Subscribe
  • Home
  • /
  • Malware
  • /
  • The urgent need for a radical approach to cyber security

The urgent need for a radical approach to cyber security

Immunisation or ‘vaccination’ against the effects of a cyber virus and related threats after they have been downloaded represents a radical shift in thinking and strategy.
Paul Stuttard
By Paul Stuttard, Director, Duxbury Networking.
Johannesburg, 01 Dec 2021

Computer viruses have been around for decades. They were initially identified as “creeper systems” after the first such system was created in 1971 as a security test to determine if a self-replicating program was possible. It was.

While the Creeper virus had no malicious intent, those that followed − starting with the Rabbit virus and continuing to this day with many variants – were each more dangerous than the last.

It did not take long for the industry to develop counter-measures. Firewalls, in the form of security software or firmware, soon appeared. These ‘gatekeepers’ formed barriers between computer systems and networks, and were designed to block potentially harmful data traffic.

This traffic could be in the form of a virus or Trojan, ransomware, spyware and other online threat, including malicious hackers attempting to gain entry to the system.

As computer systems gained in complexity, so firewalls evolved over time, incorporating newer cyber crime-fighting techniques to address the increasing sophistication of the threats they faced.

Today, so-called new-generation firewalls (NGFWs) incorporate a number of advanced security measures in addition to the ubiquitous anti-virus protection. These include intrusion prevention, together with encrypted traffic and deep packet inspection, which enables the use of internet applications to detect and then deny access to all applications considered insecure.

While this ‘detection first, then remediation’ approach might be seen as the last word in cyber security by some, it is an aging concept. Although NGFWs and similar defences make every effort to stop attacks from reaching computer systems, they do not prevent the attacks from taking place in the first place.

In order to adopt a more preventative approach, a change in the way in which cyber security is viewed is necessary. This change in perspective is growing in urgency with the arrival of sixth-generation (Gen-6) cyber attacks, which are forcing many organisations to re-evaluate and change their strategies.

In order to adopt a more preventative approach, a change in the way in which cyber security is viewed is necessary.

The multi-vector and polymorphic nature of Gen-6 cyber attacks allow an intrusion which, for example, could begin with an attack on an employee’s smartphone, to result in a rapid and unexpected data breach, via the cloud, in the data centre or the production plant.

Moreover, Gen-6 cyber attacks are characterised by their superior disguises, thanks to their ability to use different content for each attack, or appear to security barriers behind the mask of a legitimate application.

Gen-6 attacks are significantly more destructive than their forebears. Their devastating power is poised to increase in line with the broad-based adoption of 5G networks, which will expose vulnerabilities related to network-linked internet of things devices.

In this light, new Gen-6 attacks are expected to render many traditional detect-and- remediate technologies less effective if not obsolete. One reason is the inherent delay between the initial identification of a potential data breach and the remediation of detected vulnerabilities, which Gen-6 attacks will exploit to the fullest extent.

As companies increase their conventional efforts to guard against Gen-6 cyber attacks, overzealous blocking is likely to result, increasing the number of false alerts, which may be felt in costly holdups and time-wasting interruptions to data flows.

The challenges associated with mitigating Gen-6’s threats are sparking a significant change in the way cyber security specialists view the threat spectrum. This is far removed from the ‘entry-denial’ concept common in the firewall era.

Today, prevention is seen in terms of an immunisation or “vaccination” against the effects of a virus and/or related threats after they have been downloaded. It represents a radical shift in thinking.

How does it work?

According to cyber security specialists, computer viruses and many forms of malware have similar infection mechanisms to biological pathogens. Experts are using logic, artificial intelligence and machine learning to help model and simulate malware spread in line with the way in which the spread of pathogens is researched and analysed.

Results have been positive. It has been possible to identify the methods of transmission used by many malware variants, their rate of infection, and the number of computers, devices and systems which could be infected by a single intrusion.

In a paper presented to the Blekinge Institute of Technology, authors Oskar Eliasson and Lukas Ädel highlighted the intelligence linked to new malware strains and their innate ability to avoid detection by security programs.

“Malware can check for the existence of security-related programs and artefacts [such as honey-pots, sandboxes and environments which isolate malware] before executing malicious code. Depending on what they find, they will evaluate if the computer is worth infecting or not,” they note.

“The idea is that by identifying these checks, we could ‘vaccinate’ a system with data-points that trigger these checks and trick the malware into believing a system is protected and aborting its malicious behaviour.”

One of the ‘tricks’ could centre on the concept of using infection markers − usually used by malware to prevent multiple infections of the same computer – within the vaccination process to prevent clean systems from becoming infected.

A key advantage is that infection markers are not affected by traditional evasion techniques common to Gen-6 malware, such as code obfuscation or (as mentioned) polymorphism.

Looking ahead, those in the cyber security arena are suggesting that detection after the fact and on-going research into malware spread and malware reverse engineering could result in useful modelling for testing and evaluating interventions which could be applied in the medical field.

Share