Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/30/2014
12:15 PM
TK Keanini
TK Keanini
Commentary
Connect Directly
Facebook
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Welcome To My Cyber Security Nightmare

Happy Halloween. Here are three chilling scenarios that will keep even the most hardened infosec warrior awake all night.

This past year, we have seen some pretty scary stuff happen in cyber security. Since Halloween is almost here, I thought I would share some scenarios that keep me up at night. These are attacks that we are not ready to battle -- and are well beyond the horrific headlines we read on a daily basis. If you enjoy a good fright, read on.

Legions of citizen botnet armies
Most of the resources cyber criminals use to carry out their objectives are acquired through some method that results in compromised computers on the Internet. These resources remain available until the user or organization detects and remediates the incident. But what if the user participated willingly? Instead of bad guys having to compromise hosts, what if they instead cut other people such as corporate insiders in on the profits? Given crypto currency, the TOR network, and a few other factors, this could be a nightmare scenario, as we are not ready for this type of surge in distributed attacks.

Zombies as portrayed in Night of the Living Dead.
Zombies as portrayed in Night of the Living Dead.

The recruitment for this could be something like the "work from home" signs you see around your town. The work could be as easy as downloading and installing a package and could earn the host user as much as $10.00 per day. That is $300.00 a month for someone to simply leave his computer running and connected. The average citizen is not likely to know what type of activity his computer is involved in on a daily basis.

The end result would be a massive number of networked computers available for distributed denial-of-service, cryptographic brute forcing, or remote network sniffing. With the cooperation of the host, the capability list is endless, and because he's making money, the host will be motivated to help the cybercriminals persist. Service providers and law enforcement are not ready for this type of attack. This could lead to botnet armies with size and capabilities we have never seen before.

Crime and the sharing economy
Another horror story would be if cyber criminals expanded their marketplace networks to include citizen partners. Consider coordination networks like Uber, Instacart, Care.com, etc. These services are facilitators connecting a consumer who wants something delivered with a network of people who can deliver it.

Now think of applying this pattern to cybercrime. On one end there is a criminal who would like the login credentials of a Global 2000 executive. Via TOR networking, he can go to a site where he can place his request, submit his crypto currency, and a skilled global workforce accepts this objective and delivers it within the terms of the agreement. This lowers the coordination cost for cybercrime to near zero and connects the demand with the supply in ways that have never been seen to date. Worse, because so many people are motivated by money, a service like this could turn citizens into cyber criminals if they believe they cannot get caught and that they can easily make a few bucks on the side.

The last thing I will say about this type of participation and marketplace network is that it would fragment security events into small, seemingly disconnected pieces where one event might not look harmful. But when seen and evaluated as a whole, their impact would be significant.

Cybercrime-as-a-Service
Consider a SaaS service that helped people compute their cybercrimes. The power of big-data analytics and machine learning can compute amazing insight for businesses -- and it can do the same for criminals. Criminals could log in to a website, declare their objective, and the service would compute several alternative attack plans. This would work in the same way that travelers use GPS to reach a destination when getting directions online.

Cybercrime-as-a-Service would have social networks mapped, personal information on each individual, language analysis that yields a level of trust among individuals, mapping to various accounts (some of which may have been compromised), etc. All of this would be creating a corpus of data that can lead the criminal through a directed graph leading to the objective -- exfiltration of a file, ransomware, etc.

At the end of the day (Halloween or any other), cybercrime is a business, and profitable businesses only get smarter and more effective. It’s frightening to imagine how easily cyber criminals could execute these types of attacks and turn my worst nightmare into an even scarier reality.

TK Keanini brings nearly 25 years of network and security experience to the CTO role. He is responsible for leading Lancope's evolution toward integrating security solutions with private and public cloud-based computing platforms. TK is also responsible for developing the ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Rook1
50%
50%
Rook1,
User Rank: Apprentice
11/5/2014 | 1:46:06 PM
Best original article I've read in a while.
A lot of original thoughts in here. Thank you.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
11/4/2014 | 5:07:10 PM
Re: Future result of a declining economy?
Many people would not willingly be duped into committing unlawful acts (though some definitely would). But I can conceive of a scenario where they would be tricked into doing someting seemingly harmless -- for instance we'll pay you $10 a day to download software that will monitor your YouTube preferences. As dad usefd to say, "If it seems to good to be true, it probably is." But, sadly, there are a lot of people who would take the money and run.
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
10/31/2014 | 3:03:06 PM
Future result of a declining economy?
I can see people being duped by the "work from home" offer, but I don't think people would willingly commit criminal acts, yet. Another aspect of this that seems to make it less likely is that the criminal will expose themselves more using this scheme. They will have to either email, call or meet with their new "employees". Seems like a big risk.


To address the willingness to commit criminal acts, I personally think that if people who wish to work continue to drop out of the work force, this may come to pass. Think about it, people who want to work but are unable to find a job, run across an offer like this, would they take it? I think many would, just to make the money. So, in short this nightmare scenario may be more plausible than you may think.


Happy Halloween
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
10/31/2014 | 1:17:15 PM
Re: Hard to believe... and yet?
@Marilyn  It really is just way too believable, isn't it? Pyramid schemes work all the time, and they're miserable. Why shouldn't this? 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
10/30/2014 | 3:41:40 PM
Hard to believe... and yet?
Would people really be duped into downloading a software package in exchange for $10 a day. But then again, I'm sure the "recruiter" would be very slick and convincing. And how hard would it be to set up a web site with a seemingly legitimate purpose. Not that improbable, really.

Great timely, fun and frightening blog, TK. Thx for writing it for us.  

 
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
Robert Lemos, Contributing Writer,  2/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8860
PUBLISHED: 2020-02-22
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets. User interaction is required to exploit this vulnerability in that the target must answer a phone call. ...
CVE-2020-8861
PUBLISHED: 2020-02-22
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue...
CVE-2020-8862
PUBLISHED: 2020-02-22
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from the...
CVE-2020-9330
PUBLISHED: 2020-02-21
Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not require the user to reenter or validate LDAP bind credentials when changing the LDAP connector IP address. A malicious actor who gains access to affected devices (e.g., by using default credentials) can change the LDAP connection IP a...
CVE-2020-9327
PUBLISHED: 2020-02-21
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.