Increasing Militarization Of The Internet
The rise of Stuxnet, Flame, Gause, the Olympic Games operations and
Shamoon have all shed light on the issue of nation-state driven
cyberwarfare and cyberespionage activities. Now that we are in
cyberspace, we have another domain for humans to occupy and dominate,
according to Ed Skoudis, founder of Counter Hack Challenges.
Skoudis told RSA Conference 2013
attendees that he worries about some of the risks of taking action over
the Internet. Many of the nation-state driven activities could have a
tremendous impact on the private sector, he said. "It could have a
cascading impact," he said. "It is possible that every cyberaction could
cause bigger problems than people think." Some of the techniques
outlined by Skoudis and Johannes Ullrich, chief research officer at the
SANS Institute are not new, but they are being ramped up by
cybercriminals to become a serious problem.
Here's a look at the five most dangerous new hacking techniques that concern top security experts Ullrich and Skoudis.
- Rise Of Offensive Forensics Anti-forensics is the process of cybercriminals getting into a targeted environment and hacking the forensics tools themselves. Offensive forensics is taking forensics techniques and analyzing file systems and memory in-depth then combing them for information assets and extracting them.
- Mis-Attribuiton
The industrial processes used to build Stuxnet and other malware provides unique fingerprints for malware analysis investigators to categorize it. Coding styles down to machine level language can indicate a specific threat actor. A nation-state backed cybercriminal that doesn't want to get noticed may place phony clues in malware to shake off investigators, Skoudis said. The catastrophic attack on Saudi Aramco via Shamoon infections on that company's workstations had some technical information that made investigators think it clearly wasn't the work of a nation-state. But, researchers at Kaspersky Lab provided evidence linking some specific characteristics to the Flame malware, an cyberespionage attack toolkit. - Computer Attacks Resulting In Kinetic Impact
Historically we have worked to protect PII and PHI, bank records and trade secrets, but companies haven't had a good track record, Skoudis said. But, attackers are now targeting physical infrastructure such as industrial control systems and SCADA systems.
"Some of it is just mischief, but it could be a harbinger of much bigger things to come," Skoudis said. "We are rapidly moving into the area where cyberattacks cause kinetic impact."
Smaller systems are now at risk, such as automobiles, water distribution systems and traffic light control systems, which have buffer overflows, SQL injection flaws and other coding problems that can be exploited, he said. Attackers can infiltrate the devices and gain command and control of the infrastructure. - Large Scale DDoS Attacks
U.S. banks have spent a lot of time investing substantial resources to defend distributed denial-of-service (DDoS) attacks. They are simple and don't require a lot of resources.
While the attacks are not new, businesses and attackers have been playing a cat and mouse game, said Johannes Ullrich, chief research officer at the SANS Institute, told RSA Conference attendees. Attack tools are getting better at tricking DNS anti-DDoS defenses, he said. Attacks are getting larger, up to over 40 gigabits per second. The attacker only needs 2,000 bots to carry them out, Ullrich said.
Courtsey: http://www.crn.com
No comments:
Post a Comment