NASDAQ Cyber Attack: Is More at Risk?


NASDAQ revealed it was broken into by hackers on February 5, 2011 and unattributed but reliable sources state the hacks have been going on for more than a year. See the Star-Telegram article for more.

Is more at risk? You be the judge!
In his post on Zdnet in January 2008, Richard Stiennon presciently explained his view of the state of Cyberwarfare as follows:

Threat level 1: Travel warnings

Threat level 2: Nation States probe each others networks for vulnerabilities

Threat level 3: Widespread information-theft with intent to mine industrial and military secrets

Threat level 4: Targeted attacks against military and government installations

Threat level 5: Nation-to-Nation attacks with intent to destroy communications and disable business procedures and financial markets

Richard observed that based on events leading up to January 2008, he’d characterize the state of Cyber Warfare to be at Defcon level 4. The Stuxnet attacks of 2010 and most attacks on NASDAQ seem to indicate we might be closing in on level 5, even if the perpetrators may not be Nation States.

In his more recent blog at ThreatChaos Richard argues that strategic industries should go on high-alert with some observations about why State departments, Military, critical infrastructure industries, and computer and technology industries should go on high-alert.

The Sky in not falling, yet!
If you’re reading this, the Internet has not been brought down, you are not under attack, and presumably you are not under lock-down or responding to an emergency. Calmer perspectives and more information can be found at CyberDefcon where the focus in on providing information needed to make informed decisions. Among these is a great offshoot site called HostExploit providing insight into historical events, sites, operators, tools and locations of bot-nets, cyber-criminals and other malfeasance perpetrators.

Real-time alerts on your desktop
One of the better freebies is available from Symantec. A screensaver that is chock-full of information from its around-the-world sensors that are delivered right to your desktop. You can download this at Symantec Threat Monitor

Industrial-strength real-time alerts
If you are looking for customized real-time services for your business on threats that are specific to your organization, check out the more detailed services available from Impact-Alliance or from the Symantec Global Intelligence Network

Assess Your Posture and Readiness Compared to Your peers
In addition, the Assessments@ITPolicyCompliance provide a rapid way to assess your posture and readiness compared to others. Benchmarked against more than 4,000 other organizations, these quick two-minute assessments help to identify strengths and weaknesses against others in your industry, your peers, and best performing organizations.

Additional resources:

Hackers Attack NASDAQ Network, Probe On; Reports

NASDAQ hack a wake-up call for Exchanges

Hacking fears raised by Nasdaq OMX attack

US Congress Rallying Cybersecurity Bill After NASDAQ Attack

Cyber Defcon 4: : 2008 blog post at Zdent by Richard Stiennon

Why Automating Vulnerability Management Pays

Automation, Practice and Policy in Information Security for Better Outcomes


Tags: , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: