Chapter 10. Weaponizing Malware

A New Threat Landscape

There are so many emerging threats to computer networks that a detailed overview of them is beyond the scope of this book. Instead, this chapter addresses various modes of attack that have been used in cyber warfare and espionage, as well as a few new innovations that seem particularly perilous to high-value targets such as SCADA systems or classified networks within the defense industry (both government and contractor systems).

StopGeorgia.ru Malware Discussions

A significant portion of the discussion on the StopGeorgia.ru forum was dedicated to traditional (distributed denial of service) DDoS tactics and tools, but more interesting tactics discussed there focused on abusing application-level vulnerabilities in order to take advantage of CPU-intensive stored SQL procedures.

By abusing CPU-intensive application-level vulnerabilities (such as with SQL injection), Georgian information systems can be rendered inoperative using a small number of attacking machines. Whereas traditional DDoS attacks against robust websites can require thousands of bots simultaneously attacking the victim server, exploitation of SQL injection vulnerabilities require only a handful of attacking machines to achieve the same effect.

The discovery and exploitation of these application-level vulnerabilities shows moderate technical sophistication, but more importantly, it shows planning, organization, targeted reconnaissance, and evolution of attacks.

The introduction ...

Get Inside Cyber Warfare now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.