That the Defense Department blocks 36 million malicious emails daily aimed at accessing U.S. military systems, as Defense Information Systems Agency Director of Operations David Bennett recently said, underscores that attackers continue to consider email an attractive attack vector and highlights the stresses that security pros face daily trying to sort through threats.
"Our threat labs have observed cybercriminals recently migrating to email as the most common attack vector. As the tension between nations is increasing, more of the conflict is being fought online. They use email because it is effective,” said Nick Bilogorskiy, cybersecurity strategist at Juniper Networks, noting that he wasn't surprised that the Defense Department had seen an uptick in email attacks. "While most such attacks are simple phishing scams, the most dangerous ones are usually the work of rogue nation states and can be political in nature.”
Bennett, speaking at an Armed Forces Communications and Electronics Association (AFCEA) event, confirmed that “emails are the number one delivery mechanism globally” and lamented the near-constant vigilance required of cybersecurity pros. “The reality is we've got to get it right all the time, they only have to get it right once,” he said, according to a report in NextGov.
The agency also has thwarted distributed denial of service (DDoS) attacks as large as 600 Gbps “on internet access points, and unique and different ways of attacking us we hadn't thought of before,” some of which are classified, said DISA Director Lt. Gen. Alan Lynn, who will leave his post February 2. Lynn is also commander of Joint Forces Headquarters-Department of Defense Information Network.
The Pentagon anticipates the size of DDoS attacks to grow. “We call it the terabyte of death looming outside the door,” the report quoted Lynn as saying. “We're prepared for it. It's just a matter of time before it hits us.”
Noting that state-sponsored attacks have caused power outages and mucked with election systems, Bilogorskiy called for rules “to be established to define the protections of non-combatants in and around the cyber-war zone,” restricting “certain technologies or attack scenarios” like “DDoSing life-support systems” or “causing civilian plane crashes through custom malware.”
While “interfering with communication system computers are starting to seem like a part of standard military tactics,” he said, “hacking attacks that cause a direct loss of life should be considered war crimes, in my opinion."