018
network and also prevent access to malware-infested
websites that attempt to execute drive-by downloads.
Multi-Tier Bot Protection
Protection against bots consists of two phases: detection
and blocking.
To maximize the ability to detect a bot in a network, a
multi-tier bot discovery mechanism is needed to cover
all aspects of a bot behavior. A bot detection security
solution should include a reputation mechanism
that detects the IP, URL and DNS addresses that the
remote operators use to connect to botnets. It is also
very important that this protection should include the
ability to detect the unique communication patterns
and protocols for each botnet family. Detecting bot
actions is another critical capability of bot protection.
The solution should be able to identify bot activities,
such as sending spam, click fraud, and self-distribution.
The second phase after the discovery of infected
machines is to block outbound bot communication to
the Command & Control servers. This phase neutralizes
the threat and makes sure that the bot agents cannot
send out sensitive information nor receive any further
instructions for malicious activity. Thus, the bot related
damage is immediately mitigated. This approach enables
organizations to maintain work continuity - users can
work normally, unaware that bot specific communication
is being blocked, and the organization is protected with
no impact on productivity.
Real-time Global Collaboration
The cyber-attack problem is too big for a single organization
to manage. Organizations have a better chance to conquer
this growing challenge through collaboration and
professional assistance. As cybercriminals leverage malware,
bots, and other forms of advanced threats, they often target
In 2012 the global political arena turbulence that
started in 2010 with the uprisings of many Arab
countries continues with different civil protests in
other countries. Not surprisingly, we are also seeing a
wave of cyber-attacks based on ideological agendas.
Taiwan-based Apple supplier Foxconn was hacked
by a group calling itself Swagg Security. This group
was apparently protesting media reports about poor
working conditions at the electronics manufacturer‘s
factories in China
14
.
Hacktivist group Anonymous claimed it hacked a
U.S. Department of Justice website server for the
U.S. Bureau of Justice Statistics and released 1.7GB
of stolen data. The group released the following
statement about the stolen data: “We are releasing it
to end the corruption that exists, and truly make those
who are being oppressed free”
15
.
The Vatican also found its websites and internal
email servers subject to a week-long attack by the
Anonymous group. The group claimed its action was
justified because the Vatican Radio System has powerful
transmitters in the countryside outside Rome, which
allegedly constituted a health risk. The group claimed
that the transmitters supposedly caused “leukemia and
cancer”, to people living nearby. The group also justified
its attack and claimed that the Vatican allegedly helped
the Nazis, destroyed books of historic value, and that its
clergy sexually molested children
16
.
In yet another cyber-attack, Anonymous brought down
the websites of trade groups U.S. Telecom Association
and TechAmerica. These attacks were apparently
conducted because of these organizations support for the
cyber security bill proposed by Rep. Mike Rogers. This
bill would allow private companies and the government
to share any information “directly pertaining to a
vulnerability of, or threat to” a computer network
17
.
2012,
a Year of Hackt ivism