Three cybersecurity experts from Juniper Networks and STEALTHbits Technologies offer perspective on remarks by David Bennett, CIO/Director of Operations for the Defense Information Systems Agency (DISA, a DoD combat support agency) and outgoing DISA Director Lt. Gen. Alan Lynn (NextGov story link), which disclosed that:
- 36 million malicious emails attempting to access US military systems are blocked each day by the DoD;
- the Pentagon has thwarted DDoS attacks up to 600 gps; and
- the Pentagon is preparing for one TBPS attacks.
IT security experts commented below.
Gabriel Gumbs, VP of Product Strategy at STEALTHbits Technologies:
“36 Million is undoubtedly a lot of emails to vet for threats. When placed alongside the total number of emails sent daily – 205 Billion – we get a bit more insight into why email will forever remain fertile ground – that deluge of information is simply staggering to sort through.
“The DoD of course is the birthplace of the Internet, tracing its beginnings to projects developed by DARPA (Defense Advanced Research Projects Agency), as a mechanism for government agencies to communicate in the event of all out nuclear war – a threat that we have been recently reminded is not quite behind us. So while denial-of-service (DDoS) attacks gain in strength, the core mission of an agency such as the DoD will always rely on infrastructure that rest outside the commercial arena. And to that end, projects such as mILCloud are essential to our security, both digital and national. For those of us whose mission it is to protect civilian livelihood, whether it be e- commerce, pharmaceutical research, or state and local governments, DDoS and phishing attempts all represent attacks that aim to gain access to our credentials, access our data or simply disrupt our businesses and the future of matching/defeating the increasing scale will rely on technologies such as Machine Learning, if we are to have a fighting chance.”
Nick Bilogorskiy, Cybersecurity Strategist at Juniper Networks:
“Our threat labs have observed cybercriminals recently migrating to email as the most common attack vector. As the tension between nations is increasing, more of the conflict is being fought online. They use email because it is effective. I am not surprised the DoD is also reporting a similar increase in the frequency of email attacks.
“While most such attacks are simple phishing scams, the most dangerous ones are usually the work of rogue nation states and can be political in nature.
“We have seen this with state-sponsored attackers responsible for power outages in the Ukraine, and the attempted interference with elections in multiple western countries. I think rules need to be established to define the protections of non-combatants in and around the cyber-war zone. Certain technologies or attack scenarios should be restricted, for example DDoSing life-support systems. Another example would be causing civilian plane crashes through custom malware. Interfering with communication system computers are starting to seem like a part of standard military tactics. But hacking attacks that cause a direct loss of life should be considered war crimes, in my opinion.”
Mounir Hahad, Head of Threat Research at Juniper Networks
“With 2.8 million employees, the DoD handles one of the largest number of email inboxes in the world. It is not surprising that every email address sees on average 12 spam/malicious emails per day. Given that there are fewer known exploits of internet-facing applications and productivity tools, cyber attacks have largely shifted to social engineering tactics to infiltrate a network. One of the lowest barriers to entry is email: when an attacker combines knowledge of its target with timely relevant information in a targeted phishing email, it’s only a matter of time before someone falls victim to the phish. In 2017, two thirds of attacks involved a malicious email according to the Verizon DBIR report. It only takes one employee to lower its guard and open a malicious attachment or click on a malicious link for the entire network to be breached.
“The fight is as much about detecting breaches and stopping them as it is preventing them in the first place. That’s why a defense in-depth that enlists the entire network in identifying malicious activity and shutting it down is so critical. We can no longer rely exclusively on perimeter defense or end-point defense alone. We must enlist every router and every switch to help detect and contain an attack.”