Question 4

a) b) c)

Refer to the attached Case Study (2) and answer the following questions: (Do not refer to the questions in the case study) Based on the given case study, identify THREE (3) cyberattack and explains in detail how a cyberattack can be carried out for each. In your opinion, describe the effective and affordable ways to reduce your organisations exposure to the more common types of cyberattack on systems that are exposed to the Internet. Explain TWO (2) of the main goal of the Digital Agenda for Europe.

(15 marks) (5 marks) (5 marks)

Chapter 8 Securing Information Systems 357 Information Security Threats and Policies in Europe CASE STUDY T he IT sector is one of the key drivers of the Europcan cconomy. It has been estimated that 60 percent of Europeans use the Internet regularly. Additionally, 87 percent own or have access to mobile phones. In 2009, the European broadband market was the largest in the world. These facts demonstrate the importance of ensuring the security and safe operation of the Internet for the well-being of the European con- omy. The safety and security of the Internet have been threatened in recent years, as internet-based cyber attacks have become increasingly sophisti- cated. In 2007, Estonia suffered a massive cyber attack that affected the government, the banking system, media, and other services. The attack was performed using a variety of techniques, ranging from simple Individual ping commands and message flooding to more sophisticated distributed denial of service (DDoS) attacks. Hackers coordinated the attack by using a large number of compromised servers orga- nized in a botnet distributed around the world. A bot- net is a network of autonomous malicious software agents that are under the control of a bot comman- der. The network is created by Installing malware that exploits the vulnerabilities of web servers, oper- ating systems, or applications to take control of the Infected computers. Once a computer is Infected it becomes part of a network of thousands of zombies, machines that are commanded to carry out the attack. The cyber attack on Estonia started in late April 2007 and lasted for almost 3 wocks. During this period, vital parts of the Estonian Internet network had to be closed from access from outside the coun- try, causing millions of dollars in economic losses. At around the same time, Arsys, an important Spanish domain registration company, was also tar- geted by International hackers. Arsys reported that hackers had stolen codes that were then used to Insert links to external servers containing malicious codes in the web pages of some of its clients. In 2009, anesumated 10 million computers were infected with the Conflicker worm worldwide. France, the UK, and Germany were among the European countries that suffered the most infections. The French navy had to ground all military planes when it was discovered that its computer network was infected. In the UK, the worm Infected comput- crs in the Ministry of Defense, the city of Manchester's city council and police IT network, some hospitals in the city of Sheffield, and other gov- ernment offices across the country. Computers in the network of the German army were also reported as Infected. Once Installed on a computer, Conflicker is able to download and install other malware from controlled Web sites, thus infected computers could be under full control of the hackers. More recently, a sophisticated malware threat tar- gching Industrial systems was detected in Germany, Norway, China, Iran, India, Indonesia, and other countries. The malware known as Stuxnct, infected Windows PCs running the Supervisory Control and Data Acquisition (SCADA) control system from the German company Siemens Stuxnet was propagated via USB devices. Experts estimate that up to 1,000 machines were infected on a daily basis at the peak of the infection. The malware, hidden in shortcuts to executable programs (Alles with extension.Ink), was executed automatically when the content of an Infected USB drive was displayed. Employing this same technique, the worm was capable of installing other malware. Initially, security experts disclosed that Stuxnet was designed to steal industrial secrets from SIMATIC Wincc, a visualization and control software system from Siemens. However, data gath- cred later by other experts indicates that the worm was actually looking for some specific Programmabic Logic Controllers (PLC) devices used in a specific Industrial plant, a fact that points to the possibility that the malware was part of a well-planned act of sabotage. Even though none of the sites infected with Stuxnet suffered physical damage, the significance that such a sophisticated threat represents to the industrial resources in Europe and other parts of the world cannot be underestimated. As of 2001, EU member states had independent groups of experts that were responsible for respond- Ing to incidents in information security. These groups lacked coordination and did not exchange much information. To overcome this, in 2004 the European Commission established the European Network and Information Security Agency (ENISA) with the goal of coordinating efforts to prevent and respond more effectively to potentially more harmful security threats. ENISA's main objectives are to 358 Part Two Information Technology Infrastructure secure Europe's information Infrastructure, promote security standards, and educate the general public about security issues. ENISA organized the first pan-European Critical Information Infrastructure Protection (CIP) exercise, which took place in November 2010. This exercise tested the efficiency of procedures and communica- Hon links between member states in case an Incident were to occur that would affect the normal operation of the Internet ENISA acts as a facilitator and infor- madon broker for the Computer Emergency Response Teams (CERT), working with the public and private sectors of most EU member states. The European Commission has recently launched the Digital Agenda for Europe. The goal of this initia- tlve is to define the key role that information and communication technologies will play in 2020. The initiative calls for a single, open European digital market Another goal is that broadband speeds of 30Mbps be available to all European citizens by 2020. In terms of security, the initiative is considering the Implementation of measures to protect privacy and the establishment of a well-functioning network of CEKT to prevent cybercrime and respond effectively to cyber attacks. world.com/s/aride/9174523/Fina_readies_tr_the_next_cyber attack, accessed November 17, 2006); "Anocher Cyber Aslack Hits Europe, Internet Business Law Services, June 18, 2007 (www.fols.com/intemer_law_news_portal_view.aspx?id=178265- latest news, accessed November 17, 2010): "New Cyber Attack His Norway." Views and News from Norway, August 30, 2010 (www.newsinenglish.no/2010/0/0ew.cyber-attackshi-nar- way, accessed November 17, 2010): Gregg Kelser, "Is Stuxnet the "Best Malware Ever?" Computerworld, September 16, 2010; robert McMillan, "Was Stuxnet Balls to Attack Iran's Nuclear Program Computerworld, September 21 2010 (www.computerworld.com/w/addle/38920/Was Stuxnet bruit _attack_iran__nuclear program accessed November 17, 2010); rllen Messmer, "Downadup/Conflicker Worm. When will the Next Shoe Tall Network World, Junuary 2 2000 (www.network world.comews/2009/012309-downadup-con- ficker-worm.htmlhpgl-bn, accessed November 17, 2010); vrk Larkin, "Procedung Against the Rampant Conflicker Worm, PCWorld, January 16, 2009, War in the Puth Domain,"The Economist, July 1, 2010 (www.economist.comode/1547792. accessed November 17, 2010) CASE STUDY QUESTIONS 1. What is a bounct? 2. Describe some of the main points of the Digital Agenda for Europe. 3. Explain how a cyber attack can be carried out 4. Describe some of the weaknesses exploited by malware Sources: Digital Agenda for Furope, European Commission, August 2010 (hup://ec.europa.eu/information society/ digital- agenda/index_en.htm, accessed October 20, 2010): "The Cyber Raiders Huing Estonia. Bac News, May 17, 2007 (http:/ews.bbc.co.uk/2/hs/curupe/6565195.sum, accessed November 17, 2010); Robert McMillan, Estonia Ready for the Next Cyberattack, Computerworld, April 7, 2010 (www.computer- Case contributed by Dantel Ortz-Arroyo, Aalborg Untersity