How organisations deal with complex cyber attacks
Increasingly sophisticated cyber-attacks mean businesses need innovative ways of handling advanced threats
Attacks on businesses' networks and servers are getting more complicated. Long gone are the days of it just being spotty teenagers hacking from a bedroom; a whole ecosystem has sprung up over the last two decades that mirrors the development of the software industry itself. Scores of developers working together on new code, others distribute malware, and criminal organisations looking after revenue payments.
The whole cyber threat landscape is expanding. In a recent ISACA survey (the State of Cyber Security, 2017), 53% of respondents reported an increase in cyber-attacks upon their organisations and 80% thought it's likely they'll be targeted this year.
Meanwhile, this year's Verizon Data Breach Investigations Report found that, when it comes to different types of attack, Web Application Attacks remain the most prevalent, helped by a multitude of botnet data. However, the report also noted that if botnets were taken out of the equation cyber-espionage would assume the top spot.
"Cyber threats are now industrialised, agile and well-equipped with entire chains and structures for the creation and supply of exploits, malware, research and development, botnet creation and the movement of stolen data and funds," says Piers Wilson, head of product management at Huntsman Security.
"For example, if you look at some of the recent politically motivated attacks, information has been stolen, then modified and added to within the data set to make it more compromising and then released in a way, and at a time, to do the most damage (or maximise the political capital)."
Robin Oldham, head of the cyber security consulting practice at BAE Systems Applied Intelligence, says that the complexity of cyber attacks run in parallel with an increasingly complex world. The majority of initial compromises still rely on phishing emails and social engineering to get users to carry out an action on behalf of the attacker for example running a programme or opening a document.
"While the fact the attacker may have penetrated the system is a serious issue, the situation is made worse if it's left undetected," he says.
The attack on the Bangladesh Central Bank most likely used these simple techniques to get in, but the criminals followed this up with sophisticated malware to cover their tracks by rewriting database entries and changing hard copy printouts to subvert. More recently as seen with Operation CloudHopper, highly capable adversaries are targeting outsourced IT providers as a way to compromise company networks by using their administrative privileges.
"By compromising one outsourced provider they can access a myriad of end client networks," says Oldham.
Technology isn't the answer, according to Richard Walters, CTO of CensorNet. He says that state and criminal actors have proven they can out-pace, out-tech and out-dev the security industry time and time again.
"The answer lies in the security strategy and operational ecosystem that organizations adopt and develop, alongside a set of tools that eliminate noise, automate the obvious, and allow limited security resources to focus on what is most malicious or suspicious," says Walters.
Sam Curry, chief product officer for Cybereason, says such attacks need to be dealt with in three parts; technological, organisational and personal.
"On the technology front, new techniques based on better sources of data (eg behavioural data) and using modern technology stacks (cloud, big data, machine learning, etc) are essential," he says.