Vulnerability Management – The Changing Nature of Attacks

Attacks on users of the Internet have been noted for many years by the press and other observers but only recently have the attacks become more frequent and more deadly. Since almost every business and organization of any size relies on an open and accessible internet to remain competitive, cyber attacks are becoming more universal.

· Increased effectiveness, adaptability and aggressiveness of malicious and destructive cyber attacks.

· Increased attacks through trusted sites and botnets (a recent study shows that most cyber attacks come from IP addresses in the United States and it has been estimated that up to one quarter of all personal computers and servers connected to the internet may be part of a botnet.).

· An increase in simultaneous and coordinated attacks at all levels of the internet

· Attacks on U.S. government networks, critical infrastructure and increased frequency of localized attacks.

· Infrastructure attacks with wide ranging and potentially long term effect.

· Convergence of attacks using wolf pack like tactics.

All level of internet users are affected and networks are being subjected to daily breaches of security. It doesn’t matter if you are a small company or part of a large organization unless preventative steps are taken, your network is increasingly vulnerable to attack.

The nature of Cyber Attacks is becoming More Destructive

Initially, cyber attacks were more nuisance than danger. Hackers originally released malware in the form of viruses/worms and spyware usually for the thrill of bringing down a selected network or site. Disgruntled employees utilized hacking tools to disrupt the business of their former employers. Eventually criminal used penetration techniques to steal credit card and other passwords.

But recently, cyber terrorism has emerged which, in addition to attacks on corporate networks, posed a direct threat to U.S. military and civilian agencies and critical infrastructure. Because of the problems with attributing the attacks to the actual source, this threat has become difficult to contain.

Cybercrime is becoming more aggressive, organized and effective as a transnational/multinational business. High technology online skills and techniques are now available to all interested parties, including hostile nation states, criminal elements and individuals and groups that covertly represent terrorist groups.

The development and spread of automated attack and botnet tools and their use by cybercriminals has overwhelmed many current methodologies used for vulnerability management and the tracking of and defense against cyber attacks. In addition, vulnerabilities of the U.S. critical infrastructure (power, water, transport and communications) tend to attract cyber criminals to extort money, or damage the U.S. economy in a way that eventually affects national security.

The result of this dangerous trend is the risk of losing proprietary knowledge that gives our country its competitive and military edge, loss of command and control of military assets and denial of service attacks that can shut down military bases and critical infrastructure like the power grid and energy plants.

The transnational nature of cyber terrorism is also thriving in a culture of ineffective regulation and suspicion over allowing domestic network access to potential adversaries. Multilateral treaties, until recently, have not addressed the problem.

What is the Solution?

There are a number of areas that need to be addressed:

· Awareness

Awareness of the threat is critical in all aspects of the economy including media, government, and corporate and the real, changing nature of the threat is mandatory.

· Development of Technology

Technology that is available, easy to use, and adaptable to new threats would contribute towards containment of many attacks

· More Effective and Adaptive Vulnerability Management Tools and Techniques

Vulnerability management is continuous process that is never completed. Easy to use software tools are required as well as a dedication of real resources and management commitment to address the problem. Constant monitoring and remediation is required.

· Government Action

Recently the present administration has taken steps to streamline and focus energy of the cyber security problem in civilian, defense and intelligence agencies. The Department of Homeland Security (DHS) has received additional authority to fight cyber terrorism and the cyber functions of defense and intelligence have been merged under one command – Cyber Command.

These steps are but necessary first steps and much more work is required.

· International Treaties

The United Nations has recently taken steps toward the drafting of an international cyber agreement with the United States and Russia agreeing to enter negotiations. Since the United Nations is notoriously slow, much more action is required.

These steps form a template and outline for future action. The threat is real and growing and must be addressed.



Source by John M. Stout

Leave a Reply

Your email address will not be published. Required fields are marked *