Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

SCADA and EFT to be targets for cyber criminals in 2010

ArcSight : 14 December, 2009  (Technical Article)
ArchSight has predicted that the new year will bring increased risks for small businesses performing electronic funds transfer and an increase in focus on control systems, particularly utility supplies
Reed Henry from ArcSight has made a number of predictions regarding the future of e-crime in 2010

1 Small Business and the public sector will become increasingly targeted in electronic fund transfer schemes

Small business and local government organisations are ripe for the picking when it comes to cybercrime. They lack security expertise, security technology investments, and they run their businesses/organisations on windows servers (a target platform for cybercriminals) - all making them an easy target. So the malware will get in there one way or another if the cybercriminals make it a focus, which they already are doing.

2 A new biggest breach will eclipse the previous all-timer

Breaches are happening all the time. Most are unnoticed and many of those that are found are not disclosed. New disclosure laws will hopefully change that. The fact is that many companies are blind to what is happening in their networks - they don't review logs, their scanners are signature-based, and they don't know who is actually on their networks. Encryption is being offered as one of answers. Encrypt the data so it is protected is one of the mantras. Well, we have the RBS Worldpay instance ($9M taken from 2100 ATMs in 280 cities across 3 continents in a few hours) to remind us that if the administrator's credentials are compromised encryption doesn't help.

Given that criminals focus on "where the money is" and have the skills or can contract for them to develop targeted exploits you can be assured that the top repositories or thoroughfares for identity, health, credit card and payments information are under assault right now - whether it is being thwarted by diligent security professionals and SIEM technology or the assault is stealthily siphoning off data that will set the all-time breach record in 2010.

3 More than one country will experience electrical outages due to cyber incidents.

Given the state of the security around the SCADA control networks that administer the bulk power system across the world, it is just a matter of time before a cyber incident(s) takes down a portion of the power transmission infrastructure in some country. Whether that is the result of a malicious insider, a compromised administrative account by an extortionist, a virus outbreak, or a targeted attack by nation-state or terrorist organization I don't know. Your guess is as good as mine, but an incident will likely happen in 2010. Where there is money to be gained or a special interest there will be action. Hopefully the world will hear about it and aggressively act to stop it from happening again by improving the security around these critical assets.

4 With over 120 governments building out cyber warfare operational groups capable of launching an offensive attack expect some testing of those newly developed or organised skills with cyber attacks taking place across the planet in 2010. The governments behind such attacks will most likely deny culpability and use as a cover the anonymity of the Internet or the fact the botnets used for the attack harness computers from all over the world. Expect extremist groups, on the other hand, using similar methods to take credit.

5 Intellectual property will continue to be drained out of the companies and governments at an alarming rate. We probably won't hear about it because there are no disclosure laws for IP theft. Foreign powers have demonstrated their ability to steal secrets from the US defence industrial base with the loss of several terabytes of data from the Joint Strike Fighter project. This is certainly not a new occurrence and definitely not isolated just to the US.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo