GLOBAL CHALLENGES

Cyber-Threats Spike, but IT Lagging

R. Colin Johnson | Date: 04-29-11 | Comments

• 10
• PrintPDF
• Filed Under: Global Challenges




• The number and severity of cyber-attacks are on a swift uptick, but IT's response is lagging and the problem is only getting worse.

• Cyber-attacks are skyrocketing and vulnerabilities are multiplying, yet IT security defense measures are growing at much slower rates.

  Dire predictions were made in the latest McAfee report on the global software security scene, which claims that major blackouts around the world have already been caused by hackers. The report, called In the Dark: Crucial Industries Confront Cyberattacks, claims that more than 40 percent of the executives interviewed expect a major cyber-attack within 12 months. And this attack will likely not be a simple denial of service, but, like the malware that disabled Iran's centrifuges, this attack will likely be a sophisticated weapon with a single purpose, sabotaging critical infrastructure--electricity, gas, water.

  According to the report, computer systems around the world are already infected with a wide variety of malware, laying dormant there in preparation of coordinated attacks. Sophisticated, state-sponsored "probing" attacks have already mapped out the critical infrastructure that will be simultaneously attacked when cyber-war is declared.

  Of the 200 industry executives from critical electricity infrastructure enterprises in 14 countries who were interviewed by McAfee for the report, 80 percent claimed to have already suffered a large-scale denial-of-service attack, and 85 percent had experienced network infiltrations.

  
  

  China maintained its position as the country with the highest security adoption rate overall at 59 percent, followed by Italy and Japan at 55 percent and 54 percent respectively. (Source: McAfee)

  Stuxnet, the malware that damaged Iranian centrifuges, was almost certainly written by a state since it has more than 4,000 functions and is protected from analysis with advanced techniques that make reverse engineering difficult, according to the report. However, the worst part is that once Stuxnet was identified as malware capable of destroying industrial equipment, almost half of the electric industry executives interviewed said that they had found dormant Stuxnet strains on their systems, too.

  Most now believe that Stuxnet has been eradicated, but the episode demonstrates how malware can be designed like a magic bullet--fired in every direction but only exploding when encountering its target. This technique has allowed similar malware to propagate around the world's computer systems undetected until it finally encounters its target. If electric utilities become the target of Stuxnet, or malware like it, electricity turbines could spin out of control, shutting down the grid.

  Electric utilities, the report claims, are already under nearly constant attack, with some electric companies fending off thousands of probes per month. McAfee claims that these probes are at least partially due to state-sponsored reconnaissance efforts to map out the underlying network topology, and its vulnerabilities, in preparation for cyber-attacks on their enemy's power grids.

  The report claims that more than half of its interviewees said their companies had already endured probing attacks from foreign governments. Of those countries cited as possible sources of concern, 30 percent cited China, 16 percent Russia, 12 percent the United States, 11 percent North Korea and 4 percent cited India.

  Interviewees also claimed that cyber-extortion was on the rise, with U.S. intelligence officials reporting that several power outages in other countries had been the result of refusals to pay off cyber-extortionists.

  The McAfee report concludes that trends such as "smart grids" were actually opening up more vulnerabilities than security personnel were closing, making cyber-security a growing, rather than diminishing, problem that will likely not be properly addressed until a major attack on a utility mobilizes public outcry. According to the report, sophisticated tools to detect role anomalies had been adopted by only 36 percent of interviewee's companies, and only 25 percent now had tools to monitor network activity.

   

IBM Resources

• End to End Virtualization: A holistic approach for a dynamic environment.
• Business Analytics and Optimization Jumpstart: Embedding analytics to transform insights into action
• Cloud computing insights from 110 implementation projects
• Capturing the Potential of Cloud
• Analytics - the new path to value
• Social Business: Advent of a new age
• Becoming a Social Business: The IBM Story
• Meeting the Demands of the Smarter Consumer
• Business agility powers innovation, transformation and growth
• Inside the Midmarket - A 2011 Perspective
• Building a strong enterprise cloud foundation is critical to manage growth for SaaS providers
• Blue Cross Blue Shield of South Carolina: A Model of IT Efficiency
• A Simple Idea that Changed the World

Most Read

• Tablets, Smartphones Obsolete PowerPoint
• Top 10 Innovations of 2012
• Cloud Desktop Boosts Small Business
• Quantum Computing Almost Here
• Recent Reports Examine Smartphone Shopping Behaviors
• SMB BI Adoption Grows, Shifts to Cloud
• Gen Y Loves a Well-Connected Car
• Tool Educates SMBs on the Cloud
• Facebook Gaming in Decline

Trending

• Robots Construct Reconfigurable Buildings
• Cloud Desktop Boosts Small Business
• Nintendo Wii Diagnoses Eye Malady
• Smart Cities Win Awards
• Shipboard Humanoid Robot to Aid Navy
• Facebook Gaming in Decline
• Motion Control Vaults Augmented Reality
• Success Depends on Phrasing
• Improving Age-Identification Tech

RELATED CONTENT

• Emerging Cyber-threats Predicted for 2011
• Privacy and Trust On Trial in 2012
• 'Facebook' of Devices Will Secure the Mobile Enterprise
• Internet Security Showing Progress
• Smartphone Security: New Threats, New Tools
• H1N1: A Virtual Approach to a Real Threat
• Auto-Correcting Cloud Could Fight Threats as they Occur

View the IBM Smarter Analytics Leadership Summit

Videos

TWITTER FEED

• about 11 hours agoRT @EPatton4: Nice piece by @Daniel_Bowers at Ideas on #IBM newest blades and x220 compute node announced Monday 5/14 http://t.co/a3z61lK0
  
• about 13 hours agoThe Smarter Computing Daily is out! http://t.co/FR7642Ug ▸ Top stories today via @newsociallearn @cboulangfr @kelseyhowarth
  
• May 15th 12:48 PMThe Smarter Computing Daily is out! http://t.co/FR7642Ug ▸ Top stories today via @ibm_oesterreich @ashleyafisher @carlantoine @ibmitar
  
• May 15th 10:40 AMIT Migration Life Cyle: An Expert Panel Discussion #OpenITchat May 21st http://t.co/68Yb6aCM #storify #openitchat #ibm
  
• May 15th 9:13 AM@pgillin @ForwardViewIBM @IBMSmrtCommerce @IBMSmrtrCmptng @IBMISSFED @ibmsecurity @iangertler Done. Good luck on the @IBM webinar, Paul!
  
• May 15th 9:11 AMRT @pgillin Join us for a #security webinar Tues 2 EDT: Why Cybercriminals Target Midsize Orgs & How to Foil Them http://t.co/m5h0dL1Z
  
• May 15th 9:08 AM@dataxu Our pleasure ... keep making #bigdata, the #cloud and IT optimization work for the online and #mobile advertising arena!
  
• May 15th 9:06 AM#SmarterComputing! RT @rwang0: 4 personas of next gen #CIO shifting from Infrastructure to Innovation http://t.co/KtlVAuU2 #sapphirenow
  
• May 14th 12:48 PMThe Smarter Computing Daily is out! http://t.co/FR7642Ug ▸ Top stories today via @royisoncloud @shubhs77 @jlbrowning
  
• May 14th 11:02 AMIBM making smarter computing real for x86 #SandyBridge users. http://t.co/AgM3lR0I
  
< PrevNext >

JOIN US

Like us on Facebook Follow us on Twitter Get the Smarter Tech Newsletter Register to view the archived "Data Center Optimization Techniques: Stop Wasting Time & Money" eSeminar Register Now >

Connect with the The Future of IT Architecture blog