About these ads

Archive

Posts Tagged ‘DNS’

November 2011 Cyber Attacks Timeline (Part II)

November 30, 2011 Leave a comment

The second half of November has confirmed the trend seen in the previous report covering the first half of the month. The period under examination has confirmed a remarkable increase in Cyber Attacks from both a quality and quantity perspective.

Although the month has been characterized by many small attacks, several remarkable events have really made the difference.

Among the victims of the month, Finland deserves a special mention in this unenviable rank: the second half of the month has confirmed the emerging trend for this country, which suffered in this period two further breaches of huge amounts of personal data, for a global cumulative cost, computed on the whole month, around $25 million.

But Finland was not the only northern European country hit by cybercrookers (maybe the term cyberprofessionals would be more appropriate): Norwegian systems associated with the country’s oil, gas and energy sectors were hit with an APT based cyber attack resulting in a loss of sensitive information including documents, drawings, user names and passwords.

But once again the crown of the most remarkable breach of the month is placed upon the head of South Korea which suffered another huge data dump affecting users of the popular MMORPG “Maple Story” affecting theoretically 13 million of users, nearly the 27% of the Korean population, for an estimated cost of the breach close to $2.8 billion.

The list of affected countries this month includes also 243,089 Nigerian users, victims of the hack of Naijaloaded, a popular forum.

Microsoft has been another victim in this November, with a phishing scam targeting Xbox Live users. Details of the scam are not clear, although each single affected user in U.K. might have lost something between £100 and £200 for a total cost of the breach assimilable to “million of Pounds”.

November will make history for showing for the first time to information security professionals the dangers hidden inside the SCADA universe (and not related to Nuclear Reactors). The echo of Stuxnet and Duqu is still alive, but this month was the the turn of SCADA water pumps, that have suffered a couple of attacks (Springfield and South Houston), the first one allegedly originated from Russia and the second one from a “lonely ranger” who considered the answer from DHS concerning the first incident, too soft and not enough satisfactory. My sixth sense (and one half) tells me that we will need to get more and more used to attacks against SCADA driven facilities.

The Anonymous continued their operations against governments with a brand new occurrence of their Friday Releases, targeting a Special Agent of the CA Department and leaking something like 38,000 emails. Besides from other some sparse “small” operations, the other remarkable action performed by the Anonymous collective involved the hacking of an United Nations (old?) server, that caused personal data of some personnel to be released on the Internet.

November Special mentions are dedicated (for opposite reasons) to HP and AT&T. HP for the issue on their printers discovered by a group of Researchers of Columbia Univerity, which could allow a malicious user to remotely control (and burn) them. AT&T deserved the special mention for the attack, unsuccessful, against the 1% of its 100 million wireless accounts customer base.

In any case, counting also the “minor” attacks of the month, the chart shows a real emergency for data protection issues: schools, e-commerce sites, TVs, government sites, etc. are increasingly becoming targets. Administrators do not show the deserved attention to data protection and maybe also the users are loosing the real perception of how much important is the safeguard of their personal information and how serious the aftermaths of a compromise are.

As usual, references for each single cyber attack are reported below. Have a (nice?) read and most of alle share among your acquaintances the awareness that everyone is virtually at risk.

Related articles

Read more…

About these ads
Categories: Cyber Attacks Timeline, Security Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

September 2011 Cyber Attacks Timeline (Part I)

September 15, 2011 5 comments

So here it is, also for this month, the first part of My Cyber Attacks Timeline covering the first half of September.

Apparently It looks like the wave of the Anonymous attacks that characterized August has stopped. Even if several isolated episodes occurred, their impact was slightly lower than the previous months.

Probably the most important security incident for this month was the Diginotar Hack, not only because the Dutch Certification Authority has been banned forever by the main browsers and OSes but also because all the authentication model based on CAs is under discussion. Moreover once again a cyber attack has been used as a mean of repression. This incident is a turnkey point for information security but in my opinion also the DNS hacks by Anonymous Sri Lanka and Turkguvenligi are noticeable since they reinforce the need for a quick adoption of DNSSEC.

For the first time not even the Linux Operating System (an open world) was immune from hackers: both the Linux Kernel and the Linux Foundation Web Sites were hacked during this month, two episodes that Penguin Lovers will remember for a long time.

Easily predictable an attack recalling 9/11 carried on against the Twitter Account of NBC News was also reported.

Other noticeable events: three huge data breaches were reported, four attacks with political motivations targeting India, Nigeria, Colombia, and the Russia Embassy in London were perpetrated and another security vendor (Panda Security) was indirectly targeted.

The remainder of the month was characterized by many smaller attacks (mostly defacements and data leaks) and an actress (Scarlett Johansson) was also victim of data leaks.

Useful Resources for compiling the table include:

And my inclusion criteria do not take into consideration simple defacement attacks (unless they are particularly resounding) or small data leaks.

Date Author Description Organization Attack
Sep 1

?

Kernel.org

The site of Kernel.org suffered a security breach leading which caused the server to be rooted and 448 credential compromised. Although it is believed that the initial infection started on August the 12th, it was not detected for another 12 days.


rootkit (Phalanx)
Sep 1
Apple, Symantec, Facebook, Microsoft, etc.

The Sri Lankan branch of Anonymous claims to have hacked into the DNS servers of Symantec, Apple, Facebook, Microsoft, and several other large organizations over the past few days,  posting the news and records of its exploits on Pastebin.


DNS Cache Snoop Poisoning
Sep 1 ?
Birdville Independent School District

Two students hack into their school district’s server and accessed a file with 14,500 student names, ID numbers, and social security numbers. Estimated cost of the breach is around $3,000,000.

?
Sep 2 Texas Police Chiefs Association

As usual happens on Fridady, Texas Police Chiefs Association Website is hacked by Anonymous for Antisec Operation. Hacker defaced their website and posted 3GB of data in retaliation for the arrests of dozens of alleged Anonymous suspects. According to Hackers the site has been owned for nearly one month.

SQLi?
Sep 2
EA Game Battlefield Heroes

One of the most famous games over the world Battlefield Heroes developed by EA Games is hacked by a hacker named “Why So Serious?” who leaks the User Login passwords on pastebin

SQLi?
Sep 2
vBTEAM Underground

Vbteam.info, the underground vBulletin Hacking website is hacked by “Why So Serious?“, who leaks 1400+ accounts of the Vbteam.info forum in pastebin.

SQLi?
Sep 3 Nomcat
Indian Government

An Indian Hacker named “nomcat” claims to have been able to hack into the Indian Prime Ministers Office Computers and install a Remote Administration Tool) in them. He also Exposes the Vulnerability in Income Tax website and Database Information.

SQLi?
Sep 4

Popular Websites: : Daily Telegraph, The Register, UPS, Vodafone

Popular websites including The Register, The Daily Telegraph, UPS, and others fall victim to a DNS hack that has resulted in visitors being redirected to third-party webpages. The authors of the hack, a Turkish group called Turkguvenligi, are not new to similar actions and leave a message declaring this day as World Hackers’ Day.


DNS Hijacking
Sep 5
Mobile App Network Forum

Mobile APP Network Forum is Hacked by “Why So Serious?”. He leaks over 15.000 accounts of the community (Forum) on Pastebin in two parts (Part 1 and Part 2).

SQLi?
Sep 5

European Union Institute For Energy and Transport

One of the Sub domain of European Union (Institute for Energy) is hacked and Defaced by Inj3ct0r. Hackers deface the web page, release some internal details and leave a message against Violence in Lybia and Russian influence in Ukraine.

http://ie.jrc.ec.europa.eu
Defacement
Sep 5  Cocain Team Hackers United Nations Sub Domain of Swaziland

United Nations Sub-Domain of Swaziland is hacked and defaced by Cocain Team Hackers. 

UN Logo
Defacement
Sep 5
Uronimo Mobile Platform

The Uronimo Mobile platform is hacked by Team Inj3ct0r. They leak the web site database and release on Pastebin internal data including Username, Hash Password, emails and Phone Numbers of 1000 users. Estimated Cost of the Breach is $214,000.


SQLi?
Sep 6 Comodo Hacker
Diginotar

The real extent of the Diginotar breach becomes clear: 531 bogus certificates issued including Google, CIA, Mossad, Tor. Meanwhile in a pastebin message Comodo Hacker states he own four more CAs, among which GlobalSign which precautionally suspends issuance of certificates.


Several Vulnerabilities
Sep 7 ?
Beaumont Independent School District

The superintendent of schools for Beaumont Independent School District announces that letters are being mailed to parents of nearly 15,000 of its 19,848 students to inform them of a potential breach of data that occurred recently. Inadvertently, private information including the name, date of birth, gender, social security number, grade and scores on the Texas Assessment of Knowledge and Skills (TAKS) exam of students who were in the third through 11th grades during the 2009-2010 school year–were potentially exposed.  Estimated cost of the breach is $3,210,000.


Human Mistake
Sep 7 ?
Stanford Hospital, Palo Alto, Calif.

A medical privacy breach leads to the public posting on a commercial Web site of data for 20,000 emergency room patients at Stanford Hospital in Palo Alto, Calif., including names and diagnosis codes. The information stayed online for nearly a year from one of its vendors, a billing contractor identified as Multi-Specialty Collection Services, to a Web site called Student of Fortune, which allows students to solicit paid assistance with their schoolwork. Estimated Cost of The Breach is $4,280,000.

Human Mistake
  Sep 9 Comodo Hacker
GlobalSign

After suspending issuing certificates, GlobalSign finds evidence of a breach to the web server hosting the www website. The breached web server has always been isolated from all other infrastructure and is used only to serve the http://www.globalsign.com website.


?
Sep 9
 Comodo Hacker
Google

As consequence of the infamous Diginotar Breach Google advises its users in Iran to change their Gmail passwords, and check that their Google accounts have not been compromised. Google also indicates that it is  directly contacting users in Iran who may have been hit by a man-in-the-middle attack.


Man In The Middle
Sep 9
NBC News

The NBC News Twitter account is hacked and starts to tweet false reports of a plane attack on ground zero. The account is suspended and restored after few minutes.


Trojan Keylogger  via Email
Sep 9 ?
Samsung Card

Data of up to 800,000 Samsung Card clients may have been compromised after an employee allegedly extracted their personal information. The Breach was discovered on Aug. 25 and reported to police on Aug. 30. It is not clear what kind of information has been leaked, maybe the first two digits of residence numbers, the names, companies and mobile phone numbers were exposed. Estimated cost of the breach is $171,200.000.


Unauthorized Access
Sep 10 ?
BuyVIP (Amazon Owned)

Although not officially confirmed, BuyVIP users received an e-mail informing that their database had been hacked. Apparently, the website had been offline for a couple days and it looks like that not only names and email addresses were retrieved, but also birth dates, real shipping addresses as well as phone numbers.


SQLi
Sep 11 ?
Linux Foundation

Few weeks after the kernel.org Linux archive site suffered a hacker attack, the Linux Foundation has pulled its websites from the web to clean up from a security breach. A notice posted on the Linux Foundation said the entire infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011.

Linux Foundation
SQLi?
Sep 11
AryansBook.com

Anonymous leaks the complete database from a well known nazi website AryansBook.com and posts the content on The Pirate Bay. This is a fight towards racism of any kind.

AryansBook
SQLi?
Sep 12 ?
Bitconitalk Forum

An unknown hacker uses a zero day flaw to steal email addresses, hashed passwords and read personal messages from the bitcointalk.org forum. Forum administrators said the attacker gained root access on 3 September and was able to run arbitrary PHP code not detected until the attacker injected “annoying JavaScript” into the forum pages a week later: the Javascript splashed actor Bill Cosby across the forums and replaced all references to BitCoin with CosbyCoin.

Bitcoin
0-day exploit in SMF
Sep 12 ?
Nigerian Government Website

Nigerian Government Website is hacked and defaced by Brazilian Hackers that leave a message in the main page.


Defacement
Sep 12 ?
Vacationland Vendors

A hacker gains unauthorized access to the card processing systems at Wilderness Waterpark Resort  and improperly acquires 40,000 credit card and debit card information. Estimated Cost of the Breach is $8,560,000.


N/A
Sep 12 X-Nerd Panda Security

Another Security Company Hacked: a hacker going by the name of X-Nerd hacks and defaces the Pakistan Server of a very well known security software website:  Panda Security.


SQLi?
Sep 12 ?
Russian UK Embassy

Just before Prime Minister David Cameron’s first visit to Moscow, the website belonging to the Embassy Of The Russian Federation in London was taken down by hackers. It seems as the attack was launched in sign of protest to the upcoming visit after a 5-year break in which no British leader went to Moscow.

DDoS
Sep 13 Cyb3rSec
thetvdb.com

Cyb3rSec dumps a list of 3500+ Accounts from the forum thetvdb.com.

SQLi?
Sep 13
top100arena.com

Albanian hackers belonging to Albanian Cyber Army exploit one of the biggest Game Arena site “Top100″ database using SQL injection attack. They leak the database on mediafire.

SQLi
Sep 14
President of Bolivia (presidencia.gob.bo)

SwichSmoke crew hacks the site belonging to President of Bolivia and dumps the leaked data on pastebin.

Various Exploits
Sep 14 ?
uTorrent.com

The uTorrent.com Web servers has been compromised and consequently the standard Windows software download was replaced with a type of fake antivirus “scareware” program.

  SQLi
Sep 14 ?
Bright House Networks

Bright House Networks, the sixth largest owner and operator of cable systems in the U.S., has sent a letter to customers warning that they may have been exposed after servers used to process Video on Demand (VOD) were breached.

  ?
Sep 14 ?
Scarlett Johansson

Also an actress may be victim of hackers: The FBI investigate reports that nude photos of a famous celebrity (allegedely Scarlett Johansson) have been leaked onto the web. The day before Twitter was flooded with messages claiming to link to naked pictures of her, which were allegedly stolen from her iPhone by a hacker earlier this year.

  ?
Sep 15 Stohanko
Various Sites

More than 101 sites, with huge amount of data and personal information which ranges from emails, phone numbers, to full names and addresses, have been hacked by an hacker dubbed Stohanko. At this link a list of the hacked sites and the links to dumped data.

?

Is It Time for DNSSEC?

September 5, 2011 2 comments

DNSSEC in European Country Code Top Level Domains (green=deployed, yellow=planning to deploy) Source RIPE NCC

The media are in a frenzy today, reporting a wave of attacks against popular websites such as Daily Telegraph, The Register, UPS, Acer, Vodafone.com and others. All the attacks utilized the same method (DNS Hijacking) and have been carried on by the same Turkish Group: Turkguvenligi.

Turkguvenligi is not new to such similar actions (early this August, the same crew defaced the web site of HSBC Korea), what is really new is the fact that in this last month the current DNS protocol is showing all its limits and security issues, recalling the need for a quick adoption of DNSSEC, the well known and long awaited evolution of the Domain Name System Protocol, which aims to prevent attacks such as DNS Hijacking or DNS Cache Poisoning by mean of digitally signing the records for DNS lookup using public-key cryptography.

Looking back to the last cyber attacks, DNS has been under pressure and has become a privileged direct and indirect target: at the end of August Anonymous Sri Lanka claimed (although not confirmed) to have hacked into the DNS servers of Symantec, Apple, Facebook, Microsoft, and several other large organizations by mean of DNS Cache Poisoning. Moreover DNS protocol was also involved on the propagation of the infamous RDP capable W32.Morto worm which established, according to Symantec, a new (DNS) record, since the researchers of the security firm discovered on the malware a communication mechanism using the DNS TXT records towards hard coded domains a customary to receive binary signature and an IP address where to download a file (typically another malware) for execution.

Of course not even the dramatic Diginotar affair (whose impact is much greater than expected since it looks like the attackers forged fake SSL certificates for more than 200 domains including Mossad, CIA, etc.) can be considered completely unrelated to the question since, if used in combination (and as a complement) with SSL, although not perfect, DNSSEC could provide an alternative method to validate that the surfer is connecting to the correct site (this attack is particularly meaningful, today we do not have DNSSEC and we cannot trust CAs anymore…).

Unfortunately, although designed to be fully backward compatible with the current protocol implementation, DNSSEC is not something which can be enabled by the user, but involves a reconfiguration at the server level (and introduces new concerns such as Zone Enumeration Issue and Key Management).

Nevertheless more and more ISPs and agencies are adopting this technology since 2005 (for instance RIPE NCC). A crucial step has been made on 2010 with the DNSSEC adoption at the root level, and also client applications are offering DNSSEC validation, as Google Chrome does, which provides full DNSSEC Validation in version 14.

And Italy? It looks like we will be slave of DNS Security issues for a long time: in the “DNSSEC Deployment Today” Document issued by NCC RIPE, Italy is sadly marked gray, indicating there is no adoption plan so far.

Il 2011 Secondo Arbor Networks? Me Lo Tolgo DDoS…

February 8, 2011 3 comments

Arbor Networks, il principale produttore di sensori anti-DDoS, oramai da qualche anno tiene sotto controllo, con l’aiuto dei principali operatori, la madre di tutte le reti al fine di studiare l’andamento degli attacchi DDoS ed i relativi trend di diffusione.

Dal lontano 2005 Arbor Networks pubblica annualmente il Worldwide Infrastructure Security Report che riassume i dati raccolti nei 12 mesi che spaziano da ottobre 2009 a settembre 2010, e consente di capire cosa è accaduto dal punto di vista della sicurezza infrastrutturale nel corso dell’anno appena passato, permettendo nel contempo di gettare le basi per tracciare l’evoluzione dei grandi attacchi geografici nel corso del 2011.

Naturalmente il 2010, uno degli anni più “prolifici” per quanto riguarda gli eventi di sicurezza, non ha fatto mancare le sorprese nemmeno per gli attacchi DDoS. I risultati, sintesi di un questionario di 113 domande posto a 111 operatori appartenenti a Stati Uniti, Canada, America Centro-Meridionale, EMEA, Africa e Asia sono riassunti nei punti sottostanti:

Alcuni Dati Preliminari

Il 68% degli intervistati ha indicato che gli attacchi DDoS verso i propri clienti sono stati una minaccia significativa nei 12 mesi oggetto della survey. Il 61% degli intervistati ha anche identificato corresponsabilità nelle configurazioni errate o nei malfunzionamenti degli apparati. Come si nota in questa poco invidiabile classifica anche le Botnet (e gli effetti collaterali derivanti) occupano posizioni di tutto rispetto.

Per quanto riguarda gli attacchi a livello applicativo ai primi posti si classificano HTTP, DNS e SMTP seguiti da SIP/VoIP e HTTPS. All’interno di “Other” ricadono protocolli quali SSH, FTP, Telnet, RDP, SQL, IRC, etc.

Mentre le maggiori preoccupazioni di sicurezza hanno coinvolto attacchi verso i clienti, attacchi verso i servizi accessori degli operatori, attacchi verso gli apparati di rete, botnet e nuove vulnerabilità. Interessanti soprattutto quest’ultime poiché rilevate , in questo caso, da un produttore di sicurezza infrastrutturale analogamente a quanto fatto da alcuni produttori di sicurezza dell’endpoint.

Andando ad Analizzare i risultati della survey nel suo complesso, ecco i punti di maggior interesse:

Lascia e Raddoppia.

Nel corso del 2010 il volume degli attacchi DDoS è drammaticamente aumentato.. Il respiro lasciato agli amministratori di rete negli anni 2008 e 2009 è stato illusorio e quest’anno per la prima volta è stata superata la barriera dei 100 Gbps in un singolo attacco. Questo volume di fuoco è praticamente raddoppiato rispetto all’analogo evento rilevato nel corso del 2009 (aumento del 102%) ed è addirittura aumentato di un fattore 10 (corrispondente ad un iperbolico 1000%) rispetto al 2005, anno di rilevazione della prima survey

Gli attaccanti si “applicano” sempre di più

I data Center e gli operatori mobili e wireless hanno registrato un incremento del livello di sofisticazione e impatto operativo degli attacchi in quanto gli attaccanti si sono rivolti, nel corso del 2010, con maggiore insistenza verso attacchi DDoS al livello applicativo verso i propri servizi o quelli dei propri clienti.

La disponibilità è sempre più cara

Secondo l’analisi di Arbor Networks, gli operatori di infrastrutture mobili e wireless hanno dovuto sudare le proverbiali sette camicie nel 2010 per mantenere la disponibilità dei servizi. Questo si deve alla scarsa visibilità che gli stessi hanno relativamente al traffico che transita dentro le proprie infrastrutture di rete. Nel corso dell’analisi dei possibili proto-botnet di androidi ho ribadito la necessità di un nuovo modello di sicurezza per gli operatori mobili (una botnet all’interno di una rete mobile sarebbe estremamente difficile da identificare e bloccare), questa evidenza di Arbor Networks tende senza dubbio verso questa direzione, con l’ulteriore aggravante che il produttore afferma, forse provocatoriamente, che, seppur con qualche eccezione, molti operatori mobili o wireless hanno un modello di sicurezza confrontabile a quello che gli operatori fissi avevano 8/10 anni orsono.

Quando si parla di DDoS i muri di fuoco fanno acqua da tutte le parti…

… E gli IPS non sono da meno.  Se (a detta del produttore) gli operatori mobili, i Data Center e gli operatori VoIP stanno adottando un modello di sicurezza obsoleto, parte della responsabilità si deve all’adozione di tecnologie del decennio scorso quali firewall di tipo stateful e sistemi IPS (Intrusion Prevention) che abbassano il livello di sicurezza e rendono la rete più suscettibile ad attacchi DDoS. A mio avviso questa osservazione un po’ forzata. Capisco che un DDoS da 100 Gbps si può mitigare solamente redirigendo il traffico, ma quanti sono i DDoS a 100 Gbps?  Un firewall ben configurato (e qui sta il difficile) è in grado di mitigare la maggior parte dei DDoS da comuni mortali. A parte questa distinzione  non ho potuto fare a meno di notare la sottigliezza nel passaggio sottostante:

In light of the growth in application-layer DDoS attacks, such devices (Firewall e IPS ndr) frequently lower the overall security postures of operators by acting as stateful DDoS chokepoints—rendering networks more susceptible to both deliberate and inadvertent DDoS attacks.

In cui lo stateful chokepoint (ovvero punto di blocco) richiama molto da vicino lo stateful Checkpoint (ovvero il produttore di firewall israeliano inventore della tecnologia di Stateful Inspection).

Gli Attacchi DDoS sono una cosa seria

I media hanno riportato, nel corso del 2010 numerosi esempi di attacchi di DDoS motivati da dispute politiche o ideologiche, il più famoso dei quali ha sicuramente interessato l’arcinota questione di Wikileaks. Il livello e la diffusione di questa tipologia di attacchi è cresciuta talmente che oramai sono diventati un problema per i livelli esecutivi di un’Organizzazione (e fonte di servizi per le aziende di sicurezza). Che siano diventati una cosa seria lo dimostra anche il recente attacco effettuato al sito del Governo Italiano da parte del Gruppo Anonymous.

Il DNS, questo sconosciuto (per la sicurezza)

Purtroppo la scarsa attenzione prestata da molti provider ai problemi di sicurezza del DNS, ha fatto si che il servizio di risoluzione dei nomi, fondamentale per le usuali operazioni di navigazione e di accesso a qualsiasi servizio, sia diventato suo malgrado protagonista degli attacchi DDoS, che consentono, con relativa facilità, di buttare giù un servizio e renderlo indisponibile in maniera relativamente semplice. La conseguenza è che, nel corso del 2010, il servizio DNS è stato protagonista vittima di numerosi attacchi di tipo DNS Reflection o DNS Amplification.

IPv6 Sicurezzav4

L’analisi ha dimostrato una crescente preoccupazione degli operatori che sono passati a IPv6 nell’applicare le stesse precauzioni e misure di sicurezza adottate per il controllo dell’IPv4. Le preoccupazioni sono anche aumentate dalla necessità di inserire dispositivi per la compatibilità dei due protocolli.

Mancanza Cronica di Team di Gestione Organizzati

Uno dei motivi di maggiore rischio nella gestione degli incidenti (e nella conseguente dilatazione relativistica dei tempi di mitigazione degli stessi) è rappresentato dalla mancanza cronica di risorse con le necessarie competenze, da organizzazioni che adottano processi a compartimenti stagni (o a silo come li definiscono gli anglosassoni) e dalla mancanza di responsabilità e policy chiare e definite. Questo punto evidenza, come il contrasto agli eventi DDoS non sia una questione meramente tecnologica ma passa attraverso l’adozione di ben definite procedure di gestione degli incidenti.

La Legge Non è Uguale Per Tutti

A causa della scarsa fiducia nelle istituzioni competenti che dovrebbero investigare gli incidenti di sicurezza e perseguire gli autori (e anche a causa della mancanza di risorse specializzate), diversi operatori preferiscono non denunciare gli incidenti, soprattutto in contesti in cui dovrebbero passare attraverso molteplici giurisdizioni.

Infrastrutture Critiche (di nome ma non di fatto)

Sebbene molti operatori vedano di buon occhio la formazione di Cyber-eserciti nazionali (o sarebbe meglio dire Computer Emergency Response Team Nazionali), durante la survey hanno manifestato scarsa fiducia nelle misure adottate dai governi per proteggere le infrastrutture critiche, misure che ritengono non adeguate al livello di esposizione delle stesse.

Concludendo… Concludendo…

Il DDoS non abbandonerà questi lidi nemmeno nel corso del 2011, ed è  anzi destinato a incrementare i suoi effetti nefasti. Ponendo l’attenzione su un punto specifico, è evidente che la nuova frontiera degli attacchi DDoS diventeranno purtroppo gli operatori mobili, sia come destinazione che (presumibilmente) come sorgenti. Da un lato dal report si evince che le loro infrastrutture non sono all’altezza dei livelli di sicurezza richiesti, dall’altro le minacce (e quindi le botnet) si stanno spostando sempre di più verso gli endpoint mobili. In questo contesto le preoccupazioni ed i grattacapi per gli operatori dovrebbero essere duplici: da un lato le proprie reti potrebbero essere sorgenti di attacchi DDoS (difficilmente tracciabili se è vero, come indicato dal report, che una delle difficoltà per gli operatori mobili e wireless consiste proprio nel controllo del traffico originato dalle loro infrastrutture), dall’altro i dispositivi compromessi potrebbero essere vittime di Data Leackage (ovvero furto di informazioni).

Follow

Get every new post delivered to your Inbox.

Join 3,175 other followers