Team Infidel
Forum Spin Doctor
(January 15, 18 & 21, 2008)
There is a growing body of evidence that cyber attackers are turning their attention to espionage in both the public and private sectors. The US government has reported what appear to be systematic attacks on computer systems at research laboratories across the country. Private companies have been targeted as well.
Cyber espionage ranks third on the SANS Top Ten Cyber Menaces for 2008.
Attackers appear to be using spear phishing, in which phony email messages that appear to come from a trusted source are tailored to a small group of individuals at an organization. The IP addresses used in the attacks make them appear to come from China; whether or not that is where the attacks are originating, China seems not to be taking any steps to thwart the attacks. Evidence indicates that the attackers are focused and persistent, attacking the same place hours after hour, day after day. The attacks are sophisticated as well - they do not contain the usual errors associated with small-time hacking groups. In addition, a recent New Yorker article profiling US Director of National Intelligence Mike McConnell reports that the US Defense Department detects approximately two million suspicious probes on its network every day; the State Department also detects approximately two million such probes every day.
http://www.pcworld.com/businesscenter/article/141474/cyber_espionage_a_growing_threat_to_business.html
http://www.infoworld.com/article/08/01/15/Cyber-espionage-moves-into-B2B_1.html
http://www.securecomputing.net.au/news/68565,china-has-penetrated-key-us-databases-sans-director.aspx
http://www.scmagazine.com/uk/news/article/777862/us-cyber-war-china-russia-says-new-yorker-magazine/
[Editor's Note (Northcutt): Not exactly news! However, sometimes you have to hold the obvious before people. Needless to say a real key here is detection. In the course I author and teach, Security Leadership Essentials, I teach managers how to assess whether their folks have the ability to go beyond what their IDS consoles are reporting. Please forgive the ad, but the best detection training available anywhere is SANS Intrusion Detection in Depth and if you can schedule a class taught by Mike Poor or Johannes Ullrich, they are two of the best detection guys in industry. If your organization does not have at least a few GIAC Certified Intrusion Analysts you probably are being sliced wide open right now.:
http://www.sans.org/training/description.php?mid=62
http://www.sans.org/training/description.php?mid=43
http://www.sans.org/training/instructors.php#Poor
http://www.sans.org/training/instructors.php#Ullrich
http://www.giac.org/certifications/Security/gcia.php ]
There is a growing body of evidence that cyber attackers are turning their attention to espionage in both the public and private sectors. The US government has reported what appear to be systematic attacks on computer systems at research laboratories across the country. Private companies have been targeted as well.
Cyber espionage ranks third on the SANS Top Ten Cyber Menaces for 2008.
Attackers appear to be using spear phishing, in which phony email messages that appear to come from a trusted source are tailored to a small group of individuals at an organization. The IP addresses used in the attacks make them appear to come from China; whether or not that is where the attacks are originating, China seems not to be taking any steps to thwart the attacks. Evidence indicates that the attackers are focused and persistent, attacking the same place hours after hour, day after day. The attacks are sophisticated as well - they do not contain the usual errors associated with small-time hacking groups. In addition, a recent New Yorker article profiling US Director of National Intelligence Mike McConnell reports that the US Defense Department detects approximately two million suspicious probes on its network every day; the State Department also detects approximately two million such probes every day.
http://www.pcworld.com/businesscenter/article/141474/cyber_espionage_a_growing_threat_to_business.html
http://www.infoworld.com/article/08/01/15/Cyber-espionage-moves-into-B2B_1.html
http://www.securecomputing.net.au/news/68565,china-has-penetrated-key-us-databases-sans-director.aspx
http://www.scmagazine.com/uk/news/article/777862/us-cyber-war-china-russia-says-new-yorker-magazine/
[Editor's Note (Northcutt): Not exactly news! However, sometimes you have to hold the obvious before people. Needless to say a real key here is detection. In the course I author and teach, Security Leadership Essentials, I teach managers how to assess whether their folks have the ability to go beyond what their IDS consoles are reporting. Please forgive the ad, but the best detection training available anywhere is SANS Intrusion Detection in Depth and if you can schedule a class taught by Mike Poor or Johannes Ullrich, they are two of the best detection guys in industry. If your organization does not have at least a few GIAC Certified Intrusion Analysts you probably are being sliced wide open right now.:
http://www.sans.org/training/description.php?mid=62
http://www.sans.org/training/description.php?mid=43
http://www.sans.org/training/instructors.php#Poor
http://www.sans.org/training/instructors.php#Ullrich
http://www.giac.org/certifications/Security/gcia.php ]
