For cyber criminals, the challenge of hacking into critical infrastructure – hospitals, public transportation systems, police departments, energy systems, telecommunications and similar public support facilities – and the crippling effect it could bring to a society further drives their motivation. Disrupting service, causing panic and slowing commerce are a few ways these cyber criminals use non-monetary motivations to gain from new ways of hacking. They are taking the time to research ways of infiltrating through a malware central system application. By paralyzing a transit system or creating a coastal blackout, they are sending a message to those governments, companies or any other agencies that don’t comply with their personal political opinions.
Ironically, many cyber criminals are using their hacking talents to create a "modern boycott". As we saw by the recent WikiLeaks Operation Payback campaign, "hacktivists" took a stand and acting on existing network vulnerabilities, were able to take down websites and cripple online businesses and financial services. And, most recently, cyber criminals attacked the NASDAQ stock exchange. While this doesn’t appear to have been successful, the consequences of adjusting stocks or freezing activity on the exchange could cause world-wide financial panic. These institutions have the budgets and expertise to invest in network and application security but until now, have failed.
Another motivation of cybercriminals is cyber warfare – attacks against nations i.e. government and defense system networks. The challenge of hacking into these nationwide structures and the crippling effect it could bring to a society further drives their motivation. Many countries have not made the necessary investments in their critical infrastructure due to limited budget allocation or lack of knowledge and awareness in terms of the potential dangers.
These types of attacks are on the rise with Estonia DDoS (2008), Georgia DDoS (2009) and most recently Stuxnet, which attacked SCADA systems, just to mention a few. It is not a coincidence that most of these attacks were DDoS-based as typically DDoS attacks are very effective in creating the desired impact – because when a site is completely down it becomes public. These organizations cannot hide what has happened – everyone can see when these sites are not responding. Usually this type of event is also well covered by the media – which is what hacktivists strive for as it alerts the public to their intentions.
However, some countries are beginning to understand the implications of not protecting these networks and the vital need of adding the necessary layers of security i.e. in the US, the Obama administration instituted a cyber security program that acknowledges the risks to critical infrastructure and that the economy based on the Internet is vulnerable.
Similar to locking a house door with a dead bolt and a door lock, businesses, enterprises, governments and other public sector organizations need to reassess their current efforts and develop multiple layers of security. By investing in protection before an attack, these organizations can prevent recovery costs – such as down time and lost business – after an attack. With today’s cyber criminals gaining more experience breaking into simple guards, the potential for a transit shutdown, a blackout or releasing of public data are all possibilities.
Improved security, behavioral defense, and more sophisticated layers of protection are necessary to provide new defenses against these attacks. Cyber criminals’ increased focus on critical infrastructure stems from the power access to public data can bring. This access and any control over these organizations provides cyber criminals with an intangible "cyber weapon."
Radware has deep experience in the network security space offering its award-winning DefensePro® solution, a real-time network attack prevention device that protects the application infrastructure against network and application downtime, application vulnerability exploitation, Radware has deep experience in the network security space offering its award-winning DefensePro® solution, a real-time network attack prevention device. It integrates a set of security modules – Intrusion Prevention System (IPS), Network Behavioral Analysis (NBA), Denial-of-Service (DoS) Protection and Reputation Engine – to fully protect networks against known and emerging network security threats. DefensePro protects the application infrastructure against network and application downtime, application vulnerability exploitation, malware spread, network anomalies, information theft, and other emerging network attacks.
This press release may contain forward-looking statements that are subject to risks and uncertainties. Factors that could cause actual results to differ materially from these forward-looking statements include, but are not limited to, general business conditions in the Application Switching or Network Security industry, changes in demand for Application Switching or Network Security products, the timing and amount or cancellation of orders and other risks detailed from time to time in Radware’s filings with the Securities and Exchange Commission, including Radware’s Form 20-F.
Joyce Anne Shulman
+1 201 785 3209
SOURCE Radware Ltd