Cyber Threats and Countermeasures

Question: You are a threat researcher for a Computer Emergency Response Team (CERT) that is responsible for protecting Government networks. The Government will be releasing an unpopular policy in the near future and is expecting attacks from hacktivists. What are the sorts of cyber-attacks that can be expected? How can the agency organise itself now to help reduce the impact of those cyber-threatsfor your profile, and to also cover the following aspects: What are the countermeasures to those threats, and how do they fit within the Situational Crime Prevention framework? How does the current law help or hinder your countermeasures? Are there any proposals for laws that would assist? Is your problem of international scope and, if so, how? Answer: Introduction With the rapid growth of technology in the past few decades have brought forward major aspects that actually helped the mankind in many ways. The birth of technology is a prolific boon to the mankind. Technology has made our world a better and safe place bringing forward unknown facts and also helping with many new ways to take up unidentified, difficult tasks at ease and complete it within seconds (Alston, 1987). Technology has totally changed the whole scenario of our world, starting from business to science every field; every sector has been boosted with the rapid change in technology in the past few decades. The era of this technology can be termed as the technological revolution that has potentially brought forward major prospects for the mankind. But, this evolution of this technology has also brought forward major drawbacks and curse. In one word we understand technology means computers, cell phones, Information technology (IT) etc. All along with this one major thing that tec hnology has brought along with it is cyber crime and cyber-attacks. These cyber attacks are very dangerous in terms of information technology. These cyber-attacks cause huge damages which cannot be described in words. These damages are so prolific and potentially dangerous that it can actually root over the whole system and can also harm down major sources and even an individuals life. This operation of cyber-attacks are mainly performed by the hacktivists, who prolifically without any major order or permission takes down information from the system (computers) and perform illegal task with the major sources they get (Amoroso, 2011). These hacktivists are potentially very dangerous and does all illegal stuffs which are not authorized. Profile Being a prolific threat researcher for a Computer Emergency Response Team (CERT) it is the major duty to check out every potentially important research that is indulged in the new unpopular policy profile that the Government is trying to release in the near future. It is the duty of the Computer Emergency Response Team and most importantly the threat researcher to look out the major implications that govern the whole policy that the Government is about to release in the near future. Whenever a new policy is about to be released there is always a threat of the hacktivists, who can prolifically enter the new system and can corrupt the whole system or the policy along with unauthorized access which can lead to losing of major data and sources. This is highly dangerous not only for the part of the government but also for the population of the country along with the economy of the country ('Australia and New Zealand join global security standard', 1999). Basically in this scenario the government is actually trying to produce a major policy related to the information security of the country that helps to secure the cyber security of the country. The cyber security is one of the most valuable assets of a country. The cyber security helps the countrys government and the economy to grow by giving time to time major boost to the countrys economy. But, the policy that has been taken up by the government to list about the cyber security which can bring fruitful measures to the economy of the country can easily be threatened by major hacktivists. So, it is quite important to know how this policy can attract major hacktivists to get unauthorized access to ruin the system and also put major threats to the policy. Looking first at the policy; this policy that is about to be released by the government in near future is prolifically related to the country as well the government. Australia is powerless against the loss of monetary intensity through the proceeded with misuse of ICT systems and the trade off of protected innovation and other delicate business information. This can possibly undermine Australians' trust in the computerized economy (Axelrod, 2004). Digital security is hence an issue of national security as well as one of financial security. It is a test that obliges a reasonable, coordinated methodology drove by government, however living up to expectations in close association with the private division that tries to address the vital vulnerabilities of an inexorably unfriendly online environment. Facing and dealing with these dangers must be adjusted against the common freedoms of Australians, including the privilege to security, and the need to elevate effectiveness and development to guarantee that Australia understands the maximum capacity of the computerized economy (Zhu, Xiong, Li Zhou, 2015). Cyber Attacks The thriving cooperative energy between the web and its recipients, who use it with differing personalities, for different expectations and purposes, has had an observable effect on the general viewpoint of the worldwide digital danger scene. Today's generally open and interoperable worldwide advanced framework which unites substances, for example, associations, organizations, governments, people, and so on that all in all (as constituents) structure the scene system is being tested as digital assaults, extending from unimportant malware to the entire existential emergency's radiating from cutting edge diligent dangers (Axelrod, Bayuk Schutzer, 2009). The connection between these elements, as planned by routine or developing digital assault patterns and methods, in a worldwide digital milieu, is the thing that we'll allude to as "Worldwide Cyber Theater". A topic which presently rules the worldwide digital scene is the center of digital dangers. Associations, and also people, stay unyielding to the thought they could be subjected to this sort of criminal action. The fact of the matter is different sorts of digital dangers prowl behind ANYTHING utilizing the web. Much of the time, a danger is hostile and destructive in nature. Exploited people may lose licensed innovation, have their online financial balances uncovered, or accidentally disperse more malware to different machines in their system. At a more elevated amount, programmers can recover secret business data, and even upset a nation's basic national base. Without efforts to establish safety and controls set up, your information may be subjected to an assault. A few assaults are inactive, importance data is checked; others are dynamic, significance the data is changed with purpose to degenerate or pulverize the information or the system itself. Since engineering has no set structure, there are various boulevards of assault that a victimized person can fall powerless to. The sorts of assaults recorded beneath are simply a short testing of the dangers that exist. Despite the fact that a straightforward machine infection may hold the record for the most typical assault, new assaults are blasting at the creases with imagination, keeping data security experts on their toes (Zelkowitz, 2004). Advanced Persistent Threat: A progressed industrious danger is described by more refined and concentrated endeavors by facilitated aggressors concentrated on a solitary target. The point is to invade a delicate framework, stay undetected as far as might be feasible, and leave few hints of their prosperity. Consequently, APTs have turned into a most loved methodology for the individuals who intend to lead digital, corporate, and sagacity reconnaissance (Baskerville, 1993). APTs are by and large intended to get characterized/touchy data and have been utilized dominatingly against innovation organizations as a part of the US and Europe to acquire profitable protected innovation. No single innovation or procedure will stop an APT, and customary security strategies are ended up being insufficient against these dangers. While numerous associations are powerless against assaults on the grounds that they have under-contributed in security before, just shoring up existing and ordinary resistances is insufficient. New methodologies and expanded vigilance are needed (Williams, 2001). Ensuring against APTs obliges a few layers of resistance, learning of the danger, and propelled abilities to recognize and respond to progressing and effective assaults. APTs have likewise conceived new digital insurance methodologies, for example, Continuous Persistent Monitoring (CPM). An extremely prevalent technique is for APT aggressors to send a particular phishing battle - known as spear-phishing - to various worker email addresses. The phishing email contains a Trojan connection, which no less than one worker is deceived into running. After the introductory execution and first machine takeover, APT assailants can trade off a whole venture in a matter of hours. It's not difficult to perform, however a serious agony to clean up (Boyd GonzaÃÅ' lez Nieto, 2005). Phishing: This vector by and large works through email, and the thought of email is situated in the rule of non-selective correspondence, which basically implies it permits anybody to contact any other individual (and the other way around) paying little mind to who they are. While individuals would for the most part hope to be reached by the individuals who are approved, the majority of them are unrealistic to channel out communicants in the first case of effort on the grounds that doing so would demolish the entire motivation behind email (Varadharajan Mu, 2001). This suspicion makes a proviso where a yearning aggressor may abuse a peculiarity which makes non-selective correspondence conceivable. The email conventions (RFC) don't give any verification of the "From" location making email a most loved medium for lance phishing. In spite of the facts that, apparatuses, for example, Pretty Good Privacy (PGP) and Sender Policy Framework (SPF) endeavor to settle this, however they stay really ineffectual as they are not by and large acknowledged by most end clients. Metamorphic Polymorphic Malware: This classification of malware continues transforming its code so each of its succeeding forms is unique in relation to the past one. Transformative and polymorphic malware represent the single greatest risk to associations over the world in light of the fact that it effortlessly dodges identification and routine hostile to infections programs (Brock, 1991). Its significant polymorphic malware is harder to compose since it requires muddled strategies like register renaming, code stage, code development, code contracting, and junk code insertion. Be that as it may, that is once in a while an issue for bigger substances involving devoted and decently underpinned programmers. Additionally, more organizations depend on open source web applications which prepares for weakness towards transformative and polymorphic malware. Hoot suite, for instance, is an open source stage accessible for open downloads that numerous organizations utilization to deal with their Twitter accounts (Ulsch, n.d.). Since aggressors have simple access to stages like this present its much simpler to realize about its default settings, and compose code likewise to avoid security and behavior surveillance. Distributed Denial of Service: DDoS assaults permit programmers to thump off its victimized people as opposed to take data. Despite the fact that this assault is less actually difficult when contrasted with others, its adequacy ought not to be belittled. DDoS assaults normally comprise of flooding the system with parcels of tremendous measures of information, subsequently arriving at its points of confinement (Brock, 2000). Thus, honest to goodness appeals are lost or possibly the administration gets to be so abate it would be impossible work with. A fruitful DDoS assault squares access to a web area (frequently a huge one) yet it doesn't affect an association's inner machine framework. On the off chance that organizations take after fundamental security best practices, their budgetary installment preparing, exchanging systems and other center foundation won't be sitting completely open on the web, powerless against an assault. DDoS strategies are political tricks. The stages most powerless against these assaults have a tendency to be images of critical foundation, not the framework itself (Contos, 2006). Reducing The Impacts of Cyber Threats The Australian Government perceives the criticalness of building and keeping up the certainty of all Australians to take an interest in the computerized economy. The Australian Government is focused on advising and teaching Australians on digital security dangers and engaging them with the information and reasonable instruments to secure themselves on the web. As the Internet keeps on being coordinated into more parts of everyday life and more individual and budgetary data is being set on the web, digital wrongdoing is turning into an expanding concern to numerous Australians (Trim Upton, 2013). There is potential for this to be further exacerbated by the development in 'constantly on' broadband associations and the expanded data transfer capacity connected with cutting edge systems. The Australian Government keeps up trusted associations with the holders and administrators of frameworks that are thought to be most basic to Australia's national diversions. Working through trusted da ta trade instruments, the Australian Government gives these associations a superior understanding of the digital risk environment to fabricate a more prominent imparted understanding of dangers and vulnerabilities (Coskun, Cigizoglu Maktav, 2008). By picking up a more noteworthy mindfulness and understanding of these generally exclusive frameworks of national investment, the Australian Government can better tailor its aid to the holders and administrators of frameworks of national premium. This may reach out to giving focused on exhortation and aid in reacting to modern electronic dangers. Nonetheless, government frameworks speak to just a small amount of the worldwide ICT foundation on which Australia's monetary and national security depends. The Australian Government is focused on showing others how its done by grasping best practice in the insurance of the Australian Government's own particular data frameworks, including the security of the individual and corporate data endowed to it. By indicating least security norms that apply crosswise over government, the Australian Government can make motivators for the business sector to make more secure administrations accessible to general society (Costa, 2001). Establishing a Cyber Security Operations Center (CSOC) inside the Department of Defense to give an every minute of every day digital situational mindfulness capacity and direction reactions to digital security occasions of national essentialness. Creating another national machine crisis reaction group, CERT Australia, to impart data and enhance the coordination of reactions to digital security dangers in the middle of government and the private division (Czosseck Geers, 2009). Developing an overhauled digital security emergency administration arrange that frameworks the plans for reacting to digital security occasions of national hugeness, including coordination with the States and Territories and the private area. Conducting a system of digital security activities to test and refine occasion reaction plans, including the Cyber Storm arrangement of activities facilitated by the Unit. Establishing more successful least security norms crosswise over government, including through changes to accomplish a more incorporated methodology to the obtainment and administration of ICT items and administrations. This incorporates obliging digital security hazard appraisals for all major Australian Government ICT. Working with the Internet business and the group to bring issues to light of digital security dangers with a perspective to enhancing their online practices. Working with the ISPs to improve the security of their supporters, including through the improvement of codes of practice (Dunn, 2006). Working over the BCDE portfolio to advance the arrangement of exercises that have digital security cooperative energies with entire of government digital security approach destinations, and Collaborating universally to address digital security issues, guaranteeing that DBCDE universal exercises adjust to entire of government. The Cyber Security Policy and Coordination (CSPC) Committee is the Australian Government inter-departmental board of trustees that arranges the advancement of digital security arrangement for the Australian Government (Erbschloe, 2001). The CSPC Committee: Provides entire of government key administration on digital security. Determines needs for the Australian Government. Coordinates the reaction to digital security occasions, noting that its coordination and arrangement capacities don't stretch out to the oversight of operations, and Coordinates Australian Government digital security arrangement. Counter Measures to threats Separated from the undeniable safeguard controls, for example, framework solidifying, executing gag focuses, guaranteeing end point security it is as indicated by our assessment profoundly essential to recognize the probability of control disappointment and to get ready for this occasion. On the off chance that the precaution controls come up short two sorts of controls must help alleviate the harm: - Detective controls: the control disappointment must be caught. - Corrective controls: the security rupture must be contained lastly remedied. The authoritative unit managing this sort of controls is the CSIRT (Computer Security Incident Reaction Team) Advanced Persistent Threat: STEPS TO PROTECTION RECONNAISANCE Network DLP ( prevention of sensitive data from leaving) NETWORK INTRUSION Network Intrusion (blocks APT via IP) Web Gateway (blocks/detects malware) Email Gateway (blocks links to malicious files, email phishing) Network Threat Response (detection of obfuscated malware) Network Security Platform (malicious exploit delivery stops) INSTALL THE COMMAND CONTROL UTILITIES Web Gateway (blocks/detects access to malicious applications) White listing of Application (prevention of unauthorized changes to the systems) DATA EX-FILTRATION Unified DLP (Prevention of data leaving the network) MAINTAINING PERSISTANCE Analysis of Network Behavior (Simply identifies the unexpected behavior during the renaissance of APT and the data collection phases) Phishing: Watch out for phishing and lance phishing Delete suspicious messages Contact your framework security purpose of contact with any inquiries Report any potential episodes (Johnson, 2013). Look for computerized marks Configure Intrusion Detection Systems (IDS) to square noxious areas/ IP addresses Ensure against infection programming and definitions Metamorphic Polymorphic Malware: The accompanying countermeasures can be taken to make preparations for pernicious code. To make preparations for pernicious code in email View email messages in plain content Do not see email utilizing the review sheet Use alert when opening email Scan all connections (Tipton Krause, 2005). Delete email from senders you don't know Turn off programmed downloading To make preparations for pernicious code in sites Block pernicious connections/ IP addresses Block all unnecessary ports at the Firewall and Host Disable unused conventions and administrations Stay present with all working framework administration packs Distributed Denial of Service: Strict arrangement of system access focuses (e.g. GSM systems). To backing influenced associations with repelling DDoS assaults, the BSI has arranged an archive about DDoS alleviation Utilization of committed, cabled connections for security related capacities. In the event that pertinent, set-up of IDS/IPS to locate assaults and for disturbing through option channels (Kamay Adams, 1993). Excess association of segments, utilizing diverse conventions or correspondence courses. Law Australia's official national machine crisis reaction group (CERT) is the introductory purpose of contact for digital security episodes affecting upon Australian systems. It meets expectations with the private segment in recognizing discriminating base and frameworks that are vital to Australia's national investment and gives data and support to help them shield their framework from digital dangers and vulnerabilities (Martin, 2005). The government of Australia is very much eager and keen on bringing forward this profile which can actually be a boost to the national cyber security. This actually help the information security of the country to be the best served. The current law specifically highlights the major fact that is the cyber security of the country. The law prolifically directs to take the major step to keep out cyber crime and cyber attacks from each profile not only from the new profile being launched. New technological tools are being implemented which actually is helping the CERT that is the computer Emergency Response Team to work more dedicatedly to secure the information system with high security possible to serve the government motive of bringing on the new policy of cyber attack (Morrison Mann, 2004). The CSOC in the Defense Signals Directorate is a Defense ability serving entire of government digital security needs to identify and annihilation advanced digital dangers. The CSOC gives digital situational mindfulness and an upgraded capacity to encourage composed reactions to, and administration of, digital security occasions of national imperativeness. Staffed by talented specialists from various Australian Government offices, it augments the Australian Government's capacity to anticipate, discover and quickly react to quick developing advanced digital misuse endeavors and assaults (Murray, 1993). The CSOC draws on an exhibit of sources in the insights and security, law authorization, national CERT and industry groups to give a complete picture of dangers to Australian data and frameworks. The CSOC coordinates digital occasion reactions by government offices and works as a team with abroad accomplices. It will suit a persistently staffed watch office and investigation group ready to avoid or react quickly to noteworthy digital dangers as they are recognized. The Australian Government is working with control frameworks holders and administrators to help them secure their frameworks. Under the protection of the Trusted Information Sharing Network for Critical Infrastructure Protection (TISN), the Australian Government has: Provided direction and counsel to TISN part associations on control frameworks security as advisories and cautions on particular vulnerabilities and dangers to control frameworks and systems (Osborne Summitt, 2006). Established a SCADA Community of Interest to give a discussion to raise the familiarity with security for control frameworks specialists from discriminating base divisions, sellers, advisors and scientists, and Supported control frameworks specialists taking part in world's best work on preparing in developed control frameworks digital security led in the United States. International Scope To be very specific, clear and in detail, yes the problem is of International scope. Looking into the vast world of technology and the technological affairs over internet, websites and the information technology everything has become very easy for every single human (Peltier, Peltier Blackley, 2005). This actually brought forward a major amount of risk in the world of technology. In this scenario we are prolifically dealing with the new governmental policy that actually subsides to launch a major profile related to the cyber security or the information security which will actually help to boost the countrys information security systems and work to be secured from the hacktivists and hackers. Hacktivists or more specific to say the hackers can be from any origin any country and they are potentially good and they can easily access the unauthorized objects they feel they need. So, in this scenario the problem persist the same. The new policy is very important for country and the govern ment of Australia, so the government is taking prolific steps to secure it. Internationally over the borders there are many such hacktivists which can actually ruin up all the information systems by major means of hacking measures. So, it is quite important to secure the information system in a well-balanced manner. Moral issues in data frameworks have been given new earnestness by the ascent of the web and electronic trade (Rhile, 1992). Web and advanced firm advances make it simpler than ever to gather, incorporate, and disperse data, unleashing new worries about the proper utilization of client data, the security of individual protection, and the security of licensed innovation. Insiders with extraordinary information can "trick" data frameworks by submitting fake records, and redirecting money, on a scale incredible in the pre-computer time. Other pressing moral issues raised by data frameworks incorporate making responsibility for the results of data frameworks, setting models to shield framework quality that secures the well being of the individual and society, and saving qualities and organizations considered fundamental to the personal satisfaction in a data society. The government of Australia has taken prolific steps to control the outcomes of the cyber crime and cyber attack not only with the future relevance of the new policy but also the other information that must be secured. It can easily happen that due to the lack of necessary security on the detailed information the country can government can easily stake the information technology sector to the hands of the hacktivists which can bring major consequences in the future. So, it is mandatory to take prolific steps and measures to control it ('Security Awareness Tools', 1998). With the rapid change in the technology part, every single is one single step away and the hacktivists illegally use the most of this power and can easily track away major information of the country and the new profiles that are being generated. So, it is strongly recommended to bring mandatory security tracks to secure the information system so that the necessary information must not go out crossing the borders creat ing major havoc. Conclusion It is a myth that dark cap programmers cause most security breaks yet actually, 80% of information misfortune is brought about by insiders. To plan a security arrangement that really ensures information, association must comprehend the security prerequisites pertinent to its business process, and the extension of current dangers to information (Shackelford, n.d.). A government, utilizing IT apparatuses intensely, relies on upon giving media accomplices, and workers with access to data, in a manner that is controlled and secure. Overseeing such sorts of significant security is a multifaceted test and requires the coordination of administrative arrangement and practice with proper innovation. Notwithstanding sending principles bases, adaptable and entomb operable frameworks, the engineering must give confirmation of the security gave in the items. As engineering develops and secure data frameworks are sent, organizations will be better situated to deal with the dangers connected with d isintermediation of information access (Sood Enbody, n.d.). Through this methodology it will upgrade their focused edge over alternate nations while additionally attempting to shield basic financial foundations from evildoers like programmers, displeased hacktivists, offenders and corporate spies ('Security Awareness Tools', 1998). It is presumably impractical to create thorough moral rules to cover each conceivable circumstance of IT abuse in inside or outside the nation. It is conceivable, nonetheless, to understand the pervasiveness and the extent of the issue (Straub, Goodman Baskerville, 2008). It is additionally conceivable to create moral rules on a progressing premise to keep pace with changes in the issues. Codes of morals and expert behavior shift starting with one administrative structure then onto the next and are inadequate or outdated. References Alston, H. (1987). National security controls on information and communication in Australia.Government Information Quarterly,4(1), 29-41. doi:10.1016/0740-624x(87)90048-7 Amoroso, E. (2011).Cyber attacks. Burlington, MA: Butterworth-Heinemann. Australia and New Zealand join global security standard. (1999).Network Security,1999(12), 3-4. doi:10.1016/s1353-4858(99)90329-x Axelrod, C. (2004).Outsourcing information security. Boston: Artech House. Axelrod, C., Bayuk, J., Schutzer, D. (2009).Enterprise information security and privacy. Boston: Artech House. Baskerville, R. (1993). Information Security: Adapting to Survive.Information Systems Security,2(1), 40-47. doi:10.1080/19393559308551343 Boyd, C., GonzaÃÅ' lez Nieto, J. (2005).Information security and privacy. Berlin: Springer. Brock, J. (1991).Computer security. Washington, D.C.: U.S. General Accounting Office. Brock, J. (2000).Information security. [Washington, D.C.]: The Office. Contos, B. (2006).Enemy at the water cooler. Rockland, Mass.: Syngress. Coskun, H., Cigizoglu, H., Maktav, M. (2008).Integration of information for environmental security. Dordrecht: Springer. Costa, C. (2001). Information technology outsourcing in Australia: a literature review.Information Management Computer Security,9(5), 213-224. doi:10.1108/eum0000000006068 Czosseck, C., Geers, K. (2009).The virtual battlefield. Amsterdam: Ios Press. Dunn, M. (2006).Cyber-threats and countermeasures. Erbschloe, M. (2001).Information warfare. New York: Osborne/McGraw-Hill. HILLEY, S. (2004). CTOSE branches out to US and Australia.Information Security Technical Report,9(4), 7-7. doi:10.1016/s1363-4127(04)00044-5 Johnson, M. (2013).Cyber crime, security and digital intelligence. Farnham, Surrey: Gower Pub. Ltd. Kamay, V., Adams, T. (1993). The 1992 Profile of Computer Abuse in Australia: Part 2.Information Management Computer Security,1(2). doi:10.1108/09685229310033360 Martin, N. (2005). Why Australia needs a SAGE: A security architecture for the Australian government environment.Government Information Quarterly,22(1), 96-107. doi:10.1016/j.giq.2004.10.007 Morrison, A., Mann, B. (2004).International government information and country information. Westport, Conn.: Greenwood Press. Murray, W. (1993). Surveys of Information Security.Information Systems Security,2(2), 29-32. doi:10.1080/19393559308551352 Osborne, M., Summitt, P. (2006).How to cheat at managing information security. Rockland, MA: Syngress. Peltier, T., Peltier, J., Blackley, J. (2005).Information security fundamentals. Boca Raton, Fla.: Auerbach Publications. Rhile, H. (1992).Computer security. [Washington, D.C.]: The Office. Security Awareness Tools. (1998).Information Systems Security,6(4), 6-7. doi:10.1080/10658989809342543 Security Awareness Tools. (1998).Information Systems Security,6(4), 1-2. doi:10.1201/1086/43299.6.4.19980101/30992.2 Shackelford, S.Managing cyber attacks in international law, business, and relations. Sood, A., Enbody, R.Targeted cyber attacks. Straub, D., Goodman, S., Baskerville, R. (2008).Information security. Armonk, N.Y.: M.E. Sharpe. Tipton, H., Krause, M. (2005).Information security management handbook. [London]: Taylor Francis e-Library. Trim, P., Upton, D. (2013).Cyber security culture. Farnham: Gower. Ulsch, N.Cyber threat!. Varadharajan, V., Mu, Y. (2001).Information security and privacy. Berlin: Springer. Williams, P. (2001). Information Security Governance.Information Security Technical Report,6(3), 60-70. doi:10.1016/s1363-4127(01)00309-0 Zelkowitz, M. (2004).Information security. Amsterdam: Elsevier Academic Press. Zhu, T., Xiong, P., Li, G., Zhou, W. (2015). Correlated Differential Privacy: Hiding Information in Non-IID Data Set.IEEE Trans.Inform.Forensic Secur.,10(2), 229-242. doi:10.1109/tifs.2014.2368363