Profile hackers to stop them in their tracks
To understand the cyber security challenges we face, we need to understand the hackers.
So said Mikko Hypponen, chief research officer of F-Secure, during his keynote address this morning at ITWeb Security Summit 2018, at Vodacom World in Midrand.
Hypponen puts hackers into five groups: ethical hackers, activist hackers, organised crime gangs, hackers working for the military or intelligence agencies, and terrorists and extremists.
This wide range of attackers has different targets and different motivations, meaning they need to be fought in different ways.
"Before building security, an organisation needs to do threat assessment. Questions such as who are we, what do we do, what do we have to worry about, are we a target, and if so for whom, need to be answered. This helps put limited resources and budgets in the right place."
There are two kinds of cyber security problems: technical problems and people problems.
"Users are critical here. [Technical problems] can be really tricky, but at least we know how to fix them. They are just bugs in the code. But if it's a people problem, there's no patch. You can't patch the human brain. People make mistakes."
You can't patch the human brain, says Mikko Hypponen.
He noted attackers are really creative at coming up with new ways to target users. A recent example was a group of cyber criminals who were trying to breach a specific organisation, but their defences were too good and persistent.
"Eventually, this group sent e-mails to employees within the organisation, thanking them for subscribing to a mailing list, namely YouPorn and RedTube. Cleverly, the unsubscribe button link led to infection."
Our world would be easier if the attackers were stupid, but they're not, he said.
The way we 'follow the money' is the core reason we are seeing a shift in attacks from traditional systems, to things relating to crypto-currency, he commented. "It's harder to follow the money with crypto-currency. The same attackers that attacked banking systems are moving to attack crypto-currency systems, which all run on blockchain, a public ledger of transactions. You can see the transactions but not who is sending and to whom.
Hypponen said this is why we have seen a rise in the number of ransom Trojans.
"We are currently tracing 130 gangs who make their money from ransomware. In addition, we are seeing phishing and scamming attacks that target crypto-currency systems; for example, tweets appearing to be from famous people such as Elon Musk offering exchange of crypto-currency for a lot more real cash.
"We are also seeing a large number of heists from Bitcoin exchanges. They are a softer target with fewer resources to throw at security, but still handle large volumes of cash."
In terms of traditional defences, Hypponen said for years and years we have secured our networks by building big walls around them, strong firewalls and other intrusion prevention systems.
"The real world equivalent would be a vault. Traditionally, a vault wouldn't have internal sensors, as no one can get in. But this is no longer the case. There are ways of getting in. You can't keep everyone out all the time. You must have sensors within the network."
We need to build systems that can detect when something goes wrong, and these systems also have to think beyond computers, as the Internet of things is seeing all manner of devices connected.
"You may think it wouldn't matter if a device is hacked (your fridge, for example), but it's not about the device, it's about the network behind it."
Everything is becoming smaller and smaller, and everything is becoming cheaper and cheaper, setting up new challenges for security professionals.
"Look back at the first computers and how big they were. Today, a chip with the same power is as small as a grain of salt. Everything is becoming virtualised, cheaper and smaller. And it's our job to defend all of this," he concluded.