Urgent action needed in Europe to combat cyber attacks: ENISAPosted On: Mar. 13, 2013 12:00 AM CST
Urgent action is needed by Europe's businesses and government organization to combat emerging cyber attack trends, said the European Union's security agency in a “flash note” issued Wednesday.
The note from the European Network and Information Security Agency says that in recent weeks there have been a series of targeted cyber attacks directed at high-profile targets, including government and operators of critical infrastructure.
Often the attacker uses the intelligence gathered to attack other victims or machines in the same organization. This technique is also used in target attacks aimed at financial fraud, says the note.
The flash note says there are several points to keep in mind:
• Cyberspace has no borders, and it is generally very easy to wipe traces or create fake traces, which complicates identification of attackers and makes prosecution “highly problematic.”
• There are two common attack methods: One is the use of an innocent-looking email that is apparently genuine; the other involves taking advantage of a software vulnerability to take control of the victim's machine.
• Although many organizations have phishing filters and antivirus products, they do not always work when attacks are performed over a long period of time.
• Prevention is key in cyberspace, and should be the primary defense against attacks.
• Most email systems do not provide any kind of authentication, which makes it very easy for attacks to send fake messages, or pretend they are from someone else.
• There are tradeoffs between software features and software security, and the more features and interoperability features the software has, the more difficult it is to ensure it is free of vulnerabilities.