ACCESS to information has played a most important part in development and innovation. With the Internet, knowledge is no longer confined to those that can afford a good education or have access to materials that can only be acquired if you have the means to buy them. Internet connectivity coupled with cheap computing power can now allow anyone not only to read or view materials but also access to devices and machines without having to physically be there to operate them. More importantly without having to spend to buy one. What more with live simulations and the coming augmented reality technology?
We must take the good things with the bad, that’s just how it is in life. It is no different with technology and security for that matter.
Just as there is an abundance of free and accessible knowledge with respect to applications, tools and services to build things, there are also about the same amount of information on how to destroy them. Because information can either be used for good and bad like a double-edged sword; responsibility and preparedness has now become a norm to guard against the ‘dark side’ of the force. Whether for financial or personal gain there will always be entities that will push the boundaries of righteousness, humanity and justice to the edge.
So, just how bad is it with regard to computer and information security these days? With pronouncements from the United States government agencies telling us that a ‘Cyber Security Pearl Harbor’ and a ‘Cyber Security 9-11” is imminent, and all other disturbing news about security breaches, data leaks and other cyber incidents now directly affecting the physical world abound – it does not look too rosy, doesn’t it? The real question though is how much of these are rhetoric and how much is real? Are people just overreacting? Is it more difficult to protect yourself today than ever before?
Consider the following recent exploits:
•WikiLeaks disclosed source codes and other materials of CIA’s hacking and monitoring tools/activities to the public—now hackers have access to the ‘weaponized’ tools of America’s covert intelligence agency. It is a treasure trove of information for any hacker with malicious intent.
•Difficult or undetectable exploits in both the operating systems and even in the firmware of computers – exploits that target not only the application software but bury themselves into the operating system and even in the firmware or bios of computers and other devices.
•File-less or stealth malware that can reside on memory and legitimate areas of your computer – exploits that live on the memory of computers or as stealth and dormant files in legitimate locations of the computer.
•Jackpotting exploit of bank automated teller machines (ATM) – directly interfacing with ATM hardware and causing the machine to dispense cash.
•The continuous rise and sophistication of Ransomware – malware that encrypts data whereby the perpetrator keeps the decryption keys for a price.
•More creative and advance phishing schemes – playing more and more on the gullibility of people and able to insert themselves in the middle of email conversations surreptitiously until it is too late to realize that you already transacted with the hacker.
•Continuing leakage of personal information due to vulnerabilities and lack of adequate security by government institutions.
The field of battle has somewhat shifted and whereas before that the detection and prevention were done at the gateway (the outer fringes of your network that connects to the public internet), exploits and vulnerabilities have found ways to bypass them and attack the hosts or computers inside. This plus the inherent weakness of the users such as downloading unsecured applications and going to suspicious websites all make the task of detecting malware infections more difficult. The fact is that today, more and more organizations have already been breached and there are malware already lurking within their corporate IT undetected and ready to strike if not at all already infiltrating (sending out) data to its host attacker.
We must realize though that attacks can only be mitigated and responded to if vulnerabilities or exploits are discovered in a timely manner. Unfortunately, in this game the hacker is almost always the first one to find these. And there lies all the difference as hackers have more time in their hands than many of us. The time it takes for a vulnerability to be discovered and for the software or hardware vendor to create and distribute the patch is known as a ‘zero day’ attack. During that period, the hacker has the window to do his dirty deed.
To be prepared for today’s state of the hack, the need to move from a reactive stance to a real-time mode of security posture becomes inevitable. It can only get worse and much concern is security capacity building. Not all organizations have a dedicated complement of security professionals to match the hackers much less the education, expertise and time to match them pound for pound.
Security professionals and providers are rising to the challenge and are responding accordingly to thwart these attacks. Newly developed endpoint detection and response (EDR) software provides a more promising type of detection and mitigation as supplement for anti-virus/malware at the workstation level, and managed security services (MSS) that offers ‘threat hunting’ – a proactive service of continuous analysis and correlation of all computer and network events and logs to actively detect and thwart attacks in realtime—is worth considering.