EU's Virtual Cyberattackers Lack Real-World Hacker Chops
Oct 5, 2012 4:25 PM PT
The European Union on Thursday launched a massive multinational security exercise to simulate a distributed denial of service attack on online services in all participating countries.
A total of 25 EU countries are actively participating in the exercise and another four are observing it.
About 400 cybersecurity experts from the private and public sectors will fight off more than 1,000 simulated cyberincidents by the end of the exercise, which is named Cyber Europe 2012.
This is Europe's largest ever cybersecurity exercise, and it incorporates lessons learned from its predecessor, Cyber Europe 2010.
About Cyber Europe 2012
The exercise has three objectives -- to test the effectiveness and scalability of existing mechanisms, procedures and information flow for cooperation between public authorities in Europe, to explore the cooperation between the public and private sectors, and to identify gaps and challenges on how large-scale cyber incidents could be handled more effectively in Europe.
Experts from major European financial institutions, telecommunications companies, Internet service providers, and local and national governments will face more than 1,000 simulated attacks, including an avalanche of 30,000 emails. They will have to coordinate their responses across national borders.
This is the first time banks and Internet companies have been part of an EU-wide cyberattack exercise, EU vice-president Neelie Kroes stated.
The exercise will be run on a self-contained system and no real-world infrastructures will be involved.
Paranoid or Cautious?
The EU's concerned about the growing number of cyber incidents. In 2011, Web-based attacks increased by 36 percent, and the number of companies reporting security incidents with a financial impact increased from 5 percent in 2007 to 20 percent in 2010.
The EU is also concerned about last week's disruption of the websites of JPMorgan Chase and Wells Fargo, which it considers were caused with the same techniques being simulated in Cyber Europe 2012.
"I think it's quite clear that [the EU] is focusing on DDoS because of the increasing threat of DDoS attack," Paul Lawrence, vice president of international operations at Corero, told TechNewsWorld. "Though DDoS attacks have plagued enterprises for more than a decade, today's attacks are more frequent and advanced than ever."
Further, DDoS attacks are now conducted by "a new breed of highly capable cybercriminals who quickly switch to different attack sources as each new attempt is thwarted," Lawrence continued. "The DDoS attacks on U.S. banks last week show a level of power and sophistication that we have rarely seen before."
DDoS attacks are often used as a smoke screen to hide further attacks, which pose a "significant risk" to any organization that relies on the Internet to conduct business, Lawrence stated. It "would be interesting to know if [the EU] plans to use a DDoS attack to bring down a network and then carry out further attacks against the network once it's vulnerable."
Is Europe Doing Enough?
Perhaps the EU is just scratching the surface of the threat from DDoS.
"It appears that the [simulated] attacks are fairly unsophisticated, perhaps using various compute resources to launch a syn flood attack with a tool such as Low Orbit Ion Cannon, which is similar to tools often used by groups like Anonymous," Marty Meyer, CEO of Corero, told TechNewsWorld, emphasizing that this was only a guess.
The simulation "does not appear to be a sustained or blended attack with more sophisticated application-layer DDoS and so this would be a very elementary test," Meyer opined.
The EU's focus is too narrow, and "a better approach would be to simulate reality which, in many cases such as the U.S. bank attacks, saw blended attacks incorporating sophisticated application-layer attacks and using tools such as High Orbit Ion Cannon, which has the ability to attack multiple sites at one time and spoof browsers and other user identifiers," Meyer remarked.