Some people refer to the current state of threats as a ‘cyber cold war’ or as an arms race likening the challenges we face now as security professionals to those faced when dealing with the international threats of the 20th century.
What started out as hobbyist hackers accessing systems for the thrill of the act itself quickly moved to criminal enterprises with lucrative global markets to the now state and organisation sponsored advanced persistent threats.
As technological capabilities advance to protect our electronic and physical information assets so do the capabilities of those who have a need to access or disrupt them for gain.
When business models began to move to better leverage technology, information became a tangible asset to be bought, sold and used. With its increase in tangible value the threats against it grew and adapted.
Criminals began to exploit the interconnected nature of the internet evolving acts such as extortion and protectionism in new ways. If you can’t extort money by threats to physically prevent a shop or business trading because its customers are now online, can you make money from denying them access to it electronically?
This threat evolution has continued as society has moved almost totally online and has begun to use electronic means to carry out every aspect of our daily lives.
The criminal world also began to use electronic means to attack end users, exploiting lack of awareness and technical know-how coupled with the increased reliance on technology to directly target end users for financial gain.
Criminals today have a sophisticated economy of service providers and high tech expertise to fully take advantage of their current targets. A threat that was once focused on single criminals is now focused on major organised crime crossing international boundaries and jurisdictions.
Alongside this threat maturity has been a more hidden class of threat that many would not have been exposed to previously.
These threats are an information technology aware trend in state sponsored and supported espionage and intelligence that has always been a problem in its more traditional form to the manufacturing and defence industries.
Given the name advanced persistent threats, these are becoming a major issue for many business and industry sectors today.
There is now more than circumstantial evidence of a new threat model emerging for both the criminal and intelligence exploitation of systems containing information of economic, defence and intelligence value.
This new class of threat is distinct and by breaking down the terms used to describe these threats we can clearly see the themes than underpin this new model.
These new threats use advanced technical attacks including ‘weaponised’ versions of system exploitation code often used very close to their exposure date if not before it is even identified.
Once access has been gained to a system the attackers will covertly maintain a presence in the target system and exfiltrate information over a period of time taking steps to avoid detection.
Neither the attacks are random nor the information assets targeted. The sources and types of information attacked are chosen deliberately based on their perceived value for commercial, economic or intelligence gain.
A major part of these new threats is the support network behind them - command and control channels for malicious software are becoming increasingly sophisticated and complex challenging a defender’s ability to detect and remove the threats once installed.
What can defenders do to prevent these attacks or to eradicate them once found?
In my opinion no new solution is needed - implementing good security practice at every step of the business and technology process involved will lessen the chance of a threat being realised if it is detected and reacted to quickly.
In the home
The same solutions apply to home users. As an industry we need to see a move to designing and building secure systems that are easy and safe to use as well as raising user awareness to what threats are present and how they can prevent themselves becoming a target.
Once security concepts become embedded in both our business and personal lives the arms race will undoubtedly continue but with defenders perhaps leading the field. It may even push these attackers into another unprotected area of our business and personal lives.
The next step is not to predict the new threats but the targets they will be looking to access.