We’re Giving It All Away

Nice little video from Mandiant on “The anatomy of a cyber attack.”

Despite the typical firewalls, antivirus, and intrusion detection system, cyber attacks can and do penetrate your systems.

This happens through social engineering (including phishing attempts), automated spam, and zero-day exploits.

Once inside your network, the cyber attacker takes command and control of your computers, surveys your assets, steals user names and passwords, hijacks programs, and accesses valuable intellectual property.

Mandiant performs security incident response management (detecting breaches, containing it, and helping recovery efforts), and they are known for their report “APT1” (2013) exposing an alleged significant government-sponsored cyber espionage group that they state “has systematically stolen hundreds of terabytes of data from at least 141 organizations.”

Another fascinating report on a similar topic of advanced persistent threats was done by McAfee on Operation Shady Rat (2011) that reveals over 70 organizations (governments, commercial entities, and more) that were targeted over 5 years and had terabytes of information siphoned off.

The overall risk from cyber espionage is high and the McAfee report states:

– “Every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact.”

– “What we have witnessed…has been nothing short of a historically unprecedented transfer of [intellectual] wealth – closely guarded national secrets…disappeared in the ever-growing electronic archived of dogged adversaries.”

In short we can’t keep a secret–we’re putting endless gobs and gobs of our information online and are not adequately protecting it in cyberspace, with the result that our adversaries are able to access, exfiltrate, disclose, modify, or destroy it.

In short, we’re giving it all away – why?

A Cyber Security House Of Cards

House_of_cards

Yesterday there were reports of a new “massive cyber attack” called the Flame.

A U.N. Spokespersoncalled it “the most powerful [cyber] espionage tool ever.”

The Flame ups the cyber warfare ante and is “one of the most complex threats ever discovered”–20 times larger than Stuxnet–and essentially an “industrial vacuum cleaner for sensitive information.”

Unlike prior cyber attacks that targeted computers to delete data (“Wiper”), steal data (“Duqu”), or to disrupt infrastructure (“Stuxnet”), this malware collects sensitive information.

The malware can record audio, take screenshots of items of interest, log keyboard strokes, sniff the network, and even add-on additional malware modules as needed.

Kaspersky Labs discovered the Flame visus, and there have been greater than 600 targets infected in more than 7 countries over the last 2 years with the greatest concentration in Iran.

This is reminiscent of the Operation Shady Ratthat was a 5-year cyber espionage attack discovered by McAfee in 2011–involving malware that affected more than 72 institutions in 14 countries.

Separately, an attack on the U.S. Federal government’s retirement investments–the Thrift Saving Plan–impacted the privacy and account information of 123,000 participants and “unathroized access”–and was reported just last week after being discovered as far back as July 2011.

Regardless of where the particular cyber attacks are initiating from, given the scale and potential impact of these, it is time to take cyber security seriously and adopt a more proactive rather than a reactive mode to it.

One can only wonder how many other cyber attacks are occuring that we don’t yet know about, and perhaps never will.

We can’t afford to fumble the countermeasures to the extraordinary risk we face in the playing fields of cyber warfare.

We have to significantly strengthen our cyber defenses (and offenses) — or else risk this “cyber house of cards” come crashing down.

It’s time for a massive infusion of funds, talent, tools, and leadership to turn this around and secure our nation’s cyber infrastructure.

(Source Photo: herewith attribution to Dave Rogers)

Cloud Second, Security First

Shadyrat_map

Leadership is not about moving forward despite any and all costs, but about addressing issues head on.

Cloud computing holds tremendous promise for efficiency and cost-savings at a time when these issues are front and center of a national debate on our deficit of $14 trillion and growing.

Yet some prominent IT leaders have sought to downplay security concerns calling them “amplified…to preserve the status quo.” (ComputerWorld, 8 August 2011)
Interestingly, this statement appeared in the press the same week that McAfee reported Operation Shady RAT–“the hacking of more than 70 corporations and government organizations,” 49 of which were in the U.S., and included a dozen defense firms. (Washington Post, 2 August 2011)
The cyber spying took place over a period of 5 years and “led to a massive loss of information.”(Fox News, 4 August 2011)
Moreover, this cyber security tragedy stands not alone, but atop a long list that recently includes prominent organizations in the IT community, such as Google that last year had it’s networks broken into and valuable source code stolen, and EMC’s RSA division this year that had their SecurID computer tokens compromised.
Perhaps, we should pay greater heed to our leading cyber security expert who just this last March stated: “our adversaries in cyberspace are highly capable. Our defenses–across dot-mil and the defense industrial base (DIB) are not.” (NSA Director and head of Cyber Command General Keith Alexander).
We need to press forward with cloud computing, but be ever careful about protecting our critical infrastructure along the way.
One of the great things about our nation is our ability to share viewpoints, discuss and debate them, and use all information to improve decision-making along the way. We should never close our eyes to the the threats on the ground.
(Source Photo: here)