Fighting malware and spam

Malicious tools and techniques in a politicized, militarized cyberspace

Eli Jellenc VeriSign-iDefense

This presentation (based on existing VeriSign-iDefense research projects) examines the divergence between newer politico-strategic cyber threats and their still-evolving criminal counterparts. The purpose is to explore the consequences - still poorly understood - of cyber security becoming a key national defence and statecraft priority for most of the world's governments. While cybercrime and other 'traditional' cyber security threats continue to matter and to evolve, the most important threats of today and tomorrow are more sophisticated and serious: commercial espionage, aggressive hacktivism and cyber conflict. What does this mean for the information security profession and for practitioners in businesses and government?

Are politico-strategic cyber threats different from their criminal cousins? On the most basic technical level, nearly all cyber threats share the same features; malware, vulnerability exploitation techniques, stealth components, data exfiltration techniques, and access privilege abuse. However, above this level, the 'who' and the 'why' matter as much as the 'what' and the 'how' for understanding the threat and the proper countermeasures. The presentation provides analysis of the indicators that distinguish politico-strategic threats from cybercrime and enthusiast hacking. Moreover, the presentation provides comparative analysis of the trends in frequency and severity of different politico-strategic threats in the most important countries and regions. Among the topics covered are APTs, commercial cyber espionage, 'second-generation' hacktivism, and the consequences of increasingly empowered nation-state cyber security apparatuses.

This presentation also identifies threats that few cyber security professionals are currently aware of, or that they do not examine in any systematic way. For example, in countries beset by corruption and covert collusion between government officials and local favoured businesses, a state's cyber surveillance capabilities can pose serious commercial cyber espionage risks (both from corrupt officials and from unethical ISPs) to foreign businesses who face well-connected and unscrupulous local competitors. Countermeasures against this type of activity look very different from defences against criminals.

Much of the presentation - drawn from several years' experience in research and investigations by iDefense regional cyber intel experts - focuses on the threats themselves, but analysis of mitigation and responses form the conclusion.