We Hate to Say “I Told You So,” But…

May 17, 2017 — by Carl Herberger1

main

Security

We Hate to Say “I Told You So,” But…

May 17, 2017 — by Carl Herberger1

Every year Radware sets forth predictions in our annual security report called Radware’s Global Application and Network Security report and, we might add, have achieved a very substantial track record of forecasting how the threat landscape will evolve.  After all, it is fun to predict what may happen over the course of a year in security.  The industry moves so fast and while some things do stay the course, it only takes one small catalyst to spark a new direction that nobody could have predicted.

What are the possibilities of some kind of major digital event in reality? Let’s revisit some plausible cyberattack profiles or scenarios that we predicted at the end of 2016:

1. 2017 will see the Rise of Permanent Denial of Service (PDoS) as a serious consideration for data center and IoT operations:

PDoS has been around for a long time; however, it only shows itself spectacularly to the public from time to time, most recently in the form of Brickerbot. Some other examples include how a USB exploit can be inserted into a computer and render a computer bricked, and a tool uncovered by HP Labs called PhlashDance that was leveraged to find vulnerabilities in often forgotten firmware and binaries that sit localized on computing devices.

There have been a lot of other examples where PDoS is becoming more of reality and reports are picking up, such as this one, to be focused on physical hardware performance leading to permanent shutdowns. There is also a rising concern, especially from the consumer electronic disaster of the Samsung Notes 7 device, of devices which can be maliciously set on fire.

So, what else should we be looking at as we continue on through 2017?

2. Telephony DoS (TDoS) will rise in level of sophistication and importance and many will be caught by surprise on this threat vector:

Cutting off communications during crisis periods can impede first responders’ situational awareness, exacerbate suffering and pain and might increase the loss of life. A digital event of our time could consist of a physical attack, with a corresponding cyberattack component that targets the communications systems first responders use to contain and minimize damage.

Can the day be far away where efforts such as these are a reality? This bulletin issued in 2013 by public safety organizations asked for assistance in cracking a Telephony Denial-of-Service (TDOS) attack against 911 systems.

[You might also like: BrickerBot – The Dark Knight of IoT]

So, what else should we be aware of as we move into the rest of 2017?

  • Massive cyber-attacks against 911 emergency response systems, like the attack on the 9-1-1 call centers of 12 states, and the arrest of a man who tweeted out a link that took over cell phones to flood 9-1-1 call centers in Phoenix.
  • Seeing the vulnerability of these national call centers to attack, Sens. Bill Nelson, D-Fla., and Amy Klobuchar, D-Minn., will introduce a bill to federally fund and hasten the national transition to next generation 911 (NG911) systems.
  • WhatsApp is also vulnerable, as evidenced by this video showing how to crash the app.

3. Ransom attacks become more segmented and more real. In 2017 – Ransom is not just for companies anymore.

A) Ransom attacks to personal implanted health devices  

Ransom is the fastest growing motive and technique in cyber-attacks, which could be life-threatening to those who have implantable health devices that are also at risk of being hacked. For those of you unfamiliar with these risks and U.S. Government-issued warnings in this category, please refer to the FDA’s Advice to Medical Device Manufacturers, a summary of FBI & DHS alerts on Internet of things, and these warnings on Cyber-Ransoming.

B) Ransom of public transportation systems -In many ways, the ultimate hack – – the ability to hold hostage a community for criminal gain.

We all inherently understand that from trains, planes, buses to automobiles, our entire public transportation system is becoming more automated. Ironically, this automation is meant to provide us with increased safety, more reliable service and efficiencies.  But is it really providing those things? There have already been many attacks, some of which have distinguished themselves as harbingers of future attacks categories. In case you missed it, I have pointed out four real world examples which help punctuate the problem through example.

If transportation systems are vulnerable, could ransoming of these systems be far behind?

C) Ransom of military devices 

The military has long been big users of technology.  But with technology, particularly Internet of Things devices, come risks.  Once demonstrable vulnerabilities are validated, how much would the U.S. Government pay to say, regain control of a weapon?

What else should we be aware of?

[You might also like: From BrickerBot to Phlashing, Predictions for Next-Level IoT Attacks.]

  • As most people know, the Bay-Area-Transit (BART) train system was cyber ransomed just as our original. predictions were hitting the newswire.
  • Ransomware hits political infrastructure hard – the computer systems of Pennsylvania’s Senate Democrats was shut down after a ransom cyber-attack
  • Drones also need to be taken into account when it comes to ransomware
  • Healthcare medical devices are increasingly being attacked for ransom

4. Darknet Goes Mainstream – Including the Ability to cause Personal Financial, Health, Education and other personal Record Integrity Issues

Today on the Darknet one has easy and affordable access to terrorize or otherwise alter one’s personal ‘avatar’ or others for financial or other benefits. What are some examples of what can be achieved on the Darknet? Take a look:

  1. Renting of compromised surveillance systems – see through someone else’s cameras
  2. Access to FBI files and lawsuit information on the Darknet
  3. Access to emails and computer systems of people going through a divorce (Darknet), teachers’ personal communications, lawyer’s strategies
  4. Abortion history (via camera history and otherwise)
  5. Bordello history (via camera history and otherwise)

Conclusion:  If the growth of attack surface, techniques and means continues into the rest of 2017, then we stand by our viewpoint that the best years of security of our systems seem to be behind us.   

Best of luck with your 2017 preparations and may your zeal and energy around these risks bring you fortune!  Remember, as the saying goes and is true in cyber security, fortune favors the bold!

ert_2016-17_cover-2

Read the 2016–2017 Global Application & Network Security Report by Radware’s Emergency Response Team.

Download Now

Carl Herberger

Carl is an IT security expert and responsible for Radware’s global security practice. With over a decade of experience, he began his career working at the Pentagon evaluating computer security events affecting daily Air Force operations. Carl also managed critical operational intelligence for computer network attack programs to aid the National Security Council and Secretary of the Air Force with policy and budgetary defense. Carl writes about network security strategy, trends, and implementation.

One comment

  • David Bradbury

    May 17, 2017 at 4:27 pm

    The statement
    “PDoS has been around for a long time; however, it only shows itself spectacularly to the public from time to time, most recently in the form of Brickerbot. Some other examples include how a USB exploit can be inserted into a computer and render a computer bricked, and a tool uncovered by HP Labs called PhlashDance that was leveraged to find vulnerabilities in often forgotten firmware and binaries that sit localized on computing devices.”

    This indicates to me, a layman, that sw engineers application designers negligence has made us all vulnerable to the hackers? Thoughts?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *