source: defenseone.com

For kinetic weapons like tanks, production costs generally outweigh research and development. For cyber weapons, R&D is almost everything.

Max Smeets’ take on the cost of cyber weapons is a thoughtful piece about the economics of cyber warfare, and the article is a useful point of departure on this topic. However, a few additional points not discussed by Smeets are worth considering, and they all point in the direction of higher costs that his piece might predict.

Begin with the fact that the economics for cyber weapons usable in a military context are fundamentally different than for kinetic weapons. With the latter, military power is highly correlated with number—specifically, the number of identical units of a given weapon. One hundred tanks (with crews, logistics, etc.) provides more military power than one tank. That is, for kinetic weapons, military power accrues as the result of procurement processes.

Not so for cyber weapons. No one would argue that a nation has more cyber power in a military sense if it has 100 identical CD-ROMs with a software-based cyber weapon on it. For cyber weapons, military power accrues as the result of research and development (R&D) processes.

So what? In the weapons acquisition process, R&D costs are amortized over multiple copies of a weapon. The effectiveness of a cyber weapon is a very strong function of the target’s characteristics. For example, the smallest change in configuration of the target can under many circumstances completely negate the effectiveness of a cyber weapon against it. To successfully attack two cyber targets that are almost identical may require two very different cyber weapons employing two different approaches to achieving their destructive effects. The coupling between weapons effectiveness and target characteristics is much weaker for kinetic weapons.

The consequence is that as a general rule, a targetable cyber weapon has to be customized to its target(s) to a much greater degree, and thus any given cyber weapon is likely to be usable over a much smaller target set than for a kinetic weapon. Thus, the cost of a cyber weapon, which is almost entirely in R&D cannot be amortized over as many targets as would be the case for a kinetic weapon. This fact necessarily increases the cost-per-target destroyed.

source:  wired.com

WHEN THE BOTNET named Mirai first appeared in September, it announced its existence with dramatic flair. After flooding a prominent security journalist’s website with traffic from zombie Internet of Things devices, it managed to make much of the internet unavailable for millions of people by overwhelming Dyn, a company that provides a significant portion of the US internet’s backbone. Since then, the number attacks have only increased. What’s increasingly clear is that Mirai is a powerfully disruptive force. What’s increasingly not? How to stop it.

Mirai is a type of malware that automatically finds Internet of Things devices to infect and conscripts them into a botnet—a group of computing devices that can be centrally controlled. From there this IoT army can be used to mount distributed denial of service (DDoS) attacks in which a firehose of junk traffic floods a target’s servers with malicious traffic. In just the past few weeks, Mirai disrupted internet service for more than 900,000 Deutsche Telekom customers in Germany, and infected almost 2,400 TalkTalk routers in the UK. This week, researchers published evidence that 80 models of Sony cameras are vulnerable to a Mirai takeover.

These attacks have been enabled both by the massive army of modems and webcams under Mirai’s control, and the fact that a hacker known as “Anna-senpai” elected to open-source its code in September. While there’s nothing particularly novel about Mirai’s software, it has proven itself to be remarkably flexible and adaptable. As a result, hackers can develop different strains of Mirai that can take over new vulnerable IoT devices and increase the population (and compute power) Mirai botnets can draw on.

Internet of Bots
The rise of Internet of Things malware is reminiscent of the viruses, worms, and intense email spam that plagued early internet users. Most PCs weren’t adequately secured, and companies racing to join the dot-com bubble didn’t necessarily understand the importance of internet security. The same is true now, but with webcams and routers instead of desktops.

What’s distinctly different in this tech generation, though, is how users interact with infected devices. An infected PC often malfunctions, slows down, or notifies users (either through operating system security alerts or through the malware itself in the case of something like ransomware). All of this encourages people to act. It’s standard practice to install some sort of security software on enterprise PCs, and anti-virus measures are popular at home as well.

 

 

source darkreading.com

With the holidays approaching, the focus will be on lucrative online shopping, email ransomware, phishing for credentials, and infection by holiday-lurking malware.

 Knowing what cybercriminals are targeting today is easy. Their attacks are loud, impactful, and have the elegance of a herd of bulls crashing through a glassware shop. The tougher challenge is figuring out where they will take aim tomorrow. Knowing where cyberthreats will attack in the future gives the necessary insights to be one step ahead of their mayhem. 

The Short Term

With the holidays approaching, the focus will be on lucrative online shopping, email ransomware, phishing for credentials, and infection by holiday-lurking malware. It is also a time for dark markets to thrive, selling unmentionables to those looking for illegal items for holiday celebrations. 

We must all expect malware-ridden holiday sale emails and websites. Be on the lookout for fake shipping invoices or urgent messages from merchants. Shady ecommerce sites advertising insane deals as bait will look to harvest credit card accounts, emails, and maybe convince you to install some “helpful” software. Phishing will increase a notch, and look for a new wave of ransomware to hold family pictures, personal files, and entire systems for extortion. Identity theft will add to the rise of new credit card applications to do some unauthorized shopping. In the next couple of months, all these financially motivated threats will increase, so now is the time to be on your guard.

Businesses Beware

Businesses must worry about the increased amount of ecommerce fraud, ransomware that extorts money to unlock important files, and the ever present risk of data breaches. Healthcare, retail, and financial sectors will be targeted the most, but all businesses are in

 

source: technewsworld.com

Proving once again that you can do a lot of damage with a little investment and a lot of ingenuity, security researcher Samy Kamkar recently managed to take down a locked, password-protected computer armed with only a US$5 Raspberry Pi.

The low-tech cookie-siphoning intrusion is one of Kamkar's simplest hacks ever. He previously has unlocked car doors, garages, wireless remote cameras and other devices, with MacGyver-like precision.

Kamkar's latest hack, PoisonTap, uses a Raspberry Pi Zero, a micro SD card, and a micro USB cable or other device that emulates USB, including USB Armory or LAN Turtle.

Windows, OS X and Linux recognize PoisonTap as an Ethernet device, load it as a low-priority network device, and perform a DHCP request across it, even if the computer is locked or password-protected, Kamkar explained.

PoisonTap provides the computer with an IP address. However, the DHCP response tells the machine that the IPv4 space is part of PoisonTap's local network, rather than a small subnet, he said.

If a Web browser is running in the background, one of the open pages will perform an HTTP request in the background, noted Kamkar. PoisonTap responds with a spoof, returning its own address, and the HTTP request hits the PoisonTap Web server.

When the node Web server gets the request, PoisonTap's response is interpreted as HTML or JavaScript.

The attacker is able to hijack all Internet traffic from the machine and siphon and store HTTP cookies from the Web browser or the top 1,000,000 Alexa websites.

Low-Cost Havoc

"The PoisonTap project is an extremely clever and creative attack that can have serious consequences," said Mark Nunnikhoven, vice president for cloud research at Trend Micro.

"The code is public, and hardware required to run it is only a few dollars, which increases the risk to average users," he told TechNewsWorld. "However, it still takes some effort for an attacker to steal the user's data."