Overview
Last week, MSA Security’s Research and Intelligence Analysis team assessed the potential for a cyber-war with serious implications for global security. U.S. officials have also made comments on the record regarding the recent rise in cyber-attacks worldwide. For example, during a speech at a Business Executives for National Security (BENS) event, U.S. Secretary of Defense Leon Panetta focused on the impact of a catastrophic cyber-attack. Secretary Panetta has been tasked with developing a cyber-defense strategy for the U.S. and is currently attempting to get legislation passed that would facilitate information sharing between the public and private sector. He also referred to the recent distributed denial of service attacks that targeted a number of U.S. banks as well as the virus that infected computers at energy companies in Saudi Arabia and Qatar over the summer. Both attacks have been widely attributed to Iran. Just days after Secretary Panetta’s announcement, Israeli Prime Minister Benjamin Netanyahu stated that Israel has also seen an uptick in cyber-attacks. Secretary Panetta’s comments reflect concern that Iran or other state actors could target U.S. interests through the use of cyber warfare.
MSA Cyber Security expert, Andrew Donofrio, further reflects on the recent distributed denial of service attacks:
There were two additional Distributed Denial of Service (DDoS) attacks targeting banks at the end of last week, bringing the total number of incidents to seven. Capital One was hit on October 9 and Sun Trust was hit on October 10. In many respects, the security industry has become complacent when it comes to DDoS attacks because they seem to have fallen out of favor. Instead, network intrusions have more often been motivated by financial gain. These recent attacks are a reminder of how significant the threat is and how Internet presence and e-commerce affect the entire global community.
The most recent Sun Trust attack is notable due to the lack of impact compared to others. They experienced intermittent outages, which slightly inconvenienced their customers. However, it does not appear that they were down for an extended period of time. This implies one of two possibilities: either the attack was not as significant or they had defense strategies in place to mitigate the blow. Sun Trust will not comment on their defense system however, there are several precautions companies should consider. First, make excessive provisions. If businesses can utilize statistical data to determine the traffic on their website, they should make provisions above the requirements vital for business operations. Second, network monitoring is key to quickly identify an attack and respond accordingly. It is important that monitoring systems are not overwhelmed by an attack. Finally, when an attack is detected, mitigation strategies should be in place. This should include a point of contact and preplanning with an upstream provider. While network appliances may have the ability to filter traffic, generally speaking the further upstream traffic can be sanitized and dumped, the better.