- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
Network World - Massive denial-of-service attacks and "stealthy infiltration" of corporate networks by attackers is a common experience for companies in critical infrastructure sectors, including financial services, energy, water, transportation and telecom, according to a new survey.
Extortion schemes related to distributed DoS attacks are also rampant, especially in some parts of the world, according to the survey. The report, titled "In the Crossfire – Critical Infrastructure in the Age of Cyber-War," was prepared by the Washington, D.C. policy think tank Center for Strategic and International Studies (CSIS). CSIS asked 600 IT and security professionals across seven industry sectors in 14 countries about their practices, attitudes about security, and the security measures they employ.
A little more than half of the respondents (54%) said they had experienced "large-scale denial of service attacks by high-level adversary like organized crime, terrorists or nation-state (for example, like in Estonia and Georgia)." The same proportion, according to the report, also said their networks had been subject to "stealthy infiltration," such as by a spy ring using targeted malware attacks to allow hackers "to infiltrate, control and download large amounts of data from computer networks belonging to non-profits, government departments and international organizations in dozens of countries."
In addition, 59% of the respondents expressed the belief that "representatives of foreign governments" had been involved previously in such attacks and infiltrations in their countries.
When it comes to massive distributed DoS attacks, 29% of those surveyed reported they had seen multiple distributed DoS attacks each month and 64% of those said these attacks "impacted operations in some way." One in five of these critical infrastructure entities, according to the CSIS report, were subject to extortion schemes related to distributed DoS attacks. Extortion was said to be the most common in India, Saudi Arabia/Middle East, China and France, and rarest in the United Kingdom and the United States.
Other types of security incidents are also widely recorded.
More than half of the IT executives (57%) reported DNS poisoning, where Web traffic is redirected, and half said it was a monthly occurrence. Roughly the same number also reported monthly SQL injection attacks against their online resources. In addition, 60% reported "theft-of-service cyberattacks," with nearly one in three reporting multiple attacks every month.
The oil and gas sector faces the highest rates of victimization, according to the CSIS survey.
Overall, 71% of respondents in the oil-and-gas industry reported stealthy-infiltration, compared with 54% of respondents in other sectors. The CSIS survey also found distributed DoS attacks were "particularly severe" in the energy/power and water/sewage sectors, where attacks were usually aimed at computer-based operational control systems, like SCADA.