Cyber Defense Weekly January 25, 2011

One new company that is leveraging that concept is Silver Tail Systems. Their sophisticated solution is meant for banks, stock trading sites and similar high value transaction sites.  I am adding them to my list of cool companies to watch for 2011 (to be posted soon).  

Web attacks take various forms. In 2002 I had a conversation with a large data provider who had opened up their proprietary database to subscribers for only $250/month.  It did not take long for someone to use a stolen credit card to get access and run scripts against the database to suck down as much as they could.  When IT-Harvest first launched our security vendor data base we allowed anyone to run simple searches on it.  That first day a vendor in Canada (you know who you are) ran a script against it to suck down the whole database.

Another time tested attack is web scraping: a technique that riled the airlines who did not like their prices posted on comparison sites.  And phishers sped a lot of time hitting a site in preparation for mimicking it so they can lure people into giving up their identities.  Once an attacker has user access they can engage in sophisticated pump and dump schemes where they liquidate the user's holding and invest in some penny stock they have already taken a position in. The attacker sells their own stock when it pops up in reaction to the unusual buy activity. The account holder is left holding worthless stock after it drops back down again.

The most critical step transaction sites can take is to ensure they do not contain vulnerabilities that expose them to hacks.  Brian Krebs lambastes the site administrators for .gov sites that are particularly lax in this manner.     Although deploying web application firewalls from Imperva or AppSec Inc. is the best way to defend against these attacks, more sophisticated attacks may take advantage of yet undiscovered vulnerabilities or use the very structure of the site to engage in fraudulent practices, often as authenticated users. 

That is where Silver Tail Systems comes in.  They monitor all traffic to the main site and third party sites and look for indications of malfeasance. Alerts are generated when the normal business logic is subverted and allows the site owner to investigate and correct controls.  This is much better than waiting for the call from an irate customer who finds his funds have vaporized!

You can hear more on my thoughts on web attacks and fraud as well as hear directly from Silver Tail Systems in a webinar this Thursday, the 27th of January at 1-2 PM Eastern (GMT -5).  Registration is now open.

'A pure cyberwar, that is one fought solely with cyber-weapons, is unlikely. On the other hand in nearly all future wars as well as the skirmishes that precede them policymakers must expect the use of cyberweaponry as a disrupter or force multiplier, deployed in conjunction with more conventional kinetic weaponry. Cyberweaponry of many degrees of force will also be increasingly deployed and with increasing effect by ideological activists of all persuasions and interests.'"

PCWorld interviewed Marcus Ranum and me (not realizing the irony) to get our reactions.  I cannot object to the above statement, and yes a solar flare could do a lot more damage to our critical infrastructure than a cyber attack. For that matter the detonation of an EMP above Chicago would be far more destructive. 

But don't lose sight of the fact that nations are arming for cyberwar. Just as pure air wars or pure naval wars are not likely pure cyberwar is not the point.  Computer and network attacks will be part of all future wars between modern armies.

This video posted by Mikko Hypponen of F-secure is very educational.

Some of the best research on Stuxnet is provided by Ralph Langner. He posts updates on his research here.