Forensics Journal - Stevenson University 2015 | Page 23
FORENSICS JOURNAL
have both “probed the electrical grid to find vulnerabilities to
exploit if they needed to attack it” (Wingfield, 2012).
continue to play “catch-up” when developing new detection tools.
The principal and foremost means of identifying malicious intrusions
and behaviors have been based on recognizing the signatures and
anomalies associated with existing malicious codes. When new
malware exposes a previously unknown vulnerability, the experts
create an update to patch that vulnerability after the fact. This
solution is reactive; effective only to prevent future attacks of the
same type, and incapable of countering more sophisticated efforts.
It was reported that in 2008 China was responsible for “Ghost
Net,” using malware to spy on Tibet for almost a full year (Hruska,
2009). North Korea was accused of using DDoS attacks multiple
times since 2009 against the United States and South Korea to
disrupt government and financial websites (Vlahos, 2014). In
2007, Russia began “Web War I” on Estonia with a DDoS attack
aimed at collapsing the country’s most vital infrastructure through
disruption of its electronic operations, marking the “first time that a
botnet threatened the national security of an entire nation” (Davis,
2007). Iran has been accused of progressively sophisticated attacks
over the last several years, from infecting U.S. banking and military
networking systems (Harris, 2014). So, which of these countries
poses the greatest potential threat to the United States? Many factors
support the idea that a terrorist attack intended to cripple critical
infrastructure might originate from Iranian terrorist actors. Not only
is Iran capable of using the most sophisticated cyber measures to its
advantage, but it is also known for its state-sponsorship of terrorism,
particularly towards the United States and its allies. In 2014, Iran’s
leaders declared that they are ready and willing to put their cyber
warfare tools to use if the situation arises (Harris, 2014).
Current developments in the cybersecurity field focus on realtime detection technology. In order to address a serious threat as
it happens, an intrusion must be identified and halted in real-time,
reducing the amount of post-incident clean-up required to control
the situation. Several companies have made this approach a priority.
A partnership between Bromium, Inc. and ForeScout Technologies,
Inc. resulted in a security solution that identifies when a malware
attack has been initiated, analyzes associated information, and then
isolates oth