Rogue groups in several nations are engaging in cyber warfare, targeting financial and high level technological assets. These attacks create panic in the world financial capitals as they take down websites, infiltrate computers and steal corporate and personal information including social security, credit cards and e-mail passwords and phone numbers of government officials and blue chip companies.
In the last few months, a Nigerian hacker group by the name Naija Hacktivists is emulating their counterparts in the western world. Few weeks ago during the Occupy Nigeria protests, the Naija Hacktivists compromised the websites of Economic and Financial Crimes Commission (EFCC) and Champion Newspapers Limited, planting stories.
Before then, they have attacked websites of a few government institutions including Nigerian Airspace Management Authority (NAMA) protesting the imposition of additional airport charges on air travelers. Last week, Israel and some of its Arab neighbours engaged in cyber warfare taking down a number of websites.
Israeli hackers knocked out web sites of two Arab banks, the Central Bank of the United Arab Emirates and the Gaza-based Arab Bank and web sites of stock exchanges in Saudi Arabia and Abu Dhabi in retaliation for an attack on the Tel Aviv bourse, in an escalating tit-for-tat war between Israeli and Arab hackers.
Groups on both sides have posted credit card details online, while one Israeli hacker, Hannibal, published the Facebook credentials, including e-mail addresses and passwords of 85,000 “helpless Arabs” on Pastebin.
As the threat landscape evolves, experts were of the opinion that some of the main trends for 2012 would be the continued theme of targeted attacks replacing mass attacks, a continuing increase of hacktivism, and attacks on critical infrastructure systems, as well as industrial control systems and supervisory control and data acquisition systems (ICS/SCADA).
TARGETED ATTACKS ON THE RISE
According to the key findings of the latest Cisco Annual Security Report, published at the end of 2011, spam levels started to decline for the first time since 2010, this trend continued throughout 2011, a trend that could be explained mainly by several key botnet takedowns throughout the last two years. However, the number of vulnerabilities increased, there are fewer widespread attacks but greater numbers of smaller, more focused attacks.
According to Cisco Security Intelligence Operations (SIO), spam volume dropped from more than 379 billion messages daily to about 124 billion messages daily between August 2010 and November 2011-levels not seen since 2007. The impact on the business of cybercrime is significant: Cisco SIO estimated that the cybercriminal benefit resulting from traditional mass email-based attacks declined more than 50 per cent (on an annualised basis) from June 2010 to June 2011 – from $1billion to $ 500 million.
Looking into which countries spam volumes are originating from worldwide, in the month of September 2011, India had the highest percentage of spam volume (13.9 per cent). Vietnam came in second with 8.0 per cent and The Russian Federation took the third-place spot with 7.8 per cent.
CYBERCRIME RETURNS ON INVESTMENT
According to the Cisco Cybercrime Return on Investment (CROI) Matrix, which made its debut in the Cisco 2009 Annual Security Report,based on performance in 2011, the matrix predicted that mobile devices, along with cloud infrastructure hacking would rise in prevalence in 2012. Money laundering is also expected to remain a key focus area for cybercrime investment.
Cybercriminals, as a rule, focus their attention on where the users are, and increasingly, people are accessing the Internet, email, and corporate networks via powerful mobile devices. As more businesses embrace cloud computing and hosted services, cybercriminals are also looking to the cloud in search of moneymaking opportunities.
The Internet generation entering the workplace are ignoring security threats. Seven out of 10 young employees frequently ignore IT policies, and one in four is a victim of identity theft before the age of 30, according to the final set of findings from the three-part Cisco Connected World Technology Report.
The study revealed startling attitudes toward IT policies and growing security threats posed by the next generation of employees entering the workforce – a demographic that grew up with the Internet and has an increasingly on-demand lifestyle that mixes personal and business activity in the workplace. Security experts recommend what they see as the most important action items for enterprise security.
1. Assess totality of your network. “Know where your IT infrastructure begins and ends—so many enterprises simply have no idea of the entirety of their network. Also, know what your ‘normal’ is so you can quickly identify and respond to a problem,” said John N. Stewart, vice president and chief security officer for Cisco.
2. Re-evaluate acceptable use policy and business code of conduct. “Get away from the laundry list approach with security policies. Focus only on these things you know you must and can enforce,” said Gavin Reid, Cisco CSIRT manager.
3. Determine what data must be protected. “You cannot build an effective Data Loss Prevention (DLP) programme if you don’t know what information in the enterprise must be secured. You also must determine who in the enterprise is allowed to have access to that information, and how they are allowed to access it,” said David Paschich, web security product manager for Cisco.
4. Know data location and how (and if) it is being secured. “Identify every third party that has permission to store your company’s data—from cloud providers to email marketers—and confirm that your information is being secured appropriately. Compliance requirements, and now the trend in cybercrime toward ‘hack one to hack them all,’ means enterprises must never assume their data is secure, even when they put it in the hands of those they trust,” said Scott Olechowski, threat research manager for Cisco.
5. Assess user education practices. “Long seminars and handbooks aren’t effective. Younger employees will be more receptive to a targeted approach to user education, with shorter sessions and ‘just-in-time’ training. Peer training also works well in today’s collaborative work environment,” said David Evans, chief futurist for Cisco.
6. Use egress monitoring. “This is a basic thing, but not enough enterprises do it—although compliance demands have more organisations adopting this practice. Egress monitoring is a change in focus from just blocking ‘the bad’ from coming in. You monitor what is being sent out of your organisation and by whom and to where—and block things from leaving that shouldn’t be,” said Jeff Shipley, manager for Cisco Security Research and Operations.
7. Prepare for the inevitabble. “Organisations need to stop thinking about ‘when’ they are going to move to a BYOD model and start thinking more about ‘how,’ said Nasrin Rezai, senior director of security architecture and chief security officer for Cisco’s Collaboration Business Group.
8. Create incident response plan. “IT-related risk should be treated like any other business risk. This means enterprises need to have a clear plan in place to respond quickly and appropriately to any type of security event, whether it’s a data breach resulting from a targeted attack, a compliance violation due to an employee’s carelessness, or an incident of hacktivism,” said Pat Calhoun, vice president and general manager of Cisco’s Secure Network Services Business Unit.
9. Implement security measures to help compensate for lack of control over social networks. Do not underestimate the power of technology controls, such as an intrusion prevention system for protection against network threats. Reputation filtering is also an essential tool for detecting suspicious activity and content, said Rajneesh Chopra, director of product management, Cisco Security Technology Group.
10. Monitor dynamic risk landscape and keep users informed. Enterprises and their security teams need to be vigilant about a much broader range of risk sources, from mobile devices and the cloud to social networking and whatever new technology tomorrow may bring,” said Ambika Gadre, senior director of Cisco’s Security Technology Group.