Cyberattacks Seem Meant to Destroy, Not Just Disrupt

Cyberattacks Seem Meant to Destroy, Not Just Disrupt (

03/29/2013 – Cyber Security

American Express customers trying to gain access to their online accounts Thursday were met with blank screens or an ominous ancient type face. The company confirmed that its Web site had come under attack.

The assault, which took American Express offline for two hours, was the latest in an intensifying campaign of unusually powerful attacks on American financial institutions that began last September and have taken dozens of them offline intermittently, costing millions of dollars.

JPMorgan Chase was taken offline by a similar attack this month. And last week, a separate, aggressive attack incapacitated 32,000 computers at South Korea’s banks and television networks.

The culprits of these attacks, officials and experts say they were intent on disabling financial transactions and operations. Corporate leaders have long feared online attacks aimed at financial fraud or economic espionage, but now a new threat has taken hold: attackers, possibly with state backing, who seem bent on destruction.

(Continue reading at

My Two Cents: This is a very informative article. Destruction is on the table, it always has been. These aggressive attacks are based on the bad guys finding weakness within an organizations network, hardware, and software systems. Once one or many weaknesses are found then the attack is organized, planned then implemented by the bad guys. Sadly these attacks are only going to get worse.

Critical Infrastructure Systems Seen as Vulnerable to Attack

Critical Infrastructure Systems Seen as Vulnerable to Attack (

03/15/2013 – Cyber Security

The vast majority of targeted computer attacks now start with a malicious e-mail sent to a company employee. Now evidence suggests that the same technique could be used to attack watersheds, power grids, oil refineries and nuclear plants.

Attackers increasingly use so-called spearphishing attacks, in which they send employees targeted e-mails — often from an e-mail address that matches the name of a colleague, supervisor or chief executive—that contains malicious code. One click is all it takes for an attacker to steal an employee’s administrative passwords, turn their machine into a recording device, and see everything they do.

Night Dragon, a series of computer attacks that hit oil, gas and chemical companies in the United States two years ago, used spearphishing. So did Shady Rat, another extensive digital espionage campaign discovered in 2011 that went after 70 government agencies, corporations and nonprofits in 14 countries. Spearphishing is so easy to deploy and effective that 91 percent of targeted attacks start with malicious e-mails, according to TrendMicro, a computer security firm with headquarters in Tokyo.

(Continue reading at

My Two Cents: This is a very informative article on Critical Infrastructure Systems Seen as Vulnerable to Attack. “But all it takes is one click for an attacker to get inside a system.” – Scary!

The Dangers of Allowing an Adversary Access to a Network

The Dangers of Allowing an Adversary Access to a Network (

03/14/2013 – Cyber Security

Schoolchildren learn the tale of the Trojan Horse, the giant gift in which Odysseus and a platoon of 30 Greek soldiers hid to gain access to the heavily defended city.

Thousands of years later, it remains a thoroughly modern concept that is increasingly found at the heart of cyberwarfare strategies. Modern Trojan horses are computer code or vulnerabilities hidden in software or hardware that would allow a spy or an attacker to gain access to an adversary’s computers and networks. Find a way to be invited into the computers of your enemy’s weapons and military systems and you can render them useless in the face of an attack.

For more than a decade, Pentagon officials have been anxious about the growing reliance by the United States electronics industry on Chinese manufacturers. As the Internet has become the nation’s critical infrastructure weaving together commerce and power systems and even military command and control, it has become increasingly unthinkable to have a foreign presence in the network. Their fear is that those building and maintaining the network could build in a Trojan horse.

(Continue reading at

My Two Cents: This is a very informative article on Modern Trojan horses! Spy systems are very bad, and my fear is even when you purchase a new firewall or any other network device, it has already been compromised before it was placed in the box and shipped to you!