Emerging Cyberthreats: What, Where and How?
Shutterstock/blurAZ

Emerging Cyberthreats: What, Where and How?

Recently, Gov. Rick Snyder said Michigan state government faces 2.5 million cyberattacks (on average) every day.

“I believe we actually are getting attacked more,” said Snyder at the North American International Cyber Summit in Detroit.

“But secondly, we’ve improved our practices to actually detect more attacks because that’s something out there that we probably are attacked even more than two-and-a-half million times a day.”

What happens after an attack? If the attackers are stopped, the online battle rages on  and on. But if the attackers are successful, personal identity theft could be one devastating outcome.

And Michigan is not alone. For example, this article describes what happened when one woman had her identity stolen in Clarksville, Tenn. The article goes on to describe private-sector data breaches and their impact:

Two cyber attacks this year at Anthem and Premera Blue Cross health benefits companies have potentially exposed millions of Americans — including hundreds of thousands of Tennessee residents — to identity theft and fraud by cyber criminals.

In March, Premera Blue Cross officials said that the information of 11 million U.S. consumers was at risk, including the information of more than 16,000 Tennessee insurance consumers.

Last December, CNN reported that the number of government hacks and security breaches has skyrocketed.

"Espionage is happening at a rate we have never seen before," said Denise Zheng, a deputy director at the Center for Strategic and International Studies....

"This is a global problem. We don't have a malware problem. We have an adversary problem. There are people being paid to try to get inside our systems 24/7," said Tony Cole, vice president of the cyber security firm FireEye.

No doubt, different organizations have varying definitions and thresholds for what constitutes a “cyberattack” versus a “security incident” versus a phishing email attempt, but that is a different blog for another day.

Details Please - Explaining these cyberattacks: Where are they coming from?

A few good sources for understanding these emerging cyberthreats and industry cyberattack trends come from the reports and white papers produced by industry security leaders. Here are a few (free) resources to consider, along with a small excerpt with some recent data from each:

  • Symantec 2015 Internet Security Threat Report— Advanced attackers targeted 5 out of 6 large companies in 2014, an increase of 40 percent over 2013. 2014 had 24 zero-day vulnerabilities. Meanwhile, attackers are streamlining and updating their techniques while companies struggle with old vulnerabilities.
  • McAfee Labs Threat Report— “Ransomware continues to grow very rapidly — with the number of new samples rising 58% in Q2.”
  • Trend Micro Security Research and Trend Analysis — “Cybercriminals continue to enhance their tools to improve the effectiveness of cyber attacks. Tried-and-true crimeware such as the Black Hole Exploit Kit, automatic transfer systems, and ransomware have been refined and improved in ways that demonstrate how malware development has become increasingly professional in rigor, discipline, and methodology. We see this sophistication play out particularly in highly targeted, advanced persistent threats that are fast becoming the cyber threats to lose sleep over because traditional detection and prevention tools are no longer adequate. ...”

Another helpful example comes from Missouri Chief Information Security Officer Mike Roling and his government security team, who do an excellent job of describing various forms of cyberattacks that are faced by global organizations and also individuals at home. Using a Halloween-weekend theme, the Missouri Cybersecurity Blog describes how Malware Wears Costumes Too. They cover: Trojan Horses, Drive-By Downloads and Malvertising, social engineers through malicious links and scareware, and more.

The sources of these cyberattacks vary widely, but include organized crime, foreign governments, adventurous researchers with good or bad intentions and insider threats from employees. This report describing cyberthreats from the United Kingdom (UK) Government does a nice job of describing ongoing security threats online.

More Emerging Threats

Georgia Tech covers five major areas in its Emerging Cyber Threats Report 2015. These areas are:

  • Technology enables surveillance, while policy lags behind.
  • Attackers continue to target the trust relationship between users and machines.
  • Mobile devices fall under increasing attack, stressing the security of the ecosystem.
  • Rogue insiders cause significant damage, but solutions are neither simple nor easy.
  • Low-intensity online nation-state conflicts become the rule, not the exception.

Other cyberthreats that are emerging include asymmetrical warfare.

"Cyber warfare doesn't require a significant number of troops or a superior set of bombs," cybersecurity expert David Kennedy.

Iran is building its cyberwarfare capabilities faster than experts "would have ever imagined." Attacks by Iranian hackers have targeted the military, oil and gas, energy and utilities, transportation, airlines, airports, hospitals and aerospace industries, among others, and have taken place at over 50 companies in 16 countries — 10 of which have been in the US.

What Can Be Done?

“You will write a check to someone.” That is the message delivered to executives around the country by Chris Pogue of Nuix. Pogue added that if you take appropriate protective measures for online assets, such as mitigating cybervulnerabilities, conducting penetration tests, building good cyberdefense intelligence and ensuring that the right team is in place, the check will be much smaller overall than the bill you pay when a data breach inevitably happens.

Chris was one member of the emerging threats panel that I moderated at the SecureWorld Dallas event in late October. The other panelists were Ben Desjardins from Radware, Lucus Morris from CroweHorwath and Dan Geisler from WatchGuard. Similar panels were held at security events nationwide during October — which was National Cyber Security Awareness Month (#CyberAware).

Pogue's comments reminded me of the car commercial on the importance of oil changes. The message used to proclaim, “Pay me now or pay me later.” But this online security situation is much more serious than changing the oil in your car with the stakes even higher for global enterprises.

The comments from the panelists covered emerging mobile (smartphone) threats, cloud computing threats, evolving malware, applications security threats and insider threats from internal staff. The panelists highlighted the importance of patching servers, stopping known threats after risk assessments, establishing good partnerships in cybersecurity and data sharing with Information Sharing and Analysis Centers (ISACs), law enforcement agencies and other government organizations.

Should organizations “hack back?” The answer is generally no, unless you work for the Department of Defense (DoD). This recent article from PCWorld explains this complicated topic in detail. Here’s an excerpt:

Daniel Garrie, founder and editor in chief of the Journal of Law and Cyber Warfare, said countries’ varying attitudes towards cyber warfare make it harder to establish standards between the U.S. and other countries.

“Not only is there no playbook for countries and companies looking to respond to a cyberattack,” said Garrie, “but there are arguably a hundred different playbooks, for each country, making the appropriate and permissible response all the more challenging.”

In some countries, Garrie said, hacking is “not per-se illegal and it is certainly not taboo or shameful.” On the contrary, Garrie continued, “it appears in some countries that such activity is encouraged.”

No matter how sweet it seems, revenge remains an option the U.S. government doesn’t openly engage in. While it’s tempting to fighting back against perpetrators aggressively, a tit-for-tat approach risks creating more problems than it would solve.

Final Thoughts

The White House released this blog on “Modernizing Federal Cybersecurity” from Tony Scott, which described next steps on federal cybersecurity. The recommendations come following the large Office of Personnel Management (OPM) breach and other federal breaches. Here is an excerpt:

“Today, the state of Federal cybersecurity is stronger than ever before. Agencies are utilizing significant resources to protect our Nation’s critical infrastructure and to improve performance in this critical area.  However, there are no one-shot silver bullets. Cyber threats cannot be eliminated entirely, but they can be managed much more effectively. CSIP helps get our current Federal house in order, but it does not re-architect the house. Alongside today’s CSIP release, we are also issuing guidance to agencies on Fiscal Year 2015 – 2016 Federal Information Security Modernization Act (FISMA) and Privacy Management....

I want to reiterate one line which I really like from Mr. Scott, and which I have been saying for a long time. “Cyber threats cannot be eliminated entirely, but they can be managed much more effectively.” Like stopping other forms of crime, there are steps that can be taken to make a big difference, so let’s not just throw in the towel and assume that emerging cyberthreats cannot be stopped.

I urge readers to examine these various new and emerging cyberthreats, including trends, white papers, international reports and potential solutions. Strive to improve in your mitigation of these cyberthreats as we head into 2016.

 

If you like this blog, please share it with your network and click like or leave a comment. You can follow Dan Lohrmann on Twitter: @govcso 

Dan Lohrmann's Government Technology Magazine blogs are at:https://www.govtech.com/blogs/lohrmann-on-cybersecurity/

Dan Lohrmann's CSO blogs and articles can be found at:https://www.csoonline.com/author/Dan-Lohrmann/

You can follow Security Mentor on Twitter: @SecurityMentor or www.securitymentor.com

An earlier version of this blog appeared in Government Technology Magazine at:  https://www.govtech.com/blogs/lohrmann-on-cybersecurity/emerging-cyber-threats-what-when-where-and-how.html 

Prince R.

Principal at Pinnacle Systems Grp, LLC

9 年

The steady increase in the number of emerging cyber attacks and reports, like this one, of the rapid evolution in the sophistication of the mechanisms use to implement these cyber attacks is a sobering perspective which foreshadows an urgent need for security professionals and practitioners to question and reexamine the security paradigms in use today. Few prominent security analysts and intrusion tool providers realistically forecast a breakthrough technology capable of stemming the rising tide of cyber threats and data breaches is on the horizon. Current security paradigm of continuous diagnostic monitoring addresses the problem of early detection of cyber attacks, but it's at best a holding action that 'tail chases' the problem, but cannot provide a strategy to deflect the growth curve. The changing security paradigm must now address the emerging shift from a symmetric, balanced cyber attack/defense scenario to an asymmetric one which favors the attackers, both in terms of their ability to scale attacks, reduce attack costs, and level of effort. Unless we find a new paradigm can lead the way to discover ways to at least balance the scales and blunt the attacker's ability to better leverage technology, to more rapidly advance their capabilities to conduct cyber attacks, the outcome of this trend is grim and disturbing one.

回复
Mike Davis

CISO. Cyber acumen and savvy expertly applied - affordably. Resource what really matters – minimize your cyber risks worry. Experienced virtual / fractional CISO and ERM/GRC programs. CISSP, MSEE, PM, etc.

9 年

Great article, covers the solid cyber response, dispelles several security myths Yet, the crux is quit chasing threats and DO the cyber basics well!!! That nets you a 95% security incident reduction, and essentially free too Ciao

回复
John Murillo-Giraldo

Senior Cloud DevOps | AWS, Azure, OpenShift & Kubernetes

9 年

The whole picture in a single post. Really nice article. Thanks Dan

回复
Alexander Sverdlov

Need a pro to run your cybersecurity? DM me.

9 年

one should not worry about how much they are being attacked but what is going on inside their network and if they're currently compromised - that is the real problem and the elephant in the room everyone is trying to ignore - as it it tougher than buying a firewall and counting portscans

回复
Baruch Perl

Israeli Innovation | Legal Counsel | Public Speaker

9 年

Nice capture of the evolving threats landscape

回复

要查看或添加评论,请登录

社区洞察

其他会员也浏览了