An extraordinary article caught our attention from the Chicago Tribune written by By Bill Lambrecht on June 28^th that exposes the scale of the war that American defense contractors are fighting against Cyber Terrorism.

The article intimates that Boeing’s IDS logged 3,722 suspicious efforts to gain access to their systems in just one hour – which by anyone’s standards is a massive number of attacks for any organisation to deal with on a sustained basis.

The article highlights a number of important points about the attacks that are worth noting.

- The motivation behind the attacks is theft for financial gain
- Attacks are almost all automated and well organised
- They are persistent and are launched from a global network of computers
- Attacks hide their tracks very well, making it very difficult for organisations to identify and attack the source
- An increasing number of attacks involve phishing e-mails to employees that appear to be coming from friends and family

The article quotes Gen. Keith Alexander, The head of US Cyber Command, who suggests that each month Pentagon systems are attacked 250,000 times an hour, or 6 million times a day and that attackers include foreign intelligence agents, criminal enterprises and hackers trying to make mischief, security specialists say.

What’s interesting about the article is that it suggests that most of the attacks (80%) are ‘traditional attacks’ and can be dealt with relatively easily by existing systems and rule sets. But as much as 20% of attacks are in some way ‘new’ and require a deeper level of investigation. Now, it goes without saying that 20% of 3,722 is an extremely large number, and if its true, then it’s clear there is significant innovation going on within in the criminal community, which is of real and genuine concern for both the vendor and end-user communities.

At Endace, we’re very conscious that rapid innovation in attack vector is difficult for organisations to deal with as it requires a relatively labour intensive approach to managing IDS and IPS rule sets. This is something that we’re starting to look at very carefully and it’s an area where we can see much room for improvement in the current market place. Watch this space.

Tags: Cyber Security

This entry was posted on Wednesday, June 30th, 2010 at 11:48 pm and is filed under Cyber Security Monitoring. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.