The Econotwist’s have been warning about this since last summer when the mysterious Stuxnet worm was discovered at several critical energy and water supply facilities around the world. However, research by Symantec have later reveled that 60% of the infections are found inside Iranian borders. The threat from cyber space has risen to the top of the list over potential global risks in 2011, alongside pandemic diseases and terrorism. The internet, once seen as the solution to all of mans problems, have instead become one of the most severe threats to all of us.
“The primary involvement of states in cyber security, as both protagonists and principal targets, fundamentally changes the nature of the risk.”
By the end of 2010 McAfee Security counted 60.000 new pieces of malicious software being released on the internet every day, the hacker attacks on Java platforms (used in practically every security system, including online banks and the Pentagon) rose by 1.200% last year, and for the first time ever the value of theft of digital assets exceeded the theft of physical assets. And for Stuxnet; that’s only the beginning.
More than 100 foreign intelligence organizations are trying to break into US networks, Deputy Defense Secretary William Lynn wrote in the September/October issue of the journal Foreign Affairs. Some already have the capacity to disrupt U.S. information infrastructure, he says.
The US government’s main code-making and code-cracking agency now works on the assumption that foes may have pierced even the most sensitive national security computer networks under its guard, Reuters reports.
“There’s no such thing as ‘secure’ any more,” Debora Plunkett of the National Security Agency said last month, amid US anger and embarrassment over disclosure of sensitive diplomatic cables by the web site WikiLeaks.
“The most sophisticated adversaries are going to go unnoticed on our networks,” she said.
Plunkett heads the NSA’s Information Assurance Directorate, which is responsible for protecting national security information and networks from the foxhole to the White House.
“We have to build our systems on the assumption that adversaries will get in,” she told a cyber security forum sponsored by the Atlantic and Government Executive media organizations.
The United States can’t put its trust “in different components of the system that might have already been violated,” Plunkett added in a rare public airing of NSA’s view on the issue.
“We have to, again, assume that all the components of our system are not safe, and make sure we’re adjusting accordingly.”
The NSA must constantly fine tune its approach, she said, adding that there was no such thing as a “static state of security.”
And the US is not the only nation struggling to keep its sensitive data safe.
According to Iain Lobban, head of GCHQ, the UK’s core infrastructure is under constant attack. He says thousands of targeted emails are hitting the systems every month, planting worms that cause “significant disruptions.”
Mr. Lobban’s claims are supported in a national security report, naming cyber attacks as a top threat to the UK, alongside pandemic diseases and terrorism, according to the PC Pro Magazine.
A Global Threat
“Cyberspace is contested every day, every hour, every minute and every second,” the British security expert says.
The international risk analysis company Eurasia Group put cyber security at number 3 amongst the top 10 risks of 2011.
“For the past decade, increasingly technologically capable hackers and organized crime organizations have elevated cyber security as a business risk, but not as a political risk. The centralization of data networks, both in energy distribution (the move to the smart grid) and information technology more broadly (the shift to cloud computing) are now metastasizing the cyber risk, and governments are becoming more directly and actively involved in playing both offense and defense in cyberspace. The primary involvement of states in cyber security, as both protagonists and principal targets, fundamentally changes the nature of the risk. The new roles of governments and their antagonists bring geopolitics and cyber security together in three different ways,” Eurasia writes.
(Link to full report below).
Java Systems Under Heavy Fire
One of the main components in practically every security system today is the Java platform, produced by Oracle.
So it’s no wonder that attacks on the Java system increased by more than thousand percent in 2010.
“The number of attacks against flaws in Java has jumped by 1.000% – even outstripping attacks against vulnerabilities in Adobe PDF’s,” Microsoft says.
The attacks against Java code – not the Java script – rose from 500.000 at the beginning of last year to about 6 million in the last quarter of 2010.
Even if Oracle have manged to patch the vulnerabilities in Java, the have the same problem as Adobe – people forget to update their software.
And on top of that; Java is a piece of software that’s used in almost everything, it runs in the background, making more visible components work, PC Pro Magazine points out.
“How do you know if you have Java installed, or if it is running?” researcher at Microsoft Malware Protection, Holly Stewart rightfully asks.
(If you want to know more about Java, click the link below.)
1 in 3 Companies Exposed To Data Theft
According to the latest issue of Kroll Annual Global Fraud Report, suggest that the theft of digital assets has overtaken that of physical stock for the first time ever in 2010.
A Survey, conducted in cooperation with the Economist Intelligence Unit, indicates that the numbers of companies reporting theft of information has risen sharply – from 18% to 27,3% – in 2010.
“There’s a growing awareness among thieves of the intrinsic value of intellectual property,” Kroll vice president, Robert Brenner explains.
The survey also suggest that 88% of the participating companies had been victim of some kind of fraud over the past year, nearly half of them are now fearful of expanding globally because of the cyber threat.
The experts emphasize that the numbers probably not are 100% accurate.
However, the message is pretty clear.
(Download the report below)
The Most Scary Thing
I guess most of you have heard about the Stuxnet worm/virus/malware in the news by now, and are familiar with the speculations that the extremely sophisticated malware might be some kind of cyber weapon, developed by government related scientists somewhere.
I sounds like a plot in James Bond movie – but the truth might be even more vicious.
According to experts is not unlikely to be a prototype of the first ever cyber-weapon-of-mass-destruction.
Davey Winder, award-winning journalist, business consultant and security expert, explains:
“So what do we know about Stuxnet and the SCADA (Supervisory Control and Data Acquisition) systems? Well, we know that Stuxnet is designed to be disseminated via USB sticks, and that it was developed to exploit specific zero-day vulnerabilities in the Windows operating system. To expand on that a little, Stuxnet actually exploits no fewer than four zero-day Windows vulnerabilities, a statement that alone should set the hair on the back of any security analyst’s neck prickling. Zero-day vulnerabilities are extremely valuable to the shady world of both hackers – where a zero-day is a kudos-generating device – and to criminals where zero-day equals pay-day. It’s relatively rare to see a single exploit being used in a piece of malware, and totally unheard of to see four expended in such a way.”
“Ask yourself, why would anyone waste three highly valuable zero-day exploits in a single piece of code when one would most likely do the job? Security experts recognize that this isn’t the modus operandi of the average hacker, nor the average criminal,” Winder writes in a recent article.
Personally, I believe that Stuxnet 2.0 is already out there – it just hasn’t been discovered yet.
The Internet Nuke Bomb
According to trend analyst, Gerald Celente, CEO and founder of Trends Research Institute, will cyber wars cause stir and come to fore in 2011.
And. as Eurasia, he is concerned about the government’s involvement.
Here are some of the other highlights in Mr. Celente’s predictions for the year to come:
- Every citizen in 2011 will realize that we are in the “greatest depression”
- In 2011, the game’s gonna run out
- Digital money, not worth the paper it’s not printed on
- The youth of the world has mountains of debt to climb, and no way to get to the top
- The greatest fear that governments have is freedom of speech
- Your growth industries are the gangs
- Crackdown on crime will lead to crackdown on liberties
- Drones flying over your city looking in windows
- The more government loses control, the harder they crack down
You may not take all of Gerald Celente’s forecasts equally serious, but many of the situations he describes is. in fact, common human behavior, observed in times of crisis since the collapse of the Roman empire thousands of years ago and up to our time.
At the latest count by McAfee Security Lab, about 60.000 pieces of malicious software is released on the internet every day.
And here’s how the last six months of 2010 looked like from the security software producer Kaspersky‘s point of view:
Perhaps it’s time to upgrade?
Related by The Swapper:
Reports and Research: