The Cyber Security Iceberg, Red Meat for CdM & Co.

[The Minsky Moment]

http://www.ft.com/intl/cms/s/0/d5b2464e-6648-11e2-b967-00144feab49a.html#axzz2J23vjnRd

Summary: cyber attacks attacks are endemic and having a significant impact on global companies, but CEOs are suppressing the extent of the problem for fear of tanking their stock or causing a general panic.

An excerpt:

it is tough for any outsider to get precise information about the overall scale of attacks. . . .such is the reluctance to speak in public that while this year's Davos meeting has conducted panel debates on the issue, there were almost no CEO participants at all; and it is hard to find an annual corporate report that delves into this issue in detail.

Nevertheless, the whispers in the Davos corridors are sobering. The head of one big consultancy group, for example, says some global clients are experiencing around "15,000 attacks a day". The chief executive of a large global bank says his institution is experiencing "10 times that" level of attack.

[The Brain]

Thanks, I saw War Games.

[Neil]

Nuking Beijing would help.

[Ed Anger]

Nuking Beijing would help.

And Eastern Europe.

[Tonitrus]

Nuking Beijing would help.

And Eastern Europe.

Can't we seize the women, and round the young men up into camps instead? 

[CountDeMoney]

but CEOs are suppressing the extent of the problem for fear of tanking their stock or causing a general panic.

Go fig.

The head of one big consultancy group, for example, says some global clients are experiencing around "15,000 attacks a day". The chief executive of a large global bank says his institution is experiencing "10 times that" level of attack.

Before my increasing of shareholder value, the last number I saw was over 550,000 a month for us.
And when the Director of Cyber Security bailed for a better job when he saw the writing on the wall, they eliminated that job slot afterwards.

These companies just don't care.  I recommend the purchasing of a decent size and resilient electric generator.

[Baron von Schtinkenbutt]

Nevertheless, the whispers in the Davos corridors are sobering. The head of one big consultancy group, for example, says some global clients are experiencing around "15,000 attacks a day". The chief executive of a large global bank says his institution is experiencing "10 times that" level of attack.

I want to see a concrete definition of "attack" before I get too worried.  I have seen some security professionals call every attempt at unauthorized access an attack.  By that standard, the Languish server has been "attacked" 32534 times in the past 6 days.  All they are doing, however, is having bots beat their heads against live static IPs looking for a hole.  No holes, no problems (except 33k entries in my auth.log).

Now, this is not to say there is not a real problem or that corporations are not taking matters as seriously as they should.  I just object to scaremongering based on inflated, detached statistics.

[CountDeMoney]

The Unix knuckleheads that create test accounts with USERNAME: USERNAME and PASSWORD: PASSWORD that are discovered by Ukrainians in 35 minutes don't help, either.

[DontSayBanana]

I want to see a concrete definition of "attack" before I get too worried.  I have seen some security professionals call every attempt at unauthorized access an attack.  By that standard, the Languish server has been "attacked" 32534 times in the past 6 days.  All they are doing, however, is having bots beat their heads against live static IPs looking for a hole.  No holes, no problems (except 33k entries in my auth.log).

Now, this is not to say there is not a real problem or that corporations are not taking matters as seriously as they should.  I just object to scaremongering based on inflated, detached statistics.

On a related note, that makes me wonder whether they're talking about each single penetration attempt or if this is after merging attempts from the same source.

I suspect a lot of "incidents" could be grouped and ruled out as skiddies trying out a brute-force loop.  A simple "3 strikes" login policy can usually nip that in the bud, and if a company can't do that, they deserve everything they get.

[PRC]

Yah, they're including "dictionary" attacks in their definition.  Bots cycling through word & number sequences trying to gain remote access.  Have a good password and those 15,000 attacks mean nothing.

[DontSayBanana]

Yeah, lots of scare tactics here; either the author is deliberately misleading or doesn't really understand the nature of cyber attacks.  Counting them out isn't really a good metric since each attempt can be logged as an incident.  A brute-force dictionary attack or a DDoS attack (re: a bunch of skiddies trying out LOIC) can generate massive numbers of attempts.

Also, the number of logged attempts isn't the number to be worried about.  All it takes is one slipping through without being logged to make a huge headache.  I'm obviously not gonna go bleating with instructions, but I'd be more worried about sniffing than a dictionary attack.

[Phillip V]

Companies and governments need to invest some tens of billions of dollars into cyber defense. This is a life-and-death matter.

I will even patriotically be a "cyberwarrior" for a small fee.

[CountDeMoney]

Yeah, lots of scare tactics here; either the author is deliberately misleading or doesn't really understand the nature of cyber attacks.  Counting them out isn't really a good metric since each attempt can be logged as an incident.  A brute-force dictionary attack or a DDoS attack (re: a bunch of skiddies trying out LOIC) can generate massive numbers of attempts.

Also, the number of logged attempts isn't the number to be worried about.  All it takes is one slipping through without being logged to make a huge headache.  I'm obviously not gonna go bleating with instructions, but I'd be more worried about sniffing than a dictionary attack.

Thing is, corporations are also hamstrung by what the defensive methods that are allowed to use.  For legal and liability reasons, everything is defensive and reactive in nature; they're not allowed to block IPs, set up diversionary measures like honeypots, proper email filters, etc.  Therefore, a lot of dictionary attacks wind up being more than simply trolling for open ports.  Every idiot that clicks on a link in a spoofed email is an attack.

[jimmy olsen]

Why can't they block IPs?

[CountDeMoney]

Why can't they block IPs?

It interferes with the transaction of business.