A weekend ransomware attack that shut down dozens of television stations owned by the national media conglomerate Sinclair Broadcasting Corporation is just the latest in an ongoing surge of cyber- and ransomware attacks this year. FBI Director Chris Wray said cyberattacks are increasing “almost exponentially,” with many targeting critical U.S. infrastructure such as when ransomware shut down the Colonial Pipeline in May. The increased activity prompted the recent creation of the Joint Cyber Defense Collaborative, which includes Google and the FBI as well as other private and public agencies focused on fighting cybercrime.
Kyle Sferrazza, who will earn his master’s degree in cybersecurity next year through Northeastern’s PlusOne program, already has a seasoned perspective on cyber attack trends. He recently won first place in a cybersecurity contest held by the U.S. Department of Energy. He spoke to News@Northeastern about emerging cybersecurity threats and the vulnerability of our government institutions.
Why did ransomware attacks rise so dramatically over the last two years?
The whole pandemic moved pretty much everything online, and more and more businesses from every sector imaginable moved to the cloud and migrated that way. That means there’s many more targets online, and ransomware attackers can just spray cyberspace and try to infect as many as they can. There are pre-built ransomware frameworks out there, and it’s so easy for an attacker to just take one of them, slap in their cryptocurrency address and just let it free on the internet.
How secure are the pieces of U.S. infrastructure that are online?
A lot of our country’s critical infrastructure is made up of such complex systems that it’s kind of impossible to secure them all the way. The government and hospitals and everyone else don’t have unlimited resources to throw at cybersecurity to make sure it’s 100 percent secure. So a lot of the focus recently has been on upping resilience and trying to prioritize the infrastructure that’s the most vulnerable.
So, how worried should we be?
These systems are much more vulnerable than they should be at the moment—the CEO of Colonial Pipeline told the U.S. Senate that the hackers were able to gain access to their systems with a single compromised password. In an ideal world, that kind of large-scale compromise should not be possible by obtaining a single password. It’s more important than ever that we get standard security controls in place on our critical infrastructure and key resources to help improve our nation’s resilience against cyberattacks.
How did you become interested in cybersecurity?
I think from the first time I was using computers and clicking on things as a kid I wanted to see how it worked, to break it down and see what it was made of. That’s a lot of what cybersecurity is: finding holes and seeing how things are made in order to break into them or secure them. So, when I was a kid, I’d write code to modify Minecraft and then I became interested in cybersecurity towards the later end of high school.
What area interests you most when it comes to cybersecurity?
I am very interested in the offensive side, so looking at vulnerabilities and creating exploits [pieces of code that find and exploit security vulnerabilities]. It’s about looking at bits on the network and from that somehow deciphering a special, magic sequence that I can send that gives me control. At the same time, now I know how to stop someone else from doing those things to my software.
How long have you been involved in the U.S. Department of Energy’s cybersecurity contests?
I started in 2019 with their CyberForce competition, where you work with a team to defend a fictional piece of energy infrastructure that they create. I think that the competitions do a great job of representing the kinds of vulnerabilities you might find in critical infrastructure throughout the country. These competitions, especially right after the Colonial Pipeline, hopefully get people thinking about and interested in critical infrastructure and key resource protection.
What might be one of the next big cybercriminal targets?
Something I’ve been looking into recently is cloud security. More and more organizations are putting all their data in a cloud with Amazon or Microsoft or Google, and a lot of times the companies don’t know exactly how to keep the information safe. They’ve never done anything like this before, so maybe they misconfigured something or forgot certain controls that make it harder for attackers to get into their cloud networks. Depending on how many customers that company has, that could be a huge breach.
For media inquiries, please contact firstname.lastname@example.org.