cyber security gustav lindstrom 10 may 2012. structure of the presentation 1. 1.why should we care...
TRANSCRIPT
Cyber Security
Gustav Lindstrom
10 May 2012
Structure of the presentation
1. Why should we care about cyber security?
2. What is the scope of the threat?
• Micro level• Macro level
3. What are we doing about it?
4. What are outstanding issues?
Why should we care about cyber security?
• A growing number of individuals use the Internet– 361 million users in 2000, about 2.27 billion today
(www.internetworldstats.com/stats.htm)
• The number of applications is increasing– Video, voice, and e-services (commerce, banking, government)
• A growing reliance on computer networks magnifies vulnerabilities to individuals and society– Risks of “cascading effects” across critical infrastructures
• Malicious cyber activities are becoming more sophisticated and easier to execute
Who may threaten cyber security?
Group Motivation Type of attackScript kiddies • Curiosity / Reputation Readily availably software
Hackers • Challenge of breaking new defences• Financial gain
Use of automated tools; potential for co-ordinated attacks
Insiders • Revenge / extortion Multiple possibilities
Hacktivists • Propaganda (pol, soc, econ, relig) Same as script kiddies / hackers
Criminal groups • Financial gain Phishing, pharming, spam
Spyware/malware authors
• Mainly financial gain Same as criminal groups
Bot-net operators • Financial gain• Cause disruption / damage
Use of remotely controlled systems
Terrorists • Propaganda (pol, soc, econ, relig.)• Cause disruption / damage
Multiple possibilities, including attacks on critical infrastructures
Nation-states • Cause disruption / damage• Espionage / gather intelligence
Multiple possibilities
Sources: Baldi, Gelbstein, and Kurbalija. Hacktivism, Cyber-Terrorism, and Cyberwar, 2003 and GAO Report “Cyberspace”, GAO-10-606, July 2010.
Micro / “personal” level challenges
What are examples of malware and associated attack techniques? Examples of malware (malicious software)• Virus – attached to programmes or files and require human action to
spread from computer to computer• Worm – can replicate themselves, thereby able to spread without
human interaction • Trojan horse – a programme that hides harmful code – it is often made
to look as a useful programme• Logic bomb – code that causes a program to perform an action after a
triggering event• “Blended threats” – may combine aspects of a virus, worm, Trojan
horses, or other malicious code
Examples of attack techniques• Distributed Denial of Service attack• Phishing and Pharming • Sniffing and “war driving”
What are trends in new malicious code signatures?
Source: Symantec Global Internet Security Threat Report, April 2010.
2002 2003 2004 2005 2006 2007 2008 20090
500,000
1,000,000
1,500,000
2,000,000
2,500,000
3,000,000
3,500,000
20,254 19,159 74,981 113,081 167,069
708,742
1,691,323
2,895,802
Year
Num
ber
of n
ew t
hrea
ts
What were some of the main threat trends in 2009?
• An average of 46,541 active bot-infected computers per day in 2009 (38% decrease from 2008)
• Most bot-infected computers where located in the United States, accounting for 11% of the worldwide total
• Of the top 10 new malicious code families detected in 2009, six were Trojans, two were worms with back door components, one was a worm, and one was a virus
• 59,526 phishing website hosts were detected, an increase of 7% from 2008
[Symantec Global Internet Security Threat Report, April 2010]
In 2009, what was the country breakdown of malicious activity?
Overall Rank
2009 Activity Rank
‘09 ‘08 Country Malicious code
Spam Zombies
Phishing hosts
Bots Attack origin
1 1 United States
1 6 1 1 1
2 2 China 3 8 6 2 2
3 5 Brazil 5 1 12 3 6
4 3 Germany 21 7 2 5 3
5 11 India 2 3 21 20 18
6 4 UK 4 19 7 14 4
7 12 Russia 12 2 5 19 10
8 10 Poland 23 4 8 8 17
9 7 Italy 16 9 18 6 8
10 6 Spain 14 11 11 7 9
Source: Symantec Global Internet Security Threat Report, April 2010.
What are examples of risks at the “personal” level?
• Use of unprotected networks in the home or office
• Use of unprotected systems (cyber café, hotels, etc.)
• Provision of sensitive information via social networks
– Example of geotags
• Use of suspicious hardware (e.g. USB flash drive)
• Risks associated with the disposal of hardware
How are “old” threats evolving? (I)-----Original Message-----From: [email protected]: 13 August 2010 05:30To: undisclosed-recipientsSubject: Reference
Dear Partner,
This is an urgent issue which may get your attention to know, The Thai Criminal Court has issued an arrest warrant for Thaksin Shinawatra on terrorism charges for allegedly involving in the red protests in Bangkok. I am sending you this email base on the instructions giving to me by my client Thaksin Shinawatra to kindly urge you to cooperate with my client as he urgently needs your assistance in move/transferring part of his fund under your custody for safe keeping or further business investment…
View More Of The Story Here:http://news.bbc.co.uk/2/hi/asia-pacific/1108114.stm
He instructed me as his Britain counsels to carry out this investment/safe keeping plan which involve $15Million USD under your custody from one of his offshore private security account
Finally, be mindful that nobody here knows that I contacted you for this business deal. To this effect you should please keep this letter confidential whether you are interested or not and also note that you have noting to worry about on this project as everything is kept safe and legal.
Yours Sincerely,
Mr. YYYYY YYYYYYAddress line 1 Address line 2Address line 3
Tel: +44 792 458 1639 [email protected]
How are “old” threats evolving? (II)
From: xxx xxxx [[email protected]]Sent: Wednesday, May 09, 2012 1:13 PMTo: xxx [email protected]: urgent
please take this email serious. i need help, am stuck in London for now because i was mugged and i lost my credit card and my phone and since then i have been without money, I was thinking of asking you to lend me some funds 2550 British pound sterling or any amount you can lend me that I can refund you back as soon as I return back home.
Macro / strategic level challenges
What are the national security implications of cyber threats? Several countries targeted over the past few years• Estonia (April-May 2007)• Lithuania (June-July 2008)• Georgia (August 2008)• South Korea (July 2009)• United States (July 2009)• Iran (July 2010)• Internal censuring – e.g. China, Iran, Syria, Egypt
Effects vary according size and scope of the attack• May have implications for critical infrastructures. The 2007 attacks
in Estonia affected key services such as banking and e-government.
• May impact information and communication services• May result in the loss of classified or protected information
What are other potential challenges to national security?
• Targeting of critical infrastructures / combined attacks
• Rise of offensive cyber capabilities - from jamming capacity to denial of Internet access for national security reasons
• Presence of tampered hardware - e.g. computer chips
• “New” vulnerabilities to C4I systems
– UAV video feeds– Computer systems (GhostNet)– Tampering with the physical backbone of the Internet –
e.g. submarine cables
What is being done to address cyber threats?
Preventive Measures Consequence Management
TechnicalLevel
• Awareness raising (e.g. http://howsecureismypassword.net/)• Installation of protective software• Use of black and white lists• Use of open source software• Introduction of IPv6
• Increasing bandwidth • Filtering incoming traffic • Blocking access• Shifting server usage
Institutional Level
• Establishment of CERTs• Creation of specialised agencies (e.g. ENISA)• Use of exercises (e.g. Cyber Storm)• Introduction of legislation and conventions • Public – private co-operation
• Use of CERTs / CSIRTs• National and international co-operation – including information sharing• Application of legislation• Co-operation across national and international organisations
What are examples of outstanding challenges?
1. Raising awareness about cyber security threats (government, business sector, individual users)
2. Creating international norms & standards and discussions about applicability of international law
3. Strengthening attribution capabilities, which may help identify perpetrator(s)
4. Identifying the impact of new technologies on cyber security
5. Exploring governance models for the Internet - should it be centralised or kept open?
6. Improving the measurement / understanding of cyber crime