"This is cyber warfare we're talking about...It can potentially alter and devastate entire societies, especially one like ours which relies more on our vast cyber assets than any other nation in the world.
New York, New York (PRWEB) June 07, 2012
With the Flame virus revealed to the masses a little over a week ago, once again the world’s attention got shifted to the delicate balance that is our collective cyber frontier. One would think the over-hyped conversation about the “biggest and nastiest” cyber attack ever devised would be the focus of every water-cooler pow-wow held amongst industry leaders in the cyber security, computer forensics and cyber warfare arenas for the foreseeable future. But don’t count Joe Caruso, CEO/CTO of Global Digital Forensics among them, because to him, the real shot heard ‘round the cyber world came after the Flame was exposed. It came in the form of an explosive article by David Sanger published on June 1st in the New York Times titled “Obama Order Sped Up Wave of Cyberattacks Against Iran.”
“Make no mistake about it, the revelation of the Flame virus is definitely an issue to study, absorb and take a great many lessons from, but at the end of the day, it’s not really doing anything mind-bending that hasn’t been done before. It is a clever module-based system that lets the controller incorporate a slew of different types of reconnaissance malware into one command and control toolkit if you will. But switching on audio mics, taking screenshots, sniffing networks, intercepting keystrokes, scanning for nearby Bluetooth devices to infect and the like are all just like malware already “in the wild” which we deal with on a daily basis. The sheer size of this colossus also strikes one as odd. After all, stealth and covert operation are the best friends of a malware designer, or designers, for a truly sophisticated and successful attack. But in the case of the Flame, it’s a little like hoping the baby elephant you’re trying to hide in first class will go unnoticed for the whole flight. Eventually someone’s going to detect the scent, take a good look around, and the jig is up.”
With that, Mr. Caruso pivoted to what he sees as the real paradigm shift in the cyber world. “The dots of the Stuxnet attack, which successfully leapt the boundaries of the 1s and 0s world to do physical damage to roughly 1,000 Iranian centrifuges in 2010, got connected to the highest bastions of the US government, as well as Israel’s, in high profile fashion. It’s a whodunit no more, the veil is torn. The state-sponsored cyber-warfare cat is essentially out of the bag and a re-invigorated degree of vigilance on the part of each and every one of us relying on the digital landscape we’ve all come to know and depend on is, and always will be, our best defense.”
How far can the ripples go?
“This isn’t something trivial like a hacker putting a moustache on a teacher’s Facebook profile picture, this is cyber warfare we’re talking about, and it is a very dangerous, very real and very persistent threat which can threaten much more than mere convenience. It can potentially alter and devastate entire societies, especially one like ours which relies more on our vast cyber assets than any other nation in the world. And it’s not something which is confined to troops squaring off against each other, cyber warfare has the potential to involve anyone and everyone, including government agencies, corporate powerhouses, financial institutions, infrastructure entities and anything else tethered to the world of digital information, and by extension, each and every one of us. The method behind the madness of cyber warfare is not to target everyone, but to do their best to affect everyone by association, at the very least to strike us all full of fear, uncertainty and doubt, or FUD as it’s known in the industry. Not knowing when or where a cyber weapon will find success is a nerve-wracking proposition, and with what will probably be perceived as sounding the horn signaling the cyber warfare arena is now open for business, now that the origins of Stuxnet have been exposed and our gauntlet is in the ring, the ante has been raised considerably. Private and public Infrastructure targets are a great way to do it and if there was ever going to be a critical time to start paying real attention, this is it. If the lights go off, planes start falling, trains collide, major financial institutions get pilfered on a massive scale, sewage backs up in our biggest cities, chemicals get released into the air, water supplies get affected, or any one of a host of other nightmarish scenarios play out, I assure you FUD will be running rampant, we’ll all feel it, and you’ll be able to score a big one for the bad guys.”
What can organizations do to protect against the threat?
“In our trickle down digital society, the most vigorous vigilance has to start at the top. Consider the days gone when cyber security could be an underfunded, understaffed afterthought. The front line of the cyber battlefield has now shifted right to the feet of corporate America and the US government agencies we rely on every day, and if these entities hope to survive the now simmering onslaught for themselves, and for all of us, it’s going to take a sea-change in the mindset of the importance of properly implemented cyber security.”
Mr. Caruso closed with a note of optimism he hopes will be heeded as a much needed call to action. “But there is good news. We have some of the most talented cyber defenders in the world on our side as well, if they are given the opportunity to help defend that is. Companies like ours have been helping clients fight the good fight against all comers for decades, whether it’s in the form of data breaches, DDoS (Distributed Denial of Service) attacks, rampant hacktivism, identity and intellectual property theft, or any of the numerous attack vectors that inherently plague a digital society. The methodology and process used to defend our assets in the cyber warfare arena are largely the same as defending against the every day hacker threats we’ve all come to know so well. Things like putting cyber security policies and procedures under a microscope to expose and remediate deficiencies, in-depth penetration testing which includes a strong focus on the social engineering aspect of malware delivery, like the dominant and highly effective practices of phishing and spear phishing, or opening Pandora’s Box by successfully planting an infected thumb drive which gets innocently inserted into a system connected to organizational network, and testing applications for vulnerabilities available to potential attackers on the web, mobile, and cloud fronts which can grant unfettered access for unwanted mayhem. But we’re not magic, you have to get us involved, hopefully sooner rather than later.”
Joe Caruso is the CEO/CTO of Global Digital Forensics. He has been on the front lines of cyber intrusions and cyber security issues for some of the most recognized entities on the planet for over two decades and has been involved in national cyber security councils serving two US Presidents. To contact Global Digital Forensics and Caruso’s crack team of cyber security experts, call 1-800-868-8189 for a free consultation and let them help tailor a plan that will have you ready for whatever cyber surprises the future throws your way. For more information you can also visit http://www.globaldigitalforensics.co.