Automated cyber attacks, performed against multiple victims simultaneously, is a growing threat to businesses large and small. What can we do to repel the zombie hordes?
Automated cyber attacks, performed against multiple victims simultaneously, is a growing threat to businesses large and small. What can we do to repel the zombie hordes?
When George Osborne announced in the Autumn Statement that cyber security would get a £1.9 billion sized slug of extra funding, several people got hot under the collar. ‘Fear mongering at its best’ were the cries. He probably couldn’t believe his luck when Des Browne threw Trident into the melting point. It was indeed the perfect storm.
Politics aside, the notion isn’t misplaced. Cyber threats are a reality and you only have to look at the blackouts experienced by the Ukraine at the end of last year to see how cyber attacks can be used with force.
Now while the average UK business isn’t going to be caught up in the cyber spending review, nor be exposed to political unrest, there are certainly some things you can learn from the scenarios posed.
Where once before virus and malware attacks were the staple, they have new friends on the block. Ransomware and Zombies. And if you’re really unlucky, both.
Let me explain. The types of attacks we now see on company networks have changed and shifted to robots. In fact the fastest growing type of attack last year was that of ‘burst bots’, smart automated robots being set to run for very intensive short periods of time.
And if the robots weren’t set to run in a burst they were programmed to run for weeks, even months at a time. Though the ‘internet of zombies’ is thought of as sci-fi, the truth is far from it. We’re talking about ways that organised groups of hackers can use to create attacks that are terabytes in size. I know because I’ve witnessed them.
Ransomware on the other hand is catching people out in other ways. It’s now very common for emails to land stating that attacks are gently underway on the network and if you pay a bitcoin ransom the attacks will stop. However, paying the ransom never ends happily as once the hackers know they have your attention they don’t relent. They just step things up to an unmanageable gear.
Ransom attacks are on the up because they are an easy way to trap people. They play on panic. But they are also really effective because the emails get caught up in spam filters. Before you know it you’re under siege even though they’d technically argue you had warning. An odd game of psychology at play.
So as well as ensuring people pass on peculiar emails found in their junk, you need to make sure your monitoring systems can pick up even the slightest change in network behaviour. However small, it could be a sign that something is about to happen.
While money through extortion is a pretty clear-cut motive, some companies have no idea why they are being attacked – true for around half of the attacks that took place in 2015. It’s this ambiguity that makes planning very hard.
You are effectively working blind and have to assume that your attack could come from anywhere – a disgruntled employee, an unhappy customer, even the competition (as is so rife in the gambling sector), for example, and that’s before we mention state sponsored attacks that are abundant in the utility market.
In fact the last 12 months have also been the first time we’ve really seen such a wide mix of sectors outside of government consistently become prime targets, especially of automated attacks. If ever there was a time for a rethink it’s now.
As you might imagine, finance is a prime sector, but so is telco and utilities, with high profile cases to prove it. But the sector that is most under threat is that of ISPs. Why? Because they hold the keys to so many other networks – target an ISP and the dominoes will fall.
In particular we saw that ISPs that host sites that are deemed offensive were more commonly the target for hacktivists. Now while you might not be running an ISP, the watch out for any business is that if by association your ethics could be challenged then make damn sure your defences are tight.
We see attacks from the Far East with this common motive daily, so also consider your proximity to the source if you’re in a period of international expansion.
But why are zombies used so much? Yes they are effective and creating chaos, but what else is going on? Well, the beauty of any bot attack is that they create a smokescreen. A perfect diversion away from the real attack they will unleash. They suck in the resources and before you know it you have extortion of money and personal or confidential data going on right under your nose.
So as a result, we are seeing more and more that the first line of defence for information security can no longer include people. Our brains simply aren’t quick enough to respond to the complex decision-making that comes with a robot barrage.
That means we have to shift our thinking. As company defences continue to succumb to endless floods of sophisticated, automated attacks and new attack techniques, so it becomes necessary to combine a virtual cyber army with skills. Yes, we are indeed in good bot versus bad bot territory.
I must stress this isn’t about replacing people. Instead it’s about putting an added layer of good bots between the skills that can design the strategy, and the bad bots.
As with most of today’s cyber trends, it’s vey unlikely we’ll see any reverse. They will only grow. The numbers are there in black and white, and predictions on security spending follows the same trajectory. Many people think that the numbers are a reflection of the multi-nationals that will be under fire.
But far from it. We see more small companies targeted today. It’s a simple equation – smaller networks lend themselves to smaller yet more frequent cash prizes. Larger hits take orchestrating and for hackers they are invariably about proving you can, or making a statement, rather than what you will get.
The name of the game is therefore diligence because no longer is it about if but when. Do your homework on the threats that you could be exposed to, either directly, or by association, and understand the blind spots in your network that you need to close, and as part of this consider how you will rebalance skills with automation. Do all this and you’ll be ready for the fight.
Adrian Crawley is regional director for Northern EMEA at Radware
Thanks for signing up to Minutehack alerts.
Brilliant editorials heading your way soon.
Okay, Thanks!