#emergentphenomena

dredmorbius@joindiaspora.com

Ransomware and other Cybersecurity Attacks as a Threshold Phenomenon

There are threats which emerge when a viability and/or cost threshold is crossed and realised. The recent set of high-profile cybersecurity and ransomware attacks[1] being a case in point.

There's a historical analogue to these.

For cities, recurring plauges began occurring during Roman times and limited maximum city populations to about 1 million until the advent of modern sanitation, hygiene, public health, waste removal, and food quality. (Actual medical care and treatment had little to do with this, though vaccines and antibiotics helped.) Soberingly, plagues and disease co-evolved with their host populations and civilisations.[2]

Industrial pollution lagged industrial development by about 50--100 years, with air and water quality and material contamination (heavy metals, asbestos, organic solvents, synthetic hormone disruptors and other bio-active contaminants, etc.) playing major roles in this. Global-level contamination, as with CO~2~ and CFC emissions, resulting in global warming and ozone depletion respectively, also lagged by about 50--100 years from substantial usage.

Increases in travel, transport, and communications almost always directly facilitate fraud. The Greek/Roman gods Hermes/Mercury represented communication, messages, travel, transportation, commerce, trickery, and theives. The term "Confidence Man" arose from Herman Melville's novel of the same name, set on the first great highway of the United States, the steamboat-plied Mississippi.

Mail begat mail fraud. Telegraph and telephones begat wire fraud. Cheap broadcast radio and television, payola and game-show fraus. Email begat spam and phishing.

Some of these have been somewhat contained, all remain actively practiced. Falling costs mean that attacks are now launched from far further afield than previously. Ironically, it's postal mail with its high costs and low speed which has proved most resistant to rampant abuses.

The 1990s and 2000s computerised business practices employed computers with abysmal security, but those systems were spared even worse negative consequences by the general lack of networking, the relatively small size of global computer networks, limited disk storage, limited network bandwidth, and the effectual air-gapping of paper-driven steps in processing. Billing might be submitted or computed electronically, but a paper check still had to be cut and signed. Draining accounts or data simply wasn't possibly without running up against the inherent limitations of computer infrastructure at the time even had a payment mechanism similar to today's cryptocurrencies been available. The poor security of the 1990s and 2000s largely resulted in highly localised tragedies, not wide-ranging ones. There were some exceptions, they were rare, typically occuring well apart from one another and not as part of a connected series of attacks or vulnerabilities.

If my assessment is correct, we'll be seeing much more of the types of attacks notable in the past year.

Attackers have low costs. Victims have highly-interconnected, but poorly-defended systems, comprised of multiple components, each complex on its own, and lacking any effective overall security accountability. End-to-end automation exists, facilitating both productive work and effective attacks. A viable and tracking-resistant payment mechanism exists. Regions from which attacks can be made with impunity exist, and are well-connected to global data networks.

Backups alsone are not an effective defence as these protect against data loss but not data disclosure. Full defence will require radically different thinking, protection, risk assessment, and law-enforcement capabilities.

Until then, get used to more of this, at both large and small scales.

There are some potential bright lights.

  • I suspect attackers aren't targeting specific facilities but are instead conducting automated and scripted attacks against vulnerable facilities.
  • For data-encryption ransom attacks, this means that the decryption key is all but certainly derivable from information on the attacked system, perhaps encoded as filenames or contents. Determining this mechanism may at least allow for data recovery. (It of course does nothing against data disclosure, long-term surveillance, or access denial attacks.) The likelihood that attackers have some database of victims + passwords seems low.
  • Attackers are themselves subject to trust and suspicion attacks, and turning members or safe-harbours against attackers is probably a useful countermeasure.
  • State-level sanctions, flling short of military attacks, may also prove effective.

Notes:

  1. Note that ransomware is only one of a class of current cyberthreats. Others include information disclosure, service disruption (both as a side effect and as a direct objective), surveillance, leveraged further attacks, manipulation and computational propaganda, and the like.

  2. The notion that disease co-evolves with the host population is a long-standing one. The association with historical plauges is a major element of Kyle Harper's The Fate of Rome, which looks at this co-evolution as a major contributor to the ultimate fall of the Roman Empire.

#cybercrime #ransomware #infosec #costs #JevonsParadox #thresholds #emergentPhenomena