Escolar Documentos
Profissional Documentos
Cultura Documentos
MARK JOHNSON
PUBLISHED BY
IN ASSOCIATION WITH
UK/EUROPE/ASIA OFFICE
Ark Conferences Ltd
6-14 Underwood Street
London N1 7JQ
United Kingdom
Tel +44 (0)207 566 5792
Fax +44 (0)20 7324 2373
publishing@ark-group.com
AUSTRALIA/NZ OFFICE
Ark Group Australia Pty Ltd
Main Level
83 Walker Street
North Sydney NSW 2060
Australia
Tel +61 1300 550 662
Fax +61 1300 550 663
aga@arkgroupasia.com
Online bookshop
www.ark-group.com/bookshop
UK/Europe/Asia enquiries
Hannah Fiddes
hannah.fiddes@wilmington.co.uk
Commissioning Editor
Helen Roche
hroche@ark-group.com
US enquiries
Daniel Smallwood
dsmallwood@ark-group.com
Copyright
Australia/NZ enquiries
Steve Oesterreich
aga@arkgroupasia.com
ARK2431
PUBLISHED BY
IN ASSOCIATION WITH
Contents
Contents ............................................................................................................................III
Executive summary ............................................................................................................VII
About the author................................................................................................................XI
Part One: The cyber threat landscape in 2013
Chapter 1: Cyber criminals Profiles, motives, and techniques ........................................... 3
An interview with (ISC)2.......................................................................................................... 3
The Blackhole exploit kit ........................................................................................................ 6
Other exploit kits and CaaS attack tools ................................................................................. 9
Increasingly varied threats...................................................................................................... 9
A Cyber Pearl Harbor .......................................................................................................... 10
From one-to-one towards many-to-many .......................................................................... 11
The cybercrime perfect storm scenario ................................................................................ 13
Threat actors The cast of cybercrime characters .................................................................. 13
Conclusion ......................................................................................................................... 16
Chapter 2: Why cyber attacks occur ................................................................................. 19
Strategy versus operations ................................................................................................... 19
Horizontal versus vertical sectors .......................................................................................... 20
Access versus exploit ........................................................................................................... 21
Why are organisations vulnerable?....................................................................................... 23
Awareness need not have a technical focus .......................................................................... 24
Cyber challenges facing the world in 2013 ........................................................................... 25
Conclusion ......................................................................................................................... 35
Chapter 3: The impact and cost of cybercrime .................................................................. 37
Financial ............................................................................................................................ 38
Brand, reputation, and customer confidence ......................................................................... 39
Fake online profiles ............................................................................................................. 40
Personal and social effects ................................................................................................... 41
Tracking and privacy ........................................................................................................... 41
A risk-based approach to planning ....................................................................................... 43
Conclusion ......................................................................................................................... 43
III
Contents
IV
Executive summary
IN MARCH 2013 cyber criminals launched
an attack on a little known non-profit
organisation called Spamhaus which is an
organisation that contributes to the fight
against internet spam. The attack was then
extended to include a service provider
and the organisations network provider.
The attack, described as the largest of its
type ever seen, caused serious operational
problems at the London Internet Exchange
and affected quality of services across
several parts of western Europe. Some
informed commentators suggested that
it highlighted important vulnerabilities in
internet infrastructure.
Cybercrime, in its various guises, costs
the global economy untold sums of money
and much social and personal harm. In
February 2011 the UK Cabinet Office
sponsored a report by Detica, titled The
Cost of Cybercrime,1 that put the financial
cost to the UK economy at 27 billion per
annum, even without factoring in issues
such as child exploitation. Although widely
challenged by many experts, the Cabinet
Office figure is useful for the insight it
provides into the seriousness with which the
UK Government views the problem.
A more refined assessment was
produced by a mixed group of experts
in 2012.2 This broke the costs down into
three separate categories: the direct cost
of cybercrime; the social and other indirect
costs; and finally, the cost of cyber security
defences or responses to cybercrime. The
authors found that the direct losses resulting
VII
Executive summary
VIII
References
1. See: https://www.gov.uk/government/uploads/
system/uploads/attachment_data/file/60942/
THE-COST-OF-CYBER-CRIME-SUMMARYFINAL.pdf.
2. Anderson, R. et al. Measuring the
Cost of Cybercrime, 2012. See:
http://weis2012.econinfosec.org/papers/
Anderson_WEIS2012.pdf.
3. ENISA Threat Landscape, Responding to
the Evolving Threat Environment, 2012.
See: www.enisa.europa.eu/activities/riskmanagement/evolving-threat-environment/
ENISA_Threat_Landscape/at_download/
fullReport.
IX
XI