Slashdot Mirror

← Back to Stories (view on slashdot.org)

Targeted Attacks Focus On Economic Cyberterrorism

Posted by samzenpus on from the serious-gold-farmers dept.

Orome1 writes "When it comes to dangerous Web threats, the only constant is change and gone are the days of predictable attack vectors. Instead, modern blended threats such as Aurora, Stuxnet, and Zeus infiltrate organizations through a variety of coordinated tactics, usually a combination of two or more. Phishing, compromised websites, and social networking are carefully coordinated to steal confidential data, because in the world of cybercrime, content equals cash. And, as a new Websense report illustrates, the latest tactics have now moved to a political and nationalistic stage. Cybercriminals and their blended attacks are having a field day taking advantage of security gaps left open by legacy technologies like firewalls, anti-virus, and simple URL blockers."

10 of 73 comments (clear)

  1. "Legacy"? by girlintraining · · Score: 4, Insightful

    Cybercriminals and their blended attacks are having a field day taking advantage of security gaps left open by legacy technologies like firewalls, anti-virus, and simple URL blockers."

    Calling something legacy implies that there's something better to replace those technologies with. Those technologies have not been replaced by some revolutionary new technology that does all that and holds your d--- while you piss too. And they were never intended to be a pancea -- they are intended to augment information security, not act as a substitute for it.

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:"Legacy"? by Defenestrar · · Score: 4, Insightful

      If it's about giving someone the money to fix the problem, then all you have to do is follow the slurs to find the money.

      ...security gaps left open by legacy technologies like firewalls, anti-virus, and simple URL blockers.

      So the terror monger here is likely to be someone who makes money through (producing or advertising) two factor authenticator, an alternate active-DNS, or an ISP selling the "we filter the internet for you" service.

      And checking net-security.org's "about us:"

      Help Net Security is recognized as a media sponsor of leading information security conferences around the globe including: RSA Conference US, RSA Conference Europe, Infosecurity Europe, CSI, InfoSec World Conference & Expo, SC World Congress and more.

      I think we have a winner. Why does the cynical approach have to be right so often?

    2. Re:"Legacy"? by poetmatt · · Score: 2, Insightful

      what you're talking about is more about setting standards, not legislation. There are already best practices in place for stuff like this, it's more that people don't follow them.

    3. Re:"Legacy"? by mrheckman · · Score: 2, Insightful

      Firewalls, anti-virus, and URL blockers are not legacy systems at all. They are the state of the art in security precisely because they have to protect legacy operating systems and applications, or new systems built to be backward compatible with legacy systems, which are the real "legacy" problem.

      People use all sorts of old software because they have such a huge investment in systems and applications that are built on them. But that old software keeps needing to be patched. For example, there's Windows, of course, 'nuf said, and applications like Adobe Reader. Adobe has to come out with a new patch every week to fix another critical flaw, but they can't simply drop it and start from scratch to fix fundamental flaws - it's not economically feasible. And large numbers of businesses still use IE6, for crying out loud, because of all the infrastructure they've built around it. You can put all the security system armor you want around that soft, chewy center, but there will always be gaps.

      As critics like Bruce Schneier have been pointing out for a long time, on the other hand, we've known how to prevent whole classes of attacks for many years, but no one seriously expects these fixes to be implemented because of the economics.

      That said, there's no protection when administrators and users do stupid things with passwords and the like. Phishing will always work, no matter how hardened we make our systems. At best, we can put bounds on the damage.

  2. Was This Story Summary Written By by Anonymous Coward · · Score: 1, Insightful

    this book salesman? Because it has NO content.

    Yours In Electrogorsk,
    Kilgore Trout.

  3. Money for nothing and chicks for free by Sheik+Yerbouti · · Score: 3, Insightful

    Hey I bet Websense will sell you the solution to the problems cited in the report who wants to take a bet.

  4. Cybercrime != Cyberterrorism by SirGarlon · · Score: 4, Insightful

    I think any sensible definition of "terrorism" has to involve violence -- people in meatspace getting killed or at least hurt. I read TFA and the only connection it had to terrorism was in the headline. Skimming credit card numbers is not terrorism (though it could be used to finance terrorist activities). Spreading malware through Facebook is not terrorism (though a botnet could be used in conjunction with a terrorist attack, maybe).

    I am not aware of terrorists ever having made a "cyber terror attack." Most extremist groups are looking for a bigger shock value than they can get by knocking out Google's Web server or even bringing down the electric grid in half the United States (either of which could be accomplished by a misplaced backhoe or a freak thunderstorm). Actually they would much rather blow up a school bus or something. A lone gunman can create more of a scare and get more PR for the cause than could a group of crack cyber-terrorists who managed to reproduce the U.S. blackout of 2005.

    To label any and all malicious activity is disingenuous. It grabs some attention and helps you sell something in the short run, but in the long run, crying wolf is a disservice to the public and it doesn't pay off.

    --
    [Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
    1. Re:Cybercrime != Cyberterrorism by Anonymous Coward · · Score: 1, Insightful

      No.

      Terrorism is a method. You achieve effects by creating terror among your targets.

      Damage is not the same. That's an attack, but it isn't terrorism.

  5. Attacks build immunity. by couchslug · · Score: 2, Insightful

    I'd like to see a much more hostile internet to coerce better security practices. People in general won't care about such things unless and until it is forced upon them by events.

    If they won't change unless someone "breaks their shit", then that needs to happen.

    --
    "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
  6. Re:Nations are stupid by girlintraining · · Score: 1, Insightful

    That doesn't mean that it always goes well, but that's the general idea. You seem to be suggesting that ALL nations are oppressive because some nations are oppressive to thugs. Denying liberty to those who seek to deny liberty to others is not oppression. It's the opposite.

    All laws benefit one group by disadvantaging another. What you're calling liberty is just screwing over a minority to benefit a majority, and what you're calling tyranny is benefiting a minority by screwing over a majority. Both are oppressive, the difference is one group knows it and the other group posts on slashdot about how great it is to live in a "free" society.

    --
    #fuckbeta #iamslashdot #dicemustdie