We’re in the midst of a cyber war that threatens every single business and the vast majority of individuals. Simulation software may provide a solution, but first, the problem.
The problem is not going way, but is in fact, getting worse — technology, an increasing presence in everyone’s lives, connects the operations of pretty much everything. And so, cyber attacks are more pervasive than ever before — the majority own a smartphone.
In the cyber war, malicious cyber attacks are increasing in prevalence and sophistication, and the targets chosen are continually widespread. “Businesses, from national infrastructure and network carriers through to businesses of all sectors and sizes are in the sights of cybercriminals,” confirms Martin Rudd, CTO, Telesoft Technologies.
“Think of the nationwide damage that would happen if the organisations powering this critical national infrastructure were to suffer a targeted cyber attack. These organisations generate and store colossal amounts of personal data, making them extremely valuable to cyber criminals — but also, thanks to their gargantuan size, difficult to breach.
So, what route in can the cyber criminals take? Technological innovation works for both the good and bad guys, and with advancements in AI, hackers can attack networks and infrastructure at a incredibly high rate, with a myriad of threats from multiple vectors. “From here, hospitals can be shut down (as seen with WannaCry), cities disconnected and defences destroyed,” explains Rudd.
A necessary wakeup call: how the WannaCry attack was a good thing
So, what is a proportionate response to this global threat? What can the CTOs, CISOs and heads of security do to mitigate the threat to their employees and customers?
Rudd advises that penetration testing is a key strategy when it comes to mapping out a businesses’ network, it’s capabilities, weaknesses and blind spots. “But,” he warns, “there are two key issues that businesses often need to address that many cyber warfare simulation tools simply can’t help with.”
“The first is businesses not being able to defend against attacks they haven’t encountered before and the second is being able to generate and attack a network with a large enough — and genuine — set of traffic to test their network against real-world scenarios.
“Those are key tenants that businesses need to ensure any simulation tool they are engaging with can deliver — genuine, large-scale traffic and an existing compendium of cyber attacks to test the network against.”
Ever heard of WarGames? “By practising against highly realistic and orchestrated attacks, those in charge of defending these organisations can learn how to actively defend their networks against real-life DDoS or specifically targeted malware and significantly improve response time,” continues Rudd.
Cyber warfare: the danger and potential answers
Following comments by, Nick Carter, Chief of the Defence Staff, the most senior uniformed military adviser to the Secretary of State for Defence and the Prime Minister, Information Age quizzed experts on the threat of cyber warfare and what we can do about it. Read here
To genuinely mimic real-life cyber attacks, an organisation must be able to replicate any single type of attack and also generate multiple simultaneous attacks — such as botnets and DDoS implications — simulation software. “As such, with cyber warfare simulation, the speed of technology is much more important than the type,” Rudd explains.
“Hundreds of gigabytes-per-second are needed to paint an accurate picture of the world’s nefarious hackers and the damage they can do, as this is the large-scale that will be occurring in case of a real-life attack.”
Beyond speed, he says that it’s crucial to deploy technology that can capture intelligence directly from cyber criminals themselves in real-time — it’s no use replicating long-retired attacks. This information can then be fed into a traffic profile database to allow seamless replication delivery of genuine attacks.
Cyber warfare simulation tools for your business
1. Triton 400
Released today, Telesoft Technologies has unveiled Triton 400, a cyber warfare simulation tool that can help in the fight to regain dominance in the cyber war.
It can replicate myriad adversarial attack methods by mimicking attacks from all over the world. According to Telesoft, Triton 400 utilises a comprehensive understanding of frontline threat intelligence from around the globe to simulate natural and malicious traffic at unprecedented speeds for such a capability.
It says: ‘Triton 400 can replicate any type of attack, from password spraying and large-scale DDoS to AI poisoning, whilst also generating multiple simultaneous attacks — one as a smokescreen and the other malicious to challenge Blue teams more than ever before. It can play any PCAP for an attack; if there’s no network recording, Triton 400 can generate one, spawning malicious traffic at volume to directly test the target, system, or team. As well as individual and surgical precision attacks, the tool can also generate botnets for bulk attacks. With 400G to utilise, Triton 400 takes simulated cyber warfare to the next level, preparing organisations for the future of threats they may face.’
The Infection Monkey is an open source Breach and Attack Simulation (BAS) tool from Guardicore that assesses the resiliency of private and public cloud environments to post-breach attacks and lateral movement.
It has both attack and detection capabilities, which cover a range of cyber attacks — including, Sambacry, Shellshock and ElasticGroovy — while it can detect potential attack paths between computers and users.
Threatcare is a standalone desktop application that allows businesses to leverage Breach and Attack Simulations and other techniques. CTOs, CISOs and equivalents can use it to test network security, even without an internet connection. With the addition of Threatcare agents, businesses gain the capability to schedule techniques and playbooks across multiple networks simultaneously.
NeSSi (Network Security Simulator) is a novel network simulation tool which incorporates a variety of features relevant to network security distinguishing it from general-purpose network simulators. Its capabilities such as profile-based automated attack generation, traffic analysis and support for the detection algorithm plugins allow it to be used for security research and evaluation purposes.
For all those Windows domain users, CALDERA is an automated adversary emulation system, built on the MITRE ATT&CK framework. It works by attaching abilities to an adversary and running the adversary in an operation.