Cyber security: How to get around it!

 It is pretty much a given that the majority of people have their personal information documented somewhere in virtual space. This data has been captured in many forms and bits and bytes through online transactions, social engagement, studies, business and work, shopping, medical treatments, and also through play (such as answering those fun personality quizzes on Facebook, for example, or by gaming).

The thing is though, to live, survive and cope in this world, internet users are arguably forced to put their trust into the custodians of their data to keep it safe, accessible at any time from anywhere and, of course, on a multiple of devices and platforms.

So, unless your aim is to hide from civilisation, it is essential that businesses and individuals know all the risks and how to prevent them.

“Personal information is boosting the phenomenal innovations happening in the AI, machine learning and deep learning spaces,” says Anton Jacobsz, managing director at value-added distributor, Networks Unlimited. “But, where there is a door in to reach this info, there is also the danger of cyber criminals slipping through keyholes and squeezing in under doorframes, all with the basic aim of using data maliciously. Of course, the more machines that are connected – think Internet of Things (IoT) and all things smart: cars, homes, mobile devices, industry machines, utilities, and more – the more widespread the potential cybercrime infestation and destructive aftermath becomes.”

blog published by Fortinet, securers of the largest enterprise, service provider, and government organisations around the world, and whose solutions are channelled into Africa by Networks Unlimited, states: “The cybercriminal marketplace is adept at adopting the latest advances in areas such as artificial intelligence to create more effective attacks.”

The blog highlights that Fortinet expects this trend to accelerate into 2018, enabling additional destructive trends.

“All users of the Internet should take heed of these trends,” Jacobsz emphasises.

These trends, in summary, are:

The rise of hivenets and swarmbots

“… it is easy to predict that cybercriminals will eventually replace botnets built with mindless zombie devices with intelligent clusters of compromised devices to create more effective attacks. This would be a hivenet instead of a botnet. It would be able to use millions of interconnected devices, or swarmbots, to simultaneously identify and tackle different attack vectors, enabling attacks at an unprecedented scale,” explains the blog.

“Such hivenets are especially dangerous because, unlike individual zombies, individual swarmbots are smart. They are able to talk to each other, take action based on shared local intelligence, use swarm intelligence to act on commands without the botnet herder instructing them to do so, and recruit and train new members of the hive. As a result, as a hivenet identifies and compromises more devices it will be able to grow exponentially, and thereby widen its ability to simultaneously attack multiple victims.”

Ransom of commercial services is big business

“The next big target for ransomware is likely to be the ransom of commercial services such as cloud service providers. The financial opportunities are clear. Cloud computing is expected to grow to USD162 billion by 2020, with a compound annual growth rate (CAGR) of 19 percent. In addition, successfully taking down a cloud provider is a one-to-many opportunity.

The complex, hyperconnected networks that cloud providers have developed can produce a single point of failure for dozens or even hundreds of businesses. (Think Mirai taking out a DNS hosting provider.),” states the blog. Further, it warns, “Cloud services are centralised and present a huge potential attack surface.

Rather than hacking businesses individually, criminals that are able to infiltrate a single cloud environment would potentially have access to data from dozens or hundreds of organisations, or be able to wipe out an entire range of services with a single attack.

“And it’s not just businesses that would be affected. Government entities, critical infrastructure, law enforcement, healthcare, and a wide range of industries of all sizes all use the cloud – and many of them use the same cloud provider. If a cyberterrorist is able to take down a single major cloud service provider, the implications could be devastating.”

Next-gen morphic malware

The blog also predicts that adversaries will begin to leverage automation and machine learning in their attack tactics, techniques, and procedures (TTP).

“Current polymorphic malware, for example, has been around for decades. It already uses pre-coded algorithms to take on a new form to evade security controls, and can produce more than a million virus variations per day. But so far, this process is just based on an algorithm, and there is very little sophistication or control over the output,” it continues.

“Next-gen polymorphic malware built around AI, however, will be able to spontaneously create entirely new, customised attacks that will not simply be variations based on a static algorithm. Instead, they will employ automation and machine learning to design custom attacks to quickly compromise a targeted system and effectively evade detection. The big difference is the combination of discipline and initiative.”

Critical infrastructure to the forefront

“Most critical infrastructure and OT networks are notoriously fragile, and originally designed to be air-gapped and isolated. But the need to respond at digital speeds to employee and consumer demands has begun to change that, making everything exposed (look at cloud-enabled SCADA services.)

Applying security as an afterthought once a network designed to operate in isolation is connected to the digital world is rarely very effective,” notes the blog. “Because of the high value of these networks, and the potential for devastating results should they be compromised or knocked offline, critical infrastructure and healthcare providers are now finding themselves in an arms race with cybercrime organisations.

This puts them in a difficult position because while they need to trust new connected systems that provide both increased intelligence and security in order to survive, the risks are real.”

The dark web and cybercrime economy offer new services using automation

“We expect to see new service offerings from the dark web as Crime-as-a-Service organisations use new automation technology for their offerings. We are already seeing advanced services being offered on dark web marketplaces that leverage machine learning.

For example, a service known as FUD (fully undetected) is already part of several offerings. This service allows criminal developers to upload attack code and malware to an analysis service for a fee. Afterwards, they receive a report as to whether security tools from different vendors are able to detect it,” the blog points out, and also observes that “Infected machines leveraging Coinhive is a latest example – browser plugins that infect end-user machines to hijack their CPU cycles to mine for virtual currency.

This process is rapidly accelerating the time from concept to delivery of new malware that is both more malicious and more difficult to detect and stop. Once true AI is integrated into this process, offense vs defence (time to breach vs time to detect/ protect) will be reduced to a matter of milliseconds rather than the hours or days it does today.”

Jacobsz remarks that phenomenal innovation in digital has led to many positive elements in both business environment and personal life.

“Unfortunately, it has also given opportunity to criminal acts that only a few decades – sometimes as short as a year – were unheard of. As such, each innovation needs to be seen from every possible angle – both the good and the bad, in order to provide users with the finest and most secure solution.”

This essentially means that security intelligence, automation and innovation needs to be as fast and on par with every digital innovation – it’s a big and challenging job, but as the blog concludes: “Like it or not, this is a winner-takes-all scenario. Organisations that fail to prepare now may not be able to catch up once it moves to the next level of sophistication.”