Slashdot Mirror
Targeted Attacks Focus On Economic Cyberterrorism
Orome1 writes "When it comes to dangerous Web threats, the only constant is change and gone are the days of predictable attack vectors. Instead, modern blended threats such as Aurora, Stuxnet, and Zeus infiltrate organizations through a variety of coordinated tactics, usually a combination of two or more. Phishing, compromised websites, and social networking are carefully coordinated to steal confidential data, because in the world of cybercrime, content equals cash. And, as a new Websense report illustrates, the latest tactics have now moved to a political and nationalistic stage. Cybercriminals and their blended attacks are having a field day taking advantage of security gaps left open by legacy technologies like firewalls, anti-virus, and simple URL blockers."
Cybercriminals and their blended attacks are having a field day taking advantage of security gaps left open by legacy technologies like firewalls, anti-virus, and simple URL blockers."
Calling something legacy implies that there's something better to replace those technologies with. Those technologies have not been replaced by some revolutionary new technology that does all that and holds your d--- while you piss too. And they were never intended to be a pancea -- they are intended to augment information security, not act as a substitute for it.
#fuckbeta #iamslashdot #dicemustdie
Maybe its time to work on better out of band authentication and confirmation devices.
Take the IBM ZTIC that plugs into a USB port, and communicates encrypted from the device itself to the bank, just using the computer as a passthrough. This is what needs to be worked on, and maybe banks should start handing these out to customers. This way, even if an end user's computer is infected, their bank account couldn't be logged into without the device, and even if someone was to gain access upon logging on, all bank transfers would have to be confirmed on the ZTIC, so a quick transfer of funds would be caught and denied.
Applying this to MMOs, maybe the ZTIC device to confirm character transfers or deletion, as well as be needed to confirm logging on.
The advantage of using the ZTIC device over a cellphone for this is that the ZTIC device is simple -- it isn't a full fledged computer like a cell phone, and only does one task. Of course, exploits might be found, but the attack surface for this device is a lot smaller than a general purpose machine.
I think any sensible definition of "terrorism" has to involve violence -- people in meatspace getting killed or at least hurt. I read TFA and the only connection it had to terrorism was in the headline. Skimming credit card numbers is not terrorism (though it could be used to finance terrorist activities). Spreading malware through Facebook is not terrorism (though a botnet could be used in conjunction with a terrorist attack, maybe).
I am not aware of terrorists ever having made a "cyber terror attack." Most extremist groups are looking for a bigger shock value than they can get by knocking out Google's Web server or even bringing down the electric grid in half the United States (either of which could be accomplished by a misplaced backhoe or a freak thunderstorm). Actually they would much rather blow up a school bus or something. A lone gunman can create more of a scare and get more PR for the cause than could a group of crack cyber-terrorists who managed to reproduce the U.S. blackout of 2005.
To label any and all malicious activity is disingenuous. It grabs some attention and helps you sell something in the short run, but in the long run, crying wolf is a disservice to the public and it doesn't pay off.
[Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.