CyberScape – The Growing Influence of Cyber Threats (£)
Cyber issues have entered most of the areas of any organisation’s systems and often, routine working methods and communications.
Therefore, the whole operational process requires far more strategic management involvement and much more sophisticated Cyber security engagement from very senior levels of an organisation’s management. The process also requires far more technical planning and precise tactical understanding than these issues did even a few years ago.
In manufacturing for instance a number of remarkable technologies are converging from sophisticated software, innovative materials, robotic manufacture, cognitive computing and pioneering industrial processes, one example of which is three-dimensional printing and where these areas interconnect with an organisation’s IT systems which might give hackers ways into the organisation’s private data and copyrights.
Cyber Threat – Denial to Hacks
The Cyber-threat landscape has also significantly evolved in recent years moving from a denial of service and website disruption to far more advanced hacking. Hackers (Hackers are named as such in the IT security arena as someone attempting to steal and or exploit weaknesses in a computer system or network) are now using sophisticated and more complex technologies to achieve data, financial and political benefit.
This new global revolution has influenced almost all aspects of modern society and has opened a mass of new developments and opportunities. It has created a knowledge society that personalises many areas of the economy and across markets it is changing jobs and specialisations and globally it is substantially increasing our ability to use enormous amounts of data and knowledge.
Tactical Cyber Security
Serious Cyber Attacks and Security Tactics
Global research suggests that cyber-attacks become much more costly and problematic when they are not detected and stopped quickly as the focus and intensity of the crime increases.
At present some of the nine most serious threats are as follows:
A: Fast Flux - which is a Domain Name System (DNS)
The Fast Flux concept is to have a lot of IP addresses connected to one domain name. Then the IP address is often altered, by changing the DNS information.
Fast Flux is used by Botnets to conceal malware delivery to web sites. This can also be used in criminal phishing attacks. The effective way of countering Fast Flux is to shut down the domain name but registrars often do not want to shut down domains, as this can be their main source of income.
B: Trojan Horse, and Zombie Computers
A Trojan Horse is a computer program that contains malicious code that allows data to be stolen.
Zombie computer is one linked to the Net that has been hacked. It has possibly been attacked by a Trojan horse or has contracted a digital virus via malware, so that it can be controlled and used to work for a remote operator without the knowledge of the legal owner.
C: Social Engineering - gaining computer information by deception
This begins with focusing on a hacker tactic in both the physical and digital worlds of social engineering. Before the computer age, this meant creeping past a company’s defenses with clever verbal discussion on a telephone line as opposed to a shrewdly worded email, which is now used to gain access.
Currently aspects of social engineering have moved into networks, like Facebook, Twitter and LinkedIn.
D: Zero Day Virus
A zero-day virus or malware is a digital virus which has currently no software solution that can identify the virus or have a solution or antivirus that will solve the problem of the attack.
In code analysis, the machine code of the file is analysed to see if there is anything that looks suspicious. Typically, malware has characteristic behaviour and the code analysis attempts to detect this if it is present in the code however zero day has no obvious identification.
One approach to overcome the limitations of code analysis is for the antivirus software to run suspect sections of code observe the behaviour.
E: APTs
These attacks are known as Advanced Persistent Threats (APTs). They are highly sophisticated and carefully constructed. The intention behind APT attacks is to gain access to a network and steal information quietly. They take a low-and-slow approach that often makes them difficult to detect, giving them a high likelihood of success.
Being aware of social engineering is important because it can be the precursor for a sophisticated attack meant to breach the wall of your organisation.
This year saw a number of high-profile attacks such as Gauss, which has been named Gauss, after German mathematician Johann Carl Friedrich Gauss. Gauss seems to be linked to Stuxnet and some specialists believe that it was, probably, created by the same producers as Stuxnet. American and Israel engineers have been blamed. Also Flame, which attacked other computer systems throughout the Middle East, including those in Iran, is also blamed with the same ‘genetics’.
Additionally, APTs need not always target well-known programs, such as Microsoft Word; they may also target other vectors, such as embedded systems. In a world where a growing number of devices have Internet protocol addresses, building security into these systems has never been more important.
APTs will continue as governments and other well-funded organisations look to cyber-space to conduct their espionage.
F: Internal Threats
Some of the most insidious and damaging attacks come from an organisation’s disgruntled employees. These attacks can be the most devastating, due to the amount of access a privileged internal user has and the private information they can access. In research funded by the US Department of Homeland Security, the CERT Insider Threat Center at Carnegie Mellon found that cyber attacking employees inside the financial industry often go undetected for nearly three years at least.
G: BYOD – Bring Your Own Device
The issue of security of course comes up in the mobile world, with many operations striving to get the sensible mixture of technologies and policies that includes the bring-your-own-device (BYOD) to the office. Office workers find it simple to use the PC or Mac that they use at home to do some business.
However, these open BYOD policies are opening businesses up to web-hacks and data attacks. This BYOD policy means that there are massive amounts of iPhones, Google Android phones and other devices going into the workplace. For instance, a smartphone has a camera and microphone and so conversations can be monitored and recorded. The threat level with BYOD goes up unless security measures are enforced and checked regularly.
H: HTML5 - Fifth version of the Hypertext Markup Language
Just as the adoption of cloud computing has changed the vulnerability surface, so will the adoption of HTML5. It is a core technology markup language of the Internet used for structuring and presenting content for the World Wide Web. As of October 2014 this is the fifth revision of the HTML standard of the World Wide Web Consortium. The previous version, HTML 4, was standardised in 1997.
In 2014, it was noted at the Black Hat conference, a place where security pros can get a sign of attacks to come, that HTML5′s cross-platform support and integration of various technologies opens up new possibilities for attack, such as abusing Web Worker functionality. Even with an increasing amount of attention being paid to HTML5 security, the newness of it means that developers are bound to make mistakes as they use it, and attackers will look to take advantage. So, expect to see a surge in HTML 5 oriented attacks next year, hopefully followed by a gradual decline as security improves over time.
I: Botnets - A botnet is a collection of Internet-connected programs communicating with other similar programs in order to perform tasks.
But even though the arms race between researchers and attacker’s favors innovation, expect cybercriminals to spend a lot of time perfecting what they know best, such as making sure their botnets have high availability and are distributed. While the legal takedowns being launched by companies such as Microsoft succeeded in temporarily disrupting spam and malware operations, it is naïve to assume attackers aren’t taking what they have learned from those takedowns and using it to shore up their operations. Botnets are here to stay.
J: Precision Targeted Malware - Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems
Malware is used to steal data and or to spy on a computer system and this can be for long periods of time without the user or system being aware of the attack monitoring. Hackers are learning from the processes researchers take to analyse their malware, and techniques were recently demonstrated that can help render analysis ineffective by designing malware that will fail to execute correctly on any environment other than the one originally targeted.
Examples of these attacks include Flashback and Gauss. In the coming years attackers will continue to improve and implement these techniques and make their malware more dedicated so that it only attacks specific computer configuration.