One of the biggest challenges for those of us working in cyber security is not only how we keep pace with cyber criminals, but how we actively anticipate their next steps. Right now, this is more challenging than ever, as we see cyber criminals raising their game in response to better and more sophisticated security practices.
The threat landscape is swiftly evolving, with less-skilled cyber criminals effectively being forced out of business, or at least pushed right down the food chain. This might sound like great news, but evidence suggesting that less focused, mediocre cyber criminals are rethinking their nefarious careers means that, conversely, we are left with the very best. It is the brightest who are now stepping up their game to survive and thrive in this highly professionalised new world order.
A new breed of cyber criminal
The enduring image of a hacker for many of us is one which comes straight from the Hollywood play book. This conjures up a picture of a young person (wearing a hoodie, of course – hackers always wear hoodies, right?) in their late teens or early twenties. They’ll be lone cyber warriors, motivated by a heady combination of fame, injustice or innocent mischief-making. If this was ever accurate (and it’s not a stereotype I have to say I recognise), things have definitely moved on now.
2018 was a year in which we saw the rise of capitalist cyber-criminals, motivated by ever greater financial rewards (which can now run into millions of Pounds) who treat their criminal activities very much as a profession. These hackers are focused primarily on ransomware – malicious software that either threatens to publish data or permanently block access to it unless a ransom is paid. Right now, this is very big business.
A new way of working
In some senses, we have to admire their ingenuity and work ethic. This new type of hacker is increasingly going to great lengths to craft hand-delivered, highly-targeted ransomware attacks that are a world away from the ‘spray and pray’ style attacks we’ve previously seen distributed automatically (some might say, lazily) through millions of emails.
For those of us trying to keep ourselves and others safe online, targeted ransomware is far more damaging than if delivered from a bot. Human attackers are able to find and stake out victims, think laterally, react quickly and in real-time, troubleshoot to overcome roadblocks, and wipe out back-ups so the ransom must be paid. This“interactive attack style,” where hackers manually make their way through a network step-by-step, is now increasing in popularity.
The cyber security industry is seeing stealthier and more sophisticated ransomware attacks – attacks that are individually more lucrative, harder to stop and more devastating for their victims than attacks that rely on email or exploits to spread. The impact can be devastating. Targeted attacks can lock small businesses out of critical systems or bring entire organisations to a grinding halt, just as we saw when a recent SamSam attack against the city of Atlanta did exactly this.
For cybersecurity professionals the way in which these attacks are happening is especially concerning as they are carried-out in a way that’s hard to stop and easy to reproduce.
In a targeted attack like this, the assailant’s job is to break into the victim’s network and maximise the chances of the ransomware succeeding, and the adversary most likely to stop the attacker in their tracks is security software operating as one of several layers of overlapping protection.
What does this all mean for cyber security?
Writing ransomware that won’t be detected by security software is no easy task, and attackers often achieve this by exploiting operating system vulnerabilities that give them privileges and, therefore, access.
If they can make themselves an administrator, an attacker will be permitted to run powerful administration tools that can disable security processes and force the deletion of files, bypassing the protections put in place to stop the attackers uninstalling security software directly. If this makes it sound as though security software is losing its power, this is very much not the case. Set up correctly, it can defend itself by blocking the legitimate third-party utilities that might be used to undermine it.
What can we do?
Targeted attacks may be relatively sophisticated and are definitely giving organisations plenty to worry about, but the criminals behind them aren’t looking for an intricate game or a complex challenge, they’re simply looking for vulnerable organisations. In this sense at least, very little has changed. As has always been the case, the best way to get yourself off an attacker’s hit list is by making your organisation less vulnerable which lies in getting the basics right.
Now we know how determined and engaged attackers are now, it highlights how important it is to make sure if they do manage to break into your network that they’re met with robust layers of overlapping defences. There is no single silver bullet to ensure we are protected from attacks like these. What we can do is ensure that good security practices are in place to maximise our chances of thwarting the most determined of hackers as they develop increasingly more sophisticated ways to make money out of us.
Original report can be found on Forbes.