Attacks/Breaches

10/30/2014
12:15 PM
TK Keanini
TK Keanini
Commentary
Connect Directly
Facebook
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Welcome To My Cyber Security Nightmare

Happy Halloween. Here are three chilling scenarios that will keep even the most hardened infosec warrior awake all night.

This past year, we have seen some pretty scary stuff happen in cyber security. Since Halloween is almost here, I thought I would share some scenarios that keep me up at night. These are attacks that we are not ready to battle -- and are well beyond the horrific headlines we read on a daily basis. If you enjoy a good fright, read on.

Legions of citizen botnet armies
Most of the resources cyber criminals use to carry out their objectives are acquired through some method that results in compromised computers on the Internet. These resources remain available until the user or organization detects and remediates the incident. But what if the user participated willingly? Instead of bad guys having to compromise hosts, what if they instead cut other people such as corporate insiders in on the profits? Given crypto currency, the TOR network, and a few other factors, this could be a nightmare scenario, as we are not ready for this type of surge in distributed attacks.

Zombies as portrayed in Night of the Living Dead.
Zombies as portrayed in Night of the Living Dead.

The recruitment for this could be something like the "work from home" signs you see around your town. The work could be as easy as downloading and installing a package and could earn the host user as much as $10.00 per day. That is $300.00 a month for someone to simply leave his computer running and connected. The average citizen is not likely to know what type of activity his computer is involved in on a daily basis.

The end result would be a massive number of networked computers available for distributed denial-of-service, cryptographic brute forcing, or remote network sniffing. With the cooperation of the host, the capability list is endless, and because he's making money, the host will be motivated to help the cybercriminals persist. Service providers and law enforcement are not ready for this type of attack. This could lead to botnet armies with size and capabilities we have never seen before.

Crime and the sharing economy
Another horror story would be if cyber criminals expanded their marketplace networks to include citizen partners. Consider coordination networks like Uber, Instacart, Care.com, etc. These services are facilitators connecting a consumer who wants something delivered with a network of people who can deliver it.

Now think of applying this pattern to cybercrime. On one end there is a criminal who would like the login credentials of a Global 2000 executive. Via TOR networking, he can go to a site where he can place his request, submit his crypto currency, and a skilled global workforce accepts this objective and delivers it within the terms of the agreement. This lowers the coordination cost for cybercrime to near zero and connects the demand with the supply in ways that have never been seen to date. Worse, because so many people are motivated by money, a service like this could turn citizens into cyber criminals if they believe they cannot get caught and that they can easily make a few bucks on the side.

The last thing I will say about this type of participation and marketplace network is that it would fragment security events into small, seemingly disconnected pieces where one event might not look harmful. But when seen and evaluated as a whole, their impact would be significant.

Cybercrime-as-a-Service
Consider a SaaS service that helped people compute their cybercrimes. The power of big-data analytics and machine learning can compute amazing insight for businesses -- and it can do the same for criminals. Criminals could log in to a website, declare their objective, and the service would compute several alternative attack plans. This would work in the same way that travelers use GPS to reach a destination when getting directions online.

Cybercrime-as-a-Service would have social networks mapped, personal information on each individual, language analysis that yields a level of trust among individuals, mapping to various accounts (some of which may have been compromised), etc. All of this would be creating a corpus of data that can lead the criminal through a directed graph leading to the objective -- exfiltration of a file, ransomware, etc.

At the end of the day (Halloween or any other), cybercrime is a business, and profitable businesses only get smarter and more effective. It’s frightening to imagine how easily cyber criminals could execute these types of attacks and turn my worst nightmare into an even scarier reality.

TK Keanini brings nearly 25 years of network and security experience to the CTO role. He is responsible for leading Lancope's evolution toward integrating security solutions with private and public cloud-based computing platforms. TK is also responsible for developing the ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Rook1
50%
50%
Rook1,
User Rank: Apprentice
11/5/2014 | 1:46:06 PM
Best original article I've read in a while.
A lot of original thoughts in here. Thank you.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
11/4/2014 | 5:07:10 PM
Re: Future result of a declining economy?
Many people would not willingly be duped into committing unlawful acts (though some definitely would). But I can conceive of a scenario where they would be tricked into doing someting seemingly harmless -- for instance we'll pay you $10 a day to download software that will monitor your YouTube preferences. As dad usefd to say, "If it seems to good to be true, it probably is." But, sadly, there are a lot of people who would take the money and run.
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
10/31/2014 | 3:03:06 PM
Future result of a declining economy?
I can see people being duped by the "work from home" offer, but I don't think people would willingly commit criminal acts, yet. Another aspect of this that seems to make it less likely is that the criminal will expose themselves more using this scheme. They will have to either email, call or meet with their new "employees". Seems like a big risk.


To address the willingness to commit criminal acts, I personally think that if people who wish to work continue to drop out of the work force, this may come to pass. Think about it, people who want to work but are unable to find a job, run across an offer like this, would they take it? I think many would, just to make the money. So, in short this nightmare scenario may be more plausible than you may think.


Happy Halloween
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
10/31/2014 | 1:17:15 PM
Re: Hard to believe... and yet?
@Marilyn  It really is just way too believable, isn't it? Pyramid schemes work all the time, and they're miserable. Why shouldn't this? 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
10/30/2014 | 3:41:40 PM
Hard to believe... and yet?
Would people really be duped into downloading a software package in exchange for $10 a day. But then again, I'm sure the "recruiter" would be very slick and convincing. And how hard would it be to set up a web site with a seemingly legitimate purpose. Not that improbable, really.

Great timely, fun and frightening blog, TK. Thx for writing it for us.  

 
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark Reading,  4/17/2019
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor Networks,  4/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-11486
PUBLISHED: 2019-04-23
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.
CVE-2019-11487
PUBLISHED: 2019-04-23
The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hu...
CVE-2018-7576
PUBLISHED: 2019-04-23
Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitation is: context-dependent.
CVE-2018-8825
PUBLISHED: 2019-04-23
Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code (local).
CVE-2019-10688
PUBLISHED: 2019-04-23
VVX products using UCS software version 5.8.0 and earlier with Better Together over Ethernet Connector (BToE) application version 3.8.0 and earlier uses hard-coded credentials to establish a connection between the host application and device.