The six most dangerous infosec attacks – Hackers – SC Magazine Australia – Secure Business Intelligence

The six most dangerous infosec attacks – Hackers – SC Magazine Australia – Secure Business Intelligence.

SC Magazine Autralia summarized Ed Skoudis’s and Joannes Ullrich’s RSA presentation on the six most dangerous IT Security threats of 2011 and what to expect in the year ahead. They are:

  1. DNS as command-and-control
  2. SSL slapped down
  3. Mobile malware as a network infection vector
  4. Hacktivism is back
  5. SCADA at home
  6. Cloud Security
Additional trends:
  • IPv6
  • Oldies
  • Social Networking
  • Malware
  • DNSSEC
The reference to the Malware item above is that blacklisting is a losing proposition and organizations need to move to whitelisting. IMHO, this especially true for establishing positive network control at the application level.

Provera 10mg

Cyber attacks a top risk says World Economic Forum

Via Clerkendweller’s blog post about the 2012 edition of the Global Risks report from the World Economic Forum, Cyber attacks came in #4 among the top 50 global risks as a function of likelihood.

The report divides risks into five categories – Economic, Environmental, Geopolitical, Societal, and Technological. What I also found interesting is that within the Technological category, Cyber attacks scores highest as a function of likelihood and impact. See the chart below:

The report further defines “connectivity” as one of the “Three distinct constellations of risks that present a very serious threat to our future prosperity and security…” The report then goes on to identify the three types of objectives of cyber attacks using physical world “military strategy” and “intelligence analysis” analogies: sabotage, espionage, and subversion. Here are the examples they provide:

Sabotage

  • Users may not realize when data has been maliciously, surreptitiously modified and make decisions based on the altered data. In the case of advanced military control systems, effects could be catastrophic.
  • National critical infrastructures are increasingly connected to the Internet, often using bandwidth leased from private companies, outside of government protection and oversight.

Espionage

  • Sufficiently skilled hackers can steal vast quantities of information remotely, including highly sensitive corporate, political and military communications.

Subversion

  • The Internet can spread false information as easily as true. This can be achieved by hacking websites or by simply designing misinformation that spreads virally.
  • Denial-of-service attacks can prevent people from accessing data, most commonly by using “botnets” to drown the target in requests for data, which leaves no spare capacity to respond to legitimate users.

These do not map easily into our traditional method of categorizing threats as risks to confidentiality, integrity, and availability of information but may be useful because what’s really important is the focus on adversaries and the actions they take to threaten the confidentiality, integrity, and availability of our cyber assets.

Of course we need to focus on assets in the sense that we have to “harden” them to reduce the likelihood of a successful attack. But we cannot stop there due to the following.

The Connectivity case provides two axioms for the Cyber Age:

  • Any device with software-defined behaviour can be tricked into doing things its creators did not intend.
  • Any device connected to a network of any sort, in any way, can be compromised by an external party. Many such compromises have not been detected.
If these axioms are true, then we must go beyond hardening assets. We must also invest in technical controls that can detect obviously negative and anomalous behavior of assets.
Overall, a document well worth reading.