Cyber security - the greatest modern challenge?

Author: Nick Brown
Posted: 14 Jun 2013 | 16:02

EPCC's seminar series, which is usually open to all and given by EPCC staff, that covers a wide variety of topics, from those closely related to HPC to others which are much more general. An example of the latter is a talk I recently gave on cyber security. With an estimated ten million cyber-attacks worldwide per day, from individuals to small and large-scale organisations, this is something that we should all be aware of.

The internet is estimated to contribute £82 billion to the UK’s GDP and a recent report suggested that cybercrime is costing the country as much as £27 billion per year. The impact of this sort of crime can be wide ranging; for example at a personal level identify theft, bank detail compromise, violation of the law (by infected machines) and ransom-ware which requires the individual to pay money to get back full control of their machine and data back are common. At the corporate level the consequences can be even more severe and for instance the loss of know- how, breach of contracts, loss of reputation and reduced productivity that results from cyber attacks has forced numerous companies out of business.

Worms, trojans, viruses, Remote Administration Toolkits (RATs), denial of service; there are many terms for different cyber-attack methodologies but at the simplest level they are just different approaches to achieving the same aim. Currently the most common form of attack is Distributed Denial of Service where an attacker will use multiple infected machines (often infected by malware such as worms or trojans) to flood a victim machine with huge amounts of data such as requests for a webpage. In trying to process all of this data the victim cannot distinguish between valid and invalid requests fast enough and ends up falling over and denying service to the legitimate users. The most common motivation behind these sorts of attacks is Hacktivism, where the attackers aim to influence political policy by their actions.

Arguably a more serious form of cyber-attack is that carried out by cyber-criminal gangs with the aim of stealing data or information with which to make money. Whether this information is an individual’s bank details or a company's intellectual property such as product blueprints, it can have a devastating impact. SQL injection attacks are a common method for achieving this goal and they take advantage of insecurities in improperly written online systems to allow criminals to gain control of databases and their information. Whilst some attacks are very much directed, others follow the approach of, by throwing out a large enough net, you are bound to catch something.

Whilst it might all sound like doom and gloom, the good news is that by carrying out a number of simple actions, as individual users, we can quite effectively protect ourselves from many of the pitfalls and dangers out there. The Australian Government’s Department of Defence publishes the top 35 cyber security strategies that we can follow to keep ourselves safe. The top most effective approaches (which will protect against the vast majority of attacks) are to configure your machine to do application whitelisting (where only applications given explicit permission may run), ensure that you keep your applications and Operating System up to date with patches, especially security ones, and lastly to limit those who have administrator, or root, privileges on the machine which includes doing day to day work under a normal user level account.

There is lots of other advice aimed at specific groups of people. For instance compilers provide numerous options that programmers can use to further the security resilience of their code. As an example, GCC provides ProPolice which helps guard against stack based buffer overflow attacks. Many compilers also often work with the Operating System and underlying hardware to make program data areas none executable and code areas read only, so that an attacker finds it that much more difficult to inject their own code in and run it. Lastly, compilers can generate position independent executables which allow for the address space layout to be randomised (ASLR) and making the machine memory unpredictable can result in it being far more difficult for attackers to compromise specific applications.

In conclusion, cyber security is a real problem which is likely to only become more serious as time progresses. Much computing these days takes place in an environment without effective regulation, and we are faced with industrial-scale efforts to compromise and profit from vulnerable machines and their users. The days of needing to guard against the lone, 'genius' hacker are long, long gone and whilst effort is being spent in trying the counter this threat, all the odds are still stacked heavily in favour of the attackers. The industrialisation and commercialisation of their weapons, and the networks dedicated to trading them, has only accelerated the trend in their favour.

Contact

Nick Brown, EPCC