DDoS attacks, hacks rampant in infrastructure sectors
- Video will drive UFB uptake, but NZ lacks content choices: ComCom || 1
- TelstraClear's half-year revenue drops by 4 percent, but telco posts $1m profit
- Peter Finch leaves CIO post at Gen-i || 1
- 2degrees announces 875,656 customers
- NZ Fauna app fills 'crazy' lack of animal info || 4
- Megaupload interest a mixed blessing for Pirate Party || 2
Computerworld is New Zealand's only specialised information systems fortnightly. Subscribe now for $100 (23 issues) and save more than 37% off the cover price!
Massive denial-of-service attacks and "stealthy infiltration" of corporate networks by attackers is a common experience for companies in critical infrastructure sectors, including financial services, energy, water, transportation and telecom, according to a new survey.
Extortion schemes related to distributed DoS attacks are also rampant, especially in some parts of the world, according to the survey. The report, titled "In the Crossfire — Critical Infrastructure in the Age of Cyber-War," was prepared by the Washington, DC policy think tank Center for Strategic and International Studies (CSIS). CSIS asked 600 IT and security professionals across seven industry sectors in 14 countries about their practices, attitudes about security, and the security measures they employ.
A little more than half of the respondents (54 percent) said they had experienced "large-scale denial of service attacks by high-level adversary like organised crime, terrorists or nation-state (for example, like in Estonia and Georgia)." The same proportion, according to the report, also said their networks had been subject to "stealthy infiltration," such as by a spy ring using targeted malware attacks to allow hackers "to infiltrate, control and download large amounts of data from computer networks belonging to non-profits, government departments and international organisations in dozens of countries."
In addition, 59 percent of the respondents expressed the belief that "representatives of foreign governments" had been involved previously in such attacks and infiltrations in their countries.
When it comes to massive distributed DoS attacks, 29 percent of those surveyed reported they had seen multiple distributed DoS attacks each month and 64 percent of those said these attacks "impacted operations in some way." One in five of these critical infrastructure entities, according to the CSIS report, were subject to extortion schemes related to distributed DoS attacks. Extortion was said to be the most common in India, Saudi Arabia/Middle East, China and France, and rarest in the United Kingdom and the United States.
Other types of security incidents are also widely recorded.
More than half of the IT executives (57 percent) reported DNS poisoning, where web traffic is redirected, and half said it was a monthly occurrence. Roughly the same number also reported monthly SQL injection attacks against their online resources. In addition, 60 percent reported "theft-of-service cyberattacks," with nearly one in three reporting multiple attacks every month.
The oil and gas sector faces the highest rates of victimisation, according to the CSIS survey.
Overall, 71 percent of respondents in the oil-and-gas industry reported stealthy-infiltration, compared with 54 percent of respondents in other sectors. The CSIS survey also found distributed DoS attacks were "particularly severe" in the energy/power and water/sewage sectors, where attacks were usually aimed at computer-based operational control systems, like SCADA.
Computerworld NZ has now reached LinkedIn! Join to expand your networks and meet others interested in information systems.
