Reverse Deception: Organized Cyber Threat Counter-Exploitation by Sean Bodmer
Book: Reverse Deception: Organized Cyber Threat Counter-Exploitation by Sean Bodmer
Read Free Book Online
Authors: Sean Bodmer
Ads: Link
have otherwise not had the help they needed. One example is the DDOS attacks against world governments who were unfairly treating their citizens (such as during the 2011 Middle East and North African uprisings and revolts).
The following are some of the observables of Operation Payback.
Operation Payback
Observables
Objectives
Politically and morally motivated
Timeliness
Automated and manual operations
Resources
Unknown
Risk tolerance
High; notifications to public of most events
Skills and methods
Simple and sophisticated
Actions
Numerous actions against targeted systems
Attack origination points
Globally distributed network and infrastructure
Numbers involved in attack
The HIVE (millions of computers)
Knowledge source
Where else? Legion and online
Conclusion
Numerous methods and techniques are being developed every day to infiltrate networks and exfiltrate sensitive information. According to the Department of Homeland Security and the Internet Crime Complaint Center (IC3), the following numbers of cyber crimes were reported each year by the public and private sectors.
Year
Crimes Reported
2011
522,464
2010
303,809
2009
336,655
2008
275,284
2007
206,884
This is why implementing active countermeasures against specific persistent and advanced threats is imperative. Your threats will have the upper hand and the capability to move faster, easier, and slicker than your security team unless you use the proper tools and have the right knowledge of your network to defend against them. One of the wisest men in history once said:
Hence that general is skillful in attack whose opponent does not know what to defend; and he is skillful in defense whose opponent does not know what to attack .
—Sun Tzu, The Art of War
To us, this means that you are the owner of your enterprise (literally). You control the very wires that threats and adversaries use to move about your network. You, as a defender, have the home field advantage, so why not use it? By law, as the owner of an enterprise or critical network, your responsibility is to implement security techniques that will disrupt, deny, degrade, destroy, and deceive threats and adversaries into revealing more of themselves. For this purpose, you need to understand that this generation of cyber warfare is capable and being actively used. There are government, corporate, and criminal groups with the resources to identify vulnerabilities in proprietary software you use in order to develop exploits against it.
This brings us to other threats to our SCADA systems across the world. Nuclear, electrical, water, sewage, traffic light, and many other systems use operating systems that are running on IP-based networks for remote administration and central management of many locations. This might scare you a little, but in my travels, we’ve been able to learn that there are PLC systems still running on a Windows 98 platform—yes, you read it right: Windows 98 and Windows 2000 versions of Microsoft running critical infrastructure around the United States… Your local power plant could possibly be running Windows 95 for some reactor and you don’t know it, yet our prices continue to increase (a rant for another book). The issues behind still running these very antiquated versions of Windows is that they are no longer supported, have open vulnerabilities that were never fixed, and are much more unstable and insecure than newer versions of the Microsoft operating system. The primary reason these old operating system platforms are still in use is due to the complexity of PLC and HMI systems stuck running huge turbines or cooling systems. If the cost of performing this outweighs the cost of security, some systems are just the way they are (you know who you are).
Throughout this book, you will read about deception and disinformation as a tool. Remember what the adversary knows and what you want them to know can be the same thing or it may not be. The choice is yours. We offer the
The following are some of the observables of Operation Payback.
Operation Payback
Observables
Objectives
Politically and morally motivated
Timeliness
Automated and manual operations
Resources
Unknown
Risk tolerance
High; notifications to public of most events
Skills and methods
Simple and sophisticated
Actions
Numerous actions against targeted systems
Attack origination points
Globally distributed network and infrastructure
Numbers involved in attack
The HIVE (millions of computers)
Knowledge source
Where else? Legion and online
Conclusion
Numerous methods and techniques are being developed every day to infiltrate networks and exfiltrate sensitive information. According to the Department of Homeland Security and the Internet Crime Complaint Center (IC3), the following numbers of cyber crimes were reported each year by the public and private sectors.
Year
Crimes Reported
2011
522,464
2010
303,809
2009
336,655
2008
275,284
2007
206,884
This is why implementing active countermeasures against specific persistent and advanced threats is imperative. Your threats will have the upper hand and the capability to move faster, easier, and slicker than your security team unless you use the proper tools and have the right knowledge of your network to defend against them. One of the wisest men in history once said:
Hence that general is skillful in attack whose opponent does not know what to defend; and he is skillful in defense whose opponent does not know what to attack .
—Sun Tzu, The Art of War
To us, this means that you are the owner of your enterprise (literally). You control the very wires that threats and adversaries use to move about your network. You, as a defender, have the home field advantage, so why not use it? By law, as the owner of an enterprise or critical network, your responsibility is to implement security techniques that will disrupt, deny, degrade, destroy, and deceive threats and adversaries into revealing more of themselves. For this purpose, you need to understand that this generation of cyber warfare is capable and being actively used. There are government, corporate, and criminal groups with the resources to identify vulnerabilities in proprietary software you use in order to develop exploits against it.
This brings us to other threats to our SCADA systems across the world. Nuclear, electrical, water, sewage, traffic light, and many other systems use operating systems that are running on IP-based networks for remote administration and central management of many locations. This might scare you a little, but in my travels, we’ve been able to learn that there are PLC systems still running on a Windows 98 platform—yes, you read it right: Windows 98 and Windows 2000 versions of Microsoft running critical infrastructure around the United States… Your local power plant could possibly be running Windows 95 for some reactor and you don’t know it, yet our prices continue to increase (a rant for another book). The issues behind still running these very antiquated versions of Windows is that they are no longer supported, have open vulnerabilities that were never fixed, and are much more unstable and insecure than newer versions of the Microsoft operating system. The primary reason these old operating system platforms are still in use is due to the complexity of PLC and HMI systems stuck running huge turbines or cooling systems. If the cost of performing this outweighs the cost of security, some systems are just the way they are (you know who you are).
Throughout this book, you will read about deception and disinformation as a tool. Remember what the adversary knows and what you want them to know can be the same thing or it may not be. The choice is yours. We offer the
Similar Books
