[ISN] CSI - Cyberterrorism: More sophisticated than past worms

From: InfoSec News (isn@private)
Date: Tue Nov 04 2003 - 02:40:41 PST

  • Next message: InfoSec News: "[ISN] FTSE companies demand common security standards"

    http://www.infoworld.com/article/03/11/03/HNcyberterrorism_1.html
    
    By Grant Gross
    IDG News Service 
    November 03, 2003 
    
    WASHINGTON - No hard evidence exists that shows a cyberterrorism 
    attack on the U.S., but when such an attack comes, it is likely to be 
    much more harmful than the current crop of relatively unsophisticated 
    viruses and worms that have caused billions of dollars in damages, a 
    cybersecurity expert said Monday. 
    
    Terrorism groups have planned cyberterrorism attacks for years, and 
    those attacks are waiting for a vulnerability to trigger them, 
    predicted Norm Laudermilch, vice president of managed security 
    services for VeriSign Inc. 
    
    "Anybody think we're dealing with dumb terrorists?" Laudermilch asked 
    a crowd during a seminar on cyberterrorism at Computer Security 
    Institute's Computer Security Conference and Exhibition in Washington, 
    D.C. "We're not going to have a month to patch our systems, because 
    the plan is going to be already in place." 
    
    Laudermilch classified about three-quarters of the attacks VeriSign 
    sees on its customers' networks as "sport" attacks -- those done by 
    amateur hackers trying to see what damage they can do. And while only 
    about 5 percent of the attacks Laudermilch sees would be classified as 
    motivated by politics or a foreign government, companies need to be 
    prepared when and if more of those kinds of attacks come, because 
    enemies of the U.S. are strongly motivated by hate, he said. 
    
    "I'm not trying to be too negative, but we're dealing with a 
    completely different type of intelligence than some of the massively 
    successful attacks we've seen on the Internet recently," Laudermilch 
    said. 
    
    The SQL Slammer worm, the Sobig-F worm and the Blaster worm, all of 
    which hit in 2003, were relatively simple attacks, and many companies 
    recovered within hours or days, although the damage still ran into the 
    billions of dollars. The ability to catch these attacks is a kind of 
    "criminal Darwinism," in which unsophisticated attackers are easily 
    spotted, Laudermilch said, but cyberterrorism may not be so easy to 
    recover from. 
    
    "We're good at catching the attackers who aren't so bright," he added. 
    "But are we catching the more complex attacks? Are we catching the 
    more stealthy attacks?" 
    
    To combat the potential of cyberterrorism, companies must pay 
    attention to several areas, Laudermilch added. Even though many U.S. 
    companies continue to cut or hold off hiring new staff, they need to 
    focus on security knowledge and intelligence and effective use of 
    intelligence, he said. Most U.S. companies fail in those two areas, he 
    said. 
    
    Many companies do not have processes in place to even keep track of 
    all the computers on their networks, he said, and U.S. companies are 
    often unwilling to share their security problems with others. He 
    called for more sharing of security data as a way for more companies 
    to understand cyberattacks. 
    
    Companies often buy a host of security products, including firewalls, 
    virus protection and intrusion detection systems, but they don't 
    understand all the functionality those products provide, Laudermilch 
    said. Companies often don't buy products that help them make sense of 
    their security scans or data, or they don't take full advantage of 
    those tools, he added. Many companies buy firewall products, spend a 
    few hours setting them up, and rarely pay attention to them again, he 
    said. 
    
    "The problem is once they select this technology, few people spend the 
    time it takes to understand everything that product can do for them," 
    he said. "Making the best use of this technology relies on your 
    ability to take what these tools give you and turn it into 
    intelligence." 
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Nov 04 2003 - 05:00:26 PST