The cyber security landscape is changing as both sides of the table adopt emerging technologies, such as artificial intelligence, to take the other down.
In an uncertain time, mirroring the political uncertainty of Brexit, we spoke to Bill Conner, the cybersecurity CEO from SonicWall who has helped create the UK passport and advised the UN on cyber defence.
He is certainly someone you want to be listening to when navigating the dangerous cyber security waters that organisations have found themselves in. The financial, reputational and job security consequences are too great to ignore.
10 cyber security trends to look out for in 2019
The problem of malware
SonicWall has over a million sensors in over 220 countries around the world pulling in real-time data around cyber threats. What have they found? Well, as you’d expect, malware levels and different types of malware are increasing and decreasing. But, interestingly, it appears these fluctuations depend on geography.
Let’s look at ransomware, one of malware’s most famous variants. Two years ago, ransomware dominated the headlines across different media outlets in the UK, culminating with WannaCry. If you can cast your mind back to May 2017, organisations across the world were crippled by the ransomware strain. In the UK, the NHS was hit significantly — and this is important.
In the rest of the world, ransomware levels are up. But in the UK, the numbers are falling dramatically. Why? Well, following WannaCry, “you guys were all over it,” said Conner. The severity of the attack and the importance of the institution that was targeted meant that the UK government, along with the National Cyber Security Centre and UK-based businesses, confronted ransomware head on — hence why levels are now lower than in other regions.
“Most of the vendors in the UK and their customers put solutions in place to protect against multiple family variants of ransomware,” confirmed Conner.
A necessary wakeup call: how the WannaCry attack was a good thing
Should hackers take on smaller targets and keep below the radar? Clearly, if they take on really important targets (intentionally or not), and generate significant media attention, that particular strain of malware will be exposed and targeted for destruction.
“Geographically you see who has taken ransomware more seriously, just based on the numbers,” continued Conner.
Might we see a resurgence? Certainly, because of the financial incentives for cybercriminals. When cyber security companies first started tracking ransomware, around $3 million was at stake, then it went to $76 million and now it billions of pounds, dollars, euros etcetera. On top of this, the variety of ransomware ‘families’ have exploded. What was once a tight knit household of two or three, has turned into a large town of 3,000 different variants.
The root of the cause
Conner goes someway in explaining the rise of certain types of malware, in this case the ransomware used in the WannaCry attack:
“Hackers use ransomware for direct digital financial gain. If you go back, EternalBlue was an NSA exploit and it got released by Snowden in April 2017. It got monetised and exploited by North Korea in April for Wannacry. This was the same time North Korea was getting increased sanctions. They needed money, so they went in search of digital currency — bitcoin in this instance — via ransomware attacks.”
Bitcoin’s value began to increase around this time, which suggests that there is a connection between the number of ransomware attacks — developed and pushed in this instance by North Korea — and the price surge on the bitcoin market; because that was the currency being requested.
“What I’m telling governments and enterprises is to forget side-channel exploits for the moment,” said Conner. “Right now, we need to focus on those pdfs and Office, the things you run in your business every day, because they can be exploited for IP and monetary gain. And you can’t even see it.
“The issue of tomorrow surrounds when the Intel exploits get weaponised, because that’s when the architecture fabric of processing becomes vulnerable.
“It doesn’t matter whether it’s encrypted, it doesn’t matter whether it’s in cloud, data centre or your laptop, everything can be exploited. Nation state hackers can literally attack whatever target you want and it doesn’t matter whether it’s encrypted or not.”
Cyber security best practice: Definition, diversity, training, responsibility and technology
It’s no secret, right now the US and the UK are not united — you could even say they are divided.is not so united, and the United Kingdom is not so united either.
But, unfortunately, the cybercriminals don’t care. They don’t know borders or boundaries other than is it target rich or not target rich; unless their motivations are political or economical.
“Public institutions, private organisations and different governments have got to collaborate. But, above all, we’ve got to have dedicated cyber law enforcement,” said Conner.
“It’s got to start with law enforcement. Between the UK, the US and Interpol we’ve had more takedowns in the last two years than we probably had in the five years before. Look at what’s happened with Huawei right now. So, I think there’s a good foundation for cyber collaboration across borders.
“Law enforcement sharing is better than political sharing at the moment. There are too many political agendas, but this is changing.”
Conner then pointed to the unanimous decision by Republicans and Democrats to pass a bill on cyber. With the current administration, “that’s crazy,” he said.
“Trump, for all his problems, put out a Presidential Directive on enterprise [regarding cyber] and now he’s said you’ve got to work on SME,” who are — in general — overwhelmingly unprepared for attacks.
Looking ahead: A cyber future
Based on the discussion, it was clear that the UK has improved cyber security best practice. The US is getting there, and so is Germany. However, in these countries there is a lot of political and financial reasons to be targeted, and so defences must be bolstered.
Ominously, cybercriminals are also finding new ways in.
One of the big ways in the enterprise, according to Conner, is through non-standard ports. Many individuals use non-standard ports, but they don’t put their firewall behind it, because it reduces the cost of performance. This vulnerability must be plugged.