attribution, Cloud, consortium, criminal, Cyber, Cybersecurity, espionage, hackers, hacktivist, Innovation, Intellectual Property, ISP, Malware, obfuscate, PII, Security, strategy, terrorists, watering hole
*** Hello. I wanted to add a bit of clarification on a potential National Cloud Security article I previously wrote about.
First, don’t get me wrong. Some of us in the cybersecurity/InfoSec fields know that no one, that is – working as professionals for the good of the company and their customers, want to spend a massive amount of time reading any of the email/v.mail/phone call transcripts that flow across the ‘Net. (see note below)
Because of lack of interest and no time.
A national cloud malware strategy would be primarily to:
2) Stop (mitigate) and
3) Deny criminal intent
Any malware traffic might germinate from:
a) cyber criminals (inclusive of insiders, hacktivists, criminals and terrorists),
b) nation states (who shall remain nameless here but you probably already have a few names in your head) – including our own country and
c) corporate entities engaging in espionage
Hopefully, there will be another benefit using this nationwide cloud – attribution. Attribution, determining who is the root source of some malware attack. This is the most difficult thing to overcome. It is difficult to discover who initiated any malware attack if they have any degree of intelligence as they will spoof the origination of the malware.
And there are many, many ways to spoof or obfuscate where the malware can originate.
If we had some kind of national (and International) cloud strategy, we could:
1) More easily determine where some of this scourge originates rather than blaming attacks on zombie PCs. You may have heard of hapless PC owners being made aware of porn (any kind) on their PCs (more than likely by law enforcement) as a clearing house for criminals…
2) Determine more easily what actually construes malware and share that knowledge around the country (countries). For instance, sometimes you receive spam originating from some IP address starting with 10. something. Well, any IP address starting with 10. anything should not be occurring anywhere across the ‘Net. 10. anything is only meant to travel across INTERNAL networks, not EXTERNAL networks….
If we could get major ISP and ‘Net AP provider junctions as ‘Net traffic enters/leaves those exchanges to just drop 10. IP traffic, we could knock off a great deal of the spam and malware attacks.
If we could indicate major points at the perimeter of the U.S. and at major points within the U.S. to perform behavioral analysis or look for anomalies, we could reduce malware attacks and the theft of PII from users, companies and state/federal entities.
So what do we need to do? Well, we would need someone(s) or some large footprint company make a noise to start this kind of cloud security. We need a large voiced champion / sponsor. Someone who does not have a stake in the game of ‘Net security or just wants to be famous.
We need someone(s) who wants to help protect this country, and our allies, against all the massive multi-billion dollar IP and PII theft that takes place every year.
Who will stand up for something like this national/international cloud security…?
Who can we get? And then too, who will underwrite the cost?
–> Gates? US-CERT? DHS? Private companies who join in a consortium (L3, Verizon, Comcast, Symantec…)?
This may end up being highly difficult to undertake because many of the AV vendors may/will see some of their profits dry up. But the problem here is, if they continue on their own, we, the users (individuals and companies) will be left in the dark because individually, none of the AV suites are that great in stopping:
Zero-day (0-day) exploits (especially when there are companies explicitly crafting exploits to take advantage of software/firmware/hardware vulnerabilities
Polymorphic and Metamorphic malware
Buffer overflows (and these have been around SINCE THE 80s)
Watering Hole attacks (where I got tagged this year along with a handful of others at a place where I thought I was very secure [not at home])
etc., etc., etc….. (this is a long list)
We need a comprehensive strategy, one that includes innovation to specifically target and eradicate malware – around the country, primarily before that malware arrives at:
- an individual’s home PC, tablet, smartphone or
- some corporation that cannot afford to spend ANY CapEx (or OpEx) on recovering from an actual attack/pilfering of proprietary info or
- state / local / federal entities
Make no mistake here, I stated strategy and innovation above because we will need both of those together to help reduce this issue of malware. We cannot have individuals in leadership positions forcing their position because they are the leader. We will need leaders who are not afraid to have smarter people around them and more importantly, have the capacity to listen to those smart people and if the ideas are sound and beneficial – implement those ideas.
More importantly, we should have leaders implementing ideas that may not necessarily have their name splattered everywhere, just because they are the leader…
Even though, apparently, the U.S. is actually saving entire email / v.mail text for future scrutiny in tracking down terrorists and criminals. I am highly torn on this piece because I do not want anyway saving my emails other than me myself (yes, that was intentional). On the other hand, I am slightly torn on the issue of privacy, because if we do save the content of email/v.mail/calls and something happens somewhere in the country (or the world) – we ‘MAY’ wind up successful in having something in the massively large data storage (i.e. email) sites that we can data mine useful info to capture (kill?) and/or prevent additional horrific crimes/incidents from taking place.
AP – Access Points (L3 and others)
IP – Intellectual Property
ISP – Internet Service Provider (Comcast, Verizon, L3, etc.)
PII – Personally Identifiable Information (medical, financial, private, R&D)
Zombie PC – a PC that has been taken over by some unscrupulous criminal or hacker, unknown to the PC owner and is used as an instrument of malware attacks on others (individuals, companies, state/federal agencies)