Forgot your password?
typodupeerror
Government Security IT

State-Sponsored CyberAttacks Expected To Rise 33

Posted by Soulskill
from the nowhere-to-go-but-up dept.
wiredmikey writes "According to a report released today, IT security professionals will see a rise in State-sponsored attacks, like the Stuxnet worm, that will build on concepts and techniques from the commercial hacker industry to create more powerful 'Advanced Persistent Threats.' The researchers also expect an increase in compromised mobile devices leading to data theft or loss as a result of lagging security measures, and that next year will bring the first major data breaches as a result of compromised devices. The biggest potential impact will be caused by the proliferation of sophisticated mobile devices interacting with corporate networks."
This discussion has been archived. No new comments can be posted.

State-Sponsored CyberAttacks Expected To Rise

Comments Filter:
  • A rise? (Score:5, Insightful)

    by dropadrop (1057046) on Monday November 15, 2010 @06:33PM (#34236552)
    To know there is a rise you would need to have some kind of baseline on the current situation. I don't think anyone knows how much state sponsored cyber attacks are currently going around, but I would imagine quite a bit. Most states will have quite a high level of technology and far more motivation to keep things secret then your average cyber criminal. Maybe one (kind of) exception is Russia where the cyber criminals are state friendly to a level where they will (with or without actual concent) do cyber attacks for the states benefit (look at ddos attacks at estonia as an example).
    • Re:A rise? (Score:4, Insightful)

      by ColdWetDog (752185) on Monday November 15, 2010 @06:44PM (#34236658) Homepage
      "Boy, that's one mean piece of software. Hottest thing since sliced bread. That goddamn thing is invisible. I just rented twenty seconds on that little pink box, just left of the T-A ice; had a look at what we look like. We don't. We're not there."

      Neuromancer, William Gibson. 1984.

      Truth - stranger than fiction, if lagging a bit in time.

    • Re: (Score:3, Insightful)

      by MozeeToby (1163751)

      To know there is a rise you would need to have some kind of baseline on the current situation.

      You do? If it rains for a week straight I can make a prediction that the river level will rise over the course of that week without knowing what the level of the river was before it started raining. It could be a dry creek bed or it could be an inch from bursting it's banks, that information doesn't necessarily factor into my prediction of a rise.

      • Re:A rise? (Score:4, Insightful)

        by Monkeedude1212 (1560403) on Monday November 15, 2010 @06:50PM (#34236722) Journal

        You do? If it rains for a week straight I can make a prediction that the river level will rise over the course of that week without knowing what the level of the river was before it started raining. It could be a dry creek bed or it could be an inch from bursting it's banks, that information doesn't necessarily factor into my prediction of a rise.

        Is that an accurate prediction?

        What if the week before it was raining more, like a monsoon, and the week after it was hit with tidal wave?

        Point is, the fact that you know its happening doesn't actually mean it's going up. You need to know what it was like before for it to have any meaning.

        Your whole point was based on the assumption that it wasn't raining before your week started, thus, you knew the existing preconditions.

        • Re: (Score:1, Funny)

          by Anonymous Coward

          yes, it's still a prediction.

          Yes it's probibly accurate (note: the amount of rain receved is enough information to make accurate assesments, while still not knowing the original river-depth)

          what it is NOT is testable.

          just because a prediction is untestable has no bearing on it's accuracy.

          • Re: (Score:3, Funny)

            just because a prediction is untestable has no bearing on it's accuracy.

            It has a huge bearing on its accuracy, you can't BE accurate without testing it!

            "Aliens live on mars" - I can claim that is an accurate prediction so long as we do not test that claim.

      • Re: (Score:2, Insightful)

        by Bryan3000000 (1356999)
        Yes, you need a baseline on the current/usual rainfall. For example, assume it customarily rains 24 hours a day, one inch per hour. You do not know this information. You are told that it is going to rain for a straight week. You predict a rise in the river. Your prediction is wrong, because it is always raining and the river level has assumed equilibrium.

        You don't need a baseline on the water level - you need a baseline on the rate of rainfall. To predict a rise in attacks, you would need to know t
        • Re: (Score:3, Informative)

          by Anarchduke (1551707)
          Very analytical. However, the post you replied to never mentioned that he needed to know the previous condition of rainfall, only that he didn't need to know the previous condition of the river. Perhaps he thought that the previous baseline of rainfall you were referring to was, as you put it, "pretty basic stuff", and didn't need to be mentioned.

          In terms of the actual article, I interpreted that MozeeToby [slashdot.org] was saying that just because one don't know current amount of government sponsored IT attacks does
          • I'm certain it takes a great deal of data analysis and expertise to predict that information attacks will increase. Anything that can be properly classified as a safe assumption makes for silly predictions.

            More to the point, while the current level of the river may not affect a safe assumption about the rise, the prediction is pretty worthless without such supporting information. Also pretty basic stuff that you almost certainly know and recognize. Yet you try to gloss it over. Not only is this info
      • In this case you have no idea how much it has previously rained, somebody (selling umbrellas) has just predicted it will probably rain even more next year.

        I'm not saying you are wrong, just saying it's probably already far more common then one would assume (given how little it's talked about).

    • Re: (Score:1, Flamebait)

      I don't think anyone knows how much state sponsored cyber attacks are currently going around, but I would imagine quite a bit.

      Well, maybe we should try the polite approach and just ask every country, about their state-sponsored CyberAttacks? I'm sure almost every country would be willing to oblige. If not, the U.N. Security Council could pass a resolution requiring states to divulge their CyberHankyPanky. That would have them all quaking in their boots!

      Until then, buy more CyberSecurity products! It's good, clean, wholesome fun!

    • To know there is a rise you would need to have some kind of baseline on the current situation..

      Even if there are zero now it is reasonable to predict there will be a rise in the number.

  • weeeeeeee (Score:5, Insightful)

    by kaoshin (110328) on Monday November 15, 2010 @07:00PM (#34236810)
    Company that sells security solutions predicts need for more security. The surprises just keep coming.
    • Re: (Score:2, Flamebait)

      Not only that, but the threat will be "right in the palm of your hand" and that should be scary enough for the average IT joe to spend some not so average cash on a problem that can't be quantified. How many apps does the average idiot download anyway? I stopped after 50 first month with my iPod and have not upgraded or bothered to find any since. Like the apps on facebook, the apps on the app store are mostly useless crap for shitheads. Period.

    • Re: (Score:2, Insightful)

      by hellkyng (1920978)
      Indeed, especially considering the security companies selling their junk are terrible failures at preventing malware just like stuxnet. I really don't seem them stepping up to brawl with state funded players any time soon.
      • by phek (791955)

        you're confusing the AV market with the security market. the AV market is always behind the new virus'/worms because that's what they do, wait for some virus to come out and once it gets popular create a definition for it. The security industry on the other hand is constantly finding and reporting new vulnerabilities in software. Sure there's still something to be desired with the security vendors but they are definitely stepping up to brawl with state funded players. Well maybe not qualys or rapid 7, t

    • by Anonymous Coward

      To a custom hosts file: That tell you anything? It used to only be that many a month years ago prior to I'd say, 2004 or thereabouts...

      Additionally, to so do, I'm still using the same decent sources as well as my own I built up from the same sources since 1997:

      Spybot Search & Destroy's "IMMUNIZE" feature
      http://ddanchev.blogspot.com/ [blogspot.com]
      http://www.malwareurl.com/listing-urls.php?page=1&urls=off&rp= [malwareurl.com]
      http://www.malware.com.br/lists.shtml [malware.com.br]
      http://securitylabs.websense.com/content/alerts.aspx [websense.com]
      http://www.stop [stopbadware.org]

    • by rtb61 (674572)

      Companies that sell networking solutions will start promoting parallel networks. An inside secure network and an outside less secure network, with separate devices on both networks and no connection between the two networks. Hardware is cheap enough and you can wire the secure network and wireless the insecure network.

      So insecure personal, email and internet access, secure everything else and when it leave s the office it only does so on dedicated lines, hard copy or controlled and specifically checked d

  • I'm shocked.
  • by Anonymous Coward

    I want to see this force carriers to make available up-to-date software on phones, even if they're a year or two old.

  • seriously though? (Score:3, Insightful)

    by nimbius (983462) on Monday November 15, 2010 @08:15PM (#34237370) Homepage
    this is a security company telling you information that drives their sales. its like an ice cream manufacturer saying "i see a need for more ice cream in the future."

    im surprised slashdot hasnt become more abrasive toward this type of annoying product placement and corporate fear mongering.
    • Ninmius, I agree with what you are saying as far as the info coming from a security company. That being said, those are the types of companies actively doing this type of research. In other words, why would another company not in the industry do this type of research. Despite coming from a vendor, many of these reports are helpful and almost essential in helping organizations stay more secure. Knowing of a threat after it happened isn't very good, but understanding trends and what may come next is even mor
    • this is a security company telling you information that drives their sales. its like an ice cream manufacturer saying "i see a need for more ice cream in the future."

      im surprised slashdot hasnt become more abrasive toward this type of annoying product placement and corporate fear mongering.

      That's because We Like Ice Cream; We love it. We can not resist ice cream. To resist is hopeless... [youtube.com]

  • All the hype about APTs being some sort of new and fashionable attack method is puzzling. Ultimately the core is simply another form of malware, perhaps used for a slightly different purpose than the old-school script kiddie website defacing, but ultimately the same principles of security apply just as much to APT as they do to any other form of attack.

    Or in other words:

    The fact is this - malware has always had the ability to be updated in the field, it has always been able to be remote controlled, and it has always had the ability to spawn a remote shell to a live attacker. And, it has always had the ability to scan the file-system for files like source-code and CAD drawings, and it has always had the ability to exfiltrate those files. At all times and without exception, these malware programs have been operated by real and persistent humans at the other end. The malware doesn't operate itself, it's not an automaton. For the last 365 days, I just called that malware.

    http://fasthorizon.blogspot.com/2010/02/is-term-malware-eclipsed-by-apt.html [blogspot.com]

Prediction is very difficult, especially of the future. - Niels Bohr

Working...