James Sankar, AARNet’s Director, Enterprise Services reports:
AusCERT2013, the 12th annual AusCERT Information Security Conference was held from 20th-24th May 2013 at the RACV Royal Pines Resort on Queensland’s Gold Coast, Australia.
The theme for AusCERT2013 was “This time, it’s personal”, reflecting the growth in attacks and unauthorised disclosures of online personal information. Motivated by illicit financial gain, cyber criminals obtain unauthorised access to personal information, but more and more, we are seeing data disclosures being posted publicly by attackers for political motives, rather than financial gain.
Overall AUSCERT 2013 was an impressive conference that covered technical and strategic topics of interest. The security industry offers a number of products and services but relies on the mutual sharing of incidents and vulnerabilities when attacks are widespread.
Michael T Jones, Google’s Chief Technology Advocate explained the importance of two factor authentication with mobile phone SMS messages alongside default secure http webpages to improve secure searches. Google has gone further to inform users of any links that are known to include malware.
See https://www.virustotal.com/en/ for free checking of files and websites using over 300+ products with the aim to raise the bar for vendor and end user awareness.
HD Moore, Chief Security Officer at Rapid7 and Chief Architect of Metasploit presented his latest research on global vulnerability analysis where through the use of bot.nets, trace routes and reverse DNS he collated glaring security holes translated into a global map highlighting 18 most exposed ports, interestingly the Australian results showed less than 20% relative deviation for any service when compared to global results.
Key vulnerabilities include:
Mark Fabro, President and Chief Security Scientist, Lofty Perch, Inc provided insight on SCADA (supervisory control and data acquisition), a type of industrial control system (ICS) which if attacked increases the potential for physical real world impacts. The energy sector is high risk for command and control systems exploitation.
See the World Economic Forum Cyber Vulnerabilities report for more detail at http://www3.weforum.org/docs/WEF_IT_PathwaysToGlobalCyberResilience_Report_2012.pdf
Companies need to consider not only their own networks and infrastructure but also their supply chain and any services sourced from cloud computing service providers where interdependencies could create the unthinkable if proactive planning through threat tree scenarios is not developed to mitigate future attacks.
Applying cyber kill chain allows attack behaviours to be identified and managed. See http://www.digitalbond.com/blog/2011/11/22/applying-the-cyber-kill-chain-to-ics-part-1/ for more.
Marcus Ranum, Chief Security Officer, Tenable Network Security gave a refreshing talk on how the military rhetoric in cyber security is misplaced through demonstrations of real world war examples over the ages that simply do not make sense in cyberspace. He notes that Cyberwar was simply a move to keep traditional machines of war in business.
Today, network engineers are on the frontline as espionage offers a more effective avenue in cyberspace. Distributed warfare is making everyone the frontline. Marcus recommends reading http://www.amazon.com/Lic-2010-Operations-Unconventional-Brasseys/dp/0080359825 for those more interested in this subject.
The growth in targeted, personal and insurgent-like one-off attacks that have moved from pranks to criminal gain (financial or espionage) places new demands on all employees and executives to increase their awareness of security issues for accessing third party services, bring your own devices and industrial control systems that have physical impacts on the way we live and work.
Securing competitive advantages in a highly competitive global world is being impacted through espionage and disruption.