Security Stress

Carl Herberger – former Pentagon security advisor and vice president, Security Solutions at Radware talks Network Middle East through future threats facing enterprises.

Tags: Radware (www.radware.com/)
  • E-Mail
Security Stress Carl Herberger, former Pentagon advisor says that cyber-criminals have developed more advanced means of attacking companies and governments.
By  Georgina Enzer Published  June 28, 2012

Carl Herberger – former Pentagon security advisor and vice president, Security Solutions at Radware talks Network Middle East through future threats facing enterprises.

Cyber-crime is getting worse and cyber-criminal’s tactics are getting more and more advanced, according to Carl Herberger, former Pentagon security advisor and vice president, Security Solutions at Radware, who says that companies need to watch out for targeted attacks and attacks against physical infrastructure.

“If you have attended the Black Hat conferences and listened to the strategies from cyber-warfare centres on cyber-warfare, the conception is that these attacks [targeted infrastructure attacks] will not only increase in terms of their ferocity, but their tactics will change so that you can actually cause physical problems with attack techniques,” he said.

During Black Hat events over the last two years, there have been techniques shown that illustrate how cyber-criminals can take a security vulnerability and turn it into a security problem. Demonstrations showed how a cyber-gang can actually physically overheat a device to set it on fire.

“In some cases a battery on a cellphone was set on fire and in some cases a printer engine, so now someone can target a vulnerability in a data centre and cause a tragic physical problem. These are the things that are worrying people,” said Herberger.

Since viruses like Duqu and Stuxnet have been effective and efficient, cyber-criminals will also be looking at these virus structures and trying to work out how to use them for their own attacks.

“Stuxnet illustrated some really neat concepts to people that are up to nefarious things. The virus illustrated how a cyber-criminal can combine a multi-vector, multi-vulnerability engineered hack, together with a couple of zero day threats, a couple of vulnerabilities, a mission and some flexibility in design, and can achieve the attack you want,” said Herberger.

Cyber-criminals have also recently developed an update to the Low Orbit Ion Cannon (LOIC), an open source network stress testing and denial-of-service attack application, written in C#. LOIC was used extensively by hacker group Anonymous in 2011 and 2012. The new update, the High Orbit Ion Cannon (HOIC), enables attackers to multiple targets at once.

“LOIC is a one-on-one tool so when you attack someone you can put in a single IP address, HOIC solves the problem of not being able to attack many people. Now you can amplify your attacks. Previously if you wanted to start an attack and you want to attack 1,000 people and used LOIC, you would need 1,000 people to administer it, or you had to do it sequentially. Today you can have far fewer people participate in the attack or, if you can gather up the same amount of people you can have far more targets to attack,” said Herberger.

The other major feature upgrade on the HOIC attack system are ‘boosters’, which define the specific attack, allowing hackers to easily change modes.

“The way I like to think of a booster is that it is like an airplane bomber and the booster is the bomb ordinance. That ordinance can change in characteristic almost immeasurably, to hit multiple targets,” said Herberger.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code