Wednesday, July 7, 2010

Cyber Warfare and the new Era of Advanced Persistent Threats

Cyber Warfare is here and your PC is the tool that becomes a weapon. How it does so is up for debate, but facts that have come to light indicate that the PC you pick, the browser and reader you use and the apps you run are being harnessed to launch cyber warfare attacks on you, your company and your country.

I wrote about the hack of Google earlier this year and since then even more information has come to light. The fact that so much of Google's infrastructure was compromised is probably why Google was so angry.

The issue for the normal user and for any IT Pro is that Operating Systems, Flash Players, PDF viewers are all being exploited through zero day vulnerabilities. It isn't just one application that is being exploited. It is a combination and that suggests a much higher level of sophistication than we have known so far in the Internet generation.

The Cocktail combo used to get Google appears to have been PCs with IE 6 running on them. That browser, combined with Facebook Instant Messaging, could enable a fatal trojan to be loaded onto the target PC. After that, it was easy.

Google's reaction was to stop support for IE6. It is a true statement that Adobe has had as much heat for security flaws as Microsoft. Apple has also quietly been issuing security updates at the same frequency as Adobe and Microsoft.

Even more telling is how these attacks are now being labeled. George Kurtz of Mcafee writes. “These highly customized attacks known as ‘advanced persistent threats’ (APT) were primarily seen by governments and the mere mention of them strikes fear in any cyberwarrior. They are in fact the equivalent of the modern drone on the battle field. With pinpoint accuracy they deliver their deadly payload and once discovered — it is too late. All I can say is wow. The world has changed.”

Corporate Security is a big issue and it cannot be ignored. The wrong OS or Browser or player puts you at risk.  Most of the Analysts I know are not taking a strong position on this. The risks are clear: gamble and you lose source code or even more.

It is clear that higher levels of defenses are needed. The first step is knowledge. Check out this link for some courses. Raise your browser security levels and look for best practices like the plug-in checker from Mozilla. Lastly, consider disconnecting certain corporate systems from the regular network (ie a standalone network). Don't wait. Put together a new plan now.

2 comments:

  1. Your so right as far as you go. But it may not matter what OS or Browser you use.
    Minor security vulnerabilities in most programs can lead to a major invasion if used in unison.
    And you haven't mentioned Advanced Permanent Threats. Some root kits penetrate even virtual OS, and maybe in effect invisible, AV is a generation behind
    the hackers, its much worse than known.
    If they can get at Google then no one is safe.

    Gerald
    Anthropologist
    Tactical Internet Systems analyst.

    ReplyDelete