Report: Cyber criminals to target critical infrastructure

Radware sees government, enterprise, public organizations as potential targets for network attacks

MAHWAH, N.J.; February 15, 2011. Despite the latest measures that enterprises, core government operations and the public safety sector have taken to defend against potential network attacks, Radware, a leading provider of integrated application delivery and network security solutions for business-smart networking, cautions that these entities have become prime targets for cyber criminals. Radware’s Security Emergency Response Team (ERT) has identified the potential for public service attacks as a main area for organizations to stay vigilant protecting.

For cyber criminals, the challenge of hacking into critical infrastructure - hospitals, public transportation systems, police departments, energy systems, telecommunications and similar public support facilities - and the crippling effect it could bring to a society further drives their motivation. Disrupting service, causing panic and slowing commerce are a few ways these cyber criminals use non-monetary motivations to gain from new ways of hacking. They are taking the time to research ways of infiltrating through a malware central system application. By paralyzing a transit system or creating a coastal blackout, they are sending a message to those governments, companies or any other agencies that don’t comply with their personal political opinions.

Ironically, many cyber criminals are using their hacking talents to create a "modern boycott." As we saw by the recent WikiLeaks Operation Payback campaign, "hacktivists" took a stand and acting on existing network vulnerabilities, were able to take down websites and cripple online businesses and financial services. And, most recently, cyber criminals attacked the NASDAQ stock exchange. While this doesn’t appear to have been successful, the consequences of adjusting stocks or freezing activity on the exchange could cause world-wide financial panic. These institutions have the budgets and expertise to invest in network and application security but until now, have failed.

Another motivation of cybercriminals is cyber warfare – attacks against nations i.e. government and defense system networks. The challenge of hacking into these nationwide structures and the crippling effect it could bring to a society further drives their motivation. Many countries have not made the necessary investments in their critical infrastructure due to limited budget allocation or lack of knowledge and awareness in terms of the potential dangers.

These types of attacks are on the rise with Estonia DDoS (2008), Georgia DDoS (2009) and most recently Stuxnet, which attacked SCADA systems, just to mention a few. It is not a coincidence that most of these attacks were DDoS-based as typically DDoS attacks are very effective in creating the desired impact – because when a site is completely down it becomes public. These organizations cannot hide what has happened – everyone can see when these sites are not responding. Usually this type of event is also well covered by the media – which is what hacktivists strive for as it alerts the public to their intentions.

However, some countries are beginning to understand the implications of not protecting these networks and the vital need of adding the necessary layers of security i.e. in the US, the Obama administration instituted a cyber security program that acknowledges the risks to critical infrastructure and that the economy based on the Internet is vulnerable.

This content continues onto the next page...