More and more networked devices, professionalized hacking groups, and the development of sophisticated malware become a growing challenge for security managers as attacks are pushing the boundaries of traditional security solutions.
The significance of the current threat level is obvious when looking at the headlines of the past few days. The WanaCrypt0r 2.0 (also called WannaCry, WannaCrypt, Wana Decryptor or WCry) ransomware attacks clearly put the cat among the pigeons by targeting organizations that didn’t take cybersecurity serious enough. It is believed to derive from NSA hacking tools that were leaked earlier this year now even North Korea is suspected to be the blackmailer.
Anyway, according to Ben Gidley, Director of Technology, Irdeto, these ransomware attacks could have easily been avoided if organizations had their systems patched properly and implemented a defense in depth approach to cybersecurity. He stated that “a patch was issued on March 14 to fix that vulnerability, so the organizations affected by these attacks could have easily avoided becoming the latest ransomware victim. However, this negligence has resulted in PCs and data across several organizations to be held hostage.” “Currently, most companies focus on protecting their systems from the outside-in with strong perimeter security. But it’s too easy for hackers to get past the perimeter, especially in an open environment which is commonplace for most organizations today. By implementing a defense in depth approach, even if the hacker finds a way to break in, they won’t be able to steal, or hold hostage, what’s inside”, Irdeto’s expert explained.
The increasing spread of memory-based attacks has been considered as particularly threatening: So-called ‘in-memory’ attacks use malicious programs that are only active in the memory and are executed there by legitimate software. Because no malware files remain on the hard drive, memory-based attacks are very difficult to detect afterwards. After a system reboot, for instance, nothing can point to the previous attack. Static and antivirus solutions targeted at the detection of files are helpless in attacks of this kind and therefore practically superfluous.
While the number of traditional .exe-based attacks decreased somewhat, the number of file-less attacks has more than doubled and a further increase is expected, according to reports. Particularly, foreign-intelligence agencies increasingly rely on such disguised attack methods, which do not leave any artefacts on the file system and therefore have particularly high infection rates.
Hence, Microsoft President Brad Smith criticized the U.S. and other nations, saying the recent WannaCry attack represents “a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today, namely nation-state action and organized criminal action”, recommending having international standards in place to compel countries not to stockpile or exploit software vulnerabilities.
That conventional antivirus technologies can be bypassed by in-memory malicious programs is no secret anymore, but the detection of signature-based malware is becoming a problem for today’s security solutions as well, mainly because of the sheer endless amount of new and modified programs that are released to victims every day. Experts talk, for instance, about up to almost 400,000 new malware samples daily, which kind of explains why antivirus software vendors are not able to update their products and solutions as fast as hackers upload new programs.
Companies that want to fight the highly sophisticated and ingenious malware and ransomware attacks must take a step forward, focusing in particular on the protection of their endpoints. Looking at research, almost three-quarters of all data leaks are ultimately traced back to attacks on end devices.
Endpoint protection solutions, based on innovative approaches such as machine learning, dynamic behavior analysis techniques and intelligent automation are needed, as such technologies make it possible to identify malicious codes based on its runtime behavior and manages to help companies defend and block new and unknown malware strains.
Security is a necessary precondition for the operational use of information systems and informational self-determination. The more it is a pity that the actual relevance of IT security is often only recognized when absent. I am convinced that especially the online marketing world will have to change radically when talking about data and dealing with “the gold of the digital industry”.
Digital advertising will have to face the new situation and safeguard its unbeatable feature: Nowhere else than online, brands can work with data on the smallest, almost cellular level, all but impossible in classic advertising environments such as print, TV or radio. Online campaigns use data to deliver the most attractive purchase incentive for any target group and the operators of social networks monetize their efforts by generating attractive data-driven advertising environments. But if users feel their data is no longer secure, we know that it could come to a use boycott, clearing the way for other services.
Even if we try to make the best of it, the Internet is and will probably always be an unsafe medium. The euphoria about its possibilities, its global data exchange, and the huge potential of abuses makes it dangerous. Integrity by default is needed for having a chance to fight the thugs and devastating consequences.
By Daniela La Marca