How Cyber Security works

how cybersecurity is important and how cyber security is helpful in controlling crime and how cyber security can be improved
LottieBarners Profile Pic
LottieBarners,Hawaii,Researcher
Published Date:12-07-2017
Your Website URL(Optional)
Comment
November 2016 Cybersecurity Threats Challenges OpportunitiesCYBER SPEAK Every industry has its own lexicon, and the cyber world is no different. While built on technological foundations that we all know – computers, the internet, smartphones, and similar – as you delve deeper into the subject you start to encounter acronyms and technical concepts that you may not be familiar with. And, if we’re all to communicate on the subject of cybersecurity – across all sectors of government, business, industry, and academia – then it can help to familiarise yourself with the nomenclature associated with this diverse and compelling subject. To this end we’ve included a Glossary on page 57. Feel free to flick back and forth as you read to ensure you get the most out this document, spending more time expanding your knowledge and less time scratching your head 1 And so it follows that in order to individual; at other times it can cause billion globally in the next seven keep our way of life – and to continue significant financial or operational years alone – and the possibility to prosper through technology – we harm. At its worst, loss of life can be for Australia to establish itself as a must ensure that it always operates a result. leader, pioneering new technologies and works for us as intended. and exporting cybersecurity products Cybersecurity, then, is not optional. to the rest of the world. And for the most part it does, until As our world transitions more it’s hacked. In the hands of less than products and services online, and We are more than just the lucky favourable individuals, organisations, we in turn depend on them, protecting country. We are early adopters. We and governments, technology and this technological infrastructure has are tenacious innovators. We are a the data it depends on can be turned become a fundamental building block nation with the skills and talent to against us. for information systems globally. lead the world in cybersecurity – It must underpin every technology, and with the right mix of leadership When you read yet another report every gadget, every application, and and commitment from government, of a multimillion-dollar bank theft, anywhere data is stored. industry, and academia, we can make yet another million usernames and it happen. passwords leaked on the web, or To help understand the risks, this yet another scam milking millions document will explore the threats What part will you play? from vulnerable people – what you Australia faces in this digital age: are reading about is the lack of to our economy, our sovereignty, cybersecurity: a failure to protect and ultimately, our way of life. systems, processes, or data and It will also cover the opportunities thereby enabling exploitation. as a burgeoning industry – one that Sometimes the end result is just an is projected to be worth US639 embarrassment for a company or Cybersecurity – Threats Challenges Opportunities 6% OF THE WORLD’S POPULATION IS CONNECTED TO THE INTERNET 46 What is cybersecurity? As with any technological advance throughout history, whenever new opportunities are created, there will always be those that exploit them for their own gain. Despite the threat of viruses and malware almost since the dawn of computing, awareness of the security and sanctity of data with computer systems didn’t gain traction until the explosive growth of the internet, whereby the exposure of so many machines on the web provided a veritable playground for hackers to test their skills – bringing down websites, stealing data, or committing fraud. It’s something we now call cybercrime. Since then, and with internet penetration globally at an estimated 3.4 billion users (approximately 46% 2 of the world’s population ), the 02THREAT VECTORS BY INDUSTRY The vectors by which industries are compromised. Source: Verizon 2015 Data Breach Investigations Report FINANCE INFORMATION PUBLIC SECTOR EDUCATIONAL WEB FINANCE RETAIL APPLICATIONS ENTERTAINMENT 9.4% HOSPITALITY CRIMEWARE POINT OF SALE 18.8% 28.5% MISCELLANEOUS 14.7% PRIVILEGE MISUSE CYBER 10.6% ESPIONAGE MINING HEALTHCARE 18% ADMINISTRATIVE PROFESSIONAL INFORMATION MANUFACTURING opportunities for cybercrime have of critical business or government ballooned exponentially. intelligence, that drives the cyber The increasing underworld. prevalence and severity Combating this is a multi-disciplinary affair that spans hardware and One fact remains clear: it’s only of malicious cyber- software through to policy and people going to increase. As we integrate enabled activities… – all of it aimed at both preventing technology further into our lives, the constitute an unusual cybercrime occurring in the first opportunities for abuse grow. So too, and extraordinary threat place, or minimising its impact then, must the defences we employ when it does. This is the practice of to stop them through the education to the national security, cybersecurity. and practice of cybersecurity. foreign policy and There is no silver bullet, however; economy of the United cybersecurity is a constantly evolving, States. I hereby declare constantly active process just like the a national emergency threats it aims to prevent. to deal with this threat. What happens when security fails? While what frequently makes the Barack Obama, news are breaches of user accounts 3 President of the United States, 2015 and the publication of names and passwords – the type that the Ashley Madison hack publicly exemplified – it’s often financial gain, or the theft Cybersecurity – Threats Challenges Opportunities 8LAST TO KNOW MORE THAN 90% OF BREACHES ARE DISCOVERED BY EXTERNAL PARTIES WHAT’S THE PASSWORD? 63% OF BREACHES ARE CAUSED BY WEAK, DEFAULT, OR STOLEN PASSWORDS EASY HACKS, EASY BREACHES TOP 10 ESPIONAGE TARGETED INDUSTRIES Source: Verizon 2016 Data Breach The most targeted industries in 2015. Investigations Report Source: Verizon 2015 Data Breach Investigations Report MANUFACTURING 27.4% PUBLIC 20.2% PROFESSIONAL 13.3% INFORMATION 6.2% UTILITIES 3.9% TRANSPORTATION 1.8% EDUCATIONAL 1.7% REAL ESTATE 1.3% FINANCIAL SERVICES 0.8% HEALTHCARE 0.7% AND THE WEAKEST LINK IS… Humans are inherently complex In fact a recent study by researchers and multi-faceted creatures with at the Friedrich-Alexander our own agendas, influences, University of Erlangen-Nuremberg, faults, beliefs, and priorities. Germany, revealed that just over 50% of people click on links in Sometimes we’re also simply just emails from strangers, even when too trusting. 4 they were aware of the risks. Even the most hardened system And so, as a result, cybersecurity can be breached through social isn’t just about technological engineering – the ‘hacking’ of defences: it’s also about people. people. No amount of secure From the home user through network topologies and firewalls to industry and government, or security software can withstand everyone needs a basic a user innocently clicking on an understanding of cyberthreats email link, or being convinced to and how to recognise them – give up login details over the phone something which comes under the by someone pretending to be from umbrella of digital literacy. the IT department. 02Cyber Cybersecurity – Thr security – Threats Chall eats Challenges Opportunities enges Opportunities 10 10A world without cybersecurity WHILE One the most damaging targets for a society embroiled 93% COMPANIES OF CASES TOOK in cyberwarfare is infrastructure. HACKERS WEEKS TOOK JUST OR MONTHS TO Our reliance on automation focuses single points MINUTES DISCOVER TO BREACH of failure that can have dramatic consequences if directed at power stations, communication networks, SHOW transport and other utilities. ME THE 95% OF WEB MONEY By way of example, and to draw terrorist, criminal, or foreign power. ATTACKS ARE FINACIALLY from the emerging technology of Australia invaded without the invader MOTIVATED driverless cars gaining popularity ever stepping on our shores. now, is the following example of It’s a stark example, but it LOST ASSETS what might happen if we continue to EMPLOYEE demonstrates the Achilles heel the MISTAKES create products and services without inter-connected society that we are 100x cybersecurity in mind: TIMES MORE heading for right now, and the reason PREVALENT cybersecurity must be part of all Thirty years from now our society THAN THEFT technology from the outset. runs on automated cars, buses and trains. Planes still require human Consider this: the internet has authority – for now – and drones 12% DO NEARLY enabled entirely new business CLICK line the sky. On the one hand, this models that have already shaped 30% THE LINK OR advance in technology has brought our planet. But the Googles and OPEN OPEN much greater efficiency: traffic PHISHING ATTACHED Facebooks and Amazons of this EMAILS FILES jams eliminated, pollution lowered, world are not the most profitable cheaper cost of transport and more. organisations that conduct business It’s a golden age. over the internet today – that crown SIMPLE MISTAKES, COSTLY LOSSES Then a cyberattack compromises the belongs to cybercrime. It speaks Source: Verizon 2016 Data Breach Investigations Report central network. The systems that volumes that the most lucrative co-ordinate all transport shut down, business on the internet today 9 bringing the city of Sydney – now is fraud. 7 million people – to an abrupt halt. No cars, no buses, no trains. Workers can’t get to and from work, and productivity stops. Life-saving medicine doesn’t arrive and people die. Essential services begin to fail, and chaos ensues. The economic and social fallout is immense: a city held hostage by an external force – be it 02Q2 2015 saw one of the highest packet rate attacks recorded... which peaked at 214 million packets per second (Mpps). That volume is capable of taking out Tier 1 routers, such as those used by Internet service providers (ISPs). Akamai, State of the Internet 10 Q2 2015 Report CHINA 37.01% US 17.88% UK 10.21% INDIA 7.43 SPAIN 6.03% KOREA 4.53% RUSSIAN FEDERATION 4.45% GERMANY 4.29% AUSTRALIA 4.18% TAIWAN 4.0% TOP 10 SOURCE COUNTRIES FOR DDOS ATTACKS, Q2 2015 Top sources of mitigated DDoS attacks on Akamai’s network. Source: Akamai State of the Internet Report, Q2 2015 Cybersecurity – Threats Challenges Opportunities 12Threats in the information Every minute, we are age seeing about half a million attack attempts that are happening in cyberspace. Derek Manky, 5 Fortinet Global Security Strategist 03500,000 ATTACKS AGAINST FORTINET EVERY MINUTE 00 Thousand 5 To understand just how technology for nefarious purposes isn’t even by hardware and software. That is, becomes vulnerable to cybercrime, considered. if a hacking exploit works on Apple it helps to first understand the nature iPhones for example, and everyone And the result is that today cybercrime of threats and how they exploit in your organisation has one, then almost exclusively leverages the lack technological systems. by definition the attack surface could of security-focused design in range in the dozens to the thousands You might first ask why technology is everything from your smartphone and depending on the size of your vulnerable at all, and the answer is web browser through to your credit company. Or, looking at it another simple: trust. From its inception, the card and even the electronic systems way, if anyone with an iPhone is protocols that drive Internet, by and in your car. vulnerable, the attack surface large, were not designed for a future worldwide totals in the hundreds that involved exploitation – there was The nature of threats of millions. little expectation at its birth that we Cybercrime comes in a variety of might need to one day mitigate This is further compounded by the forms ranging from denial of service against attacks such as a distributed fact that hardware and software attacks on websites through to theft, denial of service (DDoS), or that a may provide multiple vectors for blackmail, extortion, manipulation, webcam you buy off the shelf might attacks, such that – and using the and destruction. The tools are many need security protocols to prevent it above example again – an iPhone and varied, and can include malware, being hacked and used to spy on you. might have multiple different ransomware, spyware, social vulnerabilities, each of them a engineering, and even alterations There is much greater awareness possibility for exploitation. In some to physical devices (for example, today, but even so you can still buy cases, multiple exploits can be used ATM skimmers). devices that connect to the internet in tandem to hack a device, as the that have poor security measures or It’s no surprise then that the sheer FBI recently demonstrated when it no security at all built-in, because up scope of possible attacks is vast, gained access to the San Bernardino until recently this simply wasn’t part a problem compounded by what’s shooter’s iPhone (yes, the good guys of the design scope. In many cases, known as the attack surface: the can hack you, too…) the idea that a device might be used size of the vulnerability presented Cybersecurity – Threats Challenges Opportunities 14And this is to say nothing of According to network security and embedded systems the type that services company Fortinet, 500,000 There were 19 distributed of which power our infrastructure attacks occur against its networks denial-of-service (DDoS) 5 including transport, electricity, and every minute . And that’s just one attacks that exceeded communications. Here, attacks are service provider. 100 Gbps during the often more targeted – even down to The bottom line is this: almost specific to systems in a particular first three months of the anything controllable by technology plant – but the repercussions are year, almost four times will have a weak spot. In the past also considerably more dangerous. year we’ve seen everything from more than in the previous Shutting down an electrical grid, for cars (“Hackers remotely kill jeep quarter. In some cases example, can have life-threatening 6 on highway” ) to medical devices consequences. attackers don’t even (“Hackers can send fatal dose to 7 have to deliver on their What you also don’t see – because drug pumps” ) to toys (“Hackers it’s hidden in the millions of fibre- hijack Hello Barbie Wi-Fi to spy threats. Researchers 8 optic networks and routers that on children” ) succumb to anyone from CloudFlare reported form the internet – is that attacks with a little knowledge, time, and that an extortion group are happening constantly all around opportunity. earned 100,000 without the world, even as you read this. To appreciate the scope of the Your modem at home that gives you ever launching a single challenge that lies ahead – the new access to the internet is constantly DDoS attack. types of threats that we are starting fending off queries to see if your to see emerge now – and thus the IP address has any open ports (the importance of cybersecurity for Lucien Constantin, virtual addresses that allow software 28 Network World, 2016 the government, industry, and the to communicate to and from your individual, the following section computers and network). delves into our predictions of where cybercrime is heading, and the type of attacks we can expect to see. 03The Internet of Things (IoT) Perhaps the most recognised buzzword of the For 6 in Bitcoin, I can moment, the Internet of Things (IoT) encompasses rent time on a DDoS tool the many and varied devices currently on the market, and bring down most or soon to be on the market, that will connect to and websites. Better yet, if I stay connected to the internet 24/7. send just the right type of packet to their web Typically this includes products like But this is just the beginning. IoT servers, I can crash the webcams, smart TVs, and even the has the potential to encompass a lot much touted internet-connected more – heart monitoring implants, site for free. fridges. But IoT actually encompasses pathogen monitoring for food, a broad range of products most of transponders for animals on farms, A Thief’s Perspective (interview), 18 which you won’t actually see – environmental waste monitoring, Intel Security, 2015 electronics, sensors, actuators field devices for police to detect and software soon to be built into threats, feedback sensors for everything from your car to your home: firefighters in search and rescue technology to unlock your door and and much, much more. turn on the lights when you arrive Perhaps the best way to imagine home; technology to allow cars to IoT is – and to borrow a phrase talk to other cars and traffic lights from a research paper at the Social to prevent accidents; technology to Science Research Network – is let entire cities regulate air-quality, to think of IoT as an “inextricable manage energy distribution, and mixture of hardware, software, data regulate water supply all in real-time 11 and service” . Which of course is from thousands of buildings, each with to say that the potential is close to thousands of sensors, all communi- limitless. cating through a city-wide network. According to the CEO of Cisco, Chuck Sound like fantasy? There is already a Robbins, the IoT industry is expected development in the UK by River Clyde to be worth US19 trillion globally Homes and the Hypercat Consortium 12 by 2020 . Closer to home, Frost & to build a Smart Neighbourhood in Sullivan is tipping the Australian Scotland by installing hundreds of market for IoT – just in terms of IoT devices to monitor everything home devices, such as in security or from temperature and local weather energy management – to be worth through to carbon monoxide levels, 13 200M by 2020. potential gas leaks, lift maintenance, Taken together, this means is that in smoke detection and communal the near future just about everything lighting to name a few. All of these you use, and everywhere you go, talk to each other to provide an devices will be hooked up to each overall real-time knowledge base other communicating, sharing data, for the operating of neighbourhood and enabling a future that once services, and to minimise health and was the realm of science-fiction. safety risks. The potential boon for society is immense, but so too are the risks. Cybersecurity – Threats Challenges Opportunities 16IOT – A FUTURE OF CONNECTED DEVICES As barriers to entry drop we will see an uptake of IoT, creating a future where attack vectors are everywhere. Source: IoT Alliance Australia % 99 1T 20x 40x 60x OF THINGS IN THE COST OF COST OF COST OF 1 TRILLION WORLD ARE STILL SENSORS BANDWIDTH PROCESSING CONNECTED NOT CONNECTED PAST 10 YEARS PAST 10 YEARS PAST 10 YEARS THINGS BY 2035 Considerably more devices will be the Googles and Akamais of this world Botnet armies connected to each other and the – are able to withstand. Somewhat related are botnets. A bot internet: Intel predicts there will be as (sometimes called a ‘zombie’) is a Analysis of the attack on OVH revealed 14 many as 200 billion devices by 2020. remotely-controlled and compromised – it consisted of some 145,000 devices, And if you remember our primer at unbeknownst to the owner – computing the majority of which belonged to the start of this document, that is device that’s connected to the internet. internet-connected CCTV cameras one very large, very vulnerable attack This could be a desktop computer or a and DVRs (digital video recorders) surface. It should go without saying laptop, but it can also be a webcam, typically used in business and home that the threat potential from IoT is a modem, or a Wi-Fi router, all of surveillance. beyond vast, and therefore which almost everyone has in their Such products make ideal bots because cybersecurity practices must form home today. Unfortunately, again, poor their limited functionality provides less part of IoT development from the security design sees devices like scope for security software; they’re ground up. For example, car manufac- these come with only basic security often headless, meaning a user doesn’t turers need to build security protocols that can be easily bypassed, allowing have a display or other means to into the sensors in smart cars to cybercriminals to install malware and interact with them to monitor activity. ensure they can’t be turned against control the device remotely. They almost always come with a the driver to cause injury or death. Collect enough bots and you have default administrator password that Something which, unfortunately, is a botnet, and with a botnet you can nobody changes because it requires currently not the case (see next launch a distributed denial-of-service effort and a bit of technical know-how section, Autonomous systems). (DDoS) attack. In large enough – allowing cybercriminals to walk numbers, such an attack can take through the front door and take it over. down websites and knock services This is a great example of how lack of offline – something we saw first-hand security design enables cybercrime Although a successful earlier this year when the Australian – who would think to hack a CCTV? attack on industrial IoT Bureau of Statistics eCensus website But that’s the line of thinking that was very publicly attacked. devices with an installed engenders security flaws. And once a base of hundreds of This is to say nothing of what happens flaw is out there, it often can’t be fixed: when IoT devices take part in a DDoS, the cost of updating the devices could millions would likely which we know they already do. In fact, be ruinous for a company if they need cause havoc, one device the world’s largest DDoS occurred in to be recalled, as not every device sup- at a key point in a critical August of this year knocking out French ports the ability to be updated remotely. infrastructure control internet service provider OVH, suffering Prevention, then, is better than cure. an attack that transmitted a record- system could be far more 17 breaking 1Tbps . To put this into Recently, cybercriminal botnet devastating. perspective, a 1Gbps attack is sufficient operators have moved to self- to knock most businesses anywhere in sustaining botnets that continually McAfee Labs 2016 the world offline, and this attack was find new devices to infect and add to 15 Threats Predictions 1000 times stronger. It was only earlier the flock, even while others may 16 in 2016 that the previous record came be taken offline . This has led to in at 579GBps. That is, we have already cybercriminals to sub-lease access to seen almost a doubling of capability their botnets on the cheap, meaning in less than a year, and at a volume so anyone with a grudge and 50 can high that very few very large players – bring down a website. 03TABLETS WEARABLE DEVICES 2015 – 248 MILLION 2019 – 269 MILLION 2015 – 200 MILLION 2019 – 780 MILLION IOT DEVICES GLOBAL PUBLIC CLOUD MARKET SIZE 2015 – 15 BILLION 2020 – 200 BILLION 2015 – 97 BILLION 2020 – 159 BILLION MORE DEVICES, MORE THREATS The growth in user-centric mobile and IoT devices will see greater exploitation of personal data. Source: McAfee 2016 Threats Predictions WHEN SECURITY IS AN AFTERTHOUGHT One of the most potent botnets and passwords (usually all related to date is Lizardstresser, by the to administrator logins). infamous Lizard Squad DDoS It’s so successful because many group. In 2015 the group released IoT devices are manufactured with the source code, allowing others to the same default login credentials. make their own. This has resulted Additionally, these same devices in copy-cat groups and a stark are also often simply plugged in increase in botnets-for-hire. and turned on, and have unfettered Lizardstresser relies on cheap access to the internet through IoT hardware to build large botnet whatever corporate or home armies, using shell scripts (simple networks they are connected to. text-based scripted programs) This makes them easy targets 19 to scan IP ranges and to attempt to enslave into botnets. access using hardcoded usernames Cyber Cybersecurity – Thr security – Threats Chall eats Challenges Opportunities enges Opportunities 18 18Attacks on automobile systems will increase rapidly in 2016 due to the rapid increase in connected automobile hardware built without foundational security principles. McAfee Labs 2016 15 Threats Predictions Autonomous systems As technology continues to permeate our lives, we move from operating technology to integrating with it. This is especially true of autonomous systems that are by definition designed to blend in with our society, becoming second nature. By the same token however, Similar abuse of access has also reliance on such systems makes the been demonstrated with cars from outcome of their abuse potentially Mercedes, BMW, Toyota, Audi and more damaging. Typically, these Fiat – all due to poor security in the 20 21 22 technologies also integrate into design process. critical infrastructure, such as It’s not hard to see that in the wrong payment systems and – in the case hands such abuse could result in of autonomous cars – the transport cars being used as weapons to maim network, making protecting them or kill pedestrians – or even the from a cybercrime a pivotal focus for occupants themselves – on the road. cybersecurity. According to Business Insider in its Connected-Car Report, there will be Driverless cars and transport 220 million autonomous cars on the 23 At the moment, driverless cars are road by 2020. stealing the limelight of autonomous McAfee’s 2016 Threats Predictions systems. While so far there have Report notes that “poorly secured been no documented cases of driverless cars and smart highways wilful misuse, it’s already been will further expose drivers and demonstrated that autonomous cars passengers in 2017 and beyond, can be remotely controlled. likely resulting in lost lives…”, and In 2015, 1.4 million Jeep Cherokees that “recent vehicle hacks are a were recalled after hackers great example… selectively modifying demonstrated that the cars could communications and commands be taken over remotely through the so they can take control or affect 6 entertainment system. what the vehicle does. This has a 15 potentially terrifying result.” 03DRX-BASED AIRBAG ECU USB RECEIVER (VX2) REMOTE LINK ONBOARD BLUETOOTH REMOTE KEY TYPE APP DEVICES STEERING AND PASSIVE BRAKING ECU TPMS KEYLESS ENTRY LIGHTING SYSTEM ENGINE AND ECU (INTERIOR AND ADAS SYSTEM VEHICLE ACCESS TRANSMISSION ECU EXTERIOR) ECU SYSTEM ECU THE ATTACK SURFACE OF A MODERN CAR Many car systems have not been designed with security in mind, making it possible to hack into a car via smartphone or laptop. Source: McAfee 2016 Threats Predictions Cybersecurity – Threats Challenges Opportunities 20EMAIL LINK PHISHING PERSON USER DESKTOP EMAIL ATTACHMENT MALWARE INSTALLATION ALTER BEHAVIOUR STEAL CREDENTIALS USE OF STOLEN CREDENTIALS DIRECT INSTALL MALWARE BACKDOOR, C2, RAMSCRAPER, EXPORT DATA PAYMENT POS TERMINAL/CONTROLLER BIRTH AND REBIRTH OF A DATA BREACH An example of how one breach can lead to another (in this case, harvesting payment data of consumers after first breaching a POS vendor). Source: Verizon 2016 Data Breach Investigations Report processing system, and so it’s ATMs and Point of Sale not uncommon to find malware They’d been inside our Credit cards have long been the specifically designed to pull data network for a long period, target of fraudsters, spurring the from embedded systems in POS development of RFID chips and about two years. And the terminals (see ‘Birth and re-birth other protective technology in the way it was described to of a data breach’ diagram, above.) banking ecosystem. However, us was they’re so deep security is an arms race and threats Now, of course, the technology has inside our network it’s such as skimming is now a global progressed further with contactless phenomenon that allows data from pay systems from the likes of Apple like we had someone cards to be read and transmitted (Apple Pay) and Google (Android Pay), sitting over our shoulder wirelessly in real time from ATM as well as players like Samsung for anything we did. machines and point of sale devices. (Samsung Pay, of course) that allow consumers to pay simply by waving Indeed, point of sale systems as a Daryl Peter, IT Manager, their smartphone over a device – 85 whole are their own a sub-category NewSat 2012-2014 which presents yet another attack of cybercrime infiltration, being surface for cybercrime. the weakest point of the payment 03WHAT ABOUT WEARABLES? Wearables are rapidly gaining Wearables are tracking all sorts popularity with smartwatches such of personal information including as the Apple Watch and Samsung GPS location, blood pressure, Gear, as well as exercise wearables heart rate, and anything else like those from FitBit and Jawbone. you feed them such as weight or According to ABI Research, an diet. Such personally identifiable estimated 780 million wearable information could be used as a devices will be in circulation base to target you for spear-phishing, by 2019. or aid in identity theft. But the real opportunity is these devices Now you might be wondering linking to your smartphone, where just what would be so bad about phone numbers, more personally hacking a fitness wearable? This identifiable information, emails, is exactly the line of thinking web logins etc. could theoretically that allows cybercrime to occur. be compromised. Cyber Cybersecurity – Thr security – Threats Chall eats Challenges Opportunities enges Opportunities 22 2203Cyberwarfare Once the domain of science fiction, cyberwarfare Most modern countries is now very real, with most superpowers now now are treating having dedicated cyberwarfare divisions of the cyberspace as another military. And while there have been few known, military domain, in co-ordinated cyberattacks on physical targets, addition to land, air and sea. we don’t need a crystal ball to predict the future: they will only increase. Dmitri Alperovitch, Cybersecurity 25 industry executive It’s telling that we are now in an Automated attacks age where governments, political Much of what we talk about with groups, criminals and corporations regards to ‘hacking’ is a function can engage in cyberespionage, of people at keyboards finding and cyberwarfare, and cyberterrorism. abusing weak links in security. It is a The Prime Minister, Malcolm Turnbull, skilled and time-consuming process. announced at the Australia-US However, in the ever-evolving arms Cyber Security Dialogue in September race between subversive elements that Australia is well equipped to and cybersecurity, a move to both defend against and carry out automating such attacks would have cyber-operations. clear benefits: whereas exfiltration We now live in a world where warfare may have taken days by skilled can be conducted entirely virtually – personnel, automated attacks can though the consequences will almost reduce this to hours – infiltrating, always have repercussions in the searching for a payload, gobbling it physical world. ENERGETIC BEAR One of the more well-known in manufacturing, construction, nation-state sponsored tools of health care and defence companies. cyberwarfare currently active is Primarily designed for Energetic Bear. First uncovered in cyberespionage, when the threat 2012, and believed to be sponsored was first mapped in 2014 by by Russia, Energetic Bear used security firm Kaspersky Labs, the Havex Trojan to gain access to it identified nearly 2,800 victims company networks, particularly worldwide, affecting countries those in the energy sector, including the US, Spain, Japan though it has also been found 44 and Germany. Cyber Cybersecurity – Thr security – Threats Chall eats Challenges Opportunities enges Opportunities 24 24

Advise: Why You Wasting Money in Costly SEO Tools, Use World's Best Free SEO Tool Ubersuggest.