Transaction Search Form: please type in any of the fields below.
Date: April 29, 2024 Mon
Time: 10:46 pm
Time: 10:46 pm
Results for internet security
13 results foundAuthor: Schreier, Fred Title: Cyber Security: The Road Ahead Summary: The open Internet has been a boon for humanity. It has not only allowed scientists, companies and entities of all sorts to become more effective and efficient. It has also enabled an unprecedented exchange of ideas, information, and culture amongst previously unconnected individuals and groups. It has completely revolutionized on a global scale how we do business, interact and communicate. Cyberspace is defined by its ubiquitous connectivity. However, that same connectivity opens cyberspace to the greatest risks. As networks increase in size, reach, and function, their growth equally empowers law-abiding citizens and hostile actors. An adversary need only attack the weakest link in a network to gain a foothold and an advantage against the whole. Seemingly localized disruptions can cascade and magnify rapidly, threaten other entities and create systemic risk. However, vulnerabilities in cyberspace are real, significant and growing rapidly. Critical national infrastructure; intelligence; communications, command and control; commerce and financial transactions; logistics; consequence management; and emergency preparedness are wholly dependent on networked IT systems. Cyber security breaches, data and intellectual property theft know no limits. They affect everything from personal information to national secrets. This paper looks at the way these problems are likely to develop, as well as at some of the ways they may best be tackled at the national and international level. Details: Geneva: Geneva Centre for the Democratic Control of Armed Forces, 2011. 53p. Source: Internet Resource: DCAF Horizon 2015 Working Paper No. 4: Accessed February 14, 2011 at: http://www.dcaf.ch/Publications/Publication-Detail?lng=en&id=126370 Year: 2011 Country: International URL: http://www.dcaf.ch/Publications/Publication-Detail?lng=en&id=126370 Shelf Number: 120755 Keywords: Cyber SecurityCybercrimesInternet CrimesInternet Security |
Author: Insurance Council of Australia Title: E-Commerce Crime and Vandalism - Defence Plan for the General Insurance Industry Summary: Industry groups and individual insurance companies generally have risk management processes and operational contingency plans in place. The recommended approach for e-commerce crime and vandalism is to review and, where appropriate, strengthen these plans for specific issues related to e-commerce. This document provides key points on a framework for an e-commerce crime and vandalism defence plan. It is structured to: • Raise awareness of e-commerce crime in the general insurance industry. • Provide a general overview relating to e-commerce crime issues. • Provide a general risk management model and to refer insurers to useful sources of information on security management. Information in this document is relevant as at 3 July 2001. Details: Sydney: Insurance Council of Australia, 2011. 44p. Source: Internet Resource: Accessed September 27, 2012 at: http://www.imia.com/downloads/external_papers/EP01_2002.pdf Year: 2011 Country: Australia URL: http://www.imia.com/downloads/external_papers/EP01_2002.pdf Shelf Number: 126487 Keywords: Computer CrimesComputer SecurityE-Commerce (Australia)Internet Security |
Author: Cooper, Andrew F. Title: "Remote" in the Easter Caribbean: The Antigua-US WTO Internet Gambling Case Summary: The structure of the multilateral trading system is widely assumed to contain bias towards big actors, unevenly distributing access to the key processes of the system. Small countries, including Caribbean states, have long focused their attention on physical merchandise, while the US has taken on the role of disciplinarian, confronting countries that they perceive to be in violation of the General Agreement on Trade in Services (GATS). Brought to the WTO by Antigua, the Internet remote gambling case has challenged standard assumptions about the workings of the international trading system in the WTO context. A small country appearing to take the US on by itself, Antigua claimed the American government failed to live up to its commitment under GATS regarding “recreational services.” While Antigua argued for fairness in the WTO system, the US adopted a prohibitionist attitude to Internet remote gambling, citing domestic moral standards. Underwritten by the highly globalized Internet remote gambling industry, this case exemplifies what a small state can do to respond to dynamic changes imposed by globalization, confirming that small countries can sometimes punch above their weight in international relations. Details: Waterloo, Canada: The Centre for International Governance Innovation, 2008. 20p. Source: Caribbean Paper No. 4: Internet Resource: Accessed October 14, 2012 at http://hawk.ethz.ch/serviceengine/Files/ISN/56005/ipublicationdocument_singledocument/3e124b09-23dd-4c00-9056-e32bb4c9b4dc/en/CP_4.pdf Year: 2008 Country: International URL: http://hawk.ethz.ch/serviceengine/Files/ISN/56005/ipublicationdocument_singledocument/3e124b09-23dd-4c00-9056-e32bb4c9b4dc/en/CP_4.pdf Shelf Number: 126702 Keywords: Cyber SecurityGambling (Antigua)Internet Security |
Author: Symantec Title: Internet Security Threat Report, 2013 Summary: The Internet Security Threat Report provides an overview and analysis of the year in global threat activity. The report is based on data from the Symantec Global Intelligence Network, which Symantec's analysts use to identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape. Key Findings: 42% increase in targeted attacks in 2012. 31% of all targeted attacks aimed at businesses with less than 250 employees. One waterhole attack infected 500 organizations in a single day. 14 zero-day vulnerabilities. 32% of all mobile threats steal information. A single threat infected 600,000 Macs in 2012. Spam volume continued to decrease, with 69% of all email being spam. The number of phishing sites spoofing social networking sites increased 125%. Web-based attacks increased 30%. 5,291 new vulnerabilities discovered in 2012, 415 of them on mobile operating systems. Details: Mountain View, CA: Symantic, 2013. 57p. Source: Internet Resource: Accessed July 9, 2013 at: http://www.symantec.com/security_response/publications/threatreport.jsp Year: 2013 Country: United States URL: http://www.symantec.com/security_response/publications/threatreport.jsp Shelf Number: 129336 Keywords: Computer CrimesCyber CrimeInternet Crimes (U.S.)Internet SecuritySupply Chains |
Author: Panda Security Title: The Cyber-Crime Black Market: Uncovered Summary: Many of us in the team at Panda Security spend a lot of time traveling and attending all types of events: from specialized IT industry fairs and congresses, to those aimed at businesses, end-users, etc. Yet even though it is becoming more common to hear about the arrest of hackers that steal information and profit from it in many different ways, there are still many members of the public, not necessarily dedicated to IT security, who ask us: "Why would anyone want to steal information from me? I don't have anything of interest..." Another factor to bear in mind is that today's profit-oriented malware is designed to steal data surreptitiously, so the first indication that you have been a victim is when you get your bank or Paypal account statement. Moreover, there is a general perception that this problem only affects home users, and that businesses are immune. The result of our research, as you will read below, shows that this is not the case: Today nobody - neither home users nor businesses- is safe from confidential data theft (and the consequent fraud). This is despite the increased effort in recent years to improve awareness and education in IT security, initiated by governmental agencies in many countries, and of course, thanks to the security industry as a whole, along with other institutions, organizations, media, blogs, etc., who have been assisting with the task for some time now. Although we don't have precise data, we believe that this nefarious business has expanded with the economic crisis. Previously it was in no way easy to locate sites or individuals dedicated to this type of business, yet now it's relatively simple to come across these types of offers on underground forums. Details: Madrid: Panda Security, 2011. 44p. Source: Internet Resource: Accessed February 18, 2015 at: http://www.wgains.com/Assets/Attachments/The-Cyber-Crime-Black-Market.pdf Year: 2011 Country: International URL: http://www.wgains.com/Assets/Attachments/The-Cyber-Crime-Black-Market.pdf Shelf Number: 134636 Keywords: Computer CrimeComputer SecurityCyber SecurityCybercrimeInternet CrimeInternet Security |
Author: Tjong Tjin Tai, Eric Title: Duties of care and diligence against cybercrime Summary: - The present report is an exploratory investigation of whether contributory parties other than criminals and private individuals may have legal duties to help combat cybercrime. The scope is limited to four jurisdictions (The Netherlands, U.S.A., Brazil, and Czech Republic) and three specific topics of cybercrime: security of hardware and software, ransomware, and DDoS attacks. The focus is on a legal analysis, preceded by a brief factual description, and closing with tentative suggestions for improvement. - The causes and incidence of the three topics of cybercrime discussed in this research are tied up with global networks of communication, whereby purely local national government intervention may be insufficient to effectively fight cybercrime. In the relevant literature it is generally suggested that public-private partnerships would be required for combating cybercrime. - The approach of duties of care and diligence is a regulatory mechanism in which the focus is on private action with public encouragement. It relies on fostering practices that develop their own implicit standards and culture. - Specific parties such as Internet Service Providers (ISPs), software vendors, and businesses that are the victim of cybercrime are, in principle, well positioned to take actions against cybercrime. Albeit significant effort is taken by many companies, these efforts as a whole do not appear to have sufficient effect. The existing standards for action appear to be insufficiently specific. In addition, particular companies within these categories may do less than is possible, due to several causes. - ISPs in general have no legal duty to act to take preventive actions against cybercrime. They are generally exempt from liability as long as they remain passive to the content they transmit. Voluntary action by ISPs is to some extent discouraged by legal principles such as the rights to privacy and freedom of expression and the principle of net neutrality. The Netherlands has relatively detailed administrative rules regarding ISPs, compared to other jurisdictions. - Software vendors may have a limited duty to provide secure software, but their actual liability is insignificant as the result of limitation clauses. An exception is Brazil, which does have a form of product liability for software. Vendors have economic disincentives (a premium on being first to market with new functionality, and lack of user discrimination towards software security) against spending more effort for increasing software security. There is no administrative supervision for the software sector in general. - Businesses have, to some extent, a legal duty to prevent security breaches and unavailability of service through DDoS attacks. Customers have limited remedies to businesses that breach their obligations. Further action by businesses may find obstacles in a lack of security awareness or sense of urgency, limits to perceived benefits of additional security efforts, and lack of expertise. Details: Tilberg, NETH: Tilburg University, 2015. 208p. Source: Internet Resource: Accessed July 13, 2015 at: https://www.gccs2015.com/sites/default/files/documents/Bijlage%202%20-%20Duties%20of%20care%20and%20diligence%20against%20cybercrime%20(1).pdf Year: 2015 Country: International URL: https://www.gccs2015.com/sites/default/files/documents/Bijlage%202%20-%20Duties%20of%20care%20and%20diligence%20against%20cybercrime%20(1).pdf Shelf Number: 136014 Keywords: Cyber SecurityCybercrimeInternet CrimeInternet Security |
Author: Australia. Auditor General Title: Cyber Attacks: Securing Agencies' ICT Systems Summary: 1. Governments, businesses and individuals increasingly rely on information and communications technology (ICT) in their day-to-day activities, with rapid advances continuing to be made in how people and organisations communicate, interact and transact business through ICT and the Internet. In the government sector, ICT is used to deliver services, store and process information, and enable communications, with a consequent need to protect the privacy, security and integrity of information maintained on government systems. 2. Cyber crime is an international problem, and it is estimated that in 2012, 5.4 million Australians fell victim to such crimes, with an estimated cost to the economy of $1.65 billion. In the government sector, the Australian Signals Directorate (ASD) has estimated that between January and December 2012, there were over 1790 security incidents against Australian Government agencies. Of these, 685 were considered serious enough to warrant a Cyber Security Operations Centre response. 3. The protection of Australian Government systems and information from unauthorised access and use is a key responsibility of agencies, having regard to their business operations and specific risks. In the context of a national government, those risks can range from threats to national security through to the disclosure of sensitive personal information. Unauthorised access through electronic means, also known as cyber intrusions, can result from the actions of outside individuals or organisations. Individuals operating from within government may also misuse information which they are authorised to access, or may inappropriately access and use government information holdings. 4. For some years, the Australian Government has established both an overarching protective security policy framework, and promulgated specific ICT risk mitigation strategies and related controls, to inform the ICT security posture6 of agencies. In 2013, the Government mandated elements of the framework, in response to the rapid escalation, intensity and sophistication of cyber crime and other cyber security threats. Details: Canberra: Australian National Audit Office, 2014. 132p. Source: Internet Resource: Audit Report No. 50 2013-14: Accessed September 5, 2015 at: http://www.anao.gov.au/~/media/Files/Audit%20Reports/2013%202014/Audit%20Report%2050/AuditReport_2013-2014_50.pdf Year: 2014 Country: Australia URL: http://www.anao.gov.au/~/media/Files/Audit%20Reports/2013%202014/Audit%20Report%2050/AuditReport_2013-2014_50.pdf Shelf Number: 136699 Keywords: Cyber SecurityCybercrimeInternet CrimesInternet SecurityNational Security |
Author: Reeder, Franklin W. Title: Recruiting and Retaining Cybersecurity Ninjas Summary: This report identifies the factors that make an organization the employer of choice for what the authors call "cybersecurity ninjas." Much has been written about the shortage of cybersecurity professionals, but little work has been done on the factors that help high-performing cybersecurity organizations build and keep a critical mass of high-end specialists. This is a first attempt that the authors hope will prompt discussion and drive changes in how organizations attract and retain high-end cybersecurity talent. Details: Washington, dC: Center for Strategic & International Studies, 2016. 32p. Source: Internet Resource: Accessed November 10, 2016 at: https://csis-prod.s3.amazonaws.com/s3fs-public/publication/161011_Reeder_CyberSecurityNinjas_Web.pdf Year: 2016 Country: United States URL: https://csis-prod.s3.amazonaws.com/s3fs-public/publication/161011_Reeder_CyberSecurityNinjas_Web.pdf Shelf Number: 141074 Keywords: Computer Crime Cybercrime Cybersecurity Internet Crime Internet Security |
Author: U.S. Federal Communications Commission Title: Cybersecurity Risk Reduction Summary: Cybersecurity is a top priority for the Commission. The rapid growth of network-connected consumer devices creates particular cybersecurity challenges. The Commission's oversight of our country's privately owned and managed communications networks is an important component of the larger effort to protect critical communications infrastructure and the American public from malicious cyber actors. The Commission is uniquely situated to comprehensively address this issue given its authority over the use of radio spectrum as well as the connections to, and interconnections between, commercial networks, which touch virtually every aspect of our economy. Other agencies have also begun looking at network-connected devices and the security implications they bring in certain industry segments. The Commission's rules include obligations for Internet Service Providers (ISPs) to take measures to protect their networks from harmful interconnected devices. These rules make clear that providers not only have the latitude to take actions to protect consumers from harm, but have the responsibility to do so. Reasonable network management must include practices to ensure network security and integrity, including by "addressing traffic harmful to the network," such as denial of service attacks. The Public Safety and Homeland Security’s (PSHSB or Bureau) cybersecurity initiatives build upon FCC rules that have, for decades, effectively evolved to balance security, privacy, and innovation within the telecommunications market. The U.S. telecommunications market leads the world as a consequence of this light touch, but surgical, approach. Commission staff actively work with stakeholders to address cyber challenges presented by today's end-to-end Internet environment. This environment is vastly different and more challenging than the legacy telecommunications security environment that preceded it. Today insecure devices, connected through wireless networks, have shut down service to millions of customers by attacking critical control utilities neither licensed nor directly regulated by the Commission. These attacks highlight that security vulnerabilities inherent in devices attached to networks now can have large-scale impacts. As the end-to-end Internet user experience continues to expand and diversify, the Commission's ability to reduce cyber risk for individuals and businesses will continue to be taxed. But shifting this risk oversight responsibility to a non-regulatory body would not be good policy. It would be resource intensive and ultimately drive dramatic federal costs and still most certainly fail to address the risk for over 30,000 communications service providers and their vendor base. The Commission must address these cyber challenges to protect consumers using telecommunications networks. Cyber risk crosses corporate and national boundaries, making it imperative that private sector leadership in the communications sector step up its responsibility and accountability for cyber risk reduction. In this vein, the Commission has worked closely with its Federal Advisory Committees (FAC), as well as with its federal partners and other stakeholders, to foster standards and best practices for cyber risk reduction. The Commission worked with the other regulatory agencies to create a forum whereby agency principals share best regulatory practices and coordinate our approaches for reducing cybersecurity risk. A rich body of recommendations, including voluntary best practices, is the result. Industry implementation of these practices must be part of any effort to reduce cybersecurity risk. The Commission, however cannot rely solely on organic market incentives to reduce cyber risk in the communications sector. As private actors, ISPs operate in economic environments that pressure against investments that do not directly contribute to profit. Protective actions taken by one ISP can be undermined by the failure of other ISPs to take similar actions. This weakens the incentive of all ISPs to invest in such protections. Cyber-accountability therefore requires a combination of market-based incentives and appropriate regulatory oversight where the market does not, or cannot, do the job effectively. PSHSB has developed a portfolio of programs to address cybersecurity risk in the telecommunications sector in a responsible manner. These initiatives include collaborative efforts with key Internet stakeholder groups; increased interagency cooperation; and regulatory solutions to address residual risks that are unlikely to be addressed by market forces alone. This white paper describes the risk reduction portfolio of the current Commission and suggests actions that would continue to affirmatively reduce cyber risk in a manner that incents competition, protects consumers, and reduces significant national security risks. Details: Washington, dC: Federal Communications Commission, 2017. 56p. Source: Internet Resource: Accessed February 11, 2017 at: http://transition.fcc.gov/Daily_Releases/Daily_Business/2017/db0118/DOC-343096A1.pdf Year: 2017 Country: United States URL: http://transition.fcc.gov/Daily_Releases/Daily_Business/2017/db0118/DOC-343096A1.pdf Shelf Number: 145022 Keywords: CybercrimeCybersecurityInternet CrimeInternet SecuritySupply ChainsTelecommunications |
Author: Feakin, Tobias Title: The Australia-US Cyber Security Dialogue Summary: Unlike other traditional security issues, cybersecurity can’t remain purely the purview of states. The multifaceted nature of the threat requires a multifaceted response. Australia and the US face an environment in which our understanding of 'the rules' is being challenged by states that push the envelope of acceptable behaviour online through disruption and disinformation. But governments aren't the exclusive targets. States pursue competitive economic advantage through the theft of intellectual property from foreign corporations, cybercriminals siphon money from banks, and hacktivists compromise the data of organisations. So working with allies, bringing together the public and private sectors and pooling information and resources will be essential elements of tackling this threat effectively. The inaugural Australia–US Cyber Security Dialogue held in Washington DC in September 2016 examined all these issues and how best to manage them in a cooperative manner. The dialogue was facilitated by the Australian Strategic Policy Institute (ASPI) and the Center for Strategic and International Studies (CSIS). The robust bilateral and cross-sectoral discussion sessions, summarised below, traversed issues of cooperation in the Asia–Pacific, combating cybercrime and advancing the digital economy. The dialogue identified focus areas and a corresponding ASPI–CSIS joint work plan designed to further advance bilateral collaboration in this critical policy area. The three initiatives, outlined in the final section of this report, will sustain the momentum of Australia–US cyber cooperation, laying the groundwork for the agenda and driving discussion at the 2017 dialogue. Details: Barton ACT: Australian Strategic policy Institute, 2017. 20p. Source: Internet Resource: Accessed March 21, 2017 at: https://www.aspi.org.au/publications/the-australiaus-cyber-security-dialogue/SR101_Australia_US_dialogue.pdf Year: 2017 Country: Australia URL: https://www.aspi.org.au/publications/the-australiaus-cyber-security-dialogue/SR101_Australia_US_dialogue.pdf Shelf Number: 144528 Keywords: Cybercrime Cybersecurity Internet Crime Internet Security |
Author: Moura, Giovane Cesar Moreira Title: Internet Bad Neighborhoods Summary: A significant part of current Internet attacks originates from hosts that are distributed all over the Internet. However, there is evidence that most of these hosts are, in fact, concentrated in certain parts of the Internet. This behavior resembles the crime distribution in the real world: it occurs in most places, but it tends to be concentrated in certain areas. In the real world, high crime areas are usually labeled as "bad neighborhoods". The goal of this dissertation is to investigate Bad Neighborhoods on the Internet. The idea behind the Internet Bad Neighborhood concept is that the probability of a host in behaving badly increases if its neighboring hosts (i.e., hosts within the same subnetwork) also behave badly. This idea, in turn, can be exploited to improve current Internet security solutions, since it provides an indirect approach to predict new sources of attacks (neighboring hosts of malicious ones). In this context, the main contribution of this dissertation is to present the first systematic and multifaceted study on the concentration of malicious hosts on the Internet. We have organized our study according to two main research questions. In the first research question, we have focused on the intrinsic characteristics of the Internet Bad Neighborhoods, whereas in the second research question we have focused on how Bad Neighborhood blacklists can be employed to better protect networks against attacks. The approach employed to answer both questions consists in monitoring and analyzing network data (traces, blacklists, etc.) obtained from various real world production networks. One of the most important findings of this dissertation is the verification that Internet Bad Neighborhoods are a real phenomenon, which can be observed not only as network prefixes (e.g., /24, in CIDR notation), but also at different and coarser aggregation levels, such as Internet Service Providers (ISPs) and countries. For example, we found that 20 ISPs (out of 42,201 observed in our data sets) concentrated almost half of all spamming IP addresses. In addition, a single ISP was found having 62% of its IP addresses involved with spam. This suggests that ISP-based Bad Neighborhood security mechanisms can be employed when evaluating e-mail from unknown sources. This dissertation also shows that Bad Neighborhoods are mostly application specific and that they might be located in neighborhoods one would not immediately expect. For example, we found that phishing Bad Neighborhoods are mostly located in the United States and other developed nations - since these nations hosts the majority of data centers and cloud computing providers - while spam comes from mostly Southern Asia. This implies that Bad Neighborhood based security tools should be application-tailored. Another finding of this dissertation is that Internet Bad Neighborhoods are much less stealthy than individual hosts, since they are more likely to strike again a target previously attacked. We found that, in a one-week period, nearly 50% of the individual IP addresses attack only once a particular target, while up to 90% of the Bad Neighborhoods attacked more than once. Consequently, this implies that historical data of Bad Neighborhoods attacks can potentially be successfully employed to predict future attacks. Overall, we have put the Internet Bad Neighborhoods under scrutiny from the point of view of the network administrator. We expect that the findings provided in this dissertation can serve as a guide for the design of new algorithms and solutions to better secure networks. Details: Twente, NETH: University of Twente, 2013. 245p. Source: Internet Resource: Dissertation: Accessed April 11, 2017 at: http://doc.utwente.nl/84507/1/thesis_G_Moura.pdf Year: 2013 Country: International URL: http://doc.utwente.nl/84507/1/thesis_G_Moura.pdf Shelf Number: 144779 Keywords: Computer CrimeComputer SecurityInternet CrimesInternet SafetyInternet SecuritySpam |
Author: Davis, John S., II Title: Stateless Attribution: Toward International Accountability in Cyberspace Summary: The public attribution of a malicious cyber incident consists of identifying the responsible party behind the activity. A cyber attribution finding is a necessary prerequisite for holding actors accountable for malicious activity. Recently, several cyber incidents with geopolitical implications and the attribution findings associated with those incidents have received high-profile press coverage. Many segments of the general public disputed and questioned the credibility of the declared attributions. This report reviews the state of cyber attribution and examines alternative options for producing standardized and transparent attribution that may overcome concerns about credibility. In particular, this exploratory work considers the value of an independent, global organization whose mission consists of investigating and publicly attributing major cyber attacks. Key Findings Cyber Attribution Efforts Lack Uniformity and Credibility Analysis of recent cases indicates that the practice of attribution has been diffuse and discordant, with no standard methodology used in the investigations to assess evidence, nor a universal confidence metric for reaching a finding. In several cases, investigations were performed but no formal attribution finding was made public by the investigative entity or victim. Further, public statements of attribution have been met with suspicion, confusion, and a request for greater transparency about the investigation and the evidential basis. Challenges in Cyber Attribution The first challenge concerns the difficulty of reaching a cyber attribution finding. Technical, political, and all-source indicators are all tools used in determining attribution, and usually are used in some combination. A second cyber attribution challenge concerns the issue of persuasively communicating a finding to an intended audience. Credibility hinges on several factors: strong evidence, demonstration of the requisite knowledge and skills for reaching a correct conclusion, a track record of accuracy and precision, a reputation for objective and unbiased analysis, and a transparent methodology that includes an independent review process. Effective cyber attribution investigations will reflect these considerations and achieve credibility in the eyes of the of the target audience. Recommendations In light of the aforementioned challenges and insights, the authors propose and explore the nature of an international organization for cyber attribution, which this report refers to as the Global Cyber Attribution Consortium (the Consortium). This broad team of international experts would provide independent investigation of major cyber incidents for the purpose of attribution. Membership should include representatives from two sectors: (1) technical experts from cybersecurity and information technology companies, as well as academia, and (2) cyberspace policy experts, legal scholars, and international policy experts from a diversity of academia and research organizations. A credible and transparent attribution organization should not include the formal representation of nation-states, to avoid an appearance of bias and to protect transparency. The Consortium would work with victims or their advocates upon their request and with their cooperation to investigate cyber incidents using a diverse set of methodologies and would publish its findings for public review. In addition to providing a credible and transparent judgment of attribution, the Consortium's investigations would help standardize diffuse methodological approaches, naming conventions, and confidence metrics that would advance shared understanding in cyberspace and promote global cybersecurity. The international community could use the Consortium's findings to bolster network defenses, thwart future attacks, and pursue follow-on enforcement actions to hold the perpetrator(s) accountable. Details: Santa Monica, CA: RAND, 2017. 64p. Source: Internet Resource: Accessed June 9, 2017 at: http://www.rand.org/pubs/research_reports/RR2081.html Year: 2017 Country: International URL: http://www.rand.org/pubs/research_reports/RR2081.html Shelf Number: 145991 Keywords: Cybercrime Cybersecurity Cyberspace Internet Crimes Internet Security |
Author: Symantec Title: Internet Security Threat Report. Volume 23 Summary: From the sudden spread of WannaCry and Petya/NotPetya, to the swift growth in coin miners, 2017 provided us with another reminder that digital security threats can come from new and unexpected sources. With each passing year, not only has the sheer volume of threats increased, but the threat landscape has become more diverse, with attackers working harder to discover new avenues of attack and cover their tracks while doing so. Coin mining attacks explode Cyber criminals who have been firmly focused on ransomware for revenue generation are now starting to explore other opportunities. During the past year, the astronomical rise in crypto currency values inspired many cyber criminals to shift to coin mining as an alternative revenue source. This coin mining gold rush resulted in an 8,500 percent increase in detections of coinminers on endpoint computers in 2017. With a low barrier of entry-only requiring a couple lines of code to operate-cyber criminals are using coin miners to steal computer processing power and cloud CPU usage from consumers and enterprises to mine crypto currency. While the immediate impact of coin mining is typically performance related-slowing down devices, overheating batteries, and in some cases, rendering devices unusable-there are broader implications, particularly for organizations. Corporate networks are at risk of shutdown from coin miners aggressively propagated across their environment. There may also be financial implications for organizations who find themselves billed for cloud CPU usage by coin miners. As malicious coin mining evolves, IoT devices will continue to be ripe targets for exploitation. Symantec already found a 600 percent increase in overall IoT attacks in 2017, which means that cyber criminals could exploit the connected nature of these devices to mine en masse. Despite the Eternal Blue exploit wreaking havoc in 2017, the reality is that vulnerabilities are becoming increasingly difficult for attackers to identify and exploit. In response to this, Symantec is now seeing an increase in attackers injecting malware implants into the supply chain to infiltrate unsuspecting organizations, with a 200 percent increase in these attacks-one every month of 2017 as compared to four attacks annually in years prior. Hijacking software updates provides attackers with an entry point for compromising well-protected targets, or to target a specific region or sector. The Petya/NotPetya (Ransom.Petya) outbreak was the most notable example: After exploiting Ukrainian accounting software as the point of entry, Petya/ NotPetya used a variety of methods, spreading across corporate networks to deploy the attackers' malicious payload. When viewed as a business, it's clear that ransomware profitability in 2016 led to a crowded market, with overpriced ransom demands. In 2017, the ransomware 'market' made a correction with fewer ransomware families and lower ransom demands-signaling that ransomware has become a commodity. Many cyber criminals may have shifted their focus to coin mining as an alternative to cash in while crypto currency values are high. Some online banking threats have also experienced a renaissance as established ransomware groups have attempted to diversify. Last year, the average ransom demand dropped to $522, less than half the average of the year prior. And while the number of ransomware variants increased by 46 percent, indicating the established criminal groups are still quite productive, the number of ransomware families dropped, suggesting they are innovating less and may have shifted their focus to new, higher value targets Symantec has found that overall targeted attack activity is up by 10 percent in 2017, motivated primarily by intelligence gathering (90 percent). However, a not-so-insignificant 10 per cent of attack groups engage in some form of disruptive activity. The 'living off the land' trend continues with attack groups opting for tried-and-trusted means to infiltrate target organizations. Spearphishing is the number one infection vector, employed by 71 percent of organized groups in 2017. The use of zero days continues to fall out of favor. In fact, only 27 percent of the 140 targeted attack groups that Symantec tracks have been known to use zero-day vulnerabilities at any point in the past. Threats in the mobile space continue to grow year-over-year. The number of new mobile malware variants increased by 54 percent in 2017, as compared to 2016. And last year, an average of 24,000 malicious mobile applications were blocked each day. While threats are on the increase, the problem is exacerbated by the continued use of older operating systems. In particular, on Android, only 20 percent of devices are running the newest major version and only 2.3 percent are on the latest minor release. Mobile users also face privacy risks from grayware, apps that aren't completely malicious but can be troublesome. Symantec found that 63 percent of grayware apps leak the device's phone number. With grayware increasing by 20 percent in 2017, this isn't a problem that's going away. Details: Mountain View, CA: Symantic, 2018. 87p. Source: Internet Resource: Accessed March 27, 2018 at: https://www.symantec.com/content/dam/symantec/docs/reports/istr-23-executive-summary-en.pdf Year: 2018 Country: International URL: https://www.symantec.com/content/dam/symantec/docs/reports/istr-23-executive-summary-en.pdf Shelf Number: 149586 Keywords: Computer CrimesCyber CrimeDigital SecurityInternet Crimes (U.S.)Internet SecuritySupply Chains |