As we enter the new year we approach the one year anniversary of the Target corporation hack. Their CEO is out of a job, their board of directors is being sued, and the brand has suffered, by some estimates, $1 billion in damages. Unfortunately the Target Corporation is not an isolated example. Recently the headlines, broadcasts, and blogs have been full of other examples including: Home Depot, JP Morgan and Fidelity Investments. As we approach year end and the Holiday season there seems to still be a sense of insecurity in the air. The major vulnerabilities don’t seem to be getting any better, and individuals, companies and governments share a collective sense of defeat. The reason for this is that criminal hackers and nation states are getting more sophisticated in their techniques and accelerating their attacks while our defenses against them are falling behind and lack coordination and significant funding. In other words, we can expect more bad news and we may look back on the state of cybersecurity in 2014 as the good old days.
From a national security perspective the risks and implications of a major cybersecurity attack have been documented in the press to rival that of the cold war and post 9/11 terrorism threats. While some folks may view this as media mania, one area of concern to me is that one could argue that our national infrastructure is actually much less secure then the networks within the banking industry. In reality our power grids and water treatment plants are much less secure then their commercial counterparts in terms of technical expertise of their personnel and the amount of cyber budget they have available to fight the problem. The unfortunate results of 9/11 were massive and coordinated physical attacks executed by a dedicated enemy that were years in the making. Post 9/11 our nation passed the Patriot Act and created our Department of Homeland Security followed by massive amounts of funding to protect the country. Today we face dedicated adversaries with cyber skills and the ability to create even more devastation across multiple industries through the same networks the global economy is dependent upon every day.
The problem is so interconnected and complex that the natural reaction is to try to simplify our answers to it. One example is the overemphasis of the use of malware; it seems to be the buzzword for all of our cyber problems. In reality, behind every cyber breach is a human being manipulating code, machines and networks. McAfee Labs, part of Intel’s security group, has identified over 250,000,000 known pieces of malware. However, if all malware were eliminated tomorrow we would still experience the age old problem of espionage and theft of information by other means. Today’s cyber attackers use an approach that embeds themselves clandestinely within the network of their victim and observes the various defenses that are put in place so they can counter these efforts as they are deployed. In many ways the enemy acts more like a spy agency than a common criminal. As a result cybersecurity companies of all sizes are placing a much greater emphasis on cyber (Intelligence) to include the tools and the tactics that an adversary uses to steal, copy, manipulate or destroy information.
I spoke with two leaders in the industry and asked them to comment about key threats, trends and countermeasures within cyberspace. Both men are recognized global experts in cybersecurity and clearly understand the current state of our cyber adversaries. They agree that a key approach is to recognize: 1) how do we know who is getting threats, 2) how do we remove them and 3) how do we proactively stop them. They further agree that our cyber enemy can take multiple forms (individuals, syndicates, nation states) and their skill sets are advancing more rapidly then ever. Rather than installing products to stop individual problems (which is impossible to keep pace with) it seems the cyber industry is becoming more like a game of chess where you must think strategically and several steps ahead of your adversary in order to succeed.
Tom Kellermann is the current Chief Cybersecurity Officer at Trend Micro and served as a Commissioner on The Commission on Cybersecurity for the 44th Presidency. He also serves as an advisor to the International Cybersecurity Protection Alliance (ICSPA). Kellerman had this to say: “As evidenced in the Pawn Storm Campaign which impacted NATO, the White House and numerous defense contractors stated our adversaries have conducted holistic recon upon our Cybersecurity programs thus employing dynamic command and control and associated sandbox evasion tactics, which were purposely enacted to defeat FireEye’s (cyber) platform. Sandbox evasion is now a reality. All is not quiet on the Eastern front. The challenge we face is not to keep the enemy from breaching the walls but rather eliminating the enemies’ position within our networks.” These comments underscore a new method of operation that is sophisticated and strategic as well as long term in nature.
Dmitri Alperovitch, co-founder and CTO at Crowdstrike and former VP of Threat Research at McAfee had this to say:“From a nation-state threat actor perspective, we are still dealing with predominantly the Usual 4: China, Russia, Iran and North Korea, although more and more nations are jumping into the fray and building up their cyber offensive capabilities. One of the new trends in tradecraft is the rise in malware-free intrusions, where the adversaries are breaking into organizations, do not deploy malware but instead emulate insiders and move around the network using standard administrator commands, making them much more difficult to detect with traditional security tools. The way to combat these threat actors is to get comprehensive visibility into everything that’s executing on the network and to proactively hunt for the adversaries without waiting for an alert to go off.”
As we enter the New Year it appears that 2015 will be a year where hackers patiently insert themselves into our networks to impersonate legitimate users and anticipate our defense to their attacks. As in classic espionage fashion the threats are getting larger and a global coordinated strategy across corporations and legitimate governments must be deployed.