0

The art of cyber war

This is the post about a lecture. Very interesting one, held on New York information security meetup by Carl Herberger, Vice President of Security Solutions at Radware.

I found this talk quite interesing because he pointed out that in industry we are facing something we can call a war by its execution. It does not need to be carried by a nation state and he also points out that wars may not be carried because of the territorial and military reasons, but they may have economic or asset dimension. It is described how deception is important in warfare as Sun Tzu said, but also how deception is used in cyberspace. He also gave quite interesing statistics, such as that average cyber attack during the 2013. had 7 attack vectors. They have seen attacks with over 25 attack vector, different phases, where each phase had several waves, using the tools and techniques that worked in previous and adding new attack vectors. Also, he gives some statistics about tools we are all using. As he sais current intrusion detection systems can process on average 8 concurent intrussion attempts. Some can do 20, but rare are these that can do more without being overloaded. So imagine 25 concurent intrusions using various attack vectors… almost no current system can stop it without being overloaded. Of course, the talk is not about script-kiddies, but well funded and organised attacks. He also states the problems security community is facing dealing with DDoS attacks. If you are cuting attack by blocking IP addresses or users, someone can design DoS attack with purpose to block all your users. He makes a comment on underground economy, where you can hire  10 000 bot botnet from Korea for $9.99 a day. This can make quite large traffic and put down some websites.

There is much more to hear from this guy, so enjoy:

Born in Bratislava, Slovakia, but he lived in Belgrade, Serbia. Now he is doing a PhD in natural language processing at the University of Manchester. Great enthusiast of AI, natural language processing, machine learning, web application security (founder of OWASP local chapter in Serbia, currently one of the leaders of OWASP Manchester chapter and OWASP Seraphimdroid project), open source, mobile and web technologies. Looking forward to create future. Nikola wants to teach machines to feel and understand. Always finding way for dreams to come true.

Twitter LinkedIn Google+ YouTube Xing  

email

Leave a Reply

Your email address will not be published. Required fields are marked *