September 6, 2014

Cyber Warfare

The following link shows a graphic representation of cyber attacks throughout the world. It describes the attacker's origin, type of attack and target. Click on or hover over any country in the Origin or Target boxes to see the current rate of attacks.

In about ten minutes of tracking, the USA received over 5,300 cyber-strikes, over 2,300 of them originating from China.

The USA is consistently the most common target of these attacks.
China is consistently the most common country of origin for these attacks.
And WTH has Iceland to do with anything??

Common types of attacks:
Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers. Brute force attacks are common.

The attacker exploits a weakness in the Cisco router operating system and uses brute force to obtain a password to enter the router.

The attacker attempts to enter an Micro Soft SQL Server system by exploiting a weakness: in many instances the MS SQL server will be installed in a mixed mode configuration. The default user for this is “sa.” Very often a simple password is used for this user making it relatively easy to brute-force the password.

Simple Network Management Protocol is a popular protocol for network management. It is used for collecting information from, and configuring, network devices, such as servers, printers, hubs, switches, and routers on an Internet Protocol (IP) network. Denial of Service (DoS) attacks can cripple SNMP IP networks by increasing network traffic by hundreds of gigabytes per second.

Hackers will test the Simple Mail Transfer Protocol for thousands of addresses by using telnet to the server on port 25 and run the VRFY command. The VRFY command makes a server check whether a specific user ID exists. Spammers often automate this method to perform a directory harvest attack, which is a way of gleaning valid e-mail addresses from a server or domain for hackers to use.

Brute Force
A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. Brute force attacks may be used by criminals to crack encrypted data, or by security analysts to test an organization's network security.

H/t Weasel Zippers. Apparently there was a huge attack yesterday originating from China.


LL said...

Iceland is the POP for the SVR's 4th General Directorate's cyberwarfare attacks (Russia).

sig94 said...

Ahhhh - thanks LL.
Figured you'd know ;-)

Sunnybrook Farm said...

Since so many devices are made in China, they should know what the weaknesses are before we do, they may even have some back doors just in case they need to cyber attack during a conflict.

sig94 said...

Sunnybrook - backdoors are the stuff of legend in cyber warfare. Here's a good example:

People were murdered over this.

Until 2001, my office used the civilian version of this software to track prosecution cases.

TS/WS said...

There are a few people around who wrote their own operating system, which is used around the world and companies who use these non brand operating systems are not subject to the mainline attacks, but, the operating system programer does have a back door. It's up to them not to be caught and tortured for such info.
Sadam had such a system in Iraq