Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

High Profile Cyber Attacks Set To Become More Common

SANS Institute : 23 November, 2010  (Technical Article)
IT security experts warn that recent Stuxnet and Aurora attacks were just the tip of the iceberg and more high profile cyber attacks are on their way
The high profile cyber attacks, Stuxnet and Aurora, are not just isolated incidents, according to Dr. Eric Cole, James Tarala, and Stephen Sims, renowned IT security experts.

"I know of a recent case where four companies within the manufacturing sector were targeted by one of many zero attacks that are occurring across the Internet," says Dr. Cole, an expert of over 20 years. "From the forensic evidence, it seems the attackers were after some particular intellectual property and were well organized and methodical." In his role as part of the Commission on Cyber Security for the 44th President, Dr. Cole has been privy to a growing body of evidence that suggests targeted cyber attacks are on the increase.

Dr. Cole says that in addition to the obvious damage these attacks can have, company executives are often concerned for their reputations. In response, companies tend to keep quiet about breaches. This reticence to come forward makes the scale of the problem difficult to judge.

James Tarala, a senior SANS instructor with over a decade experience in cyber security also knows there are a lot of dynamics at play. For example, the lack of "digital pearl harbour" has helped to form a collective complacency in the minds of many firms, Tarala says. "You wonder how bad it has to get before people start taking security more seriously," he adds. He notes that even the FBI has a backlog of cases they don't have the manpower to deal with.

Another reason for the growing rise of targeted cyber crime is a better organized economic model that finances many of the elements needed for complex attacks to take place.

Stephen Sims, an information security researcher, and one of only a handful of individuals who hold the GIAC Security Expert (GSE) Certification, has spoken with many people on the fringes of the security scene. "Really talented programmers, many in emerging parts of the world can be tempted to head down the wrong path when they are offered tens of thousands of dollars for zero-day exploits," he says. Sims also points to companies, some quite reputable, that will pay for exploits ranging from a few thousand to over a hundred thousand dollars for zero days with remote code execution capability. "This happens - it's not make believe," he says."Major operating system patches and updates are like triggers for people looking for exploits and the financial reward means an almost unlimited supply of new threats will continue to emerge."

All three experts agree that part of the problem lies in a lack of awareness combined with a clear skills shortage.

Dr. Cole highlights a lack of mandated global requirements for maintaining good security practices. "In the US, to be a doctor, an accountant or even a hairdresser, you need to be certified by an independent board," he says. "To maintain IT security, there is no mandated requirement. It's an odd situation that needs to change."

Emerging standards such as PCI, Cole feels are a good step but, "most organizations don't have measurable metrics to find out if they are focusing their security spend in the right areas - this is another key skill that security professionals need to learn."

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo