Keeping a few steps ahead of cybercriminals is one thing; handling state-sponsored hackings and diplomatic spats with kid gloves is new game altogether.
Just as the world is currently undergoing a massive period of technological renaissance brought about by mobile computing and cloud-computing, that same empowerment has multiplied the threats and outreach of malicious forces.
From state-sponsored hackings to cybersquatting to cryptojacking to blockchain fraud to scammers and spammers, the global IT industry is witnessing a massive tidal wave of dark matter the likes of which have never been possible. To help us make sense of the digitally transforming world amidst the digital dark forces that stand ready to wreak havoc, CybersecAsia speaks with Michael Sentonas, Vice President, Technology Strategy, of high profile cybersecurity specialist CrowdStrike, which has notably been caught in the crossfire of diplomatic spats in the course of its business.
CybersecAsia: Why has the world not stopped scammers and phishing crooks in their tracks?
Sentonas: Phishing is a serious problem that in many ways is very easy for an attacker. It is very simple to get the email address format of a company and work out who the executives are and then send an email pretending to be someone. Attackers continue to evolve and the current trend that is netting massive returns is to use methods to compromise business email systems.
The reason why business email compromise campaigns have escalated so much in number over the last 18 months is that it is very simple to send an email pretending to be the CFO of a company and then target specific people within an organization convincing them to transfer money. The problem here is not necessarily a technical one; the attackers look to understand company structures, their processes and even down to the way they communicate. This activity affects both the targeted organization and the financial institutions supporting these victims.
CrowdStrike Intelligence has tracked successful fraudulent wire transfers that have netted thieves millions of dollars, with some attempted transfers reaching the billion-dollar mark. This trend is only seen to continue, as we move towards 2020, with adversaries continuing to employ creative techniques to avoid detection and perform actions on objectives to net high returns.
CybersecAsia: What kind of threat will quantum computing or even 5G/IoT pose to current and impending anti-threat technologies?
Sentonas: Quantum computing will bring enormous amounts of processing power which will theoretically pose a significant threat to encryption. This risk is considered to be several years away, but weaker encryption algorithms will be at risk sooner. This raises the need for the development of quantum-safe cryptography and security.
Even encrypted data that is safe today can be stored for later decryption once a working quantum computer of sufficient capacity becomes available. Quantum-safe encryption algorithms are currently being developed and will be interesting to track as they get closer to release, but it is important to also remember they will need to be used and retrofitted into current systems which will likely not be a trivial exercise.
The rise of IoT/IIoT presents a very complex challenge for security teams. There are so many aspects to consider including privacy of the data collected and generated by IoT devices. With every IoT enabled device potentially serving as an entry point for adversaries to launch attacks on the broader, interconnected network, the risks are set to increase as the number of endpoints continue to grow, with estimates pointing to more than 127 IoT devices being added each second.
The introduction of 5G will potentially exacerbate the issue, with higher-performance 5G networks providing the infrastructure for IoT to grow. IoT devices act on information, they collect and process information, and all of this data needs to be secured; privacy implications need to be considered and the devices need to be available; we cannot allow denial of service especially for critical systems.
This means that there needs to be a paradigm shift in how companies react to cyberattacks in this domain. It is no longer sufficient to rely on legacy antivirus technology and traditional cybersecurity approaches, which are too slow and ineffective to stop cyberattacks in time. A sophisticated blend of AI and behavioural analytics offering the capability to deliver real-time investigations in automating and prioritizing threat analysis and response is now the way forward. For example, a multi-tenant, cloud-native, intelligent security solution will lend itself well to protect workloads across on-premise, virtualized, and cloud-based environments running on a variety of endpoints such as laptops, desktops, servers, virtual machines and Internet of Things (IoT) devices.
CybersecAsia: What are your views on the level of trust put on blockchain? How does cryptocurrency aid in cybercriminal activities now and what are the likely threats for the future?
Sentonas: Blockchain is a complex topic, but in terms of trust, a goal of blockchain is to reshape trust with the promise of the ability to facilitate a transaction faster, more efficiently and theoretically at a lower cost.
There has been a lot written about blockchain trust, much of the discussion talks about the benefits, but as always there are potential downsides that also need to be considered. Blockchain moves the concept of trust to technology from people, and with that you need to trust everything about blockchain and that includes the software, the computers, the network, the cryptography and so on. The downside is what happens when there is failure, what happens if your bitcoin wallet is hacked, or something happens to the bitcoin exchange itself. Blockchains are attractive targets to e-crime adversaries because fraudulent transactions cannot be reversed as can be done in a traditional financial system.
We have seen some of the potential nightmare scenarios play out in recent times. There have been several instances where applications with insufficient security have been hosted on live blockchains and ended in disastrous results. One of the most significant examples of this would be the DAO attack on the Ethereum network, which resulted in a hacker making away with an estimated US$50 million worth of ether. Thus, from a security perspective, blockchain technology presents an extensive number of risks that can seriously impact an organization’s cyber risk profile and should only be implemented after a thorough risk assessment has been conducted.
Often discussed in tandem with blockchain, cryptocurrency remains a key target of cyber criminals, with the profitability of a successful attack having made it a highly attractive method of monetizing illicit activity. CrowdStrike’s 2019 Global Threats Report revealed that cryptojacking, which emerged in full strength during 2017 and continued to proliferate throughout 2018, has progressed from a trending to a pervasive threat in line with the rise in cryptocurrency values, with big names such as Tesla and Gemalto being victims.
The damage caused by cryptojacking extends beyond overworked CPUs, which can impact business operations by causing system downtimes and application crashes. These disruptions can cost organizations dearly, and not just in lost productivity: When attackers hijack high-performance servers for mining, it affects their status as strong business-value assets. Organizations could also be impacted by an increase in operating costs as their resources are unwittingly redirected to the cryptominer’s efforts. More importantly, cryptojacking can serve as a foothold in an organization’s network that hackers can leverage to launch other forms of cyberattacks.