Stealthy and complex: Understanding cyber attacks of the future
Syniverse's Phil Celestini looks at how cyber crime is set to get even worse as a result of lower barriers to entry and well-resourced state attackers
The seemingly endless number of high-profile cyber attacks has helped pushed IT security to the forefront, not just of public awareness, but in the boardroom too. However, too many organisations still rely on outdated misconceptions and assumptions in their response to the threat.
To make real progress in combatting the next generation of attacks, it's crucial to understand that the rules of the game have changed. Key to this is understanding the profile of today's cyber attackers, their mindset and motivations, and the upheaval their attacks can now inflict.
Today's cybercriminal
It's important to understand that the definition of a cybercriminal is evolving.
First, the barriers to entry for conducting cyber crime have been profoundly lowered. Today, a single hacker working alone with a malware kit purchased anonymously online can mount substantial attacks on an organisation's network. And, with search engines crawling the web 24/7, looking for connected devices and systems with known vulnerabilities to exploit, the effort to find easy targets has been much reduced, too.
It's equally important to understand that IT security experts know they are on the defensive in their fight against cybercrime. Hackers have two all-important advantages: ease of access to free-flowing communal knowledge, and illicit tools within their underground communities, together with the initiative to decide when and where to apply them.
Compare this to the siloed approach among various corporate IT and business departments.
For these departments, it can be a struggle to even collaborate among themselves on everyday matters, let alone with outside organisations over something as sensitive as security. Consequently, corporate cultures can hinder companies from being able to properly organise and defend themselves with the best available information.
Defining the hacker mentality
To better defend against the next generation of attacks, we must also have a better grasp of the mindset of the adversaries we're facing: everyone in IT needs to distinguish between the attitudes of security administrators and the hackers they face.
Security administrators must, essentially, play catchup, constantly patching the system flaws that made the last attack possible, while minimising maintenance windows and network downtime affecting the business.
Hackers, however, move on quickly from their last attack and focus on new attack vectors to steal data, take down a network or just to cause havoc. The stark contrast between these reactive and proactive approaches is one that the IT industry still needs to address; one that will require new ideas if it's going to take back the initiative.
What's more, many outside the cyber security community don't really have an accurate expectation of how cyber attacks present themselves.
Typically, the public still thinks of network attacks as loud, aggressive assaults on a company's technology. But this is another misconception, as the most dangerous cyber attacks of today have increasing levels of stealth and complexity, for which organisations need to recalibrate their understanding.
New breed of cyber attacks
The 2014 attack on Sony Pictures Entertainment's networks and systems by the North Korean government marked an inflection point: security experts already knew how the nature of cyber attacks had changed, but for the first time it highlighted the new dangers to the general public. It also offered an insight into how more attacks in the future may arise.
In the Sony Pictures attack, nation-state hackers using known criminal techniques entered the network and silently established a persistent presence without detection. Months after entering Sony Pictures' systems, the attackers ransacked the company's entire network environment, stole huge data sets and released vast amounts of employees' personal information and emails, and then executing disk wiper malware as they exited the network.
This was another inflection point the cyber security community had predicted - the destruction or corruption of data on compromised systems, not theft. It's an increasingly common feature of modern attacks, as is the wholesale destruction of system log files as hackers seek to evade network defenders and baffle incident responders.
In the Sony Pictures breach, a company's systems were hacked, and private data was leaked, stolen and destroyed with serious, but manageable, consequences mainly confined to one organisation.
But consider the consequences of a similar attack on, say, a healthcare provider's network in which hackers compromise, deny access or even erase medical data. Lives could easily be put at risk, and the havoc could be taken up to a whole new level.
Private networks
There is no single solution to countering the mounting threat of sophisticated cyber attacks. But one promising response lies in moving business transactions off the public internet to private networks.
The paradox of the public internet is that despite how we use it today, it was never designed to be a secure environment. It was conceived as a network for researchers to share data, not protect access to it. And it's been more of a best-effort network than a best-in-class one.
For this reason, private networks have emerged as a promising answer to protecting transactions as the number of cyber attacks continues to grow. These networks can be utilised to minimise business risk by providing a high level of security from the public internet; global but flexible connectivity; and better performance with higher capacity, higher speed, and lower latency.
In these ways, private networks offer a solid starting point for companies that want to conduct online business more safely.
United front
It's vital that companies, governments and IT companies continue to come together in a united front to change today's outdated perceptions about cyber crime. The barriers to entry of launching disruptive online attacks have dropped drastically, and these attacks are steadily escalating in stealth and complexity.
We must reassess our understanding of the profile, mindset and destructive ability of today's cyber criminals to make greater progress in stopping them. In this area, private networks offer a reliable approach to protecting transactions and data in an age in which devices and systems connected to the public internet have become unacceptably open to attack.
Phil Celestini is chief security and risk officer at global communications company Syniverse