s database of exchanges.
Once the attackers got in, the cables were theirs for the taking.
Allegedly, the cyberattack can be traced to Chinese government and military intelligence agency formerly known as 3PLA.
It would not come off as unexpected if allegations prove true though.
After all, governments have been attempting to spy on each other since before history. The “spy games” have simply taken a new turn as practically all communication has shifted to the internet.
It all came as a natural progression and there is nothing surprising about it really.
The surprising part is the general lack of concern for diplomatic communications security.
Phishing is a formidable threat, but it is not a new one.
In fact, statistics, even from 2 years ago, shows that phishing attacks account for 91% of all cyberattacks. Certainly, the numbers have only climbed up since then. Given the data, it makes all the sense in the world to deploy solutions which ensure protection against phishing attacks.
Unfortunate events like this diplomatic cables leak are a powerful example of what a targeted phishing attack is capable of when given the opportunity.
But phishing – despite being a major vector – is far from being the only security threat that sensitive data is exposed to. Other rapidly increasing threats include BEC, EAC, ransomware attacks – and these are just a few that come to mind.
Clearly, the arms race has crossed over to the cyberspace.
It’s not all bad news though.
With solutions like Area 1 Security, which deals with phishing specifically, and StealthMail, which takes on secure email communication issues as a whole, there should really be no reason for enterprises and governmental organizations to disregard the need for cybersecurity, especially where highly confidential information is concerned.
This case should be the call to arms for governments, enterprises, and large organizations to examine vulnerabilities and reinforce weak links in cybersecurity infrastructure, paying special attention to email and communication channels in general.
Until legacy systems prove capable of withstanding modern cybersecurity threats, the precedence should be given to solutions such as StealthMail which introduce internally developed alternatives to outdated protocols that live up to cybersecurity demands of today.
And to put our money where our mouth is, Dmitri Bulkhukov, the CEO of StealthMail, is willing to give away $26 million worth of StealthMail licenses to European and Chinese officials to ensure the safety of diplomatic correspondence.
To learn more about StealthMail’s Classified Communication Channel powered by patented Stealth-technology visit StealthMail.com.