This Appendix looks at the threat landscape today. It looks at the new attacks as well as looking at new targets. In the context of Railways and Thameslink in particular, the following slide has been borrowed from a presentation given by Johannes Emmelheinz of Siemens in Amsterdam this February.
A look at the different types of threats propagating today, combined with the sheer volume of attacks, can paint a discouraging picture. Even more alarming, however, is the fact that today’s threats seldom occur in isolation. A DDoS threat in one segment can divert attention from malware in another. Ransomware can be used to hasten data exfiltration. IPv6 attacks can be used to access parallel IPv4 constructs. Another consideration is that, with individual components available for sale, attackers no longer need overall computer or network expertise.
Botnets can be rented from vendors and application exploits simply purchased. This allows perpetrators to concentrate on results that they desire without having to create the means to commit the crime. This is obvious from the results of Verizon’s 2018 Data Breach Incident Report, which shows that 50% of breaches were carried out by organized criminal groups, and 12% involved nation-state or state-affiliated actors. The bottom line is that for today’s enterprise, the question is not whether you will be attacked. It’s when, by what, and how badly your company’s reputation or finances will be damaged. And one thing is sure in the uncertain world of cybersecurity — the wrong time to consider defence is after the attack has occurred.
For a review of DDOS protection solutions look at the excellent Forester Report embedded below.: