idnits 2.17.1 draft-lazanski-users-threat-model-t-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 6 instances of too long lines in the document, the longest one being 34 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 205 has weird spacing: '...re were data ...' == Line 398 has weird spacing: '...hown in draft...' -- The document date (January 7, 2021) is 1176 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Missing Reference: '1' is mentioned on line 127, but not defined == Missing Reference: '2' is mentioned on line 129, but not defined == Missing Reference: '3' is mentioned on line 135, but not defined == Missing Reference: '4' is mentioned on line 140, but not defined == Missing Reference: '5' is mentioned on line 147, but not defined == Missing Reference: '6' is mentioned on line 152, but not defined == Missing Reference: '7' is mentioned on line 158, but not defined == Missing Reference: '8' is mentioned on line 165, but not defined == Missing Reference: '9' is mentioned on line 167, but not defined == Missing Reference: '10' is mentioned on line 172, but not defined == Missing Reference: '11' is mentioned on line 178, but not defined == Missing Reference: '13' is mentioned on line 186, but not defined == Missing Reference: '14' is mentioned on line 189, but not defined == Missing Reference: '15' is mentioned on line 194, but not defined == Missing Reference: '16' is mentioned on line 198, but not defined == Missing Reference: '22' is mentioned on line 246, but not defined == Missing Reference: '23' is mentioned on line 256, but not defined == Missing Reference: '24' is mentioned on line 260, but not defined == Missing Reference: '25' is mentioned on line 266, but not defined == Missing Reference: '26' is mentioned on line 356, but not defined == Missing Reference: '27' is mentioned on line 283, but not defined == Missing Reference: '29' is mentioned on line 303, but not defined -- No information found for draft-lazanski-protocol-security-design-considerations - is the name correct? Summary: 1 error (**), 0 flaws (~~), 25 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Independent Submission D. Lazanski 2 Internet Draft Last Press Label 3 Intended status: Informational January 7, 2021 4 Expires: July 7, 2021 6 A User-Focused Internet Threat Model 7 draft-lazanski-users-threat-model-t-02 9 Status of this Memo 11 This Internet-Draft is submitted in full conformance with the 12 provisions of BCP 78 and BCP 79. 14 Internet-Drafts are working documents of the Internet Engineering 15 Task Force (IETF), its areas, and its working groups. Note that 16 other groups may also distribute working documents as Internet- 17 Drafts. 19 Internet-Drafts are draft documents valid for a maximum of six 20 months and may be updated, replaced, or obsoleted by other documents 21 at any time. It is inappropriate to use Internet-Drafts as 22 reference material or to cite them other than as "work in progress." 24 The list of current Internet-Drafts can be accessed at 25 http://www.ietf.org/ietf/1id-abstracts.txt 27 The list of Internet-Draft Shadow Directories can be accessed at 28 http://www.ietf.org/shadow.html 30 This Internet-Draft will expire on July 7, 2021. 32 Copyright Notice 34 Copyright (c) 2020 IETF Trust and the persons identified as the 35 document authors. All rights reserved. 37 This document is subject to BCP 78 and the IETF Trust's Legal 38 Provisions Relating to IETF Documents 39 (http://trustee.ietf.org/license-info) in effect on the date of 40 publication of this document. Please review these documents 41 carefully, as they describe your rights and restrictions with 42 respect to this document. Code Components extracted from this 43 document must include Simplified BSD License text as described in 44 Section 4.e of the Trust Legal Provisions and are provided without 45 warranty as described in the Simplified BSD License. 47 Abstract 49 RFC 3552 introduces a threat model that does not include endpoint 50 security. Yet increasingly protocol development is making assumptions 51 about endpoint security capabilities which have not been defined. RFC 52 3552 is 17 years old and threat landscape has changed. Security issues 53 and cyber attacks have increased and there are more devices, users, and 54 applications on the endpoint than ever. This draft proposes a new 55 approach to the Internet threat model which will include endpoint 56 security, focus on users and provide an update to the threat model in 57 RFC 3552. It brings together Security Considerations for Protocol 58 Designers draft-lazanski-protocol-sec-design-model-t-01 which is a 59 comprehensive document that lists threats, attack vectors, examples and 60 considerations for designing protocols, as well as draft-taddei-smart- 61 cless-introduction-02 which lays out security concerns, capabilities 62 and limitations for endpoints in general and draft-mcfadden-smart- 63 endpoint-taxonomy-for-cless-01 which outlines a clear taxonomy for 64 endpoint security and identifies changes in technology, economic and 65 protocol development that has impacted and changed endpoint security. 66 Taken together these drafts reflect a comprehensive and clear set of 67 security threats and design considerations for the Internet. 69 Table of Contents 71 1. Introduction...................................................2 72 2. A History of Data Breaches.....................................3 73 3. Botnets........................................................6 74 4. Emerging Threats...............................................7 75 5. Impacts........................................................8 76 6. Guidelines.....................................................8 77 7. A New Internet Threat Model....................................9 78 8. Way Forward.........................Error! Bookmark not defined. 79 9. Security Considerations.......................................10 80 10. IANA Considerations..........................................10 81 11. Conclusions..................................................11 82 12. References...................................................11 83 12.1. Informative References..................................11 84 13. Acknowledgments..............................................13 86 1. Introduction 88 Data breaches continue to be on the rise: personal data is stolen 89 and often leaked or sold on a never-before-seen scale. Malware and 90 ransomware attacks impact the most vulnerable in our global 91 societies today. Better security results in better privacy through 92 prevention of these breaches. However, even though the IETF is 93 privacy-focused, Internet architecture has radically changed without 94 much consideration during the protocol development process for cyber 95 defence or its outcomes. 97 In recent years, this has obsoleted many systems, technologies and 98 programmes which use Internet protocols for prevention, detection 99 and mitigation of cyber attacks. RFC 7258 established that 100 "Pervasive Monitoring" is an attack on privacy that needs to be 101 mitigated where possible. Furthermore, RFC 3552 assumes that the 102 endpoints involved in a communications exchange have not been 103 compromised, but that the attacker has near complete control over 104 the network between the endpoints rather than the endpoints 105 themselves. These assumptions have led to a focus on communications 106 security and the development of protocols that place this kind of 107 security above all else. Ironically - or coincidentally - as the 108 development of these protocols have taken place over the last 109 several decades, there has been and continues to be a sharp rise in 110 cyber attacks. The Internet threat model in RFC 3552 does not even 111 mention that the greatest threat to the Internet is the growing 112 scale and variety of cyber attacks against all types of endpoints 113 that is resulting in significant data breaches. This now needs to 114 change. 116 The rest of this document is as follows. Sections 2 and 3 focus on a 117 sample of the most recent data breaches in order to demonstrate how 118 cybersecurity issues have changed in over 15 years. Section 4 lays 119 out a few of the many emerging threats while section 5 discussions 120 impacts. Section 6 proposes updating the threat model and finally 121 Section 7 discusses work underway and a way forward. 123 2. A History of Data Breaches 125 A data breach is an incident where data is inadvertently exposed in 126 a vulnerable system, usually due to insufficient access controls or 127 security weaknesses in the software.[1] In the first six months of 128 2018 alone, Gemalto reported that there were 945 data breaches 129 resulting in 4.5 billion records being compromised.[2] This section 130 describes some recent cyber attacks on the Internet that led to data 131 breaches. But these are only a handful of breaches that have been 132 made public. So many more go unreported in the public. Data breaches 133 are one of the top issues in cybersecurity today. IBM's 13th "Cost 134 of a Data Breach" study found that the global average cost of a data 135 breach in 2018 was $3.86 million.[3] That is the average cost of one 136 - not many - data breaches. 138 In October 2013, Adobe announced that hackers had stolen nearly 3 139 million encrypted customer credit card details and the IDs and 140 encrypted passwords of 35 million customers.[4] 142 In December 2013, the retailer Target announced that 40 million 143 credit card records and personal details for a further 70 million 144 customers had been compromised. A report from Verizon indicated that 145 after one week, 86percent of passwords used by Target had been 146 cracked and Verizon's security consultants were able to move about 147 with complete freedom on Target's internal network.[5] 149 In May 2014, eBay notified 145 million users to change their 150 passwords following a cyber attack that compromised encrypted 151 passwords, customer names, email addresses, mailing addresses, phone 152 numbers and dates of birth.[6] 154 In July 2015, a commercial website that enabled extramarital affairs 155 (called Ashley Madison) was breached; a month later, more than 25GB 156 of company data, including user details, was leaked. The ethics and 157 impact on human rights of this breach are particularly notable, as 158 it resulted in at least one confirmed suicide.[7] 160 In 2016, Uber was breached, giving hackers access to the names, 161 email addresses and phone numbers of 57 million riders and drivers. 162 600,000 US drivers had their names and license plate numbers stolen. 163 The current assessment is that other personal data, including trip 164 location history, credit card details, social security numbers and 165 dates of birth were not downloaded. [8] Also, in August of 2016, 166 Dropbox was hacked to release over 68million user email addresses 167 and passwords onto the Internet. [9] 169 In March 2018, as part of a coding review, Google uncovered a coding 170 glitch that potentially exposed the personal data of up to 500,000 171 Google Plus users, including their names, email addresses, 172 occupations, genders and ages.[10] Google could not confirm which 173 users were affected by the security flaw as they keep API log data 174 for only two weeks (and, presumably, log data analysis was lacking 175 or insufficient to detect the breach as it was happening). 177 In May 2018, Twitter advised all 330 million of its users to change 178 their passwords after a software exposed them in plaintext. [11] 179 Additionally, in September 2018, British Airways announced that 180 personal and financial details of up to 380,000 customers who had 181 booked flights over a 16-day period had been stolen. This breach was 182 traced to a rogue script that had been installed on the third-party 183 payment supplier used by British Airways.[12] 184 Also in September 2018, Facebook suffered its worst security breach 185 ever; the exploitation of several simultaneous software bugs gave 186 login access to as many as 50 million accounts.[13] April 2019, a 187 146GB data set containing over 540 million Facebook records were 188 found exposed on AWS servers, as two third-party companies had 189 collected Facebook data on their own servers.[14] In November 2018, 190 500 million Marriott International customers had their details 191 stolen in an ongoing breach since 2014. Approximately 327 million 192 hotel guests had a combination of name, address, phone number, email 193 address, passport number, date of birth, gender and 194 arrival/departure information stolen.[15] 196 In January 2019, the personal data of more than 3500 people living 197 with HIV in Singapore was leaked in Singapore, allegedly by an 198 insider with access to sensitive records.[16] Also in February 2019, 199 a file containing 2.2 billion compromised usernames and passwords 200 was found on the dark web. This 600GB file was a collation of 201 previous data breaches, truly demonstrating the scale and severity 202 of the data breach and cyber defence problem in totality.[17] 204 In the first half of 2020, as the Covid-19 pandemic grew, so did 205 cybercrimes some which are were data breaches. According to 206 Interpol, due to the shift of focus to public health, many criminals 207 are taking advantage of the vulnerability of society to launch many 208 types of attacks. The FBI reported a 300% increase in reported 209 cybercrimes since the beginning of the Covid-19 pandemic. Interpol 210 published three attack scenarios to watch out for: 212 . Malicious domains - these domains may be found when searching 213 for phrases like "covid-19", "covid19", "coronavirus" and 214 related. A user clicking on a malicious domain man be subject 215 to malware, ransomware, phishing or other socially engineered 216 cyber attacks. Many countries have reporting tools to report 217 such issues, like for example in Estonia. [18] 218 . Malware - malware has been found in coronavirus maps and 219 information websites.[19] 220 . Ransomware - ransomware is on the rise in hospitals, clinics 221 and treatment centres since focus is less on the networks and 222 endpoints and more on treating patients. [20] 224 On 7 July 2020, through civil court procedure in the US, Microsoft 225 seized malicious domain names that have been used in large scale 226 phishing attacks with a Covid-19 theme. The attacks tricked users to 227 revealing their login details.[21] The Microsoft Digital Crimes Unit 228 note that attacks are changing in order to take into account current 229 events that users might be interested in. 231 It is unthinkable and unrealistic that any revised Internet threat 232 model does not highlight and prioritise the most impactful threats. 233 Threat actors are making full use of the Internet technology that 234 allows them to hide on endpoints and perform such large data hacks 235 that mostly go undetected. 237 Internet security researchers and developers must accept the reality 238 of all the security issues in the Internet ecosystem. Decisions 239 being made in the name of privacy are sometimes leading to larger 240 inadvertent security and privacy losses. 242 3. Botnets 244 A botnet is a string of connected computers used, in this case, to 245 perform a malicious function against an end user, organisation or 246 series of users.[22] Though computers working together to increase 247 computing power for functions does not constitute a botnet in itself 248 (and is used often in data centres for chat rooms or email services, 249 for example) botnets are a specifically used for malicious intent. 250 There have been a number of recent, high profile botnet attacks and 251 only a few will be described here as examples. 253 In 2000, EarthLink Spammer sent 1.25 million phishing emails over a 254 year and made $3 million in profits by using fake websites and 255 domain names to accomplish this. Subsequently the spammer was 256 convicted and Earthlink won $25 million in damages.[23] 258 Created in 2007, Cutwail was the biggest botnet on the Internet by 259 2009 by number of infected computers or hosts sending email. It was 260 sending 51 million emails every minute.[24] By 2010, however, it 261 started a DDoS attack to nearly 300 major sites including PayPal and 262 US federal agencies. By 2013 it was the botnet to use for sending 263 spam, but over time its use declined through targeted attempts to 264 take it offline as well as the expiration of email addresses. Though 265 not as popular and sending far less than it once did, Cutwail still 266 sends spam to this day.[25] 268 A more recent botnet was the centre of one of the biggest outages of 269 the Internet network. The Mirai botnet was first identified in 2016. 270 The Mirai botnet as well as variants infect Internet of things 271 devices and those infected devices scan the Internet for IP 272 addresses of other Internet of Things devices, thus creating a 273 multiplication of IoT devices which are infected. Though the bot 274 still exists in various forms, the most serious attack took place on 275 21 October 2016 when the Domain Name System (DNS) provider Dyn was 276 attacked by DDoS using a coordinated system of infected IoT devices. 277 Much of the Internet was unreachable after three attacks occurred 278 during the day. Though eventually resolved on that day, the sheer 279 size and scale of the attack is still viewed as one of the biggest 280 attacks on the Internet to this day.[26] 282 According to Kaspersky Labs, there were just over 15,000 botnet 283 attacks in 2018.[27] Worryingly, of those attacks, approximately 40 284 percent were new in both type and the target. Again, as IoT devices 285 increase and as networks expand coverage and ability to handle even 286 more devices and data, it is likely that botnet attacks will 287 continue to be seen on such a scale. It takes approximately 5 288 minutes after connecting for an IoT device to be attacked and up to 289 24 hours for an exploit to be stopped. [28] 291 4. Emerging Threats 293 Older methods of cyber attacks are still happening and causing 294 breaches, as endpoint security remains incomplete and not up to 295 date. Servers remain unpatched and vulnerable and client devices 296 become legacy or unsupported, to name just a few issues. In 297 parallel, new categories of attacks are emerging. 299 Software updates are a new attacked vector. In March 2019, Kaspersky 300 uncovered the ShadowHammer supply-chain attack which injected 301 malicious code into the ASUS Live Update Utility. This attack 302 involved signing malicious code using stolen certificates and was 303 estimated to have affected half a million users.[29] As a result of 304 the ShadowHammer attack, public focus turned to how and what could 305 be the point of infection. Suggestions were that the IP addresses 306 could have been the point of origin of the attack while others 307 suggested that the malware itself was dormant and inactive until a 308 certain update triggered the malware. 310 In July 2019, Godlua became the first publicly known malware to use 311 DNS-over-HTTPS to avoid DNS-based malware protection security 312 systems. [30] The malware uses DoH requests to determine where the 313 active URL originates and where it will make a connection. The 314 malware takes advantage of this information in order to initiate a 315 DDoS attack. The malware attacks both windows and linux systems and 316 takes advantage of a backdoor exploit. [31] 318 Attacks on individual consumers have dropped by nearly 40 percent, 319 due to the fact that attacking one person is largely not financially 320 viable, but attacks on business organisations have increased year on 321 year.[32] Ransomware is on the rise, motivated by economic gain and 322 the weaknesses in endpoints. Malware is freely available and the 323 vulnerable attack point of an endpoint can be found. Botnets are 324 increasing in size and scale as well as ease of use. 326 There are other emerging threats that require more research to 327 collate fully and this section is a starting point. 329 5. Impacts 331 As noted in draft-arkko-farrell-arch-model-t-03 there is a difference 332 between user interaction endpoints and system endpoints. 333 Acknowledging that the end-to-end model supports permissionless 334 innovation, it is imperative to ensure that the open and innovative 335 nature of the Internet continues. However, a taxonomy of endpoints 336 and agreement on those which have had the most security impact in 337 the last 15 years in necessary to continue this work. 339 This document and draft-lazanski-protocol-security-design- 340 considerations-01 show the impacts on individuals, companies and the 341 Internet itself. Though the impacts can be personally and 342 economically damaging, there are also ways to design protocols to 343 mitigate the severity of attacks. 345 Another major change to the Internet over the last 20 years is the 346 consolidation and the impact on Internet protocols and architecture. 347 The expired draft draft-arkko-iab-internet-consolidation-02 shows 348 the potential impact consolidation could make on technology choices, 349 users, protocols and Internet architecture more generally. It goes 350 on to note that permissionless innovation may be at most risk. 352 Consolidation could impact security, making it easier to launch an 353 attack. Similarly, mitigation and defence could be affected, by 354 making it difficult to be agile and losing the reliance offered by 355 decentralization. The Dyn attack showed us that decentralisation 356 supports a resilient Internet. [26] 358 Work is underway in draft-lazanski-protocol-security-design- 359 considerations-01 to attempt to catalogue the most well-known 360 threats and considerations to be taken for protocol designers in 361 light of these threats. 363 6. Updating the Internet Threat Model 365 Many endpoints are vulnerable; CLESS began a much needed research 366 programme to demonstrate what capabilities and what limitations can 367 be expected at the endpoint and from a variety of types of 368 endpoints.[33] Endpoints have changed since RFC 3557 was published 369 17 years ago, but assumptions about endpoints in the IETF hasn't 370 changed in that time. 372 The problem statement from draft-mcfadden-smart-threat-changes-01 373 clearly articulates and lists the changes in the last 17 years. that 374 the view of Internet security is too narrow, specifically in BCP72, 375 and an update on Internet security threats is long overdue. Namely, 376 endpoints, applications, data and devices are all connected to the 377 Internet now at a growing pace and this needs to be reflected in 378 both Internet security threats and protocol design. 380 Security Considerations for Protocol Designers [34]is a 381 comprehensive document that lists threats, attack vectors, examples 382 and considerations for designing protocols. This document is growing 383 as new threats emerge and is a reference for protocol designers. 384 Additionally, draft-taddei-smart-cless-introduction-02 laid out 385 security concerns, capabilities and limitations for endpoints in 386 general while draft-mcfadden-smart-endpoint-taxonomy-for-cless-01 387 outlines a clear taxonomy for endpoint security and identifies 388 changes in technology, economic and protocol development that has 389 impacted and changed endpoint security as well as architectural 390 development and protocol design. Taken together these drafts reflect 391 a comprehensive and clear set of security threats and design 392 considerations for the Internet and the changes to security on or 393 connected to it. 395 7. Way Forward: A New Internet Threat Model 397 Many endpoints are vulnerable; Endpoints have changed over the last 398 17 years as shown in draft-mcfadden-smart-threat-changes-01, but 399 assumptions about endpoints in the IETF hasn't changed in that time. 400 Draft-iab-for-the-users-04 discusses that end users are beneficiaries 401 of the IETF standards. End users use endpoints which have new and 402 emerging threats. Even the user is not often in full control of what 403 happens on their endpoint and what security protections apply to 404 their own data a model where the Internet is user-centric would give 405 more control to the user. The user is both the home Internet citizen 406 and the organisation administrator seeking to protect against data 407 breaches; both need the power to control where their data goes and 408 choose their security protections. So while endpoints are the focus 409 now, does the Internet need to be user-centric in the future? Won't 410 that give users even more assure privacy? 412 ATT&CK versions of methods, when categorised by type, show that 413 endpoint methods of compromise are increasing faster than network 414 attacks.[34][35] This may be due to more variety in endpoints, 415 substandard security in many endpoints or the difficulty of 416 attacking a network compared to an endpoint. Whatever the reason, 417 the logical conclusion is that the current Internet design is not 418 stopping cyber attacks. Perhaps a fresh approach is required. 420 As more power and control has shifted to endpoints - and even to 421 only a select few applications on endpoints network defences can 422 protect fewer and fewer endpoints; concurrently, attacks have 423 increased and attacks have increased. 425 The existing Internet Threat Model of RFC3552 makes the general 426 assumption that end-systems have not been compromised and that while 427 end-systems are difficult to protect against compromise, protocol 428 design can help minimise the damage.Revisiting this general 429 assumption in the light of the magnitude of an increase in data 430 breaches and their subsequent negative results is a good starting 431 point for a new Threat Model which can result in protocol design 432 that helps mitigate end-system compromise. 434 RFC 3552 will need to be revised in light of the development of the 435 threat landscape that has changed and grown in the 17 years since 436 RFC 3552 was published. This draft highlights a selection of attacks 437 and data breaches over the last decade and a half. A revision to RFC 438 3552 would need to include all known and potential attack surfaces 439 taking into account mobile network development, new and emerging 440 devices which are connected to the Internet and the proliferation of 441 users, devices and applications on and over the Internet, as 442 mentioned above. 444 Work is well underway in the IETF and the progress has been slow but 445 insightful. However, the work needs to continue to develop with 446 continued collaboration. There is much to do. This draft continues 447 to highlight the importance that any threat model must be based in 448 evidence about data breaches. This draft continues the discussion 449 which focuses on the user, identifies the current threats and 450 proposes mitigation of those threats. 452 8. Security Considerations 454 This document proposes a new way of thinking about developing 455 Internet security protocols and does not create, extend or modify 456 any protocols. The intent is to continue discussion and bring in a 457 cyber defence viewpoint. 459 9. IANA Considerations 461 Upon publication this document has no required actions for IANA. 463 10. Conclusions 465 The Threat Model indeed needs revisiting and changing, because cyber 466 defence threats and attacks are increasing, yet the responsibility 467 to help mitigate these threats and attacks is largely unrecognised 468 in the IETF community. These threats and attacks should be given 469 the attention they deserve and a way forward is proposed. 471 Further, it is imperative that new conclusions and recommendations 472 from a revisited threat model are backed up by research, case 473 studies and experience, rather than bold assertions. Research and 474 evidence is important to achieve effective security, unsubstantiated 475 guesswork is not. Work is already underway and should now continue 476 as described in this draft. Section 8 shows the way forward. 478 11. References 480 11.1. Informative References 482 [1]https://haveibeenpwned.com/FAQs/ 484 [2]https://www.cbronline.com/news/global-data-breaches-2018 486 [3]https://securitytoday.com/articles/2018/07/17/the-average-cost- 487 of-a-data-breach.aspx 489 [4]https://krebsonsecurity.com/2013/10/adobe-to-announce-source- 490 code-customer-data-breach/ 492 [5]https://krebsonsecurity.com/2015/09/inside-target-corp-days- 493 after-2013-breach/ 495 [6]https://www.businessinsider.com/cyber-thieves-took-data-on-145- 496 million-ebay-customers-by-hacking-3-corporate-employees-2014-5 498 [7]https://digitalguardian.com/blog/timeline-ashley-madison-hack 500 [8]https://us.norton.com/internetsecurity-emerging-threats-uber- 501 breach-57-million.html 503 [9]https://www.theguardian.com/technology/2016/aug/31/dropbox-hack- 504 passwords-68m-data-breach 506 [10]https://www.experian.com/blogs/ask-experian/google-data-breach- 507 what-you-need-to-know/ 509 [11]https://www.theverge.com/2018/5/3/17316684/twitter-password-bug- 510 security-flaw-exposed-change-now 512 [12] https://medium.com/asecuritysite-when-bob-met-alice/the- 513 british-airways-hack-javascript-weakness-pin-pointed-through-time- 514 lining-dd0c2dbc7b50 516 [13]https://www.nytimes.com/2018/09/28/technology/facebook-hack- 517 data-breach.html 519 [14]https://www.databreachtoday.co.uk/millions-facebook-records- 520 found-unsecured-on-aws-a-12337 522 [15]https://www.bbc.co.uk/news/technology-46401890 524 [16]https://www.straitstimes.com/singapore/2400-singaporeans- 525 affected-by-data-leak-contacted-by-moh 527 [17] https://mobilesyrup.com/2019/01/31/collection-2-data-breach- 528 600gb-leaked-emails-passwords/ 530 [18] https://cyber.politsei.ee/ 532 [19] https://thenextweb.com/security/2020/03/11/hackers-are-using- 533 coronavirus-maps-to-infect-your-computer/ 535 [20] https://www.rightmove.co.uk/property-for-sale/property- 536 78196069.html 538 [21] https://blogs.microsoft.com/on-the-issues/2020/07/07/digital- 539 crimes-unit-covid-19-cybercrime/?=monday-july-6-2020 541 [22]https://us.norton.com/internetsecurity-malware-what-is-a- 542 botnet.html 544 [23]https://www.bizjournals.com/atlanta/stories/2002/07/22/story4.ht 545 ml 547 [24]https://www.whiteops.com/blog/9-of-the-most-notable-botnets 549 [25]https://www.wired.co.uk/article/infoporn-rise-and-fall-of-uks- 550 biggest-spammer 552 [26]https://www.theverge.com/2016/10/21/13362354/dyn-dns-ddos- 553 attack-cause-outage-status-explained 555 [27]https://securelist.com/bots-and-botnets-in-2018/90091/ 557 [28] https://www.netscout.com/sites/default/files/2019- 558 02/SECR_001_EN-1901%20- 559 %20NETSCOUT%20Threat%20Intelligence%20Report%202H%202018.pdf 561 [29]https://www.vice.com/en_us/article/pan9wn/hackers-hijacked-asus- 562 software-updates-to-install-backdoors-on-thousands-of-computers 564 [30] https://www.techspot.com/news/80791-meet-godlua-first-known- 565 malware-leverages-dns-over.html 567 [31] https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/ 569 [32] https://blog.malwarebytes.com/cybercrime/2019/04/labs- 570 cybercrime-tactics-and-techniques-report-finds-businesses-hit- with- 571 235-percent-more-threats-in-q1/ 573 [33] https://datatracker.ietf.org/doc/draft-taddei-smart-cless- 574 introduction/ 576 [34] draft-lazanski-protocol-security-design-considerations-01 578 [35] Pastor, Antonio. "Applying AI to Protect 5G Control Traffic", 579 ETSI Security Week, 19 June 2019, ETSI, Sophia Antipolis, France. 581 12. Acknowledgments 583 This document was prepared using 2-Word-v2.0.template.dot. 585 Authors' Addresses 587 Dominique Lazanski 588 Last Press Label 589 London, UK 591 Phone: +447783431555 592 Email: dml@lastpresslabel.com