Connect with us


Cyberwar predictions for 2019: The stakes have been raised



Image: the-lightwriter, Getty Images/iStockphoto

special feature

Cyberwar and the Future of Cybersecurity

Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.

Read More

Before the internet era, geopolitical tensions drove traditional espionage, and periodically erupted into warfare. Nowadays, cyberspace not only houses a treasure-trove of commercially and politically sensitive information, but can also provide access to control systems for critical civil and military infrastructure. So it’s no surprise to find nation-state cyber activity high on the agendas of governments.

Notable cyber attacks launched by nation states in recent years include: Stuxnet (allegedly by Israel and the US); DDoS attacks against Estonia, attacks against industrial control systems for power grids in Ukraine, and electoral meddling in the US (allegedly by Russia); and the global WannaCry attack (allegedly by North Korea). China, meanwhile, has been accused of multiple intellectual property theft attacks and, most recently (and controversially), of secreting hardware backdoors into Supermicro servers.

Download all the Cyberwar and the Future of Cybersecurity articles as a free PDF ebook (free TechRepublic registration required)

The global cyber-threat landscape

What does the current threat landscape look like, in broad terms? The 2017/18 threat matrix from BRI (Business Risk Intelligence) company Flashpoint provides a useful overview:


Image: Flashpoint

Threat actors are ranked on a six-point capability scale and a four-point potential impact scale, with Flashpoint’s cast ranging from Tier 2 capability/Negligible potential impact (Jihadi hackers) to Tier 6/Catastrophic impact (China, Russia and Five Eyes).

It’s probably no surprise to find China heading the 2017/18 ranking of threat actors, in terms of capability, potential impact and number of verticals targeted:


Colour coding corresponds to Flashpoint’s ‘potential impact’ rating (Black = Catastrophic).

Data: Flashpoint / Chart: ZDNet

In its 2018 mid-year update, Flashpoint highlighted various ‘bellwethers’ that may prompt “major shifts in the cyber threat environment”:

• The tentative rapprochement between the U.S., South Korea, and North Korea fails to result in tangible diplomatic gains to end the North Korean nuclear program.

• Additional states follow the U.S. example and relocate their embassy in Israel to Jerusalem.

• The U.S.’ official withdrawal from the Joint Comprehensive Plan of Action (JCPOA) and the subsequent renewal of economic sanctions prompts an Iranian response.

• The ongoing power struggle between Saudi Arabia and Iran for influence in the Middle East leads to kinetic conflict in the region.

• U.S. and European Union-led economic sanctions in place on Russia are extended or tightened.

• The Trump administration adopts a less-compromising approach toward U.S.-China relations or otherwise enacts policies that threaten Chinese core interests. Alternatively, China adopts an increasingly aggressive policy toward securing its vital core interests, including the South China Sea and the questions of Taiwan’s and Hong Kong’s political sovereignty.

• The situation in Syria further deteriorates into direct armed conflict between major states with differing interests in the region, potentially extending further into neighboring states.

• Other nation-states, such as China, Iran, and North Korea adopt the Russian model of engaging in cyber influence operations via proxies, resulting in the exposure of such a campaign.

Cybersecurity policy in the UK


In the UK, the National Cyber Security Center (NCSC) — an amalgam of CESG (the information security arm of GCHQ), the Centre for Cyber Assessment, CERT-UK, and the Centre for Protection of National Infrastructure — issues periodic security advisories, among other services. In April, for example, it warned of hostile state actors compromising UK organisations with focus on engineering and industrial control companies. Specifically, the threats involved “the harvesting of NTLM credentials via Server Message Block (SMB) using strategic web compromises and spear-phishing”. Other recent NCSC advisories have highlighted Russian state-sponsored cyber actors targeting network infrastructure devices and the activities of APT28 (a.k.a. the cyber espionage group Fancy Bear).

In its 2018 annual review, the NCSC said it had dealt with over a thousand cyber incidents since its inception in 2016. “The majority of these incidents were, we believe, perpetrated from within nation states in some way hostile to the UK. They were undertaken by groups of computer hackers directed, sponsored or tolerated by the governments of those countries,” said Ciaran Martin, CEO at NCSC, in the report. “These groups constitute the most acute and direct cyber threat to our national security. I remain in little doubt we will be tested to the full, as a centre, and as a nation, by a major incident at some point in the years ahead, what we would call a Category 1 attack.”

A Category 1 attack constitutes a ‘national cyber emergency’ and results in “sustained disruption of UK essential services or affects UK national security, leading to severe economic or social consequences or to loss of life.”


Despite the efforts of the NCSC, a recent report by the UK parliament’s Joint Committee on the National Security Strategy noted that “The threat to the UK and its critical national infrastructure [CNI] is both growing and evolving. States such as Russia are branching out from cyber-enabled espionage and theft of intellectual property to preparing for disruptive attacks, such as those which affected Ukraine’s energy grid in 2015 and 2016.”

The government needs to do more to change the culture of CNI operators and their extended supply chains, the report said, adding that: “This is also a lesson for the Government itself: cyber risk must be properly managed at the highest levels.”

Specifically, the Joint Committee report recommended an improvement in political leadership: “There is little evidence to suggest a ‘controlling mind’ at the centre of government, driving change consistently across the many departments and CNI sectors involved. Unless this is addressed, the government’s efforts will likely remain long on aspiration and short on delivery. We therefore urge the government to appoint a single Cabinet Office minister who is charged with delivering improved cyber resilience across the UK’s critical national infrastructure.”

Cybersecurity policy in the US


In the US, the September 2018 National Cyber Strategy (the first in 15 years, according to the White House) adopted an aggressive stance, promising to “deter and if necessary punish those who use cyber tools for malicious purposes.” The Trump administration is in no doubt about who the US is up against in the cyber sphere:

“The Administration recognizes that the United States is engaged in a continuous competition against strategic adversaries, rogue states, and terrorist and criminal networks. Russia, China, Iran, and North Korea all use cyberspace as a means to challenge the United States, its allies, and partners, often with a recklessness they would never consider in other domains. These adversaries use cyber tools to undermine our economy and democracy, steal our intellectual property, and sow discord in our democratic processes. We are vulnerable to peacetime cyber attacks against critical infrastructure, and the risk is growing that these countries will conduct cyber attacks against the United States during a crisis short of war. These adversaries are continually developing new and more effective cyber weapons.”

The US cyber security strategy is built around four tenets: Protect the American People, the Homeland and the American Way of Life; Promote American Prosperity; Preserve Peace through Strength; and Advance American Influence.

As far as preserving ‘peace through strength’ is concerned, the Trump administration states that: “Cyberspace will no longer be treated as a separate category of policy or activity disjointed from other elements of national power. The United States will integrate the employment of cyber options across every element of national power.” The objective is to “Identify, counter, disrupt, degrade, and deter behavior in cyberspace that is destabilizing and contrary to national interests, while preserving United States overmatch in and through cyberspace.”

It would seem that the stakes in the cybersecurity/cyberwar game have just been raised by the world’s most powerful nation.

2019 nation-state / cyberwar predictions

Nation-state activity has been prominent in previous annual roundups of cybersecurity predictions (2018, 2017, 2016), and given the above overview we expect plenty more in 2019. Let’s examine some of the predictions in this area that have been issued so far.

Prediction Source Detail
Increase in crime, espionage and sabotage by rogue nation-states Nuvias Group With the ongoing failure of significant national, international or UN level response and repercussion, nation-state sponsored espionage, cyber-crime and sabotage will continue to expand. Clearly, most organisations are simply not structured to defend against such attacks, which will succeed in penetrating defences. Cybersecurity teams will need to rely on breach detection techniques.
The United Nations proposes a cyber security treaty Watchguard In 2019, the United Nations will address the issue of state-sponsored cyber attacks by enacting a multinational Cyber Security Treaty…The growing number of civilian victims impacted by these attacks will cause the UN to more aggressively pursue a multinational cyber security treaty that establishes rules of engagement and impactful consequences around nation-state cyber campaigns. They have talked and argued about this topic in the past, but the most recent incidents — as well as new ones sure to surface in 2019 — will finally force the UN to come to some consensus.
A nation-state launches a ‘fire sale’ attack Watchguard In 2019, a new breed of fileless malware will emerge, with wormlike properties that allow it to self-propagate through vulnerable systems and avoid detection…Last year, a hacker group known as the Shadow Brokers caused significant damage by releasing several zero day vulnerabilities in Microsoft Windows. It only took a month for attackers to add these vulnerabilities to ransomware, leading to two of the most damaging cyber attacks to date in WannaCry and NotPetya. This isn’t the first time that new zero day vulnerabilities in Windows fueled the proliferation of a worm, and it won’t be the last. Next year, ‘vaporworms’ will emerge; fileless malware that self-propagates by exploiting vulnerabilities.
State-sponsored cyber warfare will take center stage CGS Traditional cybersecurity tools to protect against state-sponsored cyberattacks are not adequate and often obsolete as soon as they come to market. It is nearly impossible to keep up with cyberattacks as these threats are automated, continuous and adaptive. In the next year, we will continue to see government entities ramping up efforts to develop state-sponsored cybersecurity protections, policies, procedures and guidance. With individuals, businesses and government departments under attack, there must be a unified approach by the government to create guidance on a more holistic, official, focused effort to thwart state-sponsored attacks.
A collision course to cyber cold war Forcepoint Isolationist trade policies will incentivize nation states and corporate entities to steal trade secrets and use cyber tactics to disrupt government, critical infrastructure, and vital industries.
The US-China trade war will reawaken economic espionage against Western firms Forrester With heightened geopolitical tensions in Europe and Asia and the US and China in a trade war, expect China’s hacking engine, after a brief respite from 2016 to 2018, to turn again to the US and Western countries. The current (13th) five-year plan serves as an early warning system for firms in eight verticals: 1) new energy vehicles; 2) next-generation IT; 3) biotechnology; 4) new materials; 5) aerospace; 6) robotics; 7) power equipment; and 8) agricultural machinery. If you’re in one of these industries, expect a breach attempt very soon.
Trade wars trigger commercial espionage Cyberark Government policies designed to create ‘trade wars’ will trigger a new round of nation-state attacks designed to steal intellectual property and other trade secrets to gain competitive market advantages. Nation-state attackers will combine existing, unsophisticated, yet proven, tactics with new techniques to exfiltrate IP, as opposed to just targeting PII or other sensitive data.
In 2019 and beyond, we expect to see more nations developing offensive cyber capabilities FireEye (Kevin Mandia) There are people that claim nations should not do this, but in the halls of most governments around the world, officials are likely thinking their nation needs to consider offensive operations or they will be at a disadvantage.
We are also seeing deteriorating rules of engagement between state actors in cyber space FireEye (Kevin Mandia) I have spent decades responding to computer intrusions, and I am now seeing nations changing their behaviors. As an example, we have witnessed threat actors from Russia increase their targeting and launch cyber operations that are more aggressive than in the past. Today, nearly every nation has to wonder: “What are the boundaries of cyber activities? What can we do? What is permissible? What is fair game?” We have a whole global community that is entirely uncertain as to what will happen next, and that is not a comfortable place to be. We must begin sorting that out in the coming years.
The final priority is diplomacy. Cyber security is a global problem, and we are all in this together FireEye (Kevin Mandia) The fact that a lone attacker sitting in one country can instantaneously conduct an operation that threatens all computers on the internet in other nations is a problem that needs to be addressed by many people working together. We need to have conversations about rules of engagement. We need to discuss how we will enforce these rules of engagement, and how to impose risks on attackers or the nations that condone their actions. We may not be able to reach agreements on cyber espionage behaviors, but we can communicate doctrine to help us avoid the risk of escalating aggression in cyber space. And we can have a global community that agrees to a set of unacceptable actions, and that works together to ensure there exists a deterrent to avoid such actions.
As we move into 2019: remain skeptical about what you read, especially on the internet FireEye (Sandra Joyce) Russia has been conducting influence operations for a really long time, and not just in the cyber realm. They’re very skilled. We’re seeing other threat actors learning from Russia’s success in cyber influence. For example, we recently uncovered several Iranian inauthentic accounts being used to propagate a social agenda that was pro-Iranian. We’re going to increasingly see these cyber operations from more nations than just Russia, and now Iran, as nations realize how effective this tactic can be. The upside of social media is that everyone can be part of the conversation, but that can clearly be a downside as well.
China’s Belt and Road Initiative to drive cyber espionage activity in 2018 and beyond FireEye (Threat Intelligence) The Belt and Road Initiative (BRI) is an ambitious, multiyear project across Asia, Europe, the Middle East, and Africa to develop a land (Silk Road Economic Belt) and maritime (Maritime Silk Road) trade network that will project China’s influence globally. We expect BRI to be a driver of cyber threat activity. Cyber espionage activity related to the initiative will likely include the emergence of new groups and nation-state actors. Given the range of geopolitical interests affected by this endeavor, it may be a catalyst for emerging nation-state cyber actors to use their capabilities. Regional governments along these trade routes will likely be targets of espionage campaigns. Media announcements on BRI progress, newly signed agreements, and related development conferences will likely serve as operational drivers and provide lure material for future intrusions.
Iranian cyber threat activity against U.S. entities likely to increase following U.S. exit from JCPOA, may include disruptive or destructive attacks FireEye (Threat Intelligence) Last year, we reported that should the U.S. withdraw from the JCPOA [Joint Comprehensive Plan of Action], we suspect that Iran would retaliate against the U.S. using cyber threat activity. This could potentially take the form of disruptive or destructive attacks on private companies in the U.S. and could be conducted by false front personas controlled by Iranian authorities purporting to be independent hacktivists. While we do not anticipate such attacks in the immediate or near-term, we suspect that initially Iranian-nexus actors will resume probing critical infrastructure networks in preparation for potential operations in the future.
Cyber norms unlikely to constrain nation-state cyber operations in the near future FireEye (Threat Intelligence) Norms of responsible state behavior in cyberspace, though still in their infancy, have the potential to significantly affect the types of future cyber operations conducted by nation-states and their proxies in the long term. Norms can be positive or negative, either specifically condoning or condemning a behavior. The future of cyber norms will be most strongly influenced by political and corporate will to agree, and ultimately decisions by particular states to accept or disregard those norms in their conduct of cyber operations.

Various countries active in cyber diplomacy, along with a small number of international corporations, are exploring norms to manage their increasingly complex and crowded cyber threat landscape. However, except for an emerging consensus to not conduct cyber-enabled theft of intellectual property with the intent to provide commercial advantage, no norm has yet found significant, explicit agreement among states.


It’s clear from the above round-up of predictions that nation states are likely to be more active than ever in cyberspace in 2019. Perhaps we’ll even see the sort of ‘national cyber emergency’ envisaged by the UK’s NCSC, with potential loss of life. That’s the point where cyber attack moves towards cyberwar.

It’s also clear that governments — in the UK and US at least — are increasingly, if belatedly, acknowledging the scale of the problem of hostile nation-state cyber activity. It remains to be seen how effectively they can defend themselves, and even retaliate.


Russian hackers are trying out this new malware against US and European targets
A new phishing campaign from a Russian-state backed hacking group targets American and European inboxes.

Russia wants DNC hack lawsuit thrown out, citing international conventions
Russian Federation says it benefits from the same legal protections as the US does when carrying out military cyberattacks.

Security warning: UK critical infrastructure still at risk from devastating cyber attack
Not enough is being done to protect against cyber attacks on energy, water and other vital services.

US, Russia, China don’t sign Macron’s cyber pact
New cyber peace pact signed by 51 other countries, 224 companies, and 92 non-profits and advocacy groups.

States activate National Guard cyber units for US midterm elections
National Guard cyber units activated in Washington, Illinois, and, more recently, Wisconsin.

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.


Defeating Distributed Denial of Service Attacks



It seems like every day the news brings new stories of cyberattacks. Whether ransomware, malware, crippling viruses, or more frequently of late—distributed denial of service (DDoS) attacks. According to Infosec magazine, in the first half of 2020, there was a 151% increase in the number of DDoS attacks compared to the same period the previous year. That same report states experts predict as many as 15.4 million DDoS attacks within the next two years.

These attacks can be difficult to detect until it’s too late, and then they can be challenging to defend against. There are solutions available, but there is no one magic bullet. As Alastair Cooke points out in his recent “GigaOm Radar for DDoS Protection” report, there are different categories of DDoS attacks.

And different types of attacks require different types of defenses. You’ll want to adopt each of these three defense strategies against DDoS attacks to a certain degree, as attackers are never going to limit themselves to a single attack vector:

Network Defense: Attacks targeting the OS and network operate at either Layer 3 or Layer 4 of the OSI stack. These attacks don’t flood the servers with application requests but attempt to exhaust TCP/IP resources on the supporting infrastructure. DDoS protection solutions defending against network attacks identify the attack behavior and absorb it into the platform.

Application Defense: Other DDoS attacks target the actual website itself or the web server application by overwhelming the site with random data and wasting resources. DDoS protection against these attacks might handle SSL decryption with hardware-based cryptography and prevent invalid data from reaching web servers.

Defense by Scale: There have been massive DDoS attacks, and they show no signs of stopping. The key to successfully defending against a DDoS attack is to have a scalable platform capable of deflecting an attack led by a million bots with hundreds of gigabits per second of network throughput.

Table 1. Impact of Features on Metrics
[chart id=”1001387″ show=”table”]

DDoS attacks are growing more frequent and more powerful and sophisticated. Amazon reports mitigating a massive DDoS attack a couple of years ago in which peak traffic volume reached 2.3 Tbps. Deploying DDoS protection across the spectrum of attack vectors is no longer a “nice to have,” but a necessity.

In his report, Cooke concludes that “Any DDoS protection product is only part of an overall strategy, not a silver bullet for denial-of-service hazards.” Evaluate your organization and your needs, read more about each solution evaluated in the Radar report, and carefully match the right DDoS solutions to best suit your needs.

Learn More About the Reports: Gigaom Key Criteria for DDoS, and Gigaom Radar for DDoS

The post Defeating Distributed Denial of Service Attacks appeared first on GigaOm.

Continue Reading


Assessing Providers of Low-Power Wide Area Networks



/*! elementor – v3.6.4 – 13-04-2022 */
.elementor-widget-text-editor.elementor-drop-cap-view-stacked .elementor-drop-cap{background-color:#818a91;color:#fff}.elementor-widget-text-editor.elementor-drop-cap-view-framed .elementor-drop-cap{color:#818a91;border:3px solid;background-color:transparent}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap{margin-top:8px}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap-letter{width:1em;height:1em}.elementor-widget-text-editor .elementor-drop-cap{float:left;text-align:center;line-height:1;font-size:50px}.elementor-widget-text-editor .elementor-drop-cap-letter{display:inline-block}

Blog Title: Assessing Providers of Low-Power Wide Area Network Technology

Companies are taking note of how Low-Power Wide Area Networks (LPWAN) can provide long-distance communications for certain use cases. While its slow data transfer rates and high latency aren’t going to be driving any high intensity video streaming or other bandwidth-hungry situations, it can provide inexpensive, low power, long-distance communication.

According to Chris Grundemann and Logan Andrew Green’s recent report “GigaOm Radar for LPWAN Technology Providers (Unlicensed Spectrum) v1.0,” this growing communications technology is suitable for use cases with the following characteristics:

  • Requirement for long-distance transmission—10 km/6 miles or more wireless connectivity from sensor to gateway
  • Low power consumption, with battery life lasting up to 10 years
  • Terrain and building penetration to circumvent line-of-sight issues
  • Low operational costs (device management or connection subscription cost)
  • Low data transfer rate of roughly 20kbps

These use cases could include large-scale IoT deployments within heavy industry, manufacturing, government, and retail. The LPWAN technology providers evaluated in this Radar report are currently filling a gap in the IoT market. They are certainly poised to benefit from the anticipated rapid adoption of LPWAN solutions.

Depending on the use case you’re looking to fulfill, you can select from four basic deployment models from these LPWAN providers:

  • Physical Appliance: This option would require a network server on-premises to receive sensor data from gateways.
  • Virtual Appliance: Network servers could also be deployed as virtual appliances, running either on-premises or in the cloud.
  • Network Stack as a Service: With this option, the LPWAN provider fully manages your network stack and provides you with the service. You only need devices and gateways to satisfy your requirements.
  • Network as a Service: This option is provided by mobile network operators, with the provider operating the network stack and gateways. You would only need to connect to the LPWAN provider.

Figure 1. LPWAN Connectivity

The LPWAN providers evaluated in this report are well-positioned from both a business and technical perspective, as they can function as a single point of contact for building IoT solutions. Instead of cobbling together other solutions to satisfy connectivity protocols, these providers can set up your organization with a packaged IoT solution, reducing time to market and virtually eliminating any compatibility issues.

The unlicensed spectrum aspect is also significant. The LPWAN technology providers evaluated in this Radar report use at least one protocol in the unlicensed electromagnetic spectrum bands. There’s no need to buy FCC licenses for specific frequency bands, which also lowers costs.

Learn More: Gigaom Enterprise Radar for LPWAN

The post Assessing Providers of Low-Power Wide Area Networks appeared first on GigaOm.

Continue Reading


The Benefits of a Price Benchmark for Data Storage



Why Price Benchmark Data Storage?

Customers, understandably, are highly driven by budget when it comes to data storage solutions. The cost of switching, upkeep and upgrades are high risk factors for businesses, and therefore, decision makers need to look for longevity in their chosen solution. Many factors influence how data needs to be handled within storage, including data that is frequently accessed, or storing rarely-accessed legacy data. 

Storage performance may also be shaped by geographic location, from remote work or global enterprises that need to access and share data instantly, or by the necessity of automation. Each element presents a new price-point that needs to be considered, by customers and by vendors.

A benchmark gives a comparison of system performance based on a key performance indicator, such as latency, capacity, or throughput. Competitor systems are analyzed in like-for-like situations that optimize the solution, allowing a clear representation of the performance. Price benchmarks for data storage are ideal for marketing, showing customers exactly how much value for money a solution has against competitor vendors.

Benchmark tests reinforce marketing collateral and tenders with verifiable evidence of performance capabilities and how the transactional costs relate to them. Customers are more likely to invest in long-term solutions with demonstrable evidence that can be corroborated. Fully disclosed testing environments, processes, and results, give customers the proof they need and help vendors stand out from the crowd.

The Difficulty in Choosing

Storage solutions vary greatly, from cloud options to those that utilize on-premises software. Data warehouses have different focuses which impact the overall performance, and they can vary in their pricing and licensing models. Customers find it difficult to compare vendors when the basic data storage configurations differ and price plans vary. With so many storage structures available, it’s hard to explain to customers how output relates to price, appeal to their budget, and maintain integrity, all at the same time.

Switching storage solutions is also a costly, high-risk decision that requires careful consideration. Vendors need to create compelling and honest arguments that provide reassurance of ROI and high quality performance.

Vendors should begin by pitching their costs at the right level; they need to be profitable but also appealing to the customer. Benchmarking can give an indication of how competitor cost models are calculated, allowing vendors to make judgements on their own price plans to keep ahead of the competition. 

Outshining the Competition

Benchmark testing gives an authentic overview of storage transaction-based price-performance, carrying out the test in environments that imitate real-life. Customers can gain a higher understanding of how the product works in terms of transactions per second, and how competitors process storage data in comparison.

The industry-standard for benchmarking is the TPC Benchmark E (TPC-E), a recognized standard for storage vendors. Tests need to be performed in credible environments; by giving full transparency on their construction, vendors and customers can understand how the results are derived. This can also prove systems have been configured to offer the best performance of each platform.

A step-by-step account allows tests to be recreated by external parties given the information provided. This transparency in reporting provides more trustworthy and reliable outcomes that offer a higher level of insight to vendors. Readers can also examine the testing and results themselves, to draw independent conclusions.

Next Steps

Price is the driving factor for business decisions and the selection for data storage is no different. Businesses often look towards low-cost solutions that offer high capacity, and current trends have pushed customers towards cloud solutions which are often cheaper and flexible. The marketplace is full in regard to options: new start-ups are continually emerging, and long serving vendors are needing to reinvent and upgrade their systems to keep pace. 

Vendors need evidence of price-performance, so customers can be reassured that their choice will offer longevity and functionality at an affordable price point. Industry-standard benchmarking identifies how performance is impacted by price and which vendors are best in the market – the confirmation customers need to invest.


The post The Benefits of a Price Benchmark for Data Storage appeared first on GigaOm.

Continue Reading