Cybercrime, either for financial gain or hacktivist tendencies is on the rise. The US and UK governments have invested significant sums in the last 12 months on new defence measures and research centres. The sci-fi talk of 'cyber war' is becoming an increasing reality, but what are the new attack vectors and what can be done to defend against them?
Changing Priorities, Changing Targets
Arnie Bates from Scotia Gas Networks described that freely available tools, are now commonplace and can help a potential cyber attacker, to initiate distribute denial of service (DDOS) attacks simply and easily, without complex development skills, that would have been required only a few years ago. The simplicity of attack initiation, has lead to 'simple' attacks resulting in more sophisticated impact, as highlighted by Misha Glenny, Writer and Broadcaster, who pointed to the recent attack on the Associated Press' Twitter account. The attack itself seemed simple, but the resulting impact on the NYSE was tangible.
Hacktivism -v- Financial Reward
DS Charlie McMurdie from the MET Police's cyber crime unit, articulated the need to identify the true motive for each cyber crime attack. The majority of attacks being reported, derive from a financial motive. Whilst hacktivism is still an important protest tool, the greater complexity and rise in attacks is based on a monetary reward, either directly through theft or via indirect theft of identity credentials, that in turn lead to a cash reward for a successful attacker. From a government perspective, Adrian Price from the UK's MoD, described how state level espionage is still a major concern, as it has been for decades, but now the attack vectors have simply moved online. And whilst state level attacks could ultimately lead to government involvement and ultimately war and loss of life, national defence related attacks still fall under the protest category, if a government's political and foreign policy is openly objected to.
Defence Via Shared Intelligence
Whilst DS McMurdie described there isn't a "signal bullet to defend against" when it comes to cyber attacks, there equally isn't a silver bullet that will provide ultimate protection. Private sector organisations still need to promote cyber awareness and education to generate a more cross-departmental approach to defence. At the national and critical infrastructure level, shared intelligence initiatives will help provide a more adaptable and responsive defense mechanism.
By Simon Moffatt