5 Most Dangerous New Hacking Techniques10:00 AM EST Mon. Mar. 04, 2013
The rise of Stuxnet, Flame, Gause, the Olympic Games operations and Shamoon have all shed light on the issue of nation-state driven cyberwarfare and cyberespionage activities. Now that we are in cyberspace, we have another domain for humans to occupy and dominate, according to Ed Skoudis, founder of Counter Hack Challenges.
Skoudis told RSA Conference 2013 attendees that he worries about some of the risks of taking action over the Internet. Many of the nation-state driven activities could have a tremendous impact on the private sector, he said. "It could have a cascading impact," he said. "It is possible that every cyberaction could cause bigger problems than people think." Some of the techniques outlined by Skoudis and Johannes Ullrich, chief research officer at the SANS Institute are not new, but they are being ramped up by cybercriminals to become a serious problem.
Here's a look at the five most dangerous new hacking techniques that concern top security experts Ullrich and Skoudis.
Anti-forensics is the process of cybercriminals getting into a targeted environment and hacking the forensics tools themselves. Offensive forensics is taking forensics techniques and analyzing file systems and memory in-depth then combing them for information assets and extracting them.
The industrial processes used to build Stuxnet and other malware provides unique fingerprints for malware analysis investigators to categorize it. Coding styles down to machine level language can indicate a specific threat actor. A nation-state backed cybercriminal that doesn't want to get noticed may place phony clues in malware to shake off investigators, Skoudis said. The catastrophic attack on Saudi Aramco via Shamoon infections on that company's workstations had some technical information that made investigators think it clearly wasn't the work of a nation-state. But, researchers at Kaspersky Lab provided evidence linking some specific characteristics to the Flame malware, an cyberespionage attack toolkit.
Historically we have worked to protect PII and PHI, bank records and trade secrets, but companies haven't had a good track record, Skoudis said. But, attackers are now targeting physical infrastructure such as industrial control systems and SCADA systems.
"Some of it is just mischief, but it could be a harbinger of much bigger things to come," Skoudis said. "We are rapidly moving into the area where cyberattacks cause kinetic impact."
Smaller systems are now at risk, such as automobiles, water distribution systems and traffic light control systems, which have buffer overflows, SQL injection flaws and other coding problems that can be exploited, he said. Attackers can infiltrate the devices and gain command and control of the infrastructure.
U.S. banks have spent a lot of time investing substantial resources to defend distributed denial-of-service (DDoS) attacks. They are simple and don't require a lot of resources.
While the attacks are not new, businesses and attackers have been playing a cat and mouse game, said Johannes Ullrich, chief research officer at the SANS Institute, told RSA Conference attendees. Attack tools are getting better at tricking DNS anti-DDoS defenses, he said. Attacks are getting larger, up to over 40 gigabits per second. The attacker only needs 2,000 bots to carry them out, Ullrich said.
The advice given to organizations is to salt and hash passwords, but the process of salting and hashing only slows an attacker down, Ullrich said. Dedicated password crackers only cost a few thousand dollars, he said. For now user education and better protection of databases that contain passwords is the only answer. Until an alternative to the pass phrase emerge, the problem will persist. Two-factor authentication is expensive and used by only a small percentage of security-minded organizations, Ullrich said. Some experts are looking to the smartphone as an authenticator, but token stealing malware, as evidenced by the Zitmo/Eurograbber Android Trojan, defeats SMS-based tokens and will likely continue to be a target of attacks.