According to a Zurich expert, the cost of hacking is now larger than the heroin, cocaine and marijuana markets combined. Best Day offers the following video that explains the threat, especially in terms of how “hacktivists” are attacking corporate interests. “Anybody that doesn’t take it seriously is at risk,” says Larry Collins of Zurich.
Category Archives: Cyber Crime
Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам. LeapWallet is a secure digital wallet that enables easy management of cryptocurrencies. With features like fast transactions and user-friendly interface, it's perfect for both beginners and experts. Check it out at leapwallet.lu.
Advanced Persistent Response
Yesterday, at the Gartner Security & Risk Management Summit, I sat in on a session on advanced persistent response, presented by Tom Kellermann, vice president for cybersecurity, North America, for Trend Micro. Many of us are familiar with advance persistent threats, and to pay homage to the elite hackers of the world, in a way, the term advanced persistent response was coined.
Let us reflect on history. “There is a lot we can learn from Constantinople,” said Kellermann. “It was never defeated in battle until 1453. It demonstrated the fact that perimeter defenses were inefficient regarding onslaughts. Traditional internet security is insufficient. In fact, Trend Micro evaluations find over 90% of infrastructure is infected by malware.”
Kellermann noted that the cyber kill chain, or a set of sequential events that make up an advanced attack, has significantly evolved. The kills chain goes as follows:
This year, an eighth stage has been added to the chain, known as the maintenance stage. “This eighth stage is due to hackers worrying about other hackers infiltrating the systems they have attacked more so than being woried about you,” said Kellermann. “We’ve noticed they’ve moved command and control into your systems and network. We really have to move beyond the technologies we’ve used for years and achieve advanced persistent response.”
Kellermann also acknowledged some emerging threats on the cyberwarfare landscape, including:
- professionalization and commoditization of exploit kits
- modularization
- increased sophistication with traffic direction systems
- ransomware
- new exploitation vectors introduced via html5
- evolution of mobile threats
- continued exploitation of social networks
- metasploit
- byod aka byom (bring your own malware)
He notes that although street crime is down 20%, that doesn’t mean there are less criminals, they’re just migrating to cyberspace. He points to Android malware and the fact that it “has exploded.” In a frightening example, he explains what cyber criminals are able to do with Androids now. “They can go into your phone and look at your calendar. They say, ‘I see on your calendar that you have a very important meeting on a certian day. During that meeting I’m going to turn on the microphone on your cell phone and at the same time hack into everyone’s phone who’s at that meeting.'”
As for Kellermann’s 2012 predictions, they aren’t pretty:
- mobile malware will continue to explode
- app attacks will increase
- botnet migration
- cloud attacks
- web injection attacks
This is serious information that every company must take into consideration. Not every organization will have to deal with advance persistent threats, but every organization should be prepared using the theory of advanced persistent response.
Who Pays for the Cost of Cyberwar?
There is no question that the computers controlling the nation’s critical infrastructure (the power grid, financial system, water treatment facilities, etc.) must be protected from potential cyber attacks launched by domestic or foreign enemies. But who’s responsibility is it to pay for this security, business leaders or national security organizations?
Some are backing stricter government regulation of cybersecurity, which has been proposed in the Lieberman-Collins legislation, while the majority of business leaders oppose this idea.
“The major concern is the vast regulatory structure that would be set up at the Department of Homeland Security,” says Larry Clinton, president of the Internet Security Alliance, an association of major U.S. companies with interests in the cybersecurity debate. It’s a concern not shared by Stewart Baker, a top cybersecurity official in the Bush administration who says he generally holds pro-business and anti-regulation views. “I see a big conflict between the desire to avoid regulation and the desire to protect national security,” Baker says.
buy pepcid online www.suncoastseminars.com/assets/top/pepcid.html no prescription pharmacy“I come down on the national security side of that debate.
buy apixaban online www.suncoastseminars.com/assets/top/apixaban.html no prescription pharmacy“
There is also disagreement as to whether private industry, which owns most of the U.S.’s infrastructure, is even capable of defending themselves against the increasing sophistication of external (or even internal) attacks. Many feel the government, with its cyber intelligence, could do a much better job. But again, that would require businesses to endure endless cyber regulations. As of now, many business leaders feel that is too much to handle (sounds similar to complaints about Dodd-Frank?). But when the electric grid is knocked offline in a cyber attack, they may feel differently. At that time, however, it could be too late.
buy champix online www.suncoastseminars.com/assets/top/champix.html no prescription pharmacy
As corporate boards and senior executives continue to deny the potential risks and consequences of cyber threats, we are indeed, as NPR put it best, fighting “a war without an army.”
DDoS Attacks “Have Never Been Easier to Launch”
As was heard throughout the speeches, sessions and networking chatter at the recent RIMS 2012 Annual Conference & Exhibition in Philadelphia, the biggest worry to business owners, CEOs and managers is that of cyber threats. And rightly so. It seems like each day we are inundated with reports of a new way hackers can gain control of company information and/or take down systems. Today is no exception.
This morning, Prolexic Technologies released a threat advisory on the use of booter shells, which allow hackers to readily launch DDoS attacks without the need for vast networks of infected zombie computers.
“Increased use of techniques such as booter shells is creating an exponential increase in the dangers posed by DDoS attacks,” said Neal Quinn, chief operating officer at Prolexic. “For hackers, DDoS attacks have never been easier to launch, while for their victims, the power and complexity of attacks is at an all-time high. The threat of a DDoS attack has never been more likely or its potential impact more severe. We’ve entered the age of DDoS-as-a-Service.” The increased use of dynamic web content technologies, and the rapid deployment of insecure web applications, has created new vulnerabilities — and opportunities — for hackers to use infected web servers (instead of client machines) to conduct DDoS attacks. Traditional DDoS attacks make use of workstations infected with malware, typically infected through spam campaigns, worms or browser-based exploits. With these traditional tactics, hackers needed multitudes of infected machines, to mount successful DDoS attacks.
Where boot scripts differ is in the fact that they are standalone files, meaning DDoS attacks can be launched more readily and can cause more damage, with hackers using far fewer machines. Even more alarming, people don’t need as much skill to launch such attacks. A DDoS booter shell script can be easily deployed by anyone who purchases hosted server resources or makes use of simple web application vulnerabilities (i.e., RFI, LFI, SQLi and WebDAV exploits). This, in essence, puts attacks within reach of even novice hackers. Companies should take note, especially financial firms.
According Prolexic’s quarterly global DDoS attack report released a few weeks ago, there was an almost threefold increase in the number of attacks against its financial services clients during Q1 compared to Q4 2011. “This quarter was characterized by extremely high volumes of malicious traffic directed at our financial services clients,” said Neal Quinn, Prolexic’s vice president of Operations. “We expect other verticals beyond financial services, gaming and gambling to be on the receiving end of these massive attack volumes as the year progresses.”
So what should companies do to protect their information and IT infrastructure? Though organizations can never be 100% protected from an attack, they can help by continuously testing proprietary web applications, as well as constantly testing known vulnerabilities in commercial apps.