06.12.2013 • Views

Can we expect a cyberwar resurgence?, Abney

Neohapsis security experts predict that next year there will be a cyberwar resurgence, the cloud will begin to show its hidden costs, and privacy will continue to lose in the US legislature. 1. We’ll see a cyberwar redux: Details on nation-state cyber capabilities and activities of countries other than the known big players will begin to be revealed. Geopolitics has many fronts, and it’s to your advantage to play in every event. So, it’s fair to assume there are players as yet unknown - whether smaller countries or larger ones that haven’t been exposed yet. In addition to political battles over the internet's fate [see prediction 4 below], countries will continue to covertly gain advantage over each other via the internet. We will begin to see more details on the activities of countries other than the USA (and allies), China, Russia or Iran. While you can probably guess the obvious players, those that come to mind as likely undertaking cyber activity under the public’s radar include: India, Indonesia, Brazil, Pakistan, Japan, Mexico, Germany, France, Italy, and South Africa. And that’s only going through the top 25 countries by population! 2. The cloud will begin to show its unseen costs: We will see an increasing number of breaches of customer-specific cloud assets. This won't be due to weaknesses in the cloud service or its technology but on the integration, configuration, and operation of it by the customer...

ePAPER READ

DOWNLOAD ePAPER

mavigham

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

concerns have resulted in some countries attempting to reduce their reliance on US benevolence by

either strict internet controls (as in China) or through a “parallel internet” (as Iran has discussed).

The USA has generally stood on the side of online freedom – except where copyright is concerned – but

those pushing for change are largely seeking to restrict freedom of communication or information. Any

change away from online freedom is concerning. Whether IETF, ICANN, or the United Nations, the

internet will continue to be a space for political forces to battle. However, US adversaries will begin to

form a more coherent opposition.

5. DDoS will get sneaky: DDoS attackers will accelerate a move from simple volumetric attacks to

attacks which take advantage of a site's specific performance.

DDoS attacks that intelligently target bottlenecks in performance, such as pages with a high server load

(e.g. database writes) or specific network bottlenecks (e.g. login/session management), can magnify

impact over attacks which are volume-based or naively request the homepage of a site.

Whether naive guessing, timing analysis, or adaptive statistical analysis during the attack, these attacks

will require targets to deal with the specific part of their site that is causing problems rather than

dealing with it at a purely network level. We will begin to see the spread of tools which profile specific

targets and attack based upon certain weaknesses in configuration or implementation. Attackers will

begin to use adaptive and intelligent DoS techniques, and as a result, we will begin to see performance

impacts disproportionate with traditional DDoS, and the need for more nuanced defense strategies than

many are using currently.

6. Encryption technologies will undergo increased scrutiny: In the wake of revelations about the

ability of governments to intercept and decrypt data that was thought to be secure, encryption

technologies will be reexamined to look for weaknesses both intentional and accidental. Look for

particular attention to be paid to cryptographic block modes like CBC and OFB as well as authenticated

modes like EAX, CCM and GCM. In addition to the encryption methods themselves, look for critical

thought around key management and forward security. While it’s not likely that much will come of these

explorations, the simple fact that vast quantities of data previously considered inviolate was in fact

exposed will make the more paranoid AND the academic minded among us pay closer attention to

encryption as a whole.

7. A foreign power or organized cybercrime group will have breached a mid-sized or municipal

utility breached by for a long period: The last few years saw a great deal of attention paid to the

security of utilities as a result of Smart Meter roll-outs and highly-publicized SCADA vulnerabilities. Now

that the hype has died down, attacks will be stepped up, but in a more cautious fashion. It is widely

expected that a number of utilities have been breached over the last decade, however now that they are

being held to account by more and more government regulation, the compromised utilities will be found

and the facts will leak to the public. Mid-sized and municipal utilities tend to be chronically understaffed

and under resourced in IT departments. Without the resources available, corners are cut on both

internal and external security. This leaves high value targets like water, electrical, natural gas, and

wastewater open to easy compromise.

8. Legacy problems will escalate: Whether it's the use of substandard security, or simply systems that

were designed in a different age, legacy systems will ever-increasingly fall prey to attack.

Even when companies adopt good security and development practices old systems often linger with

their past security problems exposed to the world - securing new things is an easier sell then securing

systems due for sunset shortly.

A lost year for new technology? Look beyond 2013's gadgets

concerns have resulted in some countries attempting to reduce their reliance on US benevolence by either strict internet controls (as in China) or through a “parallel internet” (as Iran has discussed). The USA has generally stood on the side of online freedom – except where copyright is concerned – but those pushing for change are largely seeking to restrict freedom of communication or information. Any change away from online freedom is concerning. Whether IETF, ICANN, or the United Nations, the internet will continue to be a space for political forces to battle. However, US adversaries will begin to form a more coherent opposition. 5. DDoS will get sneaky: DDoS attackers will accelerate a move from simple volumetric attacks to attacks which take advantage of a site's specific performance. DDoS attacks that intelligently target bottlenecks in performance, such as pages with a high server load (e.g. database writes) or specific network bottlenecks (e.g. login/session management), can magnify impact over attacks which are volume-based or naively request the homepage of a site. Whether naive guessing, timing analysis, or adaptive statistical analysis during the attack, these attacks will require targets to deal with the specific part of their site that is causing problems rather than dealing with it at a purely network level. We will begin to see the spread of tools which profile specific targets and attack based upon certain weaknesses in configuration or implementation. Attackers will begin to use adaptive and intelligent DoS techniques, and as a result, we will begin to see performance impacts disproportionate with traditional DDoS, and the need for more nuanced defense strategies than many are using currently. 6. Encryption technologies will undergo increased scrutiny: In the wake of revelations about the ability of governments to intercept and decrypt data that was thought to be secure, encryption technologies will be reexamined to look for weaknesses both intentional and accidental. Look for particular attention to be paid to cryptographic block modes like CBC and OFB as well as authenticated modes like EAX, CCM and GCM. In addition to the encryption methods themselves, look for critical thought around key management and forward security. While it’s not likely that much will come of these explorations, the simple fact that vast quantities of data previously considered inviolate was in fact exposed will make the more paranoid AND the academic minded among us pay closer attention to encryption as a whole. 7. A foreign power or organized cybercrime group will have breached a mid-sized or municipal utility breached by for a long period: The last few years saw a great deal of attention paid to the security of utilities as a result of Smart Meter roll-outs and highly-publicized SCADA vulnerabilities. Now that the hype has died down, attacks will be stepped up, but in a more cautious fashion. It is widely expected that a number of utilities have been breached over the last decade, however now that they are being held to account by more and more government regulation, the compromised utilities will be found and the facts will leak to the public. Mid-sized and municipal utilities tend to be chronically understaffed and under resourced in IT departments. Without the resources available, corners are cut on both internal and external security. This leaves high value targets like water, electrical, natural gas, and wastewater open to easy compromise. 8. Legacy problems will escalate: Whether it's the use of substandard security, or simply systems that were designed in a different age, legacy systems will ever-increasingly fall prey to attack. Even when companies adopt good security and development practices old systems often linger with their past security problems exposed to the world - securing new things is an easier sell then securing systems due for sunset shortly.

Legacy systems will become even more vulnerable as connectivity increases, and even more attractive as targets. These systems include everything from abandoned parts of websites to critical national infrastructure and they will haunt us for decades to come.

Page 1: Can We Expect A Cyberwar Resurgence

Can we expect a cyberwar resurgence?, Abney

Create successful ePaper yourself

Delete template?

Save as template?