https://www.engineeringnews.co.za

Detecting advanced cyberattacks to be key security focus in 2017

INTERNET OF THINGS The proliferation of Internet of Things (IoT) devices and systems opens new entry-points for attacks

Photo by Bloomberg

NETWORKED DEFENCES The cybersecurity industry is applying data science to information from cloud environments, virtual machines and IoT devices to better identify patterns and indicators of attack

JON TULLETT South African businesses faced data leaks, ransomware and IoT malware attacks in 2016 and will continue to be exposed to major cybercrime syndicates

MARTIN WALSHAW Part of the solution is to use behavioural analysis systems that flag unusual activity

DEREK MANKY The shortage of cybersecurity professionals means that organisations or countries looking to participate in the digital economy globally will do so at risk

TREVOR COETZEE By making attacks more expensive or less profitable, the industry can change the economics of the attack process

NITHEN NAIDOO Cybercriminals are highly innovative and readily share information, which makes defending against their attacks difficult

3rd February 2017

By: Schalk Burger

Creamer Media Senior Deputy Editor

     

Font size: - +

The rising dependence of economic and social systems on information technology (IT) systems has directly increased the risks to these systems from cyberattacks, the World Economic Forum Global Risks Report 2017 highlights.

Cybercrime syndicates and attacks are growing increasingly sophisticated, and more advanced attacks – bolstered by machine-learning capabilities – will be made using new techniques. For example, hosts of compromised client end-point devices will be used to make advanced attacks against companies, while the proliferation of Internet of Things (IoT) devices and systems opens new entry points for attacks.

IT market research company International Data Corporation (IDC) South Africa expects continued exposure of South African businesses to major cybercrime syndicates, both directly and indirectly, says IDC South Africa IT services research manager Jon Tullett.

“Threats are becoming smarter and are increasingly able to operate autonomously. In the coming year, we expect to see malware designed with adaptive, success-based learning increasing the impact on and effectiveness of such attacks,” says network security company Fortinet global security strategist Derek Manky.

“Automated attacks will introduce an economy of scale to ransomware that will allow hackers to cost-effectively extort small amounts of money from large numbers of victims simultaneously, especially by targeting IoT devices.”

“It is not a question of how they will get inside. Cybercriminals will always find a way inside. It is more a question of time and money, and whether their investment will pay off,” adds Kaspersky Lab financial services security lead Dmitry Zveginets.

Money is the primary motivation of most cyberattacks, emphasises cybersecurity subsidiary Intel Security South Africa and sub-Saharan Africa regional director Trevor Coetzee.

“By making attacks more expensive or less profitable, we can change the economics of the attack process, reduce the success rate of attacks, and make capture of the perpetrators more likely.”

One potential response is to deceive attackers and increase their time spent on a given attack, making them easier to trace, identify, capture, and prosecute.

Zveginets notes that making vulnerable security structures more robust will increase the time required to compromise them and will help to discourage cyberattacks, even in small and medium-sized businesses.

However, for large enterprises, it is difficult to protect all possible entry-points and it is, therefore, not only a question of protecting against, but detecting attacks.

“The threats are more complex for larger organisations, as the cybercriminals attacking such organisations often use valid access credentials as part of advanced, persistent attacks, because the potential rewards for time invested are greater,” says Zveginets.

Cyberintelligence firm Snode CEO Nithen Naidoo agrees, noting that cybercriminals are highly innovative and readily share information, which makes defending against their attacks difficult and the costs to defend disproportionate to their costs and efforts.

This dilemma necessitates innovative approaches, such as the use of intelligent systems and much better sharing of cybersecurity information to enable all companies to improve their defence in concert.

Information Sharing
“Adversaries have more information about our defences than we have about their attacks, and this asymmetry significantly influences threat defence effectiveness. Attacks can be tested against security defences with impunity, whether in laboratories or deployed systems. Preventing attackers from testing against us is very difficult and possibly unsolvable,” explains Intel Security product management director Jeannette Jarvis.

Sharing information about attacks more broadly is one of the critical initial steps that can be taken to address this asymmetry. When information about attacks is shared and combined, the broader security sector better understands what cybercriminals are doing to find weaknesses in the security algorithms. This enables the sector to more quickly adapt and improve defences.

“Greater volumes of and details in the tele- metry flowing from elements, such as cloud environments, virtual machines, and IoT devices, help security experts to understand more.

“We are learning to apply data science to this information to better identify patterns of attack and more quickly create indicators of attack. We also have the potential to alter the predictability of our defences, making it more difficult for adversaries to pinpoint specific weaknesses.”

This requires different layers of defences to coordinate in real-time so that an attack or probe that gets through one layer is stopped by another layer, she notes.

Part of the solution is to use behavioural analy- sis systems that flag unusual activity. Predictive analytics systems further bolster this proactive approach by helping to determine potential targets of detected anomalous behaviour or activities, and then closing off access or mitigating effects pre-emptively, says application specialist company F5 Networks senior engineer Martin Walshaw.

“This is why it is important to ensure that traffic is constantly monitored for irregularities and that organisations have the measures in place to react rapidly.”

If cybercriminals are able to gain an employee’s domain credentials, they can gain access to company information. By switching focus and resources to application-level security and user awareness, rather than perimeter firewall approaches, organisations can better secure themselves, he says.

Many attacks begin through the use of stolen credentials, followed by the use of legitimate administration tools that explore the target system and exfiltrate data, agrees Jarvis.

Traditional methods to detect illegitimate activity by looking for malicious or suspicious objects based on a file signature or other criteria do not work in this scenario. The objects used are known to be good, but are being used for bad purposes. This leaves only trying to determine the intent of an action to identify threats.

“Telling the difference between when a legitimate tool is used for a legitimate purpose versus a suspicious activity is very difficult.”

“The only approach we have now is behavioural analytics, which is in its cybersecurity infancy. However, we also need to move toward a model that conducts legitimacy tests for every transaction, not just for files and credentials. We need to analyse actions and data movement and try to determine intent, whether from an external actor or an unauthorised insider. This step requires knowing a lot more about the context of the activity.”

Behavioural analytics products watch from the outside, ready to quarantine and investigate devices that are doing something suspicious or anomalous. Further, distributed enforcement points are already emerging that will spread enforcement throughout a network of devices, with multiple points communicating and collaborating in real time about their detection and protection actions.

Snode deploys distributed smart systems that are machine-learning capable and automatically share cybersecurity data and patterns among themselves. This enables the systems to learn collectively, and this anonymous but actionable information can also be securely shared with the broader security industry.

Tullett highlights that IDC South Africa expects that the country will contribute several new technologies aimed at thwarting attacks, particularly in relation to IoT applications.

Skills and Sophisticated Systems
However, these intelligent systems must be complemented by the necessary skills to implement corrective and mitigation measures, triage to limit damage and close vulnerabilities and improve security and effectiveness over time, says Coetzee.

“The past year was a tough year for information security in South Africa. Data leaks, ransomware and IoT malware attacks were compounded by a shortage of IT security skills,” Tullett states.

The current shortage of skilled cybersecurity professionals means that many organisations or countries looking to participate in the digital economy globally will do so at great risk. They do not have the experience or training necessary to develop a rigorous security policy, protect critical assets that now move freely between network environments, or identify and respond to today’s more sophisticated attacks, confirms Manky.

Most companies, not only in South Africa, but worldwide, face problems with training and accessing cybersecurity skills, says Kaspersky Lab antitargeted attack business solution lead Oleg Glebov.

“It is a sophisticated process to discover threats, maintain security solutions and react correctly, yet it is a significant investment to train people who may then leave your employment.

“This is one of the reasons that companies are increasingly willing to use external security service providers to maintain their cybersecurity systems for them. The costs of investment in developing and retaining cybersecurity skills are increasing, yet most companies cannot increase investment proportionally.”

“The reality is that we have finite control over information assets, and the level of control is diminishing due to the massive increase in the number and location of assets. Almost no company will claim that they have a solid grasp of information asset locations and controls. So, we need to help organisations improve their security visibility,” highlights Jarvis.

There is much more to be done to be able to act, in near real time, on threatening activities seen in the protected environment, she adds.

“To improve our cyber defences, the industry must cooperate. Crowdsourced threat intelligence and collaborative analytics help connect the dots and form better pictures of what is happening in the attack landscape. 2017 will be the year in which threat intelligence sharing makes its most significant strides,” concludes Jarvis.

Edited by Martin Zhuwakinyu
Creamer Media Senior Deputy Editor

Comments

Showroom

Rentech
Rentech

Rentech provides renewable energy products and services to the local and selected African markets. Supplying inverters, lithium and lead-acid...

VISIT SHOWROOM 
Stewarts & Lloyds
Stewarts & Lloyds

Stewarts & Lloyds today supplies steel and tube, pipe and fittings, valves, pumps, irrigation, fencing, profiling and roofing products. The cash...

VISIT SHOWROOM 

Latest Multimedia

sponsored by

Option 1 (equivalent of R125 a month):

Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format

Option 2 (equivalent of R375 a month):

All benefits from Option 1
PLUS
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.

Already a subscriber?

Forgotten your password?

MAGAZINE & ONLINE

SUBSCRIBE

RESEARCH CHANNEL AFRICA

SUBSCRIBE

CORPORATE PACKAGES

CLICK FOR A QUOTATION







sq:0.08 0.131s - 164pq - 2rq
Subscribe Now