Secure Computing Forum 2019 – What we learned
Our Head of Security & Operations, Colm Lennon ,recently attended the Secure Computing Forum in the RDS, Dublin .Now in its 7th year the conference addressed 2019’s hot cybersecurity trends .
The Dark Net
The development of technology along with the pervasive use of the internet in our everyday lives provides enhances opportunities for criminals by effectively creating a virtual platform for cybercrime. The Dark Net which is described as a network of hidden web sites accessed through an anonymous browser provides a secure online marketplace for criminal activity.
Cyber criminals through the Dark Net have a marketplace that is so evolved that items purchased have receipts and associated SLA’s. It is a place where customer reviews are welcomed and ratings for sellers are displayed to help future buyers make an informed decision. It is also used by criminals to evolve new business models, such as ransomware as- a-service which allows an attacker to scale cybercrime globally much easier. This is a competitive marketplace that is as evolved as legitimate online marketplaces.
The Dark Net poses a perfect storm in terms of criminal activity as this new virtual world also bring advantages of anonymity, lack of physical proximity, access to global network and of course a greater chance of not getting caught. All of which are incentives for criminal behaviour online when compared with more tradition crime.
The Dark Net provides access to sophisticated and easy to use toolsets so anyone can gain instant access to the resources for entry level crime. When a stolen credit card is purchased on the Dark Net the tutorial on how to commit the crime is included so the novice criminal doesn’t need prior knowledge in order to gain entry to the criminal world.
The insider threat commonly occurs when someone within organisation with authorised access misuses that access to negatively impact the organisation. The Dark Net is used to issue advertisements seeking an insider from a targeted company with access to sensitive information in order to exfiltrate this data. This can be very tempting to the employee based on the financial rewards involved.
The message is that the cyber threat comes from both the external cybercriminal and the insider threat.
What is the cost of cybercrime?
A report from the Centre for Strategic and International Studies on the impact of cybercrime
estimates that cybercrime extracts between 15% and 20% of the value created by the Internet. The Impact of cyber-attacks could be as much as $3 trillion in lost productivity and growth and is estimated to grow to $6 trillion by 2020. From an economic perspective, this poses a real problem as the global costs are increasing in a spiralling upward trend.
We are now witnessing the largest transfer of wealth in human history. Nation states are attacking private companies to steal information for the benefit of their competitors overseas. Breaches include company trade secrets, intellectual property, commercial strategies which pose huge losses for organisations and nations affected. The big four referred to are China, Russia North Korea and Iran. Common networks policies implemented by organisations prohibit all inbound and outbound traffic to and from these countries.
What happens to your company’s data following a data breach?
Based on cases reported to the FBI’s Internet Crime Complaint Centre the FBI states that the
estimated value of the ransomware business in 2016 was approximately $1 billion. In most cases companies breached will pay the ransom which averages $500 in bitcoin, but what they may not know is that the money being used for terrorist activities.
One report described an organisation impacted by a data breach which included personally identifiable information (PII) and following the breach this information was then sent to a terrorist group to target those private individuals. What started as a privacy issue ended as a blended attack on private citizens safety.
The clear message for companies is to be aware that cybercrime is just crime, any monies paid will be used in terrorist activities and therefore should not be paid.
Cybercrime is big business so once personal identifiable information (PII) is stolen from an organisation it is sold online via the Dark Net. There is a host of personal information for sale online including passports, credit cards and driving licenses. It’s now estimated that 50% of all Americans have had data stolen from them online.
Internet of Things – IOT
With the rise is of The Internet of Things (IOT) the attack surface and opportunity for an attacker has increased dramatically. The underlying operating systems can be insecure with known backdoors to some IOT systems. A reported security breach involved an IOT pacemaker which had been implanted into a patient without encryption and when it was inevitable hacked required a security patch to be applied post install to prevent a future occurrence. As this attack surface increases so does the entry points for criminal activity which in turn increases the risk of data breaches becoming even more widespread.
In short, the Internet of things = internet of things to be hacked.
Artificial Intelligence in the fight against cybercrime
Using artificial intelligence in the fight against terrorist cyber-attacks. Cyber criminals when developing exploits reuse existing code (e.g. available from places like Github) as part of their activities, so by using AI, machines can be taught to develop variants of malware based on the code that is readily available. These variants can then have signatures applied so they can be identified and stopped by security solutions to prevent their use by criminals. The objective is to make is more difficult for the criminal to develop useable code and in turn to deter the criminal activity.
Social engineering
Social engineering is a unique form of cyber-attack that focuses on the human rather than technology by using manipulation and deception techniques.
Phishing: is a social engineering attack using email as the attack mechanism. It is also defined as the practice of sending emails that appear to be from a reputable source with the goal of influencing or gaining personal information. Email is so widely used with almost 4 billion users worldwide in 2018 and with so little security embedded in the Simple Mail Transport Protocol (SMTP) by design, it is the perfect tool to lure the human into making some bad decisions. Phishing is used in 93% of all social engineering attacks.
Phishing attacks take two general paths. The first is email spoofing, which is when the information in the “From” address is changed to make it appear like it has come from a legitimate source to trick the human into clicking on an attachment that will download malware. The second is website cloning where the attacker copies a legitimate website, directs you to it and then tricks you into providing login credentials or personal information.
An engaged, curious and well-trained workforce can be an important line of defence to spot unusual activity e.g. spoofed email coming from the CEO with an instruction to transfer funds urgently.
In short if you spot deceit, hit delete.
What’s the advice to organisations?
- Low hanging fruit: From a hacker’s viewpoint the low hanging fruit will be exploited. Password reuse is the most common way for hackers to escalate access. 92% of users reuse their passwords. The hacker will commonly crack a social media account password and then gain access to corporate data due to password reuse. The message for organisations is to promote good password practices and the use of multi factor authentication as standard across corporate and personal accounts.
- You will eventually get hacked: Have a defence strategy that assumes you are breached. Structure your systems to limit the damage a hacker can do and make it difficult for an attacker e.g. Don’t put the crown jewels in the crown jewels folder.
- More transparency about hacks: Your customers should find out about a breach from your organisation rather than from a blogger that found your database on the Dark Net. Companies hacked generally don’t take security seriously until their board see it as a PR issue, for instance Yahoo was hacked in 2014 with 500m accounts breached and only in 2016 did the CEO allow information to be communicated.
- Focus on Cyber resilience so you can prevent, detect and recover from a breach.
- Know your network and know what normal network activity looks like so unauthorised or abnormal activity can be identified.
- Companies should have appropriate security protection in place to prevent and recover from an attack such as regular patching schedules along with backup and recovery procedures to recover data and services in a timely manner.
- Effective monitoring solutions in place to detect unusual behaviour on your network so you can react but also adapt your network to make it more difficult for future attempted hacks or data breaches.
- Have a playbook in place and ready for when a breach occurs.
- Insider Threat: Policies and practices to handle the insider threat.
- The future:
Digital transformation is not just happening in the legitimate world, it’s happening in the criminal world also. Cyber criminals are early adopters of tech and they will continue to evolve to stay ahead of the rest of the business world with their main focus areas reported to be:
- Artificial Intelligence – Commonly used by criminals to identify undercover law enforcement on the Dark Net. 50% of blackhats plan to use AI in the future.
- Automation – Tools such as Autosploit increase operational efficiency and profitability by automating the attack.
- There will be continued evolution of decentralisation technologies like block chain to evade law enforcement.
To find out more on any of the above topics please contact Unity.