Security Security

Total Page:16

File Type:pdf, Size:1020Kb

Security Security network SECURITY ISSN 1353-4858 JuneJuly 2017 2020 www.networksecuritynewsletter.com Featured in this issue: Contents How data can be the lingua franca for security and IT NEWS takeholder engagement, expecta- effective systems. But while they may Russian nation-state attackers target Exim mail servers 1 Stion management and cross-team be looking at the same raw information, Network and web app attacks increase 2 communications are among the most their interpretations can be wildly dif- Scammers exploit Covid-19 measures 3 challenging aspects of business. And ferent. Some form of automated data FEATURES all of these come together in a unique analysis can help get both teams on the How data can be the lingua franca confluence for security teams. same page, argues Dr Leila Powell of for security and IT 6 IT and security teams are both aim- Panaseer. IT and security teams are both aiming for the same goal – secure and effective systems. But their priori- ing for the same goal – secure and Full story on page 6… ties often differ. While they may be looking at the same raw information, their interpretations can be wildly different. Some form of automated data Keeping a secure hold on data through modern analysis can help get both teams on the same page, electronic content management argues Dr Leila Powell of Panaseer. Keeping a secure hold on data ompanies are attempting to deal through modern electronic content tent or to ensure that data is stored in the management 8 Cwith a tidal wave of data. And a right way. Companies need to gain a tight Companies are attempting to deal with a tidal wave lack of integration inside a business rein on their digital assets and institute a of data. And a lack of integration inside a business can promote the dangerous phenomenon of content can promote the dangerous phenom- rigid content management system to keep sprawl. Companies need to keep a tight rein on their enon of content sprawl. digital assets and institute a rigid content manage- up with the data explosion. But that can ment system to keep up with the data explosion. This occurs when different departments be easier said than done, explains Paul But that can be easier said than done, explains Paul do not harmonise their processes and Hampton of Alfresco. Hampton of Alfresco. there is no plan to address outdated con- Keeping critical assets safe when Full story on page 8… teleworking is the new norm 11 The Covid-19 pandemic has led to an explosion of Keeping critical assets safe when teleworking is the remote working. And this brings with it some fresh challenges – not least the need to safeguard critical new norm corporate assets within an information security landscape that has been profoundly altered, almost he Covid-19 pandemic has upended none of these is more important than the overnight, says Gus Evangelakos of XM Cyber. Talmost every aspect of our lives – and need to safeguard critical corporate assets Safeguarding against the insider threat 14 work is no exception. Remote working within an information security landscape Data breaches are on the rise and a significant proportion of the threat comes from insiders. Some has suddenly become the norm for many. that has been profoundly altered, almost breaches are malicious but many are simply acciden- There are many advantages to remote overnight, says Gus Evangelakos of XM tal. To manage the insider threat, organisations must ensure that identity is at the heart of cyber security working. Yet our new professional reality Cyber. and compliance risk assessment monitoring, says also comes with fresh challenges. Perhaps Full story on page 11… Ben Bulpett of SailPoint. Keep security top of mind when moving into the cloud 17 Russian nation-state attackers target Exim Cloud adoption is soaring. However, as Thomas Deighton of Westcon and Michael Wakefield of mail servers Check Point warn, the defence of sensitive data and he US National Security Agency Russian activity as we approach anoth- information is no less important when it is in the cloud than on premise. It is vital for businesses look- T(NSA) has issued a warning stat- er US presidential election. ing to make the move into the cloud to understand ing that Russian nation-state attackers Since at least August 2019, the so-called why and how it has become so popular and the importance of securing it. belonging to a military intelligence Sandworm Team has been launching ThreatWatch 3 agency are actively exploiting a weak- attackers against Exim mail transfer agent Report Analysis 4 ness in Exim mail servers. The purpose (MTA) installations, taking advantage of News in brief 5 of the attacks is unclear but many a known flaw (CVE-2019-10149). The Firewall 20 commentators have noted increased Continued one page 2... Events 20 ISSN 1353-4858/101353-4858/20 © 20112020 Elsevier Ltd. All rights reserved This journalpublication and andthe individualthe individual contributions contributions contained contained in it inare it protectedare protected under under copyright copyright by Elsevier by Elsevier Ltd, Ltd,and andthe followingthe following terms terms and andconditions conditions apply apply to their to their use: use: Photocopying Single photocopies of single articles may be made for personal use as allowed by national copyright laws. Permission of the publisher and payment of a fee is required for all other photocopying, including multiple or systematic copying, copying for advertising or promotional purposes, resale, and all forms of document delivery. Special rates are available for educational institutions that wish to make photocopies for non-profit educational classroom use. NEWS ...Continued from front page an estimated $10bn in damage world- Editorial Office: The vulnerability was patched last year, wide in 2017, campaigns against NATO Editorial Office: Elsevier Ltd Elsevier Ltd but many organisations are reluctant to members and European governments The Boulevard, Langford Lane, Kidlington, The Boulevard, Langford Lane, Kidlington, Oxford, OX5 1GB, United Kingdom patch mail servers because of the potential in 2019 and attacks on several US state Oxford, OX5 1GB, United Kingdom Fax: +44 (0)1865 843973 disruption. election boards leading up to the 2016 Tel: +44 1865 843239 Web: www.networksecuritynewsletter.com Web: www.networksecuritynewsletter.com The NSA said: “The Russian presidential election. Publisher: Greg Valero actors, part of the General Staff Main The NSA has identified two IP addresses Publishing Director: Sarah Jenkins E-mail: g.valero@elsevier.com Intelligence Directorate’s (GRU) – 95.216.13.196 and 103.94.157.5 – and Editor:Editor: Steve Steve Mansfield-Devine Mansfield-Devine Main Centre for Special Technologies one domain, hostapp.be, that seem to be E-mail:E-mail: smd@contrarisk.com smd@contrarisk.com (GTsST), have used this exploit to add associated with the attacks. It encourages Senior Editor: Sarah Gordon privileged users, disable network security organisations to search their logs for these InternationalColumnists: EditoralIan Goslin, Advisory Karen Renaud, Board: Dario Forte, DaveEdward Spence, Amoroso, Colin AT&T Tankard Bell Laboratories; settings and execute additional scripts as possible indicators of compromise. FredInternational Cohen, Fred Cohen Editoral & Associates; Advisory Jon David,Board: The for further network exploitation.” “The election is right around the corner Fortress;Dario BillForte, Hancock, Edward Exodus Amoroso, Communications; AT&T Bell Laboratories; Ken Lindup, ConsultantFred Cohen, at Cylink; Fred CohenDennis & Longley, Associates; Queensland Jon David, University The The exploit starts with nothing more and this is an actor that was involved in the ofFortress; Technology; Bill Hancock, Tim Myers, Exodus Novell; Communications; Tom Mulhall; Padget Ken than a specially crafted email being sent to 2016 incidents,” John Hultquist, director of Lindup,Petterson, Consultant Martin Marietta;at Cylink; EugeneDennis Longley,Schultz, Hightower;Queensland EugeneUniversity Spafford, of Technology; Purdue University; Tim Myers, Winn Novell; Schwartau, Tom Mulhall; Inter.Pact the server. “The actors exploited victims intelligence at FireEye, told Wired. “We’re PadgetProduction Petterson, Support Martin Marietta; Manager: Eugene Lin Schultz,Lucas using Exim software on their public- very concerned they’ll be involved again in Hightower;E-mail: Eugene l.lucas@elsevier.com Spafford, Purdue University; Winn Schwartau, Inter.Pact facing MTAs by sending a command in this election. This is an actor that’s been SubscriptionProduction Information Support Manager: Lin Lucas the ‘MAIL FROM’ field of an SMTP involved in election-related hacking in the An annual subscriptionE-mail: tol.lucas@elsevier.com Network Security includes 12 (Simple Mail Transfer Protocol) message,” past and the most important, destructive issues and online access for up to 5 users. Prices: the NSA explained. The attackers then attack in history. Any development involv- Subscription Information E1112 for all European countries & Iran An annual subscription to Network Security includes 12 US$1244 for all countries except Europe and Japan download a shell to provide them with ing them is worth watching.” issues and online access for up to 5 users. ¥147 525 for Japan Subscriptions run for 12 months, from the date additional control, which can ultimately The NSA is urging all users of Exim (Prices valid until 31 July 2017) payment is received. To subscribe send payment to the address above. include full control over the server.
Recommended publications
  • Bibliography
    Bibliography [1] M Aamir Ali, B Arief, M Emms, A van Moorsel, “Does the Online Card Payment Landscape Unwittingly Facilitate Fraud?” IEEE Security & Pri- vacy Magazine (2017) [2] M Abadi, RM Needham, “Prudent Engineering Practice for Cryptographic Protocols”, IEEE Transactions on Software Engineering v 22 no 1 (Jan 96) pp 6–15; also as DEC SRC Research Report no 125 (June 1 1994) [3] A Abbasi, HC Chen, “Visualizing Authorship for Identification”, in ISI 2006, LNCS 3975 pp 60–71 [4] H Abelson, RJ Anderson, SM Bellovin, J Benaloh, M Blaze, W Diffie, J Gilmore, PG Neumann, RL Rivest, JI Schiller, B Schneier, “The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption”, in World Wide Web Journal v 2 no 3 (Summer 1997) pp 241–257 [5] H Abelson, RJ Anderson, SM Bellovin, J Benaloh, M Blaze, W Diffie, J Gilmore, M Green, PG Neumann, RL Rivest, JI Schiller, B Schneier, M Specter, D Weizmann, “Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications”, MIT CSAIL Tech Report 2015-026 (July 6, 2015); abridged version in Communications of the ACM v 58 no 10 (Oct 2015) [6] M Abrahms, “What Terrorists Really Want”,International Security v 32 no 4 (2008) pp 78–105 [7] M Abrahms, J Weiss, “Malicious Control System Cyber Security Attack Case Study – Maroochy Water Services, Australia”, ACSAC 2008 [8] A Abulafia, S Brown, S Abramovich-Bar, “A Fraudulent Case Involving Novel Ink Eradication Methods”, in Journal of Forensic Sciences v41(1996) pp 300-302 [9] DG Abraham, GM Dolan, GP Double, JV Stevens,
    [Show full text]
  • Magazine 2/2017
    B56133 The Science Magazine of the Max Planck Society 2.2017 Big Data IT SECURITY IMAGING COLLECTIVE BEHAVIOR AESTHETICS Cyber Attacks on Live View of the Why Animals The Power Free Elections Focus of Disease Swarm for Swarms of Art Dossier – The Future of Energy Find out how we can achieve CO2 neutrality and the end of dependence on fossil fuels by 2100, thus opening a new age of electricity. siemens.com/pof-future-of-energy 13057_Print-Anzeige_V01.indd 2 12.10.16 14:47 ON LOCATION Photo: Astrid Eckert/Munich Operation Darkness When, on a clear night, you gaze at twinkling stars, glimmering planets or the cloudy band of the Milky Way, you are actually seeing only half the story – or, to be more precise, a tiny fraction of it. With the telescopes available to us, using all of the possible ranges of the electromagnetic spectrum, we can observe only a mere one percent of the universe. The rest remains hidden, spread between dark energy and dark matter. The latter makes up over 20 percent of the cosmos. And it is this mysterious substance that is the focus of scien- tists involved in the CRESST Experiment. Behind this simple sounding name is a complex experiment, the “Cryogenic Rare Event Search with Superconducting Thermometers.” The site of the unusual campaign is the deep underground laboratory under the Gran Sasso mountain range in Italy’s Abruzzo region. Fully shielded by 1,400 meters of rock, the researchers here – from the Max Planck Institute for Physics, among others – have installed a special device whose job is to detect particles of dark matter.
    [Show full text]
  • Cyber Law and Espionage Law As Communicating Vessels
    Maurer School of Law: Indiana University Digital Repository @ Maurer Law Books & Book Chapters by Maurer Faculty Faculty Scholarship 2018 Cyber Law and Espionage Law as Communicating Vessels Asaf Lubin Maurer School of Law - Indiana University, lubina@iu.edu Follow this and additional works at: https://www.repository.law.indiana.edu/facbooks Part of the Information Security Commons, International Law Commons, Internet Law Commons, and the Science and Technology Law Commons Recommended Citation Lubin, Asaf, "Cyber Law and Espionage Law as Communicating Vessels" (2018). Books & Book Chapters by Maurer Faculty. 220. https://www.repository.law.indiana.edu/facbooks/220 This Book is brought to you for free and open access by the Faculty Scholarship at Digital Repository @ Maurer Law. It has been accepted for inclusion in Books & Book Chapters by Maurer Faculty by an authorized administrator of Digital Repository @ Maurer Law. For more information, please contact rvaughan@indiana.edu. 2018 10th International Conference on Cyber Conflict CyCon X: Maximising Effects T. Minárik, R. Jakschis, L. Lindström (Eds.) 30 May - 01 June 2018, Tallinn, Estonia 2018 10TH INTERNATIONAL CONFERENCE ON CYBER CONFLicT CYCON X: MAXIMISING EFFECTS Copyright © 2018 by NATO CCD COE Publications. All rights reserved. IEEE Catalog Number: CFP1826N-PRT ISBN (print): 978-9949-9904-2-9 ISBN (pdf): 978-9949-9904-3-6 COPYRigHT AND REPRINT PERmissiONS No part of this publication may be reprinted, reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the NATO Cooperative Cyber Defence Centre of Excellence (publications@ccdcoe.org).
    [Show full text]
  • Congressional Record United States Th of America PROCEEDINGS and DEBATES of the 116 CONGRESS, FIRST SESSION
    E PL UR UM IB N U U S Congressional Record United States th of America PROCEEDINGS AND DEBATES OF THE 116 CONGRESS, FIRST SESSION Vol. 165 WASHINGTON, THURSDAY, MARCH 14, 2019 No. 46 House of Representatives The House met at 9 a.m. and was Pursuant to clause 1, rule I, the Jour- Mr. HARDER of California. Mr. called to order by the Speaker pro tem- nal stands approved. Speaker, this week, the administration pore (Mr. CARBAJAL). Mr. HARDER of California. Mr. released its proposed budget, and I am f Speaker, pursuant to clause 1, rule I, I here to share what those budget cuts demand a vote on agreeing to the actually mean for the farmers in my DESIGNATION OF THE SPEAKER Speaker’s approval of the Journal. home, California’s Central Valley. PRO TEMPORE The SPEAKER pro tempore. The Imagine you are an almond farmer in The SPEAKER pro tempore laid be- question is on the Speaker’s approval the Central Valley. Maybe your farm fore the House the following commu- of the Journal. has been a part of the family for mul- nication from the Speaker: The question was taken; and the tiple generations. Over the past 5 WASHINGTON, DC, Speaker pro tempore announced that years, you have seen your net farm in- March 14, 2019. the ayes appeared to have it. come has dropped by half, the largest I hereby appoint the Honorable SALUD O. Mr. HARDER of California. Mr. drop since the Great Depression. CARBAJAL to act as Speaker pro tempore on Speaker, I object to the vote on the Then you wake up this week and hear this day.
    [Show full text]
  • 8-30-16 Transcript Bulletin
    FRONT PAGE A1 Buffaloes bowl over Cowboys in rival game See B1 TOOELETRANSCRIPT SERVING TOOELE COUNTY BULLETIN SINCE 1894 TUESDAY August 30, 2016 www.TooeleOnline.com Vol. 123 No. 26 $1.00 Local suicides declined in 2015 JESSICA HENRIE are working. STAFF WRITER “I’m anxious to see how this Numerous suicide pre- year’s numbers compare,” she Tooele County Resident Suicides 2009-2015 vention programs in Tooele said. “I don’t want to be too Source: Tooele County Health Department Vital Statistics Office 20 County may be seeing some quick to say what we’re doing 20 results. is working. And there are so The suicide rate in the many factors — some people county was down last year, might have a terminal illness 14 according to the Tooele County or are under the influence.” 15 13 Health Department’s annual Bate added, “Even one death report for 2015. is too many, so it’s going to be 10 Last year, 13 county resi- a problem we’ll focus on until 10 9 9 dents died from suicide. That’s people get the help they need. seven fewer deaths than in People can be suicidal … and 2014, said Amy Bate, public never be suicidal again if they 5 information officer for the get the help they need. They 5 department. can lead a really happy life.” FILE PHOTO However, Bate will wait Suicide by the numbers Tawnee Griffith and Daniell Ruppell release a lantern into the sky as part of until 2016’s numbers come Suicide statistics on the 0 the Tooele County Health Department’s “With Help Comes Hope” suicide in before saying for sure the 2009 2010 2011 2012 2013 2014 2015 prevention event on May 14.
    [Show full text]
  • Informe De Tendències De Ciberseguretat - La Nova Normalitat Cibernètica
    Informe de tendències de ciberseguretat - La nova normalitat cibernètica Informe de tendències de ciberseguretat 2n semestre de 2020 La nova normalitat cibernètica 1 Informe de tendències de ciberseguretat - La nova normalitat cibernètica El contingut d’aquesta guia és titularitat de l’Agència de Ciberseguretat de Catalunya i resta subjecta a la llicència de Creative Commons BY-NC-ND. L’autoria de l’obra es reconeixerà a través de la inclusió de la menció següent: Obra titularitat de l’Agència de Ciberseguretat de Catalunya. Llicenciada sota la llicència CC BY-NC-ND. Aquesta guia es publica sense cap garantia específica sobre el contingut. Aquesta llicència té les particularitats següents: Vostè és lliure de: Copiar, distribuir i comunicar públicament l’obra. Sota les condicions següents: Reconeixement: S’ha de reconèixer l’autoria de l’obra de la manera especificada per l’autor o el llicenciador (en tot cas, no de manera que suggereixi que gaudeix del suport o que dona suport a la seva obra). No comercial: No es pot emprar aquesta obra per a finalitats comercials o promocionals. Sense obres derivades: No es pot alterar, transformar o generar una obra derivada a partir d’aquesta obra. Avís: En reutilitzar o distribuir l’obra, cal que s’esmentin clarament els termes de la llicència d’aquesta obra. El text complet de la llicència es pot consultar a https://creativecommons.org/licenses/by-nc-nd/4.0/deed.ca L’informe inclou recursos gràfics, com imatges i icones, subministrades des de plataformes de continguts gratuïts de lliure difusió. Menció específica a: https://www.iconfinder.com, https://pixabay.com.
    [Show full text]
  • 10Th International Conference on Cyber Conflict Cycon X: Maximising Effects
    2018 10th International Conference on Cyber Conflict CyCon X: Maximising Effects T. Minárik, R. Jakschis, L. Lindström (Eds.) 30 May - 01 June 2018, Tallinn, Estonia 2018 10TH INTERNATIONAL CONFERENCE ON CYBER CONFLicT CYCON X: MAXIMISING EFFECTS Copyright © 2018 by NATO CCD COE Publications. All rights reserved. IEEE Catalog Number: CFP1826N-PRT ISBN (print): 978-9949-9904-2-9 ISBN (pdf): 978-9949-9904-3-6 COPYRigHT AND REPRINT PERmissiONS No part of this publication may be reprinted, reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the NATO Cooperative Cyber Defence Centre of Excellence (publications@ccdcoe.org). This restriction does not apply to making digital or hard copies of this publication for internal use within NATO, or for personal or educational use when for non-profit or non-commercial purposes, providing that copies bear this notice and a full citation on the first page as follows: [Article author(s)], [full article title] 2018 10th International Conference on Cyber Conflict CyCon X: Maximising Effects T. Minárik, R. Jakschis, L. Lindström, (Eds.) 2018 © NATO CCD COE Publications NATO CCD COE Publications LEGAL NOTICE: This publication contains the opinions of the respective authors only. They do not Filtri tee 12, 10132 Tallinn, Estonia necessarily reflect the policy or the opinion of NATO Phone: +372 717 6800 CCD COE, NATO, or any agency or any government. NATO CCD COE may not be held responsible for Fax: +372 717 6308 any loss or harm arising from the use of information E-mail: publications@ccdcoe.org contained in this book and is not responsible for the Web: www.ccdcoe.org content of the external sources, including external websites referenced in this publication.
    [Show full text]
  • POL211H1F: Intelligence, Disinformation, and Deception— Challenges of Global Governance in the Digital Age
    POL211H1F: Intelligence, Disinformation, and Deception— Challenges of Global Governance in The Digital Age University of Toronto, Department of Political Science Fall 2020 Online delivery (Quercus, Zoom) Instructors: ● Professor Jon R. Lindsay, jon.lindsay@utoronto.ca ○ Office hour: Thursday 2p, Zoom ● Professor Janice G. Stein, j.stein@utoronto.ca ○ Office hour: Monday 4p, Zoom Teaching assistants: ● Head TA: Jasmine Chorley Foster, jasmine.chorleyfoster@mail.utoronto.ca ○ Office hour: Thursday 10-11am, Zoom ● Milan Ilnyckyj, milan.ilnyckyj@mail.utoronto.ca ● Steven Loleski, steven.loleski@mail.utoronto.ca ○ Office hour: Wednesday 6-7pm, Zoom Contents Description ................................................................................................................................. 2 Course Organization .................................................................................................................. 3 Assignments .............................................................................................................................. 4 Schedule .................................................................................................................................... 7 Introduction (Week 1 - Mon. 21 Sept.) .................................................................................... 7 1. Course organization ................................................................................................. 7 Part I: Intelligence ..................................................................................................................
    [Show full text]
  • Cyber-Attacks to Critical Energy Infrastructure
    Cyber-attacks to critical energy infrastructure and management issues: overview of selected cases Tomas Plėta, Manuela Tvaronavičienė, Silvia Casa, Konstantin Agafonov To cite this version: Tomas Plėta, Manuela Tvaronavičienė, Silvia Casa, Konstantin Agafonov. Cyber-attacks to critical en- ergy infrastructure and management issues: overview of selected cases. Insights into Regional Develop- ment, Entrepreneurship and Sustainability Center, 2020, 2 (3), pp.703 - 715. 10.9770/ird.2020.2.3(7). hal-03271856 HAL Id: hal-03271856 https://hal.archives-ouvertes.fr/hal-03271856 Submitted on 27 Jun 2021 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. INSIGHTS INTO REGIONAL DEVELOPMENT ISSN 2669-0195 (online) http://jssidoi.org/IRD/ 2020 Volume 2 Number 3 (September) http://doi.org/10.9770/IRD.2020.2.3(7) Publisher http://jssidoi.org/esc/home CYBER-ATTACKS TO CRITICAL ENERGY INFRASTRUCTURE AND MANAGEMENT ISSUES: OVERVIEW OF SELECTED CASES* Tomas Plėta ¹, Manuela Tvaronavičienė ², Silvia Della Casa ³, Konstantin Agafonov 4 1,2 Vilnius Gediminas Technical University, Saulėtekio al. 11, LT-10223 Vilnius, Lithuania 2General Jonas Zemaitis Military Academy of Lithuania, Šilo 5a, LT-10322, Vilnius, Lithuania 3Daugavpils University, Parades Str. 1-421, Daugavpils, LV-5401, 3 NATO Energy Security Center Of Excellence, Šilo g.
    [Show full text]
  • Informationssicherung MELANI
    Nationales Zentrum für Cybersicherheit NCSC Nachrichtendienst des Bundes NDB Melde- und Analysestelle Informationssicherung MELANI https://www.melani.admin.ch/ INFORMATIONSSICHERUNG LAGE IN DER SCHWEIZ UND INTERNATIONAL Halbjahresbericht 2020/I (Januar – Juni) 29. OKTOBER 2020 MELDE- UND ANALYSESTELLE INFORMATIONSSICHERUNG MELANI https://www.melani.admin.ch/ 1 Übersicht / Inhalt 1 Übersicht / Inhalt .............................................................................................. 2 2 Editorial ............................................................................................................. 4 3 Schwerpunktthema: COVID-19 ........................................................................ 6 3.1 Gelegenheit für Social Engineering ................................................................... 6 3.1.1 Verbreitung von Schadsoftware .................................................................................... 7 3.1.2 Phishing ......................................................................................................................... 8 3.1.3 Abofallen ........................................................................................................................ 9 3.2 Angriffe auf Websites und –dienste ................................................................... 9 3.3 Angriffe gegen Spitäler ..................................................................................... 10 3.4 Cyber-Spionage ................................................................................................
    [Show full text]
  • Strategic Culture and Cyber Strategy
    University of Central Florida STARS Honors Undergraduate Theses UCF Theses and Dissertations 2021 Strategic Culture and Cyber Strategy Andrew S. Olejarski University of Central Florida Part of the Political Science Commons Find similar works at: https://stars.library.ucf.edu/honorstheses University of Central Florida Libraries http://library.ucf.edu This Open Access is brought to you for free and open access by the UCF Theses and Dissertations at STARS. It has been accepted for inclusion in Honors Undergraduate Theses by an authorized administrator of STARS. For more information, please contact STARS@ucf.edu. Recommended Citation Olejarski, Andrew S., "Strategic Culture and Cyber Strategy" (2021). Honors Undergraduate Theses. 877. https://stars.library.ucf.edu/honorstheses/877 STRATEGIC CULTURE AND CYBER STRATEGY by ANDREW S. OLEJARSKI A thesis submitted in partial fulfillment of the requirements for the Honors in the Major Program in Political Science in the College of Sciences and in the Burnett Honors College at the University of Central Florida Orlando, Florida Spring 2021 Thesis Chair: Ted Reynolds, Ph.D. ABSTRACT The intent of this paper is to explore the relationship between strategic culture theory and how it interacts with war-parallel usage of cyber methods. Cyber methods, at times incorrectly classified as “cyberwarfare”, as a means of statecraft are becoming increasingly prevalent, and developing an understanding of how states use them, particularly during conflicts, would be a great boon to the field of security studies. Strategic culture theory, an international relations theory focusing on the relationship between culture and strategy, may be an effective means to analyze conflict-parallel use of cyber methods.
    [Show full text]
  • Digital Warfare Or Organized Crime
    Breakfast Seminars in Information Security Digital warfare or organized crime (Professional Master in Information Security) Dr. Anders Carlsson, (anders.carlsson@bth.se) Anders Carlsson 25y Royal Swedish Navy ÖrlKn (Lt Cmd) Submarines < 20year in BTH teacher & researcher Phd in Cyber Security from National University of Radio Electronics Kharkiv Ukraine last years www.engensec.eu to develop a Msc in Cyber Security EU + Ukraine + Russia agenda - The last year’s changed threat against the countries, companies and organizations. - PROMIS general information - Courses - How to apply Actors then threat opponent…… Coalition Coalition Nation Nation Organization Organization Group Group Individual Individual From Hacktivism organized crime that make BIG money using Hybrid War to overtake a country I managed to take over Georgia 2008, Crimea 2014 and manipulate US-election 2016, nobody stop me Threat Report, Survey, from shows a dramatically increase in ransomware attack against: • CrowdStrike • companies • municipal • ESET • governments and • agencies • KasperskyLab • healthcare providers • EMISOFT A town in Florida has paid $500,000 (£394,000) to hackers after a ransomware attack Lake City voted to pay hackers in $??? In Bitcoin after two weeks downed computer Coastal suburb Riviera Beach recently paid hackers $600,000 following a similar incident that locked municipal staff out of important files. The cyber-attack that sent an Alaskan community back in time US-Security reports shows that during 2019 966 government agencies, educational establishments and healthcare providers at a potential cost in excess of $7.5 billion. 113 state and municipal governments and agencies. 764 healthcare providers. 89 universities, colleges A town in Florida has paid $500,000 (£394,000) to hackers after a ransomware attack Lake City voted to pay hackers in $??? In Bitcoin after two weeks downed computer Coastal suburb Riviera Beach recently paid hackers $600,000 following a similar incident that locked municipal staff out of important files.
    [Show full text]