Cyber Attacks

The Stuxnet Worm was first discovered in July 2010 by a security firm in Belarus, but did not make global headlines until months later when Iranian state media announced the Middle East nation had been the target of a coordinated attack.

The Stuxnet worm was "the first of its kind. It was written to specifically target mission critical control systems running a specific combination of software and hardware.

There are a lot of concerns that the Stuxnet worm could be altered to attack key components of any nation's infrastructure, from electricity grids to oil rigs.

Many experts believe that the Stuxnet worm was only the beginning of a new kind of cyber attacks against critical infrastructure.

It’s quite possible the in 2011 or 2012 that we will see copycat versions of Stuxnet been used by terrorists to try and cripple the infrastructure of some of the major powers.

(LSE) and an unspecified US stock exchange were targeted by attackers intent on disrupting financial markets.  The LSE is investigating an attack at its headquarters last year; the US exchange has attributed an attack on its system to Russia.  A May 6, 2010 flash crash (a large, short-lived decline in prices) saw the Dow Jones Industrial Average plummet 1,000 points in one day.  A similar event occurred at LSE in August 2010. LSE systems are not Internet-based.
http://www.v3.co.uk/v3/news/2274505/london-stock-exchange-cyber
http://advancedtrading.com/exchanges/229200103
http://www.finextra.com/news/Fullstory.aspx?newsitemid=22217
[Editor's Note (Paller): Claims that systems are not Internet-based are misleading. We learned this when Slammer disabled Bank of America's ATMs.The folks at BofA and other banks had repeatedly claimed their ATMs were not "Internet-based." The problem is that computer devices share the network with Internet-active systems, and it's too easy for malware to jump to any connected device. If the LSE systems do not share routers with Internet connected devices, their maintenance people wouldn't be able to get their work done.]

The UK government has identified that the biggest emerging threats to the security of the United Kingdom is attacks on computer networks. Because of this cyber warfare has become "one of the highest priority national security risks to the UK". The Beijing Olympics in China received over 12 million cyber attacks each day, which means that the 2012 London Olympics is a potential high target from those attempting to "defraud and possibly disrupt". To deal with this emerging threat the UK government will be allocating a budget of £500 million and the strategy will be managed by the recently appointed Office of Cyber Security. http://www.bbc.co.uk/news/uk-11562969 http://www.independent.co.uk/news/uk/home-news/cyberattacks-are-key-threat-to-uk-security-2109628.html

Many organisations are unaware they are being targeted by advanced cyber attacks and are failing to respond effectively, according to the Ponemon Institute. Some 41% of more than 500 US organisations polled said they were unable to determine if they were being targeted by zero-day and other advanced cyber threats designed to evade countermeasures.
Most respondents (83%) said their organisations had been targeted recently by advanced attacks and 71% said such attacks have increased in the past year. According to Ponemon, zero-day attacks are the most prevalent form of advanced threat, but there is an increase in the number of known attacks that are being re-engineered to extend their use.

Half of all advanced attacks target proprietary data, while 48% are aimed at personal information, including customer and employee records. IT security professionals claim they are finding it difficult to respond effectively and quickly enough to defend against these attacks. 80% of security managers said it takes at least a day or longer to detect such attacks. Of these, 46% said it requires at least 30 days. According to Ponemon this delay is often the result of organisations not having the right technology or training despite having the appropriate policies and procedures in place.

More than half of respondents said they have sufficient policies and procedures, but only 26% said they have adequate skills in-house and only 32% said they have the necessary defence technology. Ponemon found that 69% of respondents use anti-virus tools and 61% use an intrusion detection system, but 90% said exploits or malware have evaded these tools.Only 19% said their IT leaders are fully aware of the challenge of, and requirements for, defending against advanced attacks.