Today's Attacks Research Articles

Planning and Preparation of Cybersecurity

In today's digital environment characterized by fast-evolving adversaries, expanded attack surfaces, and complex IT environments, having a formidable plan and being prepared could create a world of difference when faced with a potential cyber-attack. Cyber threats are growing risks to everyone and any institution. Cybercriminals target individuals and companies of all sizes. Today's attacks are agile and sophisticated. Ransom demands are elevating and advancing rapidly while attackers drill down their focus to specific victims like critical infrastructure businesses, which can spend millions of dollars in losses from cyber disasters since such companies have less tolerance for downtime. The evolution of artificial intelligence technology, which is more interesting and scarier at the same time, is impacting the field of cybersecurity. The negative side of AI is that it has enabled threat actors to blend new data theft-based extortion techniques into ransomware. Attackers can steal companies' sensitive data or even encrypt the data and demand ransom for the decryption key failure, to which they threaten the company to expose the data to the public or even trade in the dark web. The intelligent techniques and tactics utilized by threat actors are a clarion call for organizations to proactively plan and prepare adequately by developing a cybersecurity strategy as a countermeasure. A cybersecurity strategy is a comprehensive plan that stipulates an organizational approach to secure its IT infrastructure against cyber threats. The common cybersecurity strategy various organizations use to plan and prepare for inevitable attacks is the incidence response plan. Incidence response is the processes and technologies organizations use to detect and respond to cyber threats, security breaches, or cyberattacks within an organization. Developing and implementing a formal incident response plan allows organizations to minimize and prevent damage. This research paper focuses on the primary goal of the incident response of preventing cyberattacks prior to occurring and reducing the cost and business disruption emanating from cyberattacks that happen. Keywords – incident response, threats, Artificial intelligence, cybersecurity, threat attacks, plan, preparation.

Security Operation System

The number of cyber attacks and cyber crimes grows every year. This is why there constantly appear new products, technologies and tools for protection against cyber threats. Security Operation Center (SOC) is one of the most up-to-date and reliable cybersecurity tools of enterprise level. There are already several SOCs in Ukraine in government and law enforcement bodies and there is strong interest to their implemen-tation shown by organizations and enterprises of practically every industry of national economy. SOC al-lows monitoring, detection and quick response to incidents which is necessary to reduce damage and fi-nancial losses caused by such incidents. Implementation of SOC requires significant expenses which can be afforded only by some organizations and enterprises. This is why creation of similar but more affordable tool is very urgent. The paper describes Security Operation System (SOS) designed for effective protection against cyber threats and cyber attacks, which collects, normalizes, correlates and analyses events in or-ganization’s IT infrastructure. Main advantage of this system is ability to receive information on events from different sources and their correlation which is important as today attacks can only be discovered on the basis of combination of events in the IT infrastructure. Another advantage of SOS is ability to add new correlation rules into analytical module which can be based on the unique experience of system exploita-tion, analysis of new attacks against organization’s IT infrastructure or borrowing such correlation rules from other organizations.

Distributed denial of service attacks – holding back the flood

Today's Distributed Denial of Service (DDoS) attacks are almost unrecognisable from the basic volumetric attacks of old. In their early days the aim was simply to deny service to the Internet by bombarding it with traffic, designed to overload a server and render it out of action. But today's attacks have evolved to become more sophisticated and capable of carrying out several functions at once - they might bring a firewall down with a volumetric attack and then infiltrate the network to steal sensitive data while IT teams are distracted.

Towards Situational Awareness of Large-Scale Botnet Probing Events

Botnets dominate today's attack landscape. In this work, we investigate ways to analyze collections of malicious probing traffic in order to understand the significance of large-scale “botnet probes.” In such events, an entire collection of remote hosts together probes the address space monitored by a sensor in some sort of coordinated fashion. Our goal is to develop methodologies by which sites receiving such probes can infer-using purely local observation-information about the probing activity: What scanning strategies does the probing employ? Is this an attack that specifically targets the site, or is the site only incidentally probed as part of a larger, indiscriminant attack? Our analysis draws upon extensive honeynet data to explore the prevalence of different types of scanning, including properties, such as trend, uniformity, coordination, and darknet avoidance. In addition, we design schemes to extrapolate the global properties of scanning events (e.g., total population and target scope) as inferred from the limited local view of a honeynet. Cross-validating with data from DShield shows that our inferences exhibit promising accuracy.

The First Tithe: Memoirs and Edifying Discourses of the Hebrew War for Freedom (review)

Reviewed by: The First Tithe: Memoirs and Edifying Discourses of the Hebrew War for Freedom Steven Bowman (bio) The First Tithe: Memoirs and Edifying Discourses of the Hebrew War for Freedom, by Israel Eldad, translated by Zev Golan. Tel Aviv: The Jabotinsky Institute in Israel, 2008. 420 pp. 60 shekels. Translator of Nietszche, Ph.D. in Philosophy, graduate of a rabbinical seminary, and a Hasid by culture, Israel Scheib is better known as Israel Eldad, the ideologue of LEHI during the war against the British in Palestine from 1942 to 1948. These memoirs first appeared in Hebrew in 1950, and their translation into English is an important reminder of the ideological conflict between the two branches of Jabotinsky's Beitar youth movement: one followed Abraham Stern into LEHI and the other Menahem Begin, who claimed the shreds of Jabotinsky's mantle, into ETZEL, more popularly known as the Irgun. These memoirs are an important contribution to an historical understanding of the origins and development of the Jewish Revolt during the 1940s, the vicissitudes that beset the various underground movements and their respective rivalries, the problems that challenged the British during their life and death struggle with Nazi Germany, and other 1940s topics. The British experience in the East Mediterranean during the 1940s should provide lessons to an inexperienced United States that inherited Britain's [End Page 169] tradition of bungling and added its own. Palestine was one of the hot spots of the British 1940s debacles (Greece and Iraq were others). It was both the overt and covert war in the Yishuv that annoyed the beleaguered British sufficiently so that they abandoned the League of Nations Mandate for Palestine and chose to assist the Arabs in the fight for Palestine. The anti-British war began in the early 1940s when it became evident that elements of the Yishuv were losing their confidence in the British sense of fair play. LEHI—Fighters for the Freedom of Israel, declared open war against the foreign occupiers of the Hebrew land in 1942, and sought, according to Eldad, to establish a Malkhut Yisrael, a Sovereign Israel in place of the British-controlled military and economic base in the Eastern Mediterranean. The battle cry of LEHI was drawn from the Beitar Youth theme: In blood and fire Judea fellIn blood and fire Judea will rise These youth, and Eldad's very language, were also fired with the prophetic and passionate poetry of Uri Zvi Greenberg, the guru of nationalist fervor. The blood they resurrected was that of ancient Jewish heroes against the Greeks and Romans; the blood they shed was that of the occupying British army. The British responded with curfews, searches and seizures, imprisonment, and the gallows. Between the hard covers of Eldad's book lie the anger and the cold analyses of an intellectual revolutionary who declared war on the British Empire long before Menahem Begin published his own proclamation to the same effect. Eldad argued against both ETZEL and the Haganah and defined the fight against the British as occupiers of the land of the Nation of Israel who must be driven out. His language and arguments resonate in the current propaganda of Al-Qaida and the Palestinians. For the present generation of readers we may note that the British definition of terrorism, applied to LEHI in the 1940s, has been perverted into its contemporary usage by al-Qaida to justify killing innocents whom it defines as enemies. However, the ideological justification of the open warfare between the occupied and the occupier that produced such animosity between Palestinian Jews and the British still resonates to our own day. The sentiments expressed by the author and his recall of negative British attitudes toward the Jews of Eretz Israel may help us understand some of the blatant anti-Israel policies of the BBC, manifest also among elements of the British public and politicians. The internal struggles within the Left are also addressed by the author and clarify, to some extent, the vagaries of today's attacks on Israel by leftists in Israel, Britain, the U.S., and Europe. [End Page 170] The author speaks little about the Arabs, but those few remarks indicate...