Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

9/5/2013
01:19 AM
50%
50%

World's Trouble Spots Escalating Into Cyberthreats For Businesses

As regional troubles spill over to the digital world, companies should reinforce their defenses and demand their suppliers do the same, experts say

In the past, companies could avoid the world's trouble spots, pulling out of war-torn countries and unstable regions to avoid conflict. Yet, as the world's citizens become more savvy online, local unrest is quickly transforming into global threats that companies cannot easily evade.

The Syrian Electronic Army's recent attacks against media firms' domain-name infrastructure is only the latest example of the escalation of local conflicts to the global digital stage. Over the last year, distributed denial-of-service attacks by the Iranian cyber militia known as the Izz ad-Din al-Qassam Cyber Fighters has cost U.S. and European banks millions of dollars. And, attacks by hackers aligned with North Korea's interests have hit both South Korean and U.S. servers.

"The threat landscape has expanded in ways that are almost unimaginable," says Jeffrey Carr, a cyber threat consultant and founder of Taia Global. "You can't really anticipate all the different threat actors out there that might be interested in your website, your IP [intellectual property], or your reputation."

So far, the impact of such digital attacks have been mild, if embarrassing. While security researchers and providers have warned that vulnerable critical infrastructure could be targeted by attackers with catastrophic results, attacks by purported hacktivist groups and patriotic hackers have been limited to denial-of-service attacks, defacements, and propaganda. Most groups seem deterred by the potential repercussions of a serious cyberattack, says Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike, a startup focused on advanced threats.

"All these actors are cautious actors, because they don't want to incur too much of a reaction," he says. "That is likely to continue unless there is actually a conflict in which the regime decides that a greater level of retaliation is needed."

The ongoing civil war in Syria and the possible punitive bombing of strategic government sites by the U.S. and Western nations has increased tensions, however. So far, Western nations have refused to intercede in the Syrian conflict, which has claimed more than 100,000 lives in the last two years and produced more than 2 million displaced refugees, according to tallies kept by the United Nations and the Syrian Observatory for Human Rights. Yet, with the U.S. and European nations building a case showing that the Syrian government used chemical warfare against rebels, the conflict looks ready to escalate.

The digital side of the conflict could escalate as well. The Syrian Electronic Army has reportedly claimed it would strike back at the United States, if the nation struck at potential chemical weapons storage sites or took other punitive actions.

"We should not be shocked that other countries are using their capabilities to gain whatever advantage they can in the economic sphere or the geopolitical sphere, and that means that the private sector in this country is absolutely a target of these attacks because they are a key part of our infrastructure," he says.

Knowing that attacks come from Syrian hacktivists or government-sponsored hackers can help companies tune their defenses and implement additional protections around critical data, says Alperovitch. Companies should develop a greater ability to defend their own networks, starting with a good legal framework for what is allowed, he says.

"You are going to have to enable the private sector to allow them to do more in defense of their private networks," he says. "With these lower-level attacks, we won't see a response from the U.S. government."

[Protecting domains requires registry locks as well as other measures, including two-factor authentication and administrative access control. See Domain Security Needs More Than Registry Locks.]

For the government, the issue is complicated by the fact that attributing attacks to actual actors is difficult. Bouncing communications between multiple computers to hide the source of the controller's system is technically easy, says Raj Samani, chief technology officer for McAfee's Europe, Middle East and Africa group.

For that reason, companies should never assume that hacktivists are who they say they are, he says. The barriers to become a hacktivist are low--anyone with some knowledge, a few free online tools and a flair for dramatic Pastebin posts can create their own hacktivism group or pretend to be one, he says.

"Hitting the mark on attribution is very difficult in the cyber world," Samani says. "If I attack your PC today, I can come from any computer in the world, and for you to really go after me, you have to go through a very painstaking and laborious process.

For that reason, companies should learn what they can through investigating details of the attack, but not lose focus of the general mission to reduce their attack surface area and harden their systems, says Taia Global's Carr.

"You will never know everyone out there; you will never be able to plan for every contingency," he says. "So while it is good to know and keep up with who the threat actors are, you cannot anticipate unknown threats."

Finally, companies need to not just lock down their own systems, but ensure that their suppliers are doing the same. The recent domain takeover that made The New York Times inaccessible for hours, and in some cases days, happened because the news organization's supplier of DNS services, MelbourneIT, had a third-party reseller whose credentials where compromised.

"In many cases, it is not a question about security but of transparency," says McAfee's Samani. "Do you have transparency about all of the risks in your supply chain? And in most cases, the answer is no."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MarciaNWC
50%
50%
MarciaNWC,
User Rank: Apprentice
9/5/2013 | 4:49:21 PM
re: World's Trouble Spots Escalating Into Cyberthreats For Businesses
Samani makes a good point about attack attribution; really complicates defenses.
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19782
PUBLISHED: 2019-12-13
The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long EHLO response from an FTP server.
CVE-2019-19777
PUBLISHED: 2019-12-13
stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main.
CVE-2019-19778
PUBLISHED: 2019-12-13
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer over-read in the function load_sixel at loader.c.
CVE-2019-16777
PUBLISHED: 2019-12-13
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of pa...
CVE-2019-16775
PUBLISHED: 2019-12-13
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publi...