The Cyber Security Iceberg, Red Meat for CdM & Co.

Started by The Minsky Moment, January 25, 2013, 06:21:52 PM

Previous topic - Next topic

The Minsky Moment

http://www.ft.com/intl/cms/s/0/d5b2464e-6648-11e2-b967-00144feab49a.html#axzz2J23vjnRd

Summary: cyber attacks attacks are endemic and having a significant impact on global companies, but CEOs are suppressing the extent of the problem for fear of tanking their stock or causing a general panic.

An excerpt:
Quoteit is tough for any outsider to get precise information about the overall scale of attacks. . . .such is the reluctance to speak in public that while this year's Davos meeting has conducted panel debates on the issue, there were almost no CEO participants at all; and it is hard to find an annual corporate report that delves into this issue in detail.

Nevertheless, the whispers in the Davos corridors are sobering. The head of one big consultancy group, for example, says some global clients are experiencing around "15,000 attacks a day". The chief executive of a large global bank says his institution is experiencing "10 times that" level of attack.
The purpose of studying economics is not to acquire a set of ready-made answers to economic questions, but to learn how to avoid being deceived by economists.
--Joan Robinson

The Brain

Women want me. Men want to be with me.

Neil

I do not hate you, nor do I love you, but you are made out of atoms which I can use for something else.

Ed Anger

Stay Alive...Let the Man Drive

Tonitrus

Quote from: Ed Anger on January 25, 2013, 06:45:11 PM
Quote from: Neil on January 25, 2013, 06:31:06 PM
Nuking Beijing would help.

And Eastern Europe.

Can't we seize the women, and round the young men up into camps instead?  :(

CountDeMoney

Quote from: The Minsky Moment on January 25, 2013, 06:21:52 PM
but CEOs are suppressing the extent of the problem for fear of tanking their stock or causing a general panic.

Go fig.

QuoteThe head of one big consultancy group, for example, says some global clients are experiencing around "15,000 attacks a day". The chief executive of a large global bank says his institution is experiencing "10 times that" level of attack.

Before my increasing of shareholder value, the last number I saw was over 550,000 a month for us.
And when the Director of Cyber Security bailed for a better job when he saw the writing on the wall, they eliminated that job slot afterwards.

These companies just don't care.  I recommend the purchasing of a decent size and resilient electric generator.

Baron von Schtinkenbutt

QuoteNevertheless, the whispers in the Davos corridors are sobering. The head of one big consultancy group, for example, says some global clients are experiencing around "15,000 attacks a day". The chief executive of a large global bank says his institution is experiencing "10 times that" level of attack.

I want to see a concrete definition of "attack" before I get too worried.  I have seen some security professionals call every attempt at unauthorized access an attack.  By that standard, the Languish server has been "attacked" 32534 times in the past 6 days.  All they are doing, however, is having bots beat their heads against live static IPs looking for a hole.  No holes, no problems (except 33k entries in my auth.log).

Now, this is not to say there is not a real problem or that corporations are not taking matters as seriously as they should.  I just object to scaremongering based on inflated, detached statistics.

CountDeMoney

The Unix knuckleheads that create test accounts with USERNAME: USERNAME and PASSWORD: PASSWORD that are discovered by Ukrainians in 35 minutes don't help, either.

DontSayBanana

Quote from: Baron von Schtinkenbutt on January 26, 2013, 12:08:38 AM
I want to see a concrete definition of "attack" before I get too worried.  I have seen some security professionals call every attempt at unauthorized access an attack.  By that standard, the Languish server has been "attacked" 32534 times in the past 6 days.  All they are doing, however, is having bots beat their heads against live static IPs looking for a hole.  No holes, no problems (except 33k entries in my auth.log).

Now, this is not to say there is not a real problem or that corporations are not taking matters as seriously as they should.  I just object to scaremongering based on inflated, detached statistics.

On a related note, that makes me wonder whether they're talking about each single penetration attempt or if this is after merging attempts from the same source.

I suspect a lot of "incidents" could be grouped and ruled out as skiddies trying out a brute-force loop.  A simple "3 strikes" login policy can usually nip that in the bud, and if a company can't do that, they deserve everything they get.
Experience bij!

PRC

Yah, they're including "dictionary" attacks in their definition.  Bots cycling through word & number sequences trying to gain remote access.  Have a good password and those 15,000 attacks mean nothing.

DontSayBanana

Yeah, lots of scare tactics here; either the author is deliberately misleading or doesn't really understand the nature of cyber attacks.  Counting them out isn't really a good metric since each attempt can be logged as an incident.  A brute-force dictionary attack or a DDoS attack (re: a bunch of skiddies trying out LOIC) can generate massive numbers of attempts.

Also, the number of logged attempts isn't the number to be worried about.  All it takes is one slipping through without being logged to make a huge headache.  I'm obviously not gonna go bleating with instructions, but I'd be more worried about sniffing than a dictionary attack.
Experience bij!

Phillip V

Companies and governments need to invest some tens of billions of dollars into cyber defense. This is a life-and-death matter.

I will even patriotically be a "cyberwarrior" for a small fee.

CountDeMoney

Quote from: DontSayBanana on January 26, 2013, 01:06:16 AM
Yeah, lots of scare tactics here; either the author is deliberately misleading or doesn't really understand the nature of cyber attacks.  Counting them out isn't really a good metric since each attempt can be logged as an incident.  A brute-force dictionary attack or a DDoS attack (re: a bunch of skiddies trying out LOIC) can generate massive numbers of attempts.

Also, the number of logged attempts isn't the number to be worried about.  All it takes is one slipping through without being logged to make a huge headache.  I'm obviously not gonna go bleating with instructions, but I'd be more worried about sniffing than a dictionary attack.

Thing is, corporations are also hamstrung by what the defensive methods that are allowed to use.  For legal and liability reasons, everything is defensive and reactive in nature; they're not allowed to block IPs, set up diversionary measures like honeypots, proper email filters, etc.  Therefore, a lot of dictionary attacks wind up being more than simply trolling for open ports.  Every idiot that clicks on a link in a spoofed email is an attack.

jimmy olsen

It is far better for the truth to tear my flesh to pieces, then for my soul to wander through darkness in eternal damnation.

Jet: So what kind of woman is she? What's Julia like?
Faye: Ordinary. The kind of beautiful, dangerous ordinary that you just can't leave alone.
Jet: I see.
Faye: Like an angel from the underworld. Or a devil from Paradise.
--------------------------------------------
1 Karma Chameleon point

CountDeMoney