Discord was down due to Cloudflare outage affecting parts of the web

Popular chat service Discord experienced issues today due to network problems at Cloudflare and a wider internet issue. The app was inaccessible for its millions of users, and even Discord’s website and status pages were struggling. Discord’s problems could be traced to an outage at Cloudflare, a content delivery network. Cloudflare started experiencing issues at 7:43AM ET, and this caused Discord, Feedly, Crunchyroll, and many other sites that rely on its services to have partial outages.

Cloudflare says it’s working on a “possible route leak” affecting some of its network, but services like Discord have been inaccessible for nearly 45 minutes now. “Discord is affected by the general internet outage,” says a Discord statement on the company’s status site. “Hang tight. Pet your cats.”

“This leak is impacting many internet services including Cloudflare,” says a Cloudflare spokesperson. “We are continuing to work with the network provider that created this route leak to remove it.” Cloudflare doesn’t name the network involved, but Verizon is also experiencing widespread issues across the East Coast of the US this morning. Cloudflare notes that “the network responsible for the route leak has now fixed the issue,” so services should start to return to normal shortly.

Cloudfare explained the outage in an additional statement, commenting that “Earlier today, a widespread BGP routing leak affected a number of Internet services and a portion of traffic to Cloudflare. All of Cloudflare’s systems continued to run normally, but traffic wasn’t getting to us for a portion of our domains. At this point, the network outage has been fixed and traffic levels are returning to normal.”

Source: https://www.theverge.com/2019/6/24/18715308/discord-down-outage-cloudflare-problems-crunchyroll-feedly

  • 0

DDoSer Who Terrorized German and UK Firms Gets Off Without Jail Time

A German hacker who launched DDoS attacks and tried to extort ransom payments from German and UK firms was sentenced last month to one year and ten months of probation.

The hacker, identified by authorities only as 24-year-old Maik D., but known online as ZZb00t, was fingered for attacking companies such as eBay.de, DHL.de, billiger.de, hood.de, rakuten.de, DPD.de, EIS.de, ESL.eu, but also some UK firms.

Hacker would launch DDoS attacks and then extort victims

ZZb00t would act following the same pattern. He’d first warn companies via Twitter, and then launch DDoS attacks, taking down services from hours to up to a day.

Maik, who in real life was an IT security consultant, would often criticize companies for their poor security practices.

“Sadly but true @[REDACTED] your servers just sucks,” he wrote in one tweet. “Never thought that [REDACTED] was so extremely poorly protected. It’s more than embarrassing,” he wrote in another.

He’d often claim his actions were only for the purpose of exposing security weakness, claiming he was a vulnerability hunter.

But Maik wouldn’t launch DDoS attacks just out of the kindness of the kindness of his heart so that companies would improve security. The hacker would often send emails promising to stop attacks for a payment in Bitcoin.

Hacker arrested after one company pressed charges

His DDoS and extortion campaigns have been tracked all last year by German blog Wordfilter.de [1, 2, 3, 4]. A recently released Link11 report details the hacker’s tactics.

The hacker was active at the same time as another DDoS extortion team named XMR Squad, and Link11 claims in its report that there was a working relationship and coordination of attacks between ZZb00t and XMR Squad members.

Link11 says it documented over 300 of ZZb00t’s tweets related to attacks he carried out before German authorities arrested the suspect on May 23, last year, putting an end to his attacks.

Source: https://www.bleepingcomputer.com/news/security/ddoser-who-terrorized-german-and-uk-firms-gets-off-without-jail-time/

  • 0

Europol Shuts Down World’s Largest DDoS-for-Hire Service

WebStresser homepage

Europol officials have shut down WebStresser, a website where users could register and launch DDoS attacks after paying for a monthly plan, with prices starting as low as €15 ($18.25).

The website, considered the largest DDoS-for-hire service online, had over 136,000 users at the time it was shut down. Europol said it had been responsible for over 4 million DDoS attacks in recent years.

WebStresser admins were also arrested

Besides shutting down the website’s server infrastructure, authorities said they also arrested the site’s administrators, located in the United Kingdom, Croatia, Canada, and Serbia.

Dutch and UK cops led the investigation and were responsible for tracking down administrators and their infrastructure.

Cops seized WebStresser’s server infrastructure located in the Netherlands, the US and Germany.

Europol added that “further measures” were taken against the site’s top users, who’ve launched the most attacks in recent years. Officials didn’t reveal what these measures were but merely said the users were located in the Netherlands, Italy, Spain, Croatia, the United Kingdom, Australia, Canada and Hong Kong.

WebStresser was today’s top DDoS-for-hire service

WebStresser launched in 2015, according to a source in the DDoS mitigation industry. It was initially a small-time service, but it evolved over the years.

The service gradually added support over the years for a plethora of DDoS attack types, launched a mobile app from which users could launch attacks when away from their PCs, accepted payment via PayPal and Bitcoin, and aggressively promoted its service on hacking forums and social media.

The service became extremely popular in recent years, being the first result returned on Google when searching for terms like “DDoS booter” or “DDoS stresser.”

WebStresser also had a very active Facebook page where it regularly asked users to post positive reviews of the site on YouTube for which it would reward users with free access to the service for a month. There were 2,450 YouTube videos with WebStresser mentions at the time of writing.

WebStresser YouTube results

The Facebook page also contained messages from the WebStresser staff announcing downtime or maintenance operations. In many messages, site admins made the mistake of revealing their hosting providers’ names. For example, a Facebook post revealed that WebStresser was hosting servers at Deutscher Commercial Internet Exchange (DE-CIX), a well-known German data center located in Frankfurt. Europol said they seized servers in Germany.

Despite taking down the largest and most visible DDoS booter, there are many more similar services available online, many accessible to anyone willing to run a Google search query. The cycle will now repeat itself, with a new DDoS-for-hire service rising to take WebStresser’s name, just like WebStresser replaced vDoS as the go-to destination for buying DDoS cannons.

Source: https://www.bleepingcomputer.com/news/security/europol-shuts-down-worlds-largest-ddos-for-hire-service/

  • 0

Hospitals Exposed by Connected Devices

At any one time the world’s connected hospitals could be running as many as 80,000 exposed devices, putting hospital operations, data privacy and patient health at risk, according to Trend Micro.

The security giant’s latest report, Securing Connected Hospitals, claimed medical devices, databases, digital imaging systems, admin consoles, protocols, industrial controllers and systems software have significantly increased the average provider’s attack surface.

This puts them at risk of DDoS, ransomware attack and data theft. The report used the DREAD threat assessment model to find that DDoS is actually the biggest risk, followed by ransomware.

The latter has impacted hospitals worldwide, particularly NHS Trusts, which were severely affected by the WannaCry attack of 2017.

Senior threat researchers and report authors Numaan Huq and Mayra Rosario Fuentes claimed that hospital cybersecurity may be lacking because of several reasons.

These include: a lack of dedicated IT security staff, limited budget, diagnostic equipment which is outdated, and can’t be taken offline to patch and large numbers of mobile workers who need seamless access to systems.

The report also claimed that hospital supply chains are increasingly opening them up to cyber-risk, with 30% of breaches publicly reported to the US Department of Health and Human Services (HHS) in 2016 due to breaches of business associates and third-party vendors.

“Supply chain threats are potential risks associated with suppliers of goods and services to healthcare organizations where a perpetrator can exfiltrate confidential or sensitive information, introduce an unwanted function or design, disrupt daily operations, manipulate data, install malicious software, introduce counterfeit devices, and affect business continuity,” explained Huq and Fuentes.

“Third-party vendors have credentials that include log-ins, passwords, and badge access which can be compromised. These vendors can also store physical records, medical devices, and office equipment. Hospitals need to be supplied by a robust supply chain to ensure uninterrupted service to patients, and thus protecting the hospital supply chain against cyber-attacks becomes a critical necessity.”

Source: https://www.infosecurity-magazine.com/news/hospitals-exposed-by-connected/

  • 0

How Can Blockchain Be Used to Aid Cybersecurity?

With the rapid advancement of internet-based technologies, cybersecurity is a constant cloud looming on the horizon. As the technology evolves, so too, do the cybercriminals. Their constant efforts to steal valuable data and disrupt business through DDoS attacks are increasingly sophisticated.

Holding companies hostage and monetizing data through ransomware techniques is sadly par for the course. In fact, it’s estimated that cybersecurity alone costs the global economy some $450 billion a year. With IT professionals scrambling to stay one step ahead of the hackers, how can blockchain be used to aid cybersecurity?

No Single Point of Failure

The decentralized nature of the blockchain means that there is no single point of failure, nor one central database waiting to be hacked. Information is stored over several databases, and each block is linked to the next in the chain, making no “hackable” entrance. This provides infinitely greater security than our current, centralized structures.

Removing Human Error

The weakest link in our current system is simple logins that are vulnerable to being cracked. Blockchain can remove human error in cybersecurity, as businesses can authenticate devices without the need for a password system. Each device is provided with a specific SSL certificate, rather than a password. Human intervention becoming a potential hacker vector is consequently avoided.

Bitcoin advocate, adjunct professor at NYU Law School and practicing attorney, Andrew Hinkes, explains, “Using a public blockchain with proof of work consensus can remove the foibles of human mistake or manipulation.”

Detecting Tampering in Real Time

The blockchain can uncover and reject suspicious behavior in the system in real time. Say, for example, that a hacker tried to interfere with the information in a block. The entire system would be alerted and examine all data blocks to locate the one that stood out from the rest. It would then be recognized as false and excluded from the system.

Improving IoT Security

With the rise in IoT devices, come inherent security risks. We’ve already seen problems occur when trying to disable compromised devices that become part of botnets. According to Kevin Curran, IEEE senior member and professor of cybersecurity at Ulster University, the blockchain can put an end to that:

“The blockchain, with its solid cryptographic foundation offering a decentralized solution can aid against data tampering, thus offering greater assurances for the legitimacy of the data.” This would mean that potentially billions of IoT devices could connect and communicate in a secure ecosystem.


All transactions on the blockchain are highly traceable, using a timestamp and digital signature. Companies can easily go back to the root of each and every transaction to a given date and locate the corresponding party. Since all transactions are cryptographically associated to a user, the perpetrator can be easily found.

Says Hinkes, “Blockchains create an audit trail of all activity by its participants, which simplifies access control and monitoring.” This offers companies a level of security and transparency on every iteration.

The Takeaway

Currently, the impending threat of DDoS attacks comes from our existing Domain Name System. Blockchain technology would disrupt this completely by decentralizing the DNS and distributing the content to a greater number of nodes. This would make it virtually impossible for cybercriminals to hack and create a secure environment to host the world’s data.

Source: https://blocksleuth.com/category/ddos-attacks/

  • 0

DDoS Costs Skyrocket for SMBs and Enterprises Alike

The financial impact of a distributed denial-of-service (DDoS) attack is continuing to rise globally – with significant cost spikes for both small to medium-sized businesses (SMBs) and enterprises per attack.

Kaspersky Lab’s IT Security Risks Survey 2017, which polled 5,200 business representatives from 29 countries, shows that whether as the result of a single incident or as part of a multi-faceted cyberattack, the financial implications of reacting to a DDoS attack in 2017 is $123,000 for SMBs per incident, compared to $106,000 in 2016.

For enterprises, the cost has soared more than half a million dollars – from $1.6 million in 2016 to $2.3 million in 2017 on average per attack. The rising financial costs of DDoS attacks, coupled with unquantifiable impacts such as reputational damage, are crippling for many organizations.

When asked about the specific consequences experienced as a result of a DDoS attack, most organizations (33%) claim that the cost incurred in fighting the attack and restoring services is the main burden, while a quarter (25%) cited money spent investing in an offline or back-up system while online services are unavailable. Additionally, 23% said that a loss of revenue and business opportunities occurred as a direct result of DDoS attacks, whereas 22% listed the loss of reputation among clients and partners as another direct consequence of a DDoS attack.

Previous Kaspersky Lab research also found that the attack rate is accelerating, with more than a third (33%) of organizations facing a DDoS attack in 2017, compared to just 17% in 2016. Even so, organizations are undereducated about taking steps to protect themselves. For instance, they often expect third parties to protect their businesses.

According to the research, 34% of organizations expect their ISP will protect them from DDoS attacks, and another 26% expect their data center or infrastructure partners will do so. Additionally, nearly a third (28%) claim that it is unlikely that they will be targeted by a DDoS attack in general.

“DDoS attacks, both standalone or as part of an attack arsenal, can cost an organization thousands, if not millions – that’s without counting reputational damage and lost clients and partners as a result,” said Kirill Ilganaev, head of Kaspersky DDoS protection, Kaspersky Lab. “It is therefore wise to be aware of these threats and invest in their own protective measures in advance. It is also important to choose reliable specialized security solutions that are based on cybersecurity expertise and tailored to fight the most sophisticated DDoS attacks organizations face today.”

Source: https://www.infosecurity-magazine.com/news/ddos-costs-skyrocket-for-smbs/

  • 0

DoubleDoor Botnet Chains Exploits to Bypass Firewalls

Crooks are building a botnet that for the first time is bundling two exploits together in an attempt to bypass enterprise firewalls and infect devices.

Discovered by researchers from NewSky Security, the botnet has been cleverly named DoubleDoor. According to Ankit Anubhav, NewSky Security Principal Researcher, the DoubleDoor malware attempts to execute exploits that take advantage of two backdoors:

CVE-2015–7755 – backdoor in Juniper Networks’ ScreenOS software. Attackers can use the hardcoded password <<< %s(un=’%s’) = %u password with any username to access a device via Telnet and SSH.
CVE-2016–10401 – backdoor in ZyXEL PK5001Z routers. Attackers can use admin:CenturyL1nk (or other) and then gain super-user access with the password zyad5001 to gain control over the device.

Anubhav says DoubleDoor attackers are using the first exploit to bypass Juniper Netscreen firewalls and then scan internal networks for ZyXEL routers to exploit with the second exploit.

First time an IoT botnet chains two exploits

In a conversation with Bleeping Computer, Anubhav says this is the first time that a botnet has chained two exploits together in an attempt to infect devices.

“For the first time, we saw an IoT botnet doing two layers of attacks, and was even ready to get past a firewall,” the expert told Bleeping Computer. “Such multiple layers of attack/evasion are usually a Windows thing.”

“Satori/Reaper have used exploits, but those are exploits for one level of attack for various devices,” Anubhav said. “If the attacker finds a Dlink device, then it uses this exploit; if it finds a Huawei device, then that exploit,” Anubhav added showing the simple exploitation logic that most IoT malware employed in the past.

DoubleDoor botnet is not a major threat, yet

Scans and exploitation attempts for this botnet were spotted between January 18 and January 27, all originating from South Korean IP addresses.

But the botnet is not a major danger just yet. Anubhav says DoubleDoor looks like a work in progress and still under heavy development.

“The attacks are less in number when compared to Mirai, Satori, Asuna, or Daddyl33t,” he said.

The NewSky Security expert says the smaller attack numbers are likely because the botnet only targets a small subset of devices, either Internet-exposed ZyXEL PK5001Z routers, or ZyXEL PK5001Z routers protected by an enterprise-grade Juniper Netscreen firewall.

“Such setups are usually found in corporations,” Anubhav said, raising a sign of alarm of what targets the DoubleDoor author may be trying to infect.

DoubleDoor doesn’t do anything, for the moment

The good news is that DoubleDoor doesn’t do anything special after compromising ZyXEL devices. It just merely adds them to a botnet structure.

“Probably it’s a test run or they are just silently recruiting devices for something bigger down the road,” Anubhav said.

But as Anubhav points out, because DoubleDoor appears to still be under development, we may soon see its author expand it with even more exploits that target other types of devices, such as those from Dlink, Huawei, Netgear, and others.

Further, the botnet may try to carry out DDoS attacks, spread malware to internal Windows networks, or something more intrusive.

But even if DoubleDoor dies down and is never seen again, its double-exploit firewall bypass technique has already attracted the attention of other IoT botnet operators, and we may see it pretty soon with other malware strains as well. The cat’s out of the bag, as they say.

Source: https://www.bleepingcomputer.com/news/security/doubledoor-botnet-chains-exploits-to-bypass-firewalls/

  • 0

Europe in the firing line of evolving DDoS attacks

The Europe, Middle East and Africa region accounts for more than half the world’s distributed denial of service attacks, a report from F5 Labs reveals.

The past year has seen a 64% rise in distributed denial of service (DDoS) attacks and greater tactical diversity from cyber criminals, according to customer data from F5’s Poland-based Security Operations Center (SOC).

However, more than 51% of attacks globally were targeted at organisations in Europe, the Middle East and Africa (Emea), and 66% involved multiple attack vectors, requiring sophisticated mitigation tools and knowledge, the report said.

The F5 report comes less than two weeks after several waves of powerful DDoS attacks hit banks and other organisations in the Netherlands.

Reflecting the spike in activity, F5 reported 100% growth for Emea customers deploying web application firewall (WAF) technology in the past year, while the adoption of anti-DDoS technology increased by 58%.

A key discovery was the relative drop in power for single attacks. In 2016, the F5 SOC logged multiple attacks of over 100Gbps, with some surpassing 400Gbps.

In 2017, the top attack stood at 62Gbps. This suggests a move towards more sophisticated Layer 7 (application layer) DDoS attacks that are potentially more effective and have lower bandwidth requirements.

“DDoS threats are on the rise in Emea and we’re seeing notable changes in their scope and sophistication compared with 2016,” said Kamil Wozniak, F5 SOC manager.

“Businesses need to be aware of the shift and ensure, as a matter of priority, that the right solutions are in place to halt DDoS attacks before they reach applications and adversely impact on business operations. Emea is clearly a hotspot for attacks on a global scale, so there is minimal scope for the region’s decision-makers to take their eyes off the ball,” he said.

Disruptive attacks

Last year started with a bang, the report said, with F5 customers facing the widest range of disruptive attacks recorded to date in the first quarter of 2017.

User Diagram Protocol (UDP) floods stood out, representing 25% of all attacks. Attackers typically send large UDP packets to a single destination or random ports, disguising themselves as trustworthy entities before stealing sensitive data. The next most common attacks were DNS reflection (18%) and SYN flood attacks (16%).

The first quarter of 2017 was also the peak for Internet Control Message Protocol (ICMP) attacks, whereby cyber criminals overwhelm businesses with rapid “echo request” (ping) packets without waiting for replies. In stark contrast, the first-quarter attacks in 2016 were evenly split between UDP and Simple Service Discovery Protocol (SSDP) floods.

The second quarter of 2017 proved equally challenging, the report said, with SYN floods moving to the front of the attack pack (25%), followed by network time protocol and UDP floods (both 20%).

The attackers’ momentum continued into the third quarter, the report said, with UDP floods leading the way (26%). NTP floods were also prevalent (rising from 8% during the same period in 2016 to 22%), followed by DNS reflection (17%).

The year wound down with more UDP flood dominance (25% of all attacks). It was also the busiest period for DNS reflection, which accounted for 20% of all attacks (compared to 8% in 2016 during the same period).

“Attack vectors and tactics will only continue to evolve in the Emea region. It is vital that businesses have the right systems and services in place to safeguard apps wherever they reside”

Kamil Wozniak, F5 SOC

Another key discovery during the fourth quarter of 2017, and one that underlines cyber criminals’ capacity for agile reinvention, was how the Ramnit trojan dramatically extended its reach. Initially built to hit banks, F5 Labs found that 64% of Ramnit’s targets during the holiday season were US-based e-commerce sites.

Other new targets included sites related to travel, entertainment, food, dating and pornography. Other observed banking trojans extending their reach included Trickbot, which infects its victims with social engineering attacks, such as phishing or malvertising, to trick unassuming users into clicking malware links or downloading malware files.

“Attack vectors and tactics will only continue to evolve in the Emea region,” said Wozniak. “It is vital that businesses have the right systems and services in place to safeguard apps wherever they reside. 2017 showed that more internet traffic is SSL/TLS encrypted, so it is imperative that DDoS mitigation systems can examine the nature of these increasingly sophisticated attacks.

“Full visibility and greater control at every layer are essential for businesses to stay relevant and credible to customers. This will be particularly important in 2018 as the EU General Data Protection Regulation comes into play,” he said.

Source: http://www.computerweekly.com/news/252434746/Europe-in-the-firing-line-of-evolving-DDoS-attacks

  • 0


The police arrested an 18-year-old man from Oosterhout in connection with multiple DDoS attacks on the Tax Authority, tech site Tweakers and internet provider Tweak last week, as well as on online bank Bunq in September last year. The man was arrested on Thursday, February 1st, the police said in a statement on Monday.

In a DDoS attack large amounts of data is sent to the targeted site, overloading the site’s server and thereby crashing the site.

The police worked closely with Tweakers and security company Redsocks in this investigation. “With this arrest we show that people who commit DDoS attacks do not go unpunished. Investigation must show whether he acted alone or not”, Gert Ras, head of the police’s High Tech Crime team, said. The police are also investigating whether this man is linked to other DDoS attacks on Dutch banks last week. ABN Amro, ING and Rabobank were all hit by multiple attacks.

Redsocks has indication that the man was also behind the attacks on ING and ABN Amro, investigator Ricky Gevers said to NOS. “We shared information about this with the police.”

Tweakers reports that the the tech site tracked down the Oosterhout man after he claimed responsibility for several DDoS attacks online. “The suspect claims that he bought 40 euros of capacity from a ‘stresser’, an online service that can be used by companies to test their DDoS resistance, but can just as easily be used for an actual DDoS.” Tweakers writes. The suspect hid his identity with a so-called VPN connection, but based on IP addresses Tweakers found out that he had a Tweakers account. The tech site handed over his account details to the police on Thursday, and the police arrested him later that day.

The police also searched the suspect’s home and confiscated his computer and other data carriers for further investigation. The suspect will be arraigned on Tuesday.

Source: https://nltimes.nl/2018/02/06/suspect-arrested-cyber-attacks-dutch-tax-service-bunq

  • 0

A Head For Hacker-nomics

Unraveling the economics of cyberattacks is just as important as grasping the technologies that hackers use to launch them, says SMU Assistant Professor Wang Qiuhong.

AsianScientist (Feb. 5, 2018) – By Sim Shuzhen – Just as a thief planning a bank heist must figure out how to open locks, bypass security cameras and make a quick getaway, a hacker must also devise ways of cracking passwords, circumventing intrusion detection systems and concealing his electronic traces. The difference is that while the thief’s reach is limited in physical space, the hacker can inflict damage across international boundaries from a computer in a remote location.

Virtual in nature and global in reach, cybercrime is a very different beast from crime in the physical world, and fighting it has proved to be an uphill battle. Still, the good news is that cybercriminals are not a completely unknown quantity—just like their counterparts in the real world, their actions are often rational and motivated by economic incentives. Therefore, looking at cybersecurity through the lens of economics could help researchers come up with better countermeasures against online threats.

Taking this very approach is Assistant Professor Wang Qiuhong of the Singapore Management University (SMU) School of Information Systems, who uses tools from economics to study a range of public policy and business issues related to cybersecurity.

“I think cybersecurity is not just a technical issue, but also a business and economics issue. We need researchers who can cross disciplines, and who deeply understand the technology as well as the economics and social science,” she says. “They can then bring these disciplines together and gain insights that will facilitate decision making.”

A punishment that fits the crime

To deter conventional criminals, governments pass laws and impose penalties on those who flout them. But due to the unique, transboundary nature of cybercrime, it is unclear whether or not legislation actually deters hackers from launching attacks, says Professor Wang.

Together with her collaborators, Professor Wang has used economic modelling to assess how effective the Convention on Cybercrime (COC) has been at deterring distributed denial of service (DDOS) attacks. Introduced in 2001 and now signed by more than 50 countries, the COC is the world’s first piece of international legislation against cybercrime.

Using data from real attacks in 106 countries, the researchers showed that enforcement of the COC was associated with a nearly 12 percent decrease in DDOS attacks; this effect, however, disappeared when the enforcing countries were unwilling to fully engage in international cooperation. Professor Wang and her collaborators published their results in a 2017 paper in MIS Quarterly, titled ‘Cybercrime deterrence and international legislation: Evidence from distributed denial of service attacks’.

“Whether legislation can deter cyberattacks may seem like a very intuitive question, but it can have a very important impact on the government’s decision making,” says Professor Wang.

Her study not only provides evidence that legislation, international collaboration and enforcement can indeed deter cyberattacks; more importantly, it also shows that the effectiveness of the same piece of legislation can vary from country to country depending on the details of how it is implemented, she explains.

But the picture can get even more complicated. Despite its impact on overall cybercrime rates, legislation seems to be less effective at deterring hackers who are intent on acquiring the capability to launch cyberattacks on a large scale, says Professor Wang.

“In this scenario, hackers are compromising a computer not for the purpose of destroying a system, but to leverage its computing power, storage capacity and connectivity to launch more serious attacks targeting other networks and computers,” she explains.

Thus, cybercrime countermeasures should not be limited to reducing the frequency of attacks or to protecting the targets of these attacks, says Professor Wang.

“It is equally important to reduce the severity of attacks and to weaken the attackers’ acquisition of capabilities to launch attacks,” she explains.

Location, location, location

In the real world, a country has geographical neighbours; in cyberspace, it has what Professor Wang calls topological neighbours—countries through which its data packets are routed as they make their way around the World Wide Web.

This brings a fundamental economic principle into play: that of externalities. When a country and its topological neighbours have made comparable efforts to implement cybersecurity legislation, they are likely to experience positive externalities that reinforce the effectiveness of that legislation, leading to a reduced risk of cyberattacks for all parties. On the other hand, if one country implements effective legislation while its topological neighbors let hackers run riot, this mismatch in cybersecurity capabilities may result in negative externalities, leading to an increased risk of cyberattacks, explains Professor Wang.

“When addressing issues of deterrence, we have to be aware of how our [topological] location will affect our cybersecurity countermeasures, and also how our countermeasures will affect other countries,” says Professor Wang.

These relationships, she adds, could be very different from conventional geographical, political or economic ties. One of her current projects is therefore to understand the connections between cyberattacks and the structure of the internet; this, she hopes, will help countries and businesses devise strategies to position themselves in more secure topological locations.

The fight against cybercrime looks set to be a long-term struggle, says Professor Wang.

“Digitisation and the internet have made everything easier. But when we open these doors to legitimate businesses and day-to-day activities, it also opens doors for hackers and criminals,” she muses. “The need for cybersecurity is a by-product of our technological advancement.”

Thus, rather than simply reacting to the latest malware attack, authorities would do better to seek an in-depth understanding of the fundamental nature of cybercrime from a longitudinal perspective, says Professor Wang.

“It is always important to ask where we are, where we are going, whom we will impact and who will impact us, and to constantly review cybersecurity policy in light of that information.”

Asian Scientist Magazine is a media partner of the Singapore Management University Office of Research & Tech Transfer.

Source: http://www.asianscientist.com/2018/02/features/cybersecurity-smu-wang-qiuhong/

  • 0