I never knew how many conflicts were fought over last year (36+) but ICG released their analysis over 2011 predictions of eruptions that will occur. None are really shocking but we can all put this up for a concern.
Over the holidays I've had the change to read through a bunch of outstanding research and other docs that have been piling up for a while. One of them caught my attention I thought it was an interesting thought. It's actually two reports. The first, Transparency International's 2010 Global Corruption Barometer is an in-depth study of countries and their respective corruption standing. The second is the World Economic forum's Global Information Technology Report (2009-2010). This report details out countries adoption, and predictive adoption, of technology. Unto themselves the reports are interesting, however, what got me thinking is how the two might relate to each other.
It's interesting to note that most of the countries we see an increase in corporate thefts and fraud related activities are low on the corruption index (high is good and low is bad). What's interesting is the mechanism in which these crimes are taking place. If the premise is accepted that technology is just a tool then we should expect
- The adoption of technology for the globe hasn't fully penetrated the vast majority of countries
- Most of the countries that technology hasn't been adopted have high levels of corruption
- Technology is just a tool that has been increasingly used to commit financial, extortion and other commonly accepted crimes.
- The probability to commit a technology facilitated crime and not get caught is much higher than traditional methods
- If the adoption of technology happens in these corrupted countries, we should see a dramatic increase in these crimes via technology
- The root of the problem, if causality can be proven, is the reasons for the corruption. Without addressing that the problem will persist.
- The current problems that exist in identifying and catching these criminals will continue as Local and Country police are typically not equipped to handle it. In addition, Interpol, who's capabilities have dramatically increased, are highly dependent on the state police to help solve the crimes.
- Businesses should reflect on the corruption of the countries in which they are using to establish offices or provide services out of as part of their overall risk process.
Over the past six years we've seen a dramatic increase in electronic crime that hasn't been seen before. With this adoption we could be seeing just the tip of the iceberg. The Nigerian scams are a great example of how the problem is extremely difficult to root out as majority of town revenue streams come from the crime.
Countries of Note due to high "Police" corruption and low technology adoption. Using a Police corruption number of 3.8 as a cut off for clarity.
|Country||Corupt. Political Parties|| Corupt. Police
Targeted attacks have been around for a while now but only recntly come to public light. We've seen Titan Rain in 2003, Hydraq in 2009, Stuxnet in 2010 and more. A lot of people talk about who the bad actors are as if that's going to help solve the problem. The issue we need to focus on is not asmuch as who's doing it rather how do we stop it. Not a lot of people are talking about that so I thought I would. I've been talking about these defenses with peers for over 4 years now and they seem to have worked fairly well.
1) Block all dynamic DNS requests. A large portion, over 90%, of the malware attacks are using dynamic DNS to stage and relay the attacks. In addition they have little to no business impact to blocking.
2) Implement a NAC solution. Most companies have little to no control over what the users plug into their networks. This has been a significant issue for a long time. We can't ensure the protection of the device if we don't control the device.
3) Identify key data points. The attacks are going after two things. Intellectual Property or PII. Understanding where the data is and ensuring proper identity and authentication is key. Ensuring basics such as logging and patch management is also key.
4) Data Egress. In all cases the attacker is taking the data (email, files, etc), compressing them and sending them out to drop sites on the Internet. By implementing a Data Loss Prevention (DLP) and a Proxy (Bluecoat or Symantec Web Gateway) you can dramatically drop data loss. Blocking all FTP, RAR, or unauthorized encrypted outbound traffic would help significantly. At a simple level, blocking specific content is still good via a DLP solution.
5) Educate the users. Most users still will click on anthing they are given. Information Security organizations do very poorly in truly educating the users on safe computing.
6) Implement a proper log collection and correllation tool. Most companies that have been attacked were not able to find all compromised systems or couldn't get the data without many weeks going by because they didn't have a SSIM in place. Quick identification and remediation is key in the future of security.
There are more but these should help a lot
Had to send this link for two reasons. The fist is that Engadget has a security post and second is how nice this skimmer is.
For everyone during the holiday break, remember to shop and ATM defensively.