[BreachExchange] Who can we trust in 2017? The cyber attacks shaking our faith – Threat of the month

Audrey McNeil audrey at riskbasedsecurity.com
Mon Jan 16 19:02:11 EST 2017


http://www.itproportal.com/features/who-can-we-trust-in-
2017-the-cyber-attacks-shaking-our-faith-threat-of-the-month/

‘Trust’ attacks in the news

A new year, a new threat. Modern attackers are moving away from pure data
theft or website hacking, to attacks that have a more subtle target – data
integrity. In 2017 we expect to see attackers use their ability to hack
information systems not just to make a quick buck, but to cause long-term,
reputational damage to individuals or groups, by eroding trust in the data
itself.

The scenario is particularly worrying for industries that rely heavily on
public confidence. A laboratory that cannot vouch for the fidelity of
medical test results, or a bank that has had account balances tampered
with, are examples of organisations at particular risk. Governments may
also fall foul of such attacks, as critical data repositories are altered,
and public distrust in national institutions rises.

These ‘trust attacks’ can also be expected to disrupt the financial
markets. An example of this is falsifying market information to cause
ill-informed investments. We have glimpsed the potential of disrupted M&A
activity through cyber-attacks already - is it a coincidence that the
disclosure of the Yahoo! hack happened while Verizon was in the process of
acquiring the company?

And these attacks even have the power to sway public opinion. Hillary
Clinton’s election campaign suffered a blow when tens of thousands of
emails from her campaign were leaked. An even graver risk would be that a
nation state or other sophisticated group could not just leak emails, but
manipulate them to create a false impression that a candidate has done
something illegal or dishonourable.

While the result of this year’s US presidential election may seem stranger
than fiction, tomorrow’s cyber-attacks will make it harder than ever to
separate the real from the false.

Humiliated at the top

Away from the headlines, businesses suffer daily attacks that would be
detrimental to trust if allowed to escalate. Senior figures are often
purposefully or indiscriminately the subject of such attacks, which, if
revealed publically, could humiliate the individual and slight an
organisation’s credibility. For example, Darktrace recently discovered that
a senior executive of a US finance firm visited a website that was
prompting visiting devices to communicate with it via an insecure channel,
revealing sensitive details in the URL such as name, contact details and
passwords.

This wealth of personal information was open to be intercepted and
exploited – it could have been used to personally target the senior
executive via a phishing campaign, or allow the attacker to impersonate him
by logging into services where the same logins were used. Although the
finance firm had deployed legacy security tools across their network, the
activity was not flagged as threatening due to the website itself being
legitimate. However, Darktrace was able to identify the connection as
abnormal, allowing the company to investigate and stop the threat before
damage was done.

Bad data, bad decisions

Crucially, decision-making by senior government officials, corporate
executives, investors or others could be impaired if they cannot trust the
information they are receiving.

For instance, what if critical infrastructure providers were targeted by
hacktivists wanting to turn off an oil rig? Instead of targeting the oil
rig itself, an attacker could hide smart malware in the geophysical survey
databases allowing the underlying data to be changed, so that the
multimillion pound drilling rights are bought in the wrong places and many
oil rigs come up drier than expected. If the attack thinks the survey
database is too well protected, they could infiltrate the ocean sensors
(Internet of Things) that are collecting the data in the first place and
influence the decisions right from the start of the ‘information supply
chain’.

This is just one example of how the bad guys could cause damage by
undermining the integrity of data. But ultimately, any business that makes
strategic decisions based on data is equally vulnerable, such as the
financial services sector.

Assuring confidence with machine learning

Clearly, today’s increasingly sinister attackers can erode our faith in
large corporations and public figures alike. So, what can be done? The
bottom line must be that we cannot continue with security status quo, when
the rules have changed. The threat is inside the network. Just like how the
human immune system detects and responds to new viruses under the skin,
organisations need to constantly monitor for compromises within their
borders. This requires learning a sense of ‘self’ and rapidly responding to
‘non-self’ behaviours, before they cause crisis.

New machine learning technology and advanced mathematics can effectively
mimic an organisation’s ‘immune system’. Such technology is able to learn
on its own and intervene early in suspicious activity, without relying on
rules and signatures to look for pre-categorised threats. By mapping the
typical interactions between every user, device and network as a whole,
anomalous digital behaviours, symptomatic of insider or external threat,
can be detected and efficiently dealt with before they develop. This level
of visibility is especially important given the growing prevalence of
insider threats, whereby employees or, even third party suppliers,
purposefully or inadvertently put data and systems and risk.

Moving into 2017, machine learning will be indispensable in automating
threat detection and response. As we saw last year, new threats like
ransomware can spread in minutes. With human security teams unable to match
such speed, it is time for the machines to fight back.

This approach is the best chance we have to stop ‘trust’ attacks in their
tracks and protect the confidence we have in the data and decisions that
underpin modern society.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170116/4f8af84a/attachment.html>


More information about the BreachExchange mailing list