In the past few months, organization after organization and expert after expert have come out and warned of the imminent threat posed by cyber attacks. There can be little doubt left about the increasing threat of cyber attacks on businesses, government and critical infrastructure. At this point cyber attacks pose an unprecedented threat to the computer systems and networks that have become so integral to virtually every aspect of our live. The top two questions that are on many peoples’ minds are — where are these attacks coming from and how are these attacks done? Well, to answer these two questions we must first examine one of the most common types of attack and the components that make up the cyber weapon that is used in the attack.
Zombies
A Zombie refers to any computer that has been compromised and has malicious code installed that puts it under the control of hackers without the knowledge of the computer owner. Zombies are widely used as the weapon of choice when launching DoS attacks.
INTEL: Research has indicated that an improperly protected computer connected to the internet is compromised and turned into a zombie in about one minute.
BotNets
Criminal elements and rogue nation states have created more active zombie networks in the last month than ever before. At any given moment there are approximately 1,000 active botnets. In total, experts estimate that there are nearly 300,000 botnets in place today. The largest botnet is thought to control between 150 and 180 million computers and is operated by the Russian Business Network (RBN). Detecting and disrupting botnets is a particularly difficult challenge. An already bad situation is getting worse!
A study using Scenario-Based Intelligence Analysis (SBIA), a strategic threat modeling methodology by Technolytics, determined that we can expect to see hackers attempting to inject malware into cell phones to turn them into remote-controlled bots as well. These Cellbots can then be used much in the same way as computers. This includes their use in launching distributed denial-of-service attacks that can cripple cell phone networks in addition to computer networks and systems that they target.
INTEL: Tools are already available for crafting exploits for the multiple smart phones.
DoS
Denial-of-Service attacks aim to bring a site down by bombarding it with fake requests for a web page or image. A denial-of-service (DoS) refers to a cyber attack technique that a multitude of compromised computers attack a single target by flooding the attack target with incoming traffic until the target is forced to shut down, thereby denying access to the system to legitimate users. BotNets are the primary cyber weapon used to carry out such attacks.
INTEL: Experts have estimated that on any given day there are about 1,300 Denial of Service attacks.
On the 27th of August at approximately 16:18 a DoS attack against the Georgian websites was launched. The main target was the Georgian Ministry of Foreign Affairs. The attacks peaked at approx 0.5 million network packets per second, and up to 200–250 Mbits per second. So who was the enemy where all this attack traffic originate? The startling fact is that the enemy lives among us! Multiple reports point to the U.S. as the largest source of this malicious traffic. Estimates of 17% to around 30% of the DoS traffic that targeted Estonia and the Republic of Georgia came from compromised computers within the borders of the United States. In a separate study it was determined that 20.6 million attempted attacks originated from computers within the U.S., and only 7.7 million attempted attacks emanating from computers within China’s borders (a distant second).
The threat that botnets pose to businesses and national security has never been higher. The U.S. government and American businesses have yet to take the steps necessary to secure their networks and systems. Should escalation in cyber attacks continue, targeted attacks against the private sector (commercial entities) will rapidly become more prevalent. Therefore, organization need to create a response plan now.
Any computer connected to the Net can be compromised and turned into a cyber weapon. Are your computers part of the problem? Could they be? Chances are they are! Could you be held liable? Chances are you can! Carol Baroudi, research director of security at the Aberdeen Group has stated she thinks regulations are coming.
“Ultimately I think there’s going to be some liability there,” she said, likening the situation to merchants being held culpable for data loss. “Why wouldn’t the organization with infected machines be held accountable for DoS attacks?” This problem is growing and the impact of attacks is increasing. One report by the Congressional Research Services suggests that cyber attacks cost businesses some $226 billion annually.
{ 12 comments… read them below or add one }
What is the motivation for using bold, italic “INTEL:” to preface information that has been public knowledge for over five years?
“There can be little doubt left about the increasing threat of cyber attacks on businesses, government and critical infrastructure.”
Oh yes there can!
Plenty of ‘experts’ claing there is a threat, combined with a rather conspicuous lack of real damage in the last ten years points to this being more of an imaginary threat which keeps plenty of people in well-paid jobs.
How many people have been killed by cyber-attacks compared to, say, RPGs?
Public knowledge? Oh, you mean most of the public in the US would know this? I doubt it. Using this article, I think about 17% to 30% of the US people don’t know this info even thought its “public knowledge.”
Why is it that no one can seem to get their head around the idea that the ‘cyber attacks’ everyone is talking about is 99.9999% like dealing with kids that spray paint on the side of your business. It sucks, it costs money but mostly it’s nothing. Network security is not normally where we have security issues. On the list last year for security issues was 99% plus either idiot user lost laptop, or physical security concerns. (And hell we encrypt the laptops drives so even that is mostly a non-issue).
As to people being help responsiable for their machines being compromised and being used for cyber attacks, why would we do that? First I would bet that 90% plus of compromised machines are home machines, so are we going to lock up or sue little Billy cause his school laptop was not secured correctly? Give me a break. Hell take little Billy out of it how about we lock you up cause someone broke into your house and stole and knife that he used to kill someone. I mean it’s your fault that your house was not secure enough right?
I wonder how much money these guys get paid to keep promoting thier own jobs? I know that there are security issues but I it’s not the big deal everyone wants to make it.
When I say we below, I mean the Large US bank I work for. Just cause I know someone will pick nits.
Anyone remember Comical Ali? You know, the Iraqi Information minister who swore that the US was no where near Bagdad whilst the US forces were knocking on the TV station’s front door?
There was a reason behind this. We owned their computer systems. We were able to place false targets into their systems and remove the real ones. We owned their communications. They had no clue.
Granted, many cyber attacks are from misguided teens, but the truth is cyber war is real. The Russians and the Chinese get it. Russia has some of the most active hacker groups in the world. The fact that the US public is so out of touch with this threat is the reason why we are so vulnerable.
Consider yourself warned: cyber attacks are an “imitate threat”!
“Why is it that no one can seem to get their head around the idea that the ‘cyber attacks’ everyone is talking about is 99.9999% like dealing with kids that spray paint on the side of your business. It sucks, it costs money but mostly it’s nothing.”
Ok, let’s pretend we aren’t already in a recession. Money equals time, resources, availability, and manpower. Money runs the world. Whoever has the money, has the power. In publicly-owned companies, who controls the direction of that company? The majority stockholder. So now that we understand how important money is. Now imagine that a major cyber attack is launched against a DoD network. That attack, if successful, could effectively disable that network. As a member of our beloved AF, I know how much the military depends on computers. Sorties, flight schedules, ground ops, physical security, Integrated Base Defense, etc. With a decent cyber attack, you could stop almost all operations on a base for several hours. No casualties of war? How about the SF guys trying to call in airstrikes or gunship support? How about the bomber that is almost out of fuel over the Pacific and needs an inflight refuel? How about the USA general who orders his troops to raid the wrong building because of corrupted intel? Don’t belittle cyber warfare. It’s dangerous, and once the enemy wields that sword effectively, we’re in trouble.
@AMMO
what confuses me is why the networks you describe as critical are open in the first place. the DoD should run on a closed loop and it should own that loop.
First off, DOS attacks only work on networks that you have a Botnet on. So for example, if you want to attack a DOD WAN you have to have bots on that WAN network. You can attack that networks points of entry onto networks you have access too (like the internet) but not past that. (ever heard of a firewall or router) At my job I have delt with dozens and dozens of DOS attacks, they effect our internet pressence and that is it, in other words all the operations going on inside the company go on uneffected, Joe teller at a branch has no idea, his email works great and all this account systems are functioning as normal. Beyond that if your network provider has half a brain he can easily dumb most of the incoming trafic by just routing it to NULL. Works great and as a result of that and redundant internet points of entry we have never had anything more than slightly slow responce times to our internet pressence.
So I have said it once and I will keep saying it, these guys crying that the sky is falling are just trying to make their jobs seem more important and honestly most of the time don’t seem to know what it’s like in real world networking and security at all.
Please Please remember that DOS attacks are not the same thing as network intrusion. DOS attacks do not break into networks and change things, they just deny service to the network that the attack is taking place (It floods the network access point with requests). Network intrusion is almost never done by the same unskilled kids that run botnets for DOS attacks. Truly getting into a network and causing problems requires one of two things, either A)lots of skill and lots of time (Like Wargames) or b)Physical access. Physical access can mean a lot of things, in the case of the military in Iraq for example it meant network taps, aircraft for wireless systems, etc, etc. , but also included the good old lots of time and lots of skill method. Network intrusion can and will be a problem in future conflict, I mean it already has just mostly for our enemies, but it
My question is….how is there anyone who has no life to the extent that they spend their time doing this?