ClearSky Cyberdefense Forum

Cyber security is seen as one of the most pressing national security issues of our time. Due to sophisticated and highly publicized cyber-attacks such as Stuxnet, it is increasingly framed as a strategic issue. The diffuse nature of the threat, coupled with a heightened sense of vulnerability, has brought about a growing militarization of cyber security. This has resulted in too much attention on the low probability of a large scale cyber-attack, a focus on the wrong policy solutions, and a detrimental atmosphere of insecurity and tension in the international system. Though cyber operations will be a significant component of future conflicts, the role of the military in cyber security will be limited and needs to be carefully defined.

Strategic Trends offers an annual analysis of major developments in world affairs, with a primary focus on international security. Providing succinct interpretations of key trends rather than a comprehensive survey of events, this publication will appeal to analysts, policy-makers, academics, the media, and the interested public alike. It is produced by the Center for Security Studies (CSS) at ETH Zurich – Ch 5 from page 105 is dealing with cyber

http://www.sta.ethz.ch/content/download/2940/16645/file/ST-2012.pdf

 In its most complex effort to disrupt botnets to date, Microsoft Corp., in collaboration with the financial services industry — including the Financial Services – Information Sharing and Analysis Center (FS-ISAC) and NACHA – The Electronic Payments Association — as well as Kyrus Tech Inc., announced it has successfully executed a coordinated global action against some of the most notorious cybercrime operations that fuel online fraud and identity theft. With this legal and technical action, a number of the most harmful botnets using the Zeus family of malware worldwide have been disrupted in an unprecedented, proactive cross-industry action against this cybercriminal organization.

http://www.microsoft.com/Presspass/press/2012/mar12/03-25CybercrimePR.mspx

Direct link : http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2011_en_xg.pdf

Data loss through cyber attacks decreased sharply in 2010, but the total number of breaches was higher than ever, according to the “Verizon 2011 Data Breach Investigations Report.”  These findings continue to demonstrate that businesses and consumers must remain vigilant in implementing and maintaining security practices.

The number of compromised records involved in data breaches investigated by Verizon and the U.S. Secret Service dropped from 144 million in 2009 to only 4 million in 2010, representing the lowest volume of data loss since the report’s launch in 2008.  Yet this year’s report covers approximately 760 data breaches, the largest caseload to date.

According to the report, the seeming contradiction between the low data loss and the high number of breaches likely stems from a significant decline in large-scale breaches, caused by a change in tactics by cybercriminals.  They are engaging in small, opportunistic attacks rather than large-scale, difficult attacks and are using relatively unsophisticated methods to successfully penetrate organizations. For example, only 3 percent of breaches were considered unavoidable without extremely difficult or expensive corrective action.

The report also found that outsiders are responsible for 92 percent of breaches, a significant increase from the 2010 findings.  Although the percentage of insider attacks decreased significantly over the previous year (16 percent versus 49 percent), this is largely due to the huge increase in smaller external attacks.  As a result, the total number of insider attacks actually remained relatively constant.

Hacking (50 percent) and malware (49 percent) were the most prominent types of attack, with many of those attacks involving weak or stolen credentials and passwords.  For the first time, physical attacks – such as compromising ATMs – appeared as one of the three most common ways to steal information, and constituted 29 percent of all cases investigated.

For the second year in a row, the U.S. Secret Service collaborated with Verizon in preparing the report.  In addition, the National High Tech Crime Unit of the Netherlands Policy Agency (KLPD) joined the team this year, allowing Verizon to provide more insight into cases originating in Europe.  Approximately one-third of Verizon’s cases originated in either Europe or the Asia-Pacific region, reflecting the global nature of data breaches.

The Pentagon is accelerating efforts to develop a new generation of cyberweapons capable of disrupting enemy military networks even when those networks are not connected to the Internet, according to current and former U.S. officials.

The possibility of a confrontation with Iran or Syria has highlighted for American military planners the value of cyberweapons that can be used against an enemy whose most important targets, such as air defense systems, do not rely on Internet-based networks. But adapting such cyberweapons can take months or even years of arduous technical work.

http://www.stripes.com/news/pentagon-is-accelerating-development-of-cyberweapons-1.172061

Recent cyber-attacks include one in Japan in which a semiconductor factory was forced to suspend operations after its control systems were infected with a virus, and one at a nuclear-related facility abroad that was forced to suspend operations.

To find out how to protect control systems from cyber-attacks, the security center will develop original computer viruses, launch simulated cyber-attacks against control systems with the viruses, and observe what happens to the systems.

http://www.yomiuri.co.jp/dy/national/T120318002932.htm

In early March, Kaspersky labs received a report from an independent researcher on mass infections of computers on a corporate network after users had visited a number of well-known Russian online information resources. The symptoms were the same in each case: the computer sent several network requests to third-party resources, after which, in some cases, several encrypted files appeared on the hard drive.

The infection mechanism used by this malware proved to be very difficult to identify. The websites used to spread the infection are hosted on different platforms and have different architectures. None of kaspersky attempts to reproduce the infections were successful. A quick analysis of KSN statistics that might help to identify the connection between compromised resources and the malicious code being distributed did not yield any results, either. However, we did manage to find something that the news sites had in common.

http://www.securelist.com/en/blog/687/A_unique_fileless_bot_attacks_news_site_visitors

The report, “Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage,” was researched under mandate by Congress when it first formed the external Washington, D.C.-based U.S.-China Economic and Security Review Commission to undertake ongoing research about relations between the two countries. The report, written by information security analysts from Northrop Grumman, says that leaders in the Chinese People’s Liberation Army (PLA) “have embraced the idea that successful warfighting is predicated on the ability to exert control over an adversary’s information and information systems, often preemptively.”

http://www.uscc.gov/RFP/2012/USCC%20Report_Chinese_CapabilitiesforComputer_NetworkOperationsandCyberEspionage.pdf

CHINESE spies hacked into computers belonging to BAE Systems, Britain’s biggest defence company, to steal details about the design, performance and electronic systems of the West’s latest fighter jet, senior security figures have disclosed.

http://www.theaustralian.com.au/news/world/security-experts-admit-china-stole-secret-fighter-jet-plans/story-fnb64oi6-1226296400154