Hot on the heels of a "serious" cyber-attack that compromised United Nations servers, and in the same week that the head of the European Central Bank, Christine Lagarde, warned of the global financial implications of cyber-attacks, Iran has seemingly come under cyber-attack. Indeed, so powerful was the impact of this alleged attack that the internet was disrupted across the country.
The NetBlocks internet observatory, which maps internet freedom in real-time, confirmed that there was extensive Iranian telecommunications network disruption on the morning of February 8. The internet observatory, an accurate and impartial monitor of internet availability, uses a combination of measurement and classification techniques to detect disruptions and critical infrastructure cyber-attacks in real-time. In a NetBlocks tweet, the national internet connectivity drop to 75% was said to be due to Iranian authorities activating the "Digital Fortress" cyber-defense mechanism, also known as DZHAFA.
25% Of Iranian Internet Taken Down by Powerful Cyber Attack
Download: https://jinyurl.com/2vBJlH
Figure 3.3 breaks down how often senior managers get updates on the state of cyber security and any actions being taken. It shows that updates tend to be more frequent in businesses than in charities, continuing a trend from previous years.
Each year, this survey series has attempted to capture the cost of cyber security breaches or attacks on organisations. This includes an overarching question covering the cost of all breaches or attacks faced in the last 12 months, and more granular questions breaking down different aspects of the cost of the single most disruptive breach or attack that organisations recall facing in this period.
Of those who had not been attacked by ransomware, organisations tended to have an incident response plan which involved shutting down infected systems and notifying staff and relevant parties. Some intended to notify authorities, although they did not specify which authorities these were. Organisations were very concerned about the damage that a ransomware attack could do to their reputation, which some believed was worse than the cost of the attack itself. Of those who had been attacked, organisations mentioned a notable shift in how the organisation approached cyber security in the aftermath. There was particular emphasis on end-user behaviour.
The term "cyberwarfare" is distinct from the term "cyber war." "Cyberwarfare" does not imply scale, protraction or violence which are typically associated with the term "war".[9] Cyber warfare includes techniques, tactics and procedures which may be involved in a cyber war. The term war inherently refers to a large scale action, typically over a protracted period of time and may include objectives seeking to utilize violence or the aim to kill.[9] A cyber war could accurately describe a protracted period of back-and-forth cyber attacks (including in combination with traditional military action) between warring states. To date, no such action is known to have occurred. Instead, tit-for-tat military-cyber actions are more commonplace. For example, in June 2019, the United States launched a cyber attack against Iranian weapons systems in retaliation to the shooting down of a US drone being in the Strait of Hormuz.[27][28]
The Cooperative Cyber Defence Centre of Excellence (CCDCE), part of the North Atlantic Treaty Organization (NATO), have conducted a yearly war game called Locked Shields since 2010 designed to test readiness and improve skills, strategy tactics and operational decision making of participating national organizations.[99][100] Locked Shields 2019 saw 1200 participants from 30 countries compete in a red team vs. blue team exercise. The war game involved a fictional country, Berylia, which was "experiencing a deteriorating security situation, where a number of hostile events coincide with coordinated cyber attacks against a major civilian internet service provider and maritime surveillance system. The attacks caused severe disruptions in the power generation and distribution, 4G communication systems, maritime surveillance, water purification plant and other critical infrastructure components". CCDCE describe the aim of the exercise was to "maintain the operation of various systems under intense pressure, the strategic part addresses the capability to understand the impact of decisions made at the strategic and policy level."[99][101] Ultimately, France was the winner of Locked Shields 2019.[102]
In 2013, Germany revealed the existence of their 60-person Computer Network Operation unit.[156] The German intelligence agency, BND, announced it was seeking to hire 130 "hackers" for a new "cyber defence station" unit. In March 2013, BND president Gerhard Schindler announced that his agency had observed up to five attacks a day on government authorities, thought mainly to originate in China. He confirmed the attackers had so far only accessed data and expressed concern that the stolen information could be used as the basis of future sabotage attacks against arms manufacturers, telecommunications companies and government and military agencies.[157] Shortly after Edward Snowden leaked details of the U.S. National Security Agency's cyber surveillance system, German Interior Minister Hans-Peter Friedrich announced that the BND would be given an additional budget of 100 million Euros to increase their cyber surveillance capability from 5% of total internet traffic in Germany to 20% of total traffic, the maximum amount allowed by German law.[158]
On 12 November 2013, financial organizations in London conducted cyber war games dubbed "Waking Shark 2"[177] to simulate massive internet-based attacks against bank and other financial organizations. The Waking Shark 2 cyber war games followed a similar exercise in Wall Street.[178]
Following US President Donald Trump's decision to pull out of the Iran nuclear deal in May 2018, cyber warfare units in the United States and Israel monitoring internet traffic out of Iran noted a surge in retaliatory cyber attacks from Iran. Security firms warned that Iranian hackers were sending emails containing malware to diplomats who work in the foreign affairs offices of US allies and employees at telecommunications companies, trying to infiltrate their computer systems.[187]
With very little investment, and cloaked in a veil of anonymity, our adversaries will inevitably attempt to harm our national interests. Cyberspace will become a main front in both irregular and traditional conflicts. Enemies in cyberspace will include both states and non-states and will range from the unsophisticated amateur to highly trained professional hackers. Through cyberspace, enemies will target industry, academia, government, as well as the military in the air, land, maritime, and space domains. In much the same way that airpower transformed the battlefield of World War II, cyberspace has fractured the physical barriers that shield a nation from attacks on its commerce and communication. Indeed, adversaries have already taken advantage of computer networks and the power of information technology not only to plan and execute savage acts of terrorism, but also to influence directly the perceptions and will of the U.S. Government and the American population.
But the cyber threat to the energy sector goes beyond attacks to communications networks like the recent headlined ransomware attacks, analysts said. Using the growing internet access of power system operations that allow companies to monitor and control engineering processes online, attackers could disrupt critical infrastructure to create environmental devastation, losses of life, and severe economic impacts, they said.
Sensors without security capabilities make malicious and unintentional operational disruptions difficult to distinguish and could allow power system cyberattacks to go unnoticed, Weiss said. Inadequate sensor protections contribute to continued uncertainties about the specific cause of the 2005 Stuxnet attack on an Iranian nuclear facility and a 2008 Florida nuclear plant shutdown resulting from a substation disruption that left no proof of its supposedly accidental cause, he added.
Every 14 seconds, a new organization gets hit by ransomware. Schools, healthcare providers and even government institutions have all become victims of ransomware attacks by cybercriminals. With even crucial public services being shut down, ransomware is now a global threat to organizations and individuals alike.
DNS is an essential substrate of the Internet, responsible for translating user-friendly Internet names into machine-friendly IP addresses. Without DNS, it would be an impossible mission for us to navigate through the Internet. As we have seen in recent years, DNS-based attacks launched by adversaries remain a constant lethal threat in various forms. The record-breaking 300gbps DNS amplification DDoS attack against Spamhaus presented by Cloudflare at Black Hat 2013 is still vivid in our minds. Since then (in the last 3 years), thanks to the dark force's continuous innovations, the dark side of the DNS force is getting much more pernicious. Today, the dark side is capable of assembling an unprecedented massive attacking force of an unimaginable scale and magnitude. As an example, leveraging up to 10X of the Internet domain names, a modern DNS-based attack can easily take down any powerful online service, disrupt well-guarded critical infrastructure, and cripple the Internet, despite all the existing security postures and hardening techniques we have developed and deployed. In this talk, we will present and discuss an array of new secret weapons behind the emerging DNS-based attacks from the dark side. We will analyze the root causes for the recent surges of the Internet domain counts from 300-million a year ago to over 2-billion. Some real use cases will be shown to illustrate the domain surges' impact on the Internet's availability and stability, especially with spikes up to 5-billion domains. We will focus on the evolution of random subdomain weapon which can generate a large number of queries to nonexistent fully qualified domain names such as 01mp5u89.arkhamnetwork.org and 01k5jj4u.arkhamnetwork.org to overload and knock down both authoritative name servers and cache servers along the query paths. Starting as a simple primitive tool used to disrupt competitors' gaming sites in order to win more users among the Chinese online gaming community about five years ago, random subdomain has become one of the most powerful disruptive weapons nowadays. As the attack targets move towards more high-profile and top level domains, the random subdomain weapon also becomes much sophisticated by blending attacking traffic with legitimate operations. It is a challenge for the cyber security community to distinguish bad traffic from benign ones in a cost-effective manner. We will address this challenge by dissecting the core techniques and mechanisms used to boost attack strength and to evade detection. We will discuss techniques such as multiple level of random domains, mix use of constant names and random strings, innovative use of timestamps as unique domain names, as well as local and global escalations. We will demonstrate and compare different solutions for the accurate detection and effective mitigation of random subdomain and other active ongoing DNS-based attacks including DNS tunneling of data exfiltration on some most restricted networks due to the pervasiveness of DNS. 2ff7e9595c
Comments