New cyber threats put government in the cross hairs
Online attacks aim for high-value targets, drawing on information culled from social media
Targeted online attacks often use information culled from social networking sites to make use of social engineering and zero-day vulnerabilities to execute attacks quietly. And the number of them is growing, according to the most recent Internet Security Threat Report from Symantec.
This should come as no real surprise, but one of the disturbing factors in this trend is that it is putting government squarely in the crosshairs. Targeted attacks, by their nature, are directed at high-value victims, and government is a rich source of high-value targets.
At the same time, agencies still are vulnerable to the run-of-the-mill, run-and-gun and drive-by attacks, creating a scary new landscape for government administrators and users.
“One of the big targets we saw this year was government,” said Marc Fossi, executive editor of the report, which draws on data gathered from Symantec’s networks and security platforms.
Stuxnet is not Superworm, researcher says
New cyber threats emerging, and IPv6 won't make defense any easier
The Stuxnet worm, for example, appears to have targeted Iranian nuclear facilities. Although Stuxnet has spread beyond its initial target, there is little evidence yet of similarly sophisticated cyber weapons specifically targeting U.S. infrastructure. But, by their very nature, targeted attacks produce few statistics because they are designed to operate under the radar of network defenses.
“The targeted attacks we’ve heard about are only the ones we’ve heard about,” Fossi said.
That does not mean that governments are the only targets at risk. There are other prominent attacks, such as Hydraq, that target intellectual property from major corporations. But these also can have consequences for government, because of the apparent increase in politically motivated or government-sponsored attacks.
The rapid adoption of social networking within government offers a rich field for harvesting information for social engineering. Social networking sites also are becoming more dangerous in their own right.
Another threat on the rise is the frequent use of shortened URLs. These are increasingly accepted, but can mask the site they are connecting too. Symantec reported that 65 percent of malicious links found in social networking sites used shortened URLs, and 88 percent of them were clicked on at least once. One third had been clicked on between 11 and 50 times, and 7 percent more than 250 times.
The bottom line in all of this is that there is a growing likelihood of any government network becoming a target, and the attacks, when they come, will not be obvious.
Stephen Trilling, senior vice president, Symantec Security Technology and Response, said that cyber espionage now is a matter of fact, not speculation, and the key question for government agencies in 2011 is not, “Is our network secure,” but, “What are they after and why?”
William Jackson is a senior writer of GCN and the author of the CyberEye blog.