Vulnerability Management: The Changing Nature of Attacks

Tuesday, July 27, 2010

Jon Stout

98180f2c2934cab169b73cb01b6d7587

 

Attacks on users of the Internet have been noted for many years by the press and other observers, but only recently have the attacks become more frequent and more deadly.

Since almost every business and organization of any size relies on an open and accessible internet to remain competitive, Cyber attacks are becoming more universal.

  • Increased effectiveness and adaptability of malicious attacks.
  • Increased attacks through trusted sites and botnets (a recent study shows that most Cyber attacks come from IP addresses in the United States and it has been estimated that up to one quarter of all personal computers connected to the internet may be part of a botnet.).
  • An increase in simultaneous attacks at all levels of the internet
  • Attacks on U.S. government networks and localized attacks.
  • Infrastructure attacks with wide ranging effect.
  • Convergence of attacks using wolf pack like tactics.

All level of internet users are affected and networks are being subjected to daily breaches of security.

It doesn't matter if you are a small company or part of a large organization unless preventative steps are taken, your network is increasingly vulnerable to attack.

The nature of Cyber Attacks is becoming More Destructive

Initially, cyber attacks were more nuisance than danger. Hackers originally released malware in the form of viruses/worms and spyware usually for the thrill of bringing down a selected network or site.

Disgruntled employees utilized hacking tools to disrupt the business of their former employers. Eventually criminal used penetration techniques to steal credit card and other passwords.

But recently, cyber terrorism has emerged which, in addition to attacks on corporate networks, posed a direct threat to U.S. military and civilian agencies and critical infrastructure. Because of the problems with attributing the attacks to the actual source, this threat has become difficult to contain.

Cybercrime is becoming more organized and effective as a transnational/multinational business. High technology online skills are now available to all interested parties, possibly including hostile  nation states, or individuals and groups that covertly represent terrorist groups.

The increased spread of automated attack and botnet tools and their use by cybercriminals has overwhelmed many current methodologies used for vulnerability management and the tracking of and defense against  cyber attacks.  

In addition, vulnerabilities of the U.S. critical infrastructure (power, water, transport and communications) tend to attract cyber criminals to extort money, or damage the U.S. economy in a way that affects national security.

The result of this dangerous trend is the risk of proprietary knowledge that gives our country its competitive and military edge, loss of command and control of military assets and denial of service attacks that can shut down military bases and critical infrastructure like the power grid and energy plants.

The transnational nature of cyber terrorism is also thriving in a culture of ineffective regulation and suspicion over allowing domestic network access to potential adversaries. Multilateral treaties, until recently, have not addressed the problem.

What is the Solution?

There are a number of areas that need to be addressed:

Awareness

Awareness of the threat is critical in all aspects of the economy including media, government, and corporate and the real, changing nature of the threat is mandatory.

Development of Technology

Technology that is available, easy to use, and adaptable to new threats would contribute towards containment of many attacks

More Effective and Adaptive Vulnerability Management Tools and Techniques

Vulnerability management is continuous process that is never completed. Easy to use software tools are required as well as a dedication of real resources and management commitment to address the problem.  Constant monitoring and remediation is required.

Government Action

Recently the present administration has taken steps to streamline and focus energy of the cyber security problem in civilian, defense and intelligence agencies.

The Department of Homeland Security (DHS) has received additional authority to fight cyber terrorism and the cyber functions of defense and intelligence have been merged under one command - Cyber Command.

These steps are but necessary first steps and much more work is required.

International Treaties

The United Nations has recently taken steps toward the drafting of an  international cyber agreement with the United States and Russia agreeing to enter negotiations. Since the United Nations is notoriously slow, much more action is required.

These steps form a template and outline for future action. The threat is real and growing and must be addressed.

Cross-posted from Aspiration Software. Since 2003 Aspiration Software LLC has provided Cyber Security services to the Intelligence Community and the Department of Defense.

 

Possibly Related Articles:
8848
Security Awareness
Enterprise Security Cyber Security
Post Rating I Like this!
5c857bc159e9c361aebbb1eab4c87c3f
1280288217
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.