MAHWAH, N.J.; February 15, 2011. Despite the latest measures that enterprises, core government operations and the public safety sector have taken to defend against potential network attacks, Radware, a leading provider of integrated application delivery and network security solutions for business-smart networking, cautions that these entities have become prime targets for cyber criminals. Radware’s Security Emergency Response Team (ERT) has identified the potential for public service attacks as a main area for organizations to stay vigilant protecting.
For cyber criminals, the challenge of hacking into critical infrastructure - hospitals, public transportation systems, police departments, energy systems, telecommunications and similar public support facilities - and the crippling effect it could bring to a society further drives their motivation. Disrupting service, causing panic and slowing commerce are a few ways these cyber criminals use non-monetary motivations to gain from new ways of hacking. They are taking the time to research ways of infiltrating through a malware central system application. By paralyzing a transit system or creating a coastal blackout, they are sending a message to those governments, companies or any other agencies that don’t comply with their personal political opinions.
Ironically, many cyber criminals are using their hacking talents to create a "modern boycott." As we saw by the recent WikiLeaks Operation Payback campaign, "hacktivists" took a stand and acting on existing network vulnerabilities, were able to take down websites and cripple online businesses and financial services. And, most recently, cyber criminals attacked the NASDAQ stock exchange. While this doesn’t appear to have been successful, the consequences of adjusting stocks or freezing activity on the exchange could cause world-wide financial panic. These institutions have the budgets and expertise to invest in network and application security but until now, have failed.
Another motivation of cybercriminals is cyber warfare – attacks against nations i.e. government and defense system networks. The challenge of hacking into these nationwide structures and the crippling effect it could bring to a society further drives their motivation. Many countries have not made the necessary investments in their critical infrastructure due to limited budget allocation or lack of knowledge and awareness in terms of the potential dangers.
These types of attacks are on the rise with Estonia DDoS (2008), Georgia DDoS (2009) and most recently Stuxnet, which attacked SCADA systems, just to mention a few. It is not a coincidence that most of these attacks were DDoS-based as typically DDoS attacks are very effective in creating the desired impact – because when a site is completely down it becomes public. These organizations cannot hide what has happened – everyone can see when these sites are not responding. Usually this type of event is also well covered by the media – which is what hacktivists strive for as it alerts the public to their intentions.
However, some countries are beginning to understand the implications of not protecting these networks and the vital need of adding the necessary layers of security i.e. in the US, the Obama administration instituted a cyber security program that acknowledges the risks to critical infrastructure and that the economy based on the Internet is vulnerable.
Similar to locking a house door with a dead bolt and a door lock, businesses, enterprises, governments and other public sector organizations need to reassess their current efforts and develop multiple layers of security. By investing in protection before an attack, these organizations can prevent recovery costs – such as down time and lost business - after an attack. With today’s cyber criminals gaining more experience breaking into simple guards, the potential for a transit shutdown, a blackout or releasing of public data are all possibilities.
Improved security, behavioral defense, and more sophisticated layers of protection are necessary to provide new defenses against these attacks. Cyber criminals’ increased focus on critical infrastructure stems from the power access to public data can bring. This access and any control over these organizations provides cyber criminals with an intangible "cyber weapon."
"Hacktivists continue to identify vulnerable systems to attack and right now there seems to be a focus on government and public sector facilities," said Avi Chesla, Vice President Security at Radware. "In order to protect against these potential attacks, organizations need to make the necessary investments, ensure their security products are up-to-date, that their security staff is well educated and trained to response effectively and that they are as vigilant as possible in protecting their networks at all layers to avoid the destructive nature and potentially catastrophic outcome of future cyber attacks."
Radware has deep experience in the network security space offering its award-winning DefensePro solution, a real-time network attack prevention device that protects the application infrastructure against network and application downtime, application vulnerability exploitation, Radware has deep experience in the network security space offering its award-winning DefensePro solution, a real-time network attack prevention device. It integrates a set of security modules – Intrusion Prevention System (IPS), Network Behavioral Analysis (NBA), Denial-of-Service (DoS) Protection and Reputation Engine - to fully protect networks against known and emerging network security threats. DefensePro protects the application infrastructure against network and application downtime, application vulnerability exploitation, malware spread, network anomalies, information theft, and other emerging network attacks.
For more information about Radware’s security offerings go to: www.radware.com.