Windows XP support has ended and there will be no more patches.
This ongoing news story has repeatedly stressed that millions of computers that run the operating system Windows XP will no longer receive automatic security updates or protection against new viruses. This means that the 12 year-old system could leave behind security holes for users who haven’t upgraded.
The RSA Conference was amazing this year — bigger, more robust and crazier than I have ever seen it. The only void I noticed among the technical vendors was addressing the issue of hacktivism. In the packed conference and crowed exhibition halls, I never came across a discussion about this phenomenon. Can we forecast this risk? Do we know its long term effects? I think most of us are still befuddled by this concept.
The inventor of the telephone, Alexander Graham Bell once stated, "Before anything else, preparation is the key to success." Unfortunately, it appears that attackers launching DoS/DDoS attacks have embraced this line of thought and invested their efforts in reconnaissance and meticulous preparation during the "pre-attack" phase. Drawing from attacks handled by our Emergency Response Team (ERT), Radware recently conducted research on the ways in which pre-attack planning and detailed preparation dramatically increases the potency and success rate of attacks.
During last week’s RSA conference in San Francisco, I gave a lecture titled "Stock Exchanges in the Line of Fire – Morphology of Cyber Attacks." Based predominantly on my experience as part of Radware’s Emergency Response Team (ERT) that provides 24/7 DDoS attack mitigation support, I focused on three specific topics:
While most attacks are detected and mitigated on-premise, attacks that require greater scale are diverted and mitigated in the cloud. Now, you can stop considering the pros and cons of an on-premise security solution versus one that operates in the cloud.
In the same week that undercover FBI agents foiled a plot to attack the Federal Reserve Bank in New York City, a ninth bank was hit in what has been an ongoing cyber-assault on financial institutions in the United States. While these two different types of attacks, one physical and one electronic, share similar targets, both were met with two very distinct mitigation strategies.
In the case of the Federal Reserve, undercover federal agents took a proactive posture. The public was never in danger because agents led the attacker to believe he was given real bomb making materials. However, in the case of the bank cyber attacks, despite prior knowledge of being targeted for DDoS attacks, banks have been on the defensive, scrambling to stop the hemorrhage disrupting their operations. The lesson here is clear – a strong offense is the best defense against hackers.
As we shut the door on 2011 and begin the planning efforts for 2012, I can’t help but be astonished on how effective the Group Anonymous attacks have been. Vast majorities of targeted organizations have been left licking their wounds and posthumously responding to numerous queries on what happened and why they weren’t protected.
So far this year has been astonishing for the “Named Attacks” by Hacktivists as illustrated in the chart below. In addition to these named attacks there are two additional attacks which are scheduled to take place over the coming days, one against FoxNews.com and the other against Facebook.com (although the latter has been renounced by the ‘main faction’ of Anonymous).
