CyberScape – The Growing Influence of Cyber Threats (£)

Uploaded on 2016-05-10 in Directors Reports

Cyber issues have entered most of the areas of any organisation’s systems and often, routine working methods and communications.

Therefore, the whole operational process requires far more strategic management involvement and much more sophisticated Cyber security engagement from very senior levels of an organisation’s management. The process also requires far more technical planning and precise tactical understanding than these issues did even a few years ago.

In manufacturing for instance a number of remarkable technologies are converging from sophisticated software, innovative materials, robotic manufacture, cognitive computing and pioneering industrial processes, one example of which is three-dimensional printing and where these areas interconnect with an organisation’s IT systems which might give hackers ways into the organisation’s private data and copyrights.

Cyber Threat – Denial to Hacks

The Cyber-threat landscape has also significantly evolved in recent years moving from a denial of service and website disruption to far more advanced hacking. Hackers (Hackers are named as such in the IT security arena as someone attempting to steal and or exploit weaknesses in a computer system or network) are now using sophisticated and more complex technologies to achieve data, financial and political benefit.

This new global revolution has influenced almost all aspects of modern society and has opened a mass of new developments and opportunities. It has created a knowledge society that personalises many areas of the economy and across markets it is changing jobs and specialisations and globally it is substantially increasing our ability to use enormous amounts of data and knowledge.

Tactical Cyber Security

Serious Cyber Attacks and Security Tactics

Global research suggests that cyber-attacks become much more costly and problematic when they are not detected and stopped quickly as the focus and intensity of the crime increases.

At present some of the nine most serious threats are as follows:

A: Fast Flux - which is a Domain Name System (DNS)

The Fast Flux concept is to have a lot of IP addresses connected to one domain name. Then the IP address is often altered, by changing the DNS information.

Fast Flux is used by Botnets to conceal malware delivery to web sites. This can also be used in criminal phishing attacks. The effective way of countering Fast Flux is to shut down the domain name but registrars often do not want to shut down domains, as this can be their main source of income.

B: Trojan Horse, and Zombie Computers

A Trojan Horse is a computer program that contains malicious code that allows data to be stolen.

Zombie computer is one linked to the Net that has been hacked. It has possibly been attacked by a Trojan horse or has contracted a digital virus via malware, so that it can be controlled and used to work for a remote operator without the knowledge of the legal owner.

C: Social Engineering - gaining computer information by deception

This begins with focusing on a hacker tactic in both the physical and digital worlds of social engineering. Before the computer age, this meant creeping past a company’s defenses with clever verbal discussion on a telephone line as opposed to a shrewdly worded email, which is now used to gain access.

Currently aspects of social engineering have moved into networks, like Facebook, Twitter and LinkedIn.

D: Zero Day Virus

A zero-day virus or malware is a digital virus which has currently no software solution that can identify the virus or have a solution or antivirus that will solve the problem of the attack.

In code analysis, the machine code of the file is analysed to see if there is anything that looks suspicious. Typically, malware has characteristic behaviour and the code analysis attempts to detect this if it is present in the code however zero day has no obvious identification.

One approach to overcome the limitations of code analysis is for the antivirus software to run suspect sections of code observe the behaviour.

E: APTs

These attacks are known as Advanced Persistent Threats (APTs). They are highly sophisticated and carefully constructed. The intention behind APT attacks is to gain access to a network and steal information quietly. They take a low-and-slow approach that often makes them difficult to detect, giving them a high likelihood of success.

Being aware of social engineering is important because it can be the precursor for a sophisticated attack meant to breach the wall of your organisation.

This year saw a number of high-profile attacks such as Gauss, which has been named Gauss, after German mathematician Johann Carl Friedrich Gauss. Gauss seems to be linked to Stuxnet and some specialists believe that it was, probably, created by the same producers as Stuxnet. American and Israel engineers have been blamed. Also Flame, which attacked other computer systems throughout the Middle East, including those in Iran, is also blamed with the same ‘genetics’.

Additionally, APTs need not always target well-known programs, such as Microsoft Word; they may also target other vectors, such as embedded systems. In a world where a growing number of devices have Internet protocol addresses, building security into these systems has never been more important.
APTs will continue as governments and other well-funded organisations look to cyber-space to conduct their espionage.

F: Internal Threats

Some of the most insidious and damaging attacks come from an organisation’s disgruntled employees. These attacks can be the most devastating, due to the amount of access a privileged internal user has and the private information they can access. In research funded by the US Department of Homeland Security, the CERT Insider Threat Center at Carnegie Mellon found that cyber attacking employees inside the financial industry often go undetected for nearly three years at least.

G: BYOD – Bring Your Own Device

The issue of security of course comes up in the mobile world, with many operations striving to get the sensible mixture of technologies and policies that includes the bring-your-own-device (BYOD) to the office. Office workers find it simple to use the PC or Mac that they use at home to do some business.

However, these open BYOD policies are opening businesses up to web-hacks and data attacks. This BYOD policy means that there are massive amounts of iPhones, Google Android phones and other devices going into the workplace. For instance, a smartphone has a camera and microphone and so conversations can be monitored and recorded. The threat level with BYOD goes up unless security measures are enforced and checked regularly.

H: HTML5 - Fifth version of the Hypertext Markup Language

Just as the adoption of cloud computing has changed the vulnerability surface, so will the adoption of HTML5. It is a core technology markup language of the Internet used for structuring and presenting content for the World Wide Web. As of October 2014 this is the fifth revision of the HTML standard of the World Wide Web Consortium. The previous version, HTML 4, was standardised in 1997.

In 2014, it was noted at the Black Hat conference, a place where security pros can get a sign of attacks to come, that HTML5′s cross-platform support and integration of various technologies opens up new possibilities for attack, such as abusing Web Worker functionality. Even with an increasing amount of attention being paid to HTML5 security, the newness of it means that developers are bound to make mistakes as they use it, and attackers will look to take advantage. So, expect to see a surge in HTML 5 oriented attacks next year, hopefully followed by a gradual decline as security improves over time.

I: Botnets - A botnet is a collection of Internet-connected programs communicating with other similar programs in order to perform tasks.

But even though the arms race between researchers and attacker’s favors innovation, expect cybercriminals to spend a lot of time perfecting what they know best, such as making sure their botnets have high availability and are distributed. While the legal takedowns being launched by companies such as Microsoft succeeded in temporarily disrupting spam and malware operations, it is naïve to assume attackers aren’t taking what they have learned from those takedowns and using it to shore up their operations. Botnets are here to stay.

J: Precision Targeted Malware - Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems

Malware is used to steal data and or to spy on a computer system and this can be for long periods of time without the user or system being aware of the attack monitoring. Hackers are learning from the processes researchers take to analyse their malware, and techniques were recently demonstrated that can help render analysis ineffective by designing malware that will fail to execute correctly on any environment other than the one originally targeted.

Examples of these attacks include Flashback and Gauss. In the coming years attackers will continue to improve and implement these techniques and make their malware more dedicated so that it only attacks specific computer configuration.

« Cyber Stalking: It's Real & Potentially Deadly (£)
Pushing Back Sexism - A New Era For Women In Technology. »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Prewen

Prewen

Prewen provide solutions to protect sensitive data across the organisation.

Fortify Experts

Fortify Experts

Fortify Experts is a search and recruitment firm specializing in Cyber Security.

Cyber Security Specialists

Cyber Security Specialists

Cyber Security Specialists Limited provide Security services across a wide range of markets, from multi-national Corporate Organisations and Government Agencies, through to smaller Businesses.

Spherical Defense

Spherical Defense

Spherical Defense offers an alternative approach to WAFs and first generation API security tools.

SureVine

SureVine

Surevine builds secure, scalable collaboration solutions for the most security conscious organisations, enabling collaboration on their most sensitive information.

Matias Consulting Group (MCG)

Matias Consulting Group (MCG)

Your Business needs competitive and resilient ICT solutions. MCG defines, deploy & support them enabling you to focus on your core business.

Procsima Group

Procsima Group

Procsima Group was created to help you achieve good IT management and security excellence.

Ukrainian Academy of Cyber Security (UACS)

Ukrainian Academy of Cyber Security (UACS)

UACS is a professional non-profit public organization established to promote the development of an extensive network and ecosystem of education and training in the field of cyber security.

Omnipotech

Omnipotech

Omnipotech is a complete managed service provider. From desktop to datacenter, all the technology support you need, under one umbrella.

Cympire

Cympire

Cympire significantly increases an organisation’s Cyber Resilience through continuous Training and Assessment. Cyber Security Training Platform. Cloud-based and fully customizable Cyber Range.

Astrix Security

Astrix Security

Astrix enables security teams to instantly see through the fog of connects and detect redundant, misconfigured and malicious third-party exposure to their critical systems.

Edgio

Edgio

Edgio provides unmatched speed, security, and simplicity at the edge through globally-scaled media and applications platforms.

ASRC Federal

ASRC Federal

ASRC Federal’s mission is to help federal civilian, intelligence and defense agencies achieve successful outcomes and elevate their mission performance.

SalvageData Recovery Services

SalvageData Recovery Services

Since 2003, SalvageData has been providing high-quality data recovery with the certifications needed to work with any storage media manufacturer.

Tychon

Tychon

Tychon develops advanced enterprise endpoint management technology that enables commercial and government organizations to bridge the gap between security and IT operations.

Skillfield

Skillfield

Skillfield is a Melbourne based Cyber Security and Data Services consultancy and professional services company.