Evolution of Cyberwarfare and Cybercrime
Since the turn of the century, the state of cyberwarfare and cybercrime has grown by leaps and bounds. The concepts of advanced threats, sponsored nation state organizations and highly motivated criminal organizations are relatively new, but the use of the internet and the cyber domain as a means of attack has been well established for the past 15 to even 30 years.
In the 1990s, with the surge internet of users and the abundance of cyber commerce, cybercriminals sought new methods to exploit targets. General denial of service attacks became common ways to ransom money from the websites and identity theft trended upward. During this time cybercrime became the breeding ground for new and advanced payloads to be created, tested and deployed with ease.
At the turn of the century, we saw the beginnings of what were to become more progressive and rapid spreading cyberattacks. Worm viruses such as Sasser and SQL Slammer made their way across cyberspace. These viruses spread through the internet targeting unpatched vulnerabilities in systems such as IIS and SQL servers. Advanced forms of these worms became more weaponized over time with the intent to not only spread rapidly, but also call home and receive commands from their owners, effectively creating the first forms of C2 botnets usually used for widely dispersed, hard to mitigate distributed denial of service (DDoS) attacks.
By 2007 intelligent forms of highly targeted malicious payloads were discovered. Stuxnet, Duqu and FLAME were designed to destroy critical systems of nation-states or used for the exfiltration of sensitive information from targets. While never attributed to any one nation-state, the advanced nature of these programs indicated that their creators had significant expertise and resources available to them and that the attacks were likely from sponsored organizations or highly funded criminal groups.
Since the release of these virus variants, the weaponization of the internet grew in leaps and bounds. Swarms of advanced malicious payloads modeled after Stuxnet and similar attacks became widely used by individuals with criminal intent. Ransomware attacks – which encrypt critical data and lock out its victims until some form of ransom is paid via nearly untraceable transactions – grew in prevalence.
So now what?
While it may seem all doom and gloom, there are some good things happening as a result of all the unsavory activity. Each day, more and more people and companies are becoming security-centric. The majority of these attack campaigns rely on user input and interaction and take advantage of those lacking fundamental understanding of how technology works.
Forward thinking is crucial to addressing the continuously-evolving threat landscape. Organizations must realize that the way they do things today may not be the way to do things tomorrow. Cybersecurity and information assurance are still in their infancy and are constantly changing. The best way to be forward thinking with our processes and procedures is to be open minded to working with others, so that as a community we can objectively determine if what we are doing is effective. Below are some practices that work well.
Real knowledge is to know the extent of one’s ignorance. – Confucius
Educating yourself is the first step to mitigating the threat of cybercrime: this is most important when it comes to home and personal use. Social engineering and phishing campaigns are still major methods of malware distribution, whether with ransomware or variants like Dridex. Be mindful of messages you receive, especially unsolicited messages, via email, SMS or social media. Even if you receive a message that looks like it is from your bank, social network or financial service provider, be careful; it’s better to go directly to the site instead of clicking on any links or following instructions within the email. Additionally, learn to view the actual sending address within your preferred mailing application. It is easy to set a sender name as “Joe’s Bank,” but if you check the actual address it could be [email protected] Learn to install and use fundamental security tools such as antivirus software, host-based firewalls and anti-malware systems. You don’t always have to dip into your budget for these; sometimes you can get free full versions of commercial off-the-shelf software from your internet service provider; check its online portals for anything they may offer. A list of free security tools can be found here, too.
For corporate settings, regular security awareness training sessions, helpful email reminders and posters in areas with heavy foot traffic can be great tools to enable your end users to think smarter when using information systems at work. Educating your workforce is a great way to reduce risk. In addition to awareness training, outsourcing a company to test your employee’s resiliency to phishing and social engineering is a sound practice. Many organizations can help you facilitate social engineering tests to measure the effectiveness of your awareness initiatives.
It’s cold outside; wear more layers…
Taking a layered approach to securing your identity online is easier than ever. Methods for how users authenticate, identity and access sensitive information systems have evolved. The right identity in the wrong hands is always a worst-case scenario but the rise of social engineering attacks and the effectiveness of phishing show that identities within an organization and at home will remain key targets. Many organizations are adopting multi-factor authentication and other forms of strong authentication to safeguard their sensitive data and consumers.
For years the multi-factor approach to authentication had been reserved for the most sensitive, classified information systems. Most of these implementations were manual processes and utilized additional hard tokens that users carried with them. Today, there are a number of methods to use multi-factor authentication, such as one-time-passwords (OTP), hard or soft tokens or combinations of OTPs, biometrics and other pattern-based recognition systems, such as how a user types a sentence or says a phrase. Over time these forms of authentication will grow more accessible and become standard approaches to further protecting individual identities within systems. If you are an organization offering services to customers, adopting strong authentication will only become more vital.
What does this mean for the everyday consumer? Check your online banking platforms to start; see if they offer ways to further secure your online accounts. Adding a layer of protection beyond just a username and password makes it significantly harder for hackers to access your online accounts and personal information. Learn more at lockdownyourlogin.com.
Be that for others for those who can’t….
There always seems to be a large focus on cybercrime and what it means for people and companies. However, there are other elements of cybercrime that do more harm than simple financial losses. Human trafficking and child exploitation are still persistent forms of cybercrime today. Through the misuse of legitimate anonymizing platforms and nearly untraceable digital currency there is still a market for these types of crime.
In the meantime, we have a duty to be aware of what to do if we come across evidence that someone we know is participating in exploitation, abuse or other crimes online. Whether you’re a security expert, a helpdesk technician or simply a technology lover you might be the one person that can do for others what they can’t do for themselves. If files seem suspicious, they probably are.
At a company level, we have a responsibility to ensure that our information systems are not being manipulated or used to store, transmit or otherwise participate in the distribution of inappropriate or abusive images and content. There are tools available to significantly reduce the chance of these crimes, including appropriate ingress/egress proxies, SSL decryption and deep-packet inspection technologies and data assessments to gain insight into what sort of files are within your environment, where they exist, who created them and more. It’s up to you to find the right combination of tools, technologies, processes and procedures to help reduce the impact of this unfortunate reality we live in.
It takes a village….
As we move into the future, we will continue to face new challenges and, hopefully, overcome them. Although we are still in the infancy of it all, less than 50 years ago our lives and the world we lived in were very different, and we can’t imagine where we’ll be in another 50 years. I do believe that as technology progresses, security will become an essential component of survival. Just like how we learned to ride a bike, drive a car and cook for ourselves, we will continue to learn how to navigate the pitfalls of using technology safely and securely. Through community efforts, information sharing and social networks, we will help each other live safer lives in the digital future.
About the Author
Corey Wilburn is the security practice manager at DataEndure, where he specializes in the design of strategic solutions aimed at delivering high-value operational intelligence and leveraging best-in-class products and services built around current and emerging statndards. He has a passion for information security policies, processes and procedures. He loves working with clients to help them realize the potential for their security strategy, maximizing ROI while reducing their attack surface and helping them become more resilient in the face of an ever-evolving threat landscape.