Wednesday, May 2, 2007

buzzword alert: Evolving Threat Landscapes

I was googling around and found the below quote from Air Force Lt. Gen. Kenneth A Minihan, Director of NSA (from a brief to Senate Gov Affairs Committee, June 1998):

We distinguish two fundamental types of threat.
The unstructured threat is random and relatively
limited. It consists of adversaries with limited funds
and organization and short-term goals. While it
poses a threat to system operations, national secu-
rity is not targeted. This is the most obvious threat
today. The structured threat is considerably more
methodical and well-supported.
While the un-structured threat is the most obvious threat today,
for national security purposes we are concerned
primarily with the structured threat, since that
poses the most significant risk.

I submit that the symptoms of structured vs unstructured threats have blurred to the point of pain. As an example, MS07-017 aka the animated cursor vulnerability from April. The exploit itself was easily detected and not an issue. What I found interesting was the amount of threats I found. I discovered several payloads the exploit attempted to load on the system. Five of which I found the initial 4 days after the exploit was public that were, presumably, from five separate authors. All were undetected at the time of discovery via virustotal. Any of these four attacks could have been from either structured or unstructured threats.

The nature of unstructured attacks have changed. We are not dealing with Code Red anymore. This has been the case the last several years as crime syndicates are more involved in gaining the easy dollar. And if you're reading this site, you are probably aware of all of this.
What I find interesting is that in a lot of ways we are still in the Code Red mindset at an Information Technology and end user level. We need to get out of the idea that saturation levels do not dictate risk levels. Properly relaying the risks is key.

No comments:

Post a Comment