 |
| Image from Pixabay |
By now, you’ve probably heard, at least, if you live in the Netherlands: in just over a week, the city of The Hague will become an impenetrable fortress.
People living and working anywhere near the World Forum conference center have
already been dealing with the disruptions caused by the largest security
operation in history. But just like with an iceberg, what you see is only a
fraction of the whole picture.
The last event of this scale was the Nuclear
Security Summit in 2014, which also brought dozens of world leaders to that
same conference center. In the eleven years since, the threat
landscape—especially in terms of cybersecurity—has changed dramatically. Attack
methods have become more sophisticated, and so have the people behind them.
Much more sophisticated. And cunning. Which is troubling, because as an
ordinary citizen, there’s little you can do to defend yourself.
“I’m just a regular person—what does this NATO
summit have to do with me?” I hear you think. And yes, most of us won’t be
directly involved. But that doesn’t mean you won’t be affected. In fact, you
might be—without even realizing it.
Here’s why. Major events like this act as a
magnet for what we broadly call malicious actors. Just like pickpockets flock
to crowded markets, cybercriminals and spies are drawn to high-profile global
gatherings. They’re after three things: money, information, and influence. The
first is mostly the domain of criminals, though some rogue states aren’t above
it either (looking at you, North Korea).
Stealing information is typically associated
with state actors from countries like Russia, China, and Iran (plus a few
others not on the public list). But don’t underestimate the criminals here
either: ransomware attacks not only paralyze organizations but also steal data,
which they then threaten to publish unless a ransom is paid. That increases
their chances of getting paid.
Influence can be exerted in various ways. One is
through disinformation—shaping public opinion, or even swaying the views of
summit attendees. Some heads of state are surprisingly susceptible to such
manipulation. Another tactic is disrupting the summit itself, throwing off
schedules or even derailing the entire event.
Whatever the motive, these activities often
start in the same place: phishing. Around events like this, phishing attempts
spike—often themed around the event. You might get an email that looks like
it’s from the City of The Hague: “Are you experiencing disruptions due to the
NATO summit, such as being unable to get to work? Click here to apply for
compensation.” Malicious actors know they’re more likely to succeed if they
strike a nerve and dangle the promise of money.
Regular phishing is like shooting with a
shotgun: blast it out to as many people as possible and see who bites. But
there’s also targeted phishing—spearphishing—where a specific individual is the
target and the message is custom-crafted. Expect to see more of that in the
context of the NATO summit too.
I do wonder how they manage it in the Vatican. The Pope passed away, and five days later his funeral was held—with many dignitaries in attendance, including the U.S. President. Meanwhile, the Netherlands has been preparing for the NATO summit for months. Maybe it’s time for an educational field trip to Rome.
And in the big bad world…
- espionage can be highly sophisticated. [DUTCH]
- the true CISO wears a hoodie and jeans. [DUTCH]
- stolen data fuels the digital underworld.
- Wikipedia editors resist AI summaries, fearing for the integrity of information.
- AI does, in fact, make painful mistakes from time to time.
- your phone number wasn’t safe with Google.
- your data is safe with a European subsidiary of a U.S. company—at least, legally speaking. [DUTCH]
No comments:
Post a Comment