Download PDF - Codenomicon
Download PDF - Codenomicon
Download PDF - Codenomicon
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
CODENOMICON WHITEPAPER - Proactive Cyber Security: Stay Ahead of Advanced Persistent Threats (APTs)<br />
works remotely. An abuse situation awareness system needs<br />
to collect information from potentially unreliable sources and<br />
produce reliable reports. Botnets are modular and resilient and<br />
they can distribute processing. These features make a botnetinspired<br />
architecture the ideal basis for an abuse situation<br />
awareness system.<br />
Benefits of a botnet-based architecture<br />
The botnet-inspired architecture makes AbuseSA very flexible,<br />
scalable and robust. In AbuseSA, each source is followed by its<br />
own bot, which reports to a C&C channel. Using separate bots<br />
for different sources makes the system flexible and resilient to<br />
errors in the sources. The system can collect information from a<br />
wide variety of sources; each bot can be configured to understand<br />
the transports and formats of its source. Thus, the user<br />
can collect information without imposing any requirements to<br />
the feed provider. In addition, new sources can be added simply<br />
by adding a new bot on the fly, which makes the system easy<br />
to scale. The botnets communicate over the extensible messaging<br />
and presence protocol (XMPP). Thus various tasks can be<br />
distributed and even run in various geolocations.<br />
10<br />
Cyber Security Risks<br />
Hobbyists, Hacktivists and Cyber Crime<br />
Security threats have been growing in scale and sophistication<br />
for decades. Twenty years ago, cyber attacks were primarily<br />
the domain of hobbyists. Then, as the opportunity for profiting<br />
from stolen information grew, criminals started taking a larger<br />
role. More recently spies working for government and corporate<br />
espionage are leading some of the most technically advanced<br />
and resource intensive attacks to date. 2011 saw a significant increase<br />
in the activity of “hacktivist” groups like Anonymous and<br />
LulzSec [19]. The motivation for these groups is retaliation for<br />
perceived wrongdoing. Rather than financial gain, their main<br />
goal is embarrassing their victims. However, their attacks are<br />
not without financial consequences.<br />
Critical Infrastructure<br />
Critical infrastructure networks are no longer isolated. They<br />
are all connected to the cyberspace, the global network of<br />
interdependent information technology infrastructures and<br />
communication networks, and they depend on common commercial<br />
off-the-shelf software. When SCADA systems were fist<br />
implemented in the 1960’s, it would have been hard to image<br />
that critical control system could be attacked remotely or that<br />
printers in adjacent corporate networks could be used as weapons<br />
to attack them. Nobody could envision such threats, so no<br />
measures were taken to make the networks resilient against cyber-attacks.<br />
Newer SCADA devices communicate using Internet<br />
protocols, sometimes over the public Internet [20]. This helps<br />
reduce the cost of dedicated communication links, but at the<br />
same time it makes the networks more open to outside attacks<br />
[20].<br />
Power grids, telecommunication and transportation networks<br />
are exactly the type of infrastructure that has been the target of<br />
traditional warfare, only the weapons have changed [21]. There<br />
have only been a limited number of reported cyber-attacks<br />
against critical infrastructure [21]. However, it would be naïve to<br />
assume that hostile nation states, terrorists and hacktivists are<br />
not aware how vulnerable these networks are and how much<br />
havoc such an attack could cause [21]. The Stuxnet was the first<br />
publicly admitted act of cyber warfare. It demonstrated that<br />
cyber-attacks can cause significant physical damage to a facility<br />
[22]. The Stuxnet was a very sophisticated attack carefully<br />
selecting its victims and remaining undetected [22]. It utilized<br />
four different zero-day vulnerabilities. However, many critical<br />
infrastructure networks are so vulnerable that it does not take a<br />
sophisticated attack like Stuxnet to exploit them. In many countries,<br />
large parts of the critical infrastructure is privately owned<br />
and extremely vulnerable [21].<br />
Corporate Networks<br />
A network is only as strong as its weakest element [23]. If attackers<br />
manage to compromise a laptop or a smartphone of a<br />
remote user working over a VPN, then they direct access to your