20 September 2016

Schneier: Nation State is Testing the Internet’s Defenses

Phil Muncaster UK / EMEA News Reporter , Infosecurity Magazine 

Nation state cyber operatives, possibly from China, are testing the defenses of the companies that run key parts of the internet, according to renowned cryptographer Bruce Schneier.

The unnamed companies Schneier spoke to apparently told him that they were suffering DDoS and other probing attacks designed to test their capabilities, with the size, scale and persistence pointing to a nation state.

He explained:

“One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure…

The more attack vectors you employ simultaneously, the more different defenses the defender has to counter with. These companies are seeing more attacks using three or four different vectors. This means that the companies have to use everything they've got to defend themselves. They can't hold anything back. They're forced to demonstrate their defense capabilities for the attacker.”

Schneier concluded that this is an attempt by a nation state’s military to “calibrate its weaponry” in the event of cyber warfare.

“It reminds me of the US's Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities,” he argued.

Sean Newman, director at Corero Network Security, claimed the attacks seen by his company tend to be “sub-saturating” and short – meaning attackers are testing out their targets to work out how much traffic is needed to cripple them.

“This trend is certainly a challenge for any organizations, or providers, relying on legacy scrubbing-center approaches to DDoS protection, as these are typically based on an assumption that DDoS consists of attacks which are saturating and/or prolonged in nature,” he added.

“These solutions are not inline, or real-time, and are typically limited in capacity, hence they cannot effectively deal with the proliferation of these surgical attacks.”

No comments: