Tuesday, November 11, 2008

The Cyber Attack Danger

By Kevin Coleman
October 20, 2008 08:13 AM
Cyber-warfare
Courtesy Of
DefenseTech

Many nations are under constant cyber attack. The United States seems to be ground zero for the vast majority of the cyber attacks launched be their digital enemies around the world. A former CIA official provided the following statistics. In 2007 there were 37,000 reported breaches of government and private systems. In addition, there were nearly 13,000 direct assaults on federal agencies and 80,000 attempted computer network attacks on Defense Department systems.

In addition who could forget the U.S. Air Force commercial showing a picture of the pentagon and saying this building gets 6 million cyber attacks a day.

Cyber attacks are now expected to cause maximum damage because of the professional tools being used by the attackers. According to the cyber threat report released by Intelomics, the following list identifies the cyber attack techniques that have seen a significant increase in their level of sophistication.

* Internet social engineering attacks
* Wireless and wired network sniffers
* Packet spoofing
* Hijacking sessions
* Automated probes and scans
* GUI intruder tools
* Automated widespread attacks
* Widespread denial-of-service attacks
* Executable code attacks (against browsers)
* Techniques to analyze code to identify vulnerabilities
* Widespread attacks on DNS infrastructure
* idespread attacks using NNTP to distribute attack
* "Stealth" and other advanced scanning techniques
* Windows-based remote controllable Trojans (Back Orifice)
* Email propagation of malicious code
* Wide-scale Trojan distribution
* Distributed attack tools
* Distributed denial of service attacks
* BotNets and Zombies
* Anti-forensic techniques
* Wide-scale use of worms
* Man-in-the Middle plus Man-in-the-Browser exploitation

Cyber threats are now demanding immediate attention because of the increased dangers they pose to commercial and government entities and national security. The Congressional Research Service study found the economic impact of cyber attacks on businesses has grown to over $226 billion annually. Despite the significant impact, there is no clear framework for business executives to assess the financial impact of their cyber risks. According to two new surveys, the threat to corporate computer systems from cyber attacks is getting worse, despite stronger corporate defenses. Some cyber security measures might include more restrictive hiring practices, restricting remote working arrangements, increasing monitoring of flexible work hours and telecommuting as well as restriction on access by trading partners, vendors and consultants.

In addition, organizations must also increase computer security awareness training for information technology workers as well as the general systems/computer user community.

A cyber attack special investigator at Intelomics said, "the reports of attacks, breaches and system compromises that make the news are only the tip of the iceberg. The vast majority of these attacks go undisclosed and thus are not covered by the media."

Most nations do not have adequate IT security to protect against targeted cyber attacks. Technolytics have warned before that these cyber attackers are well financed and have an arsenal of highly sophisticated weapons that not only circumvent current security controls, but leverage anti-forensic techniques that remove evidence of their attacks. The United States, European Union, United Nations and NATO must act and act now. In view of the current situation I would like to suggest they seriously consider the following actions and move immediately to adopt and implement these measures.1. Establish a cyber threat operating committee under the United Nations Security Council.a. This cyber threat operating committee must be closely linked in a collaborative relationship with the Counter-Terrorism Committee.2. Create a framework to determine what constitutes an act of cyber war and create a legal framework that addresses international criminal cyber acts.3. Proactively create a framework of actions that can quickly be levied against cyber aggressors.a. These actions must include both economic and military sanctions as well as suspension of connectivity to the Internet backbone by both physical communications cables and via satellite.4. Create a cyber peacekeeping force that is a rapid response asset to assist in repelling any offensive cyber-based aggression.

In the interest of global peace, economic integrity and stability, I believe that the United States, European Union, United Nations and NATO must proactively send a stern warning to those who choose to use cyber weapons against other nations, that there will be severe consequences of such actions.

No comments: