Global Cyber Threats

Professor John Walker CFIP MFSoc CRISC CISM ITPC CITP SIRM FBCS FRSA

© Red-Spike

Introduction to the Global Threat

1) Thousands of IT systems are compromised every day, some attacks are based on political motives, but most commonly to steal money or commercial secrets.

2) The magnitude and tempo of the attacks pose a real threat to Britain's economic security.

3) National Critical Assets are targeted and exposed.

4) Global economic stability is exposed.

5) Internet root-servers under daily attack.

6) High dependencies on computing, infrastructures and a live-by-wire lifestyle.

7) CyberWar, CyberConflict is here!

Examples of Compromise

Attendance to an incident requires the First Responder to keep an Open Mind:

2) The magnitude and tempo of the attacks pose a real threat to Globalised economic security.

3) National Critical Assets are targeted and exposed.

4) Inter-nation economic stability is impacted.

5) Internet root-servers under daily attack.

6) High dependencies on computing, infrastructures and a live-by-wire lifestyle.

7) CyberWar, CyberConflict is here!

8) Dependency on Technology increases the potentials of attack or compromise

Threat Scale & Position

Non-Profit, Local & SME’s

LOW RISK

MEDIUM RISK

HIGH RISK

Hi-Tech, Media, Retail, Industrial Manufacturing etc.

Governments, Defence, Banking, Oil & Gas, SCADA, & Critical Infrastructure.

Hackers

Non-Disclosure – 911 - Impact

Event on 9/9/2011 [911]saw 5 Million people impacted bytraffic chaos, flight cancellationsand two Nuclear Reactors beingClosed down – all caused byone single employee!

Hacktivists Threat

Pose a High Threat, and are very Motivated

5th November, 2012 = DDoS

Serious-Organised-Crime

Serious-and-Organised Crime Ganges are highly organised, and very successful – considerSome of the top targets:

The Public Home [WiFi in particular] Companies Governments Banks Oil-&-Gas

The ‘Chinese’ Threat

"Whether it be the intrusions of hackers, a major explosion at the World Trade Centre, or a bombing attack by bin Laden, all of these greatly exceed the frequency bandwidths understood by the American military...“

Qiao Liang and Wang Xiangsui

Titan Rain - 2008

The Internet

Cyber-Jihad use the Internet to a very effective extent to support their missions.

The Statistics

High availability of information on the Internet, and the GhostNet – and its on the rise

The ‘Cyber-Terror’ Threat - 1

Cyber-Jihadvs.

Cyber-Terrorism

The ‘Cyber-Terror’ ToolsCyber-Jihadist Tools and Capabilities:

Copyright SBLTD 2012

The ‘Cyber-Terror’ Tools - 3DDoS a speciality:

The ‘AET’The AET was once considered Hype – but they have been seen in the wild, and with some success::

McAfee Firewall

Paloalto

Sourefire

Checkpoint

Juniper

The ‘Cyber-Terror’ Tools - 5Security is accommodated – in some cases to a higher level than most organisations:

The ‘Impact’ of Tools - 6By leveraging free Attack Tools supplied with Linux Speciality Distributions, targeting a LAN based Windows 8 System, a number of attacks were performed against a Firewalled System – the impact was a fully compromised systems, broken, and very infected with Malicious Payload – and this from a GUI environment, with a free, publically available set of tools.

The Infamous Teams

The ImpactCyber-Jihadist impact and payload can arrive in many forms:

Attacks on Critical InfrastructurePromised – and have occurred! - example

The ‘Myth’

The Response to the Threat

About 80% of known attacks would be defeated by embedding basic information security

Practices and learning from the First Responder Engagements.

Let us consider the opportunities, options, and what you have in place:

?How many of the aforementioned areas are you covered against?