This is a post series on cyber crime. For more posts click here or the cybercrime tag below.
This is an interesting piece in the Wall St Journal written by the head of a data security firm.
NOT A WEEK GOES BY without a cyberattack making headlines. These, however, are the attacks that should concern us least. The real danger comes from quiet and elusive hackers who infiltrate and blend into a network. Like a secret agent behind enemy lines, these undetectable viruses can have an organization under complete and total surveillance, waiting months or even years before making an attack. When the malware becomes active, which may be for only a few seconds, it can prove fatal.
Last November, around the time of Ukraine’s local elections, a type of malware called BlackEnergy was used to hack into Ukranian media companies, rendering their operating systems unbootable. In December, BlackEnergy targeted power companies in western Ukraine with great precision, causing a blackout that affected more than 225,000 civilians. A month later, in January, BlackEnergy was also detected on the IT network of Kiev’s main airport, including air-traffic control systems.
We’re also seeing an alarming rise of ransomware, a form of extortion in which malware hacks into an operating system, encrypts critical data and demands that the organization or individual pay an exorbitant fee to obtain the decryption keys. The longer the victim hesitates to pay, the higher the cost of decryption.
Our traditional approaches to cybersecurity, including firewalls and antivirus software, are not up to the task of defending against these new types of sophisticated threats. Attackers are increasingly inventive, engineering malware to create evolving viruses that don’t look like anything we’ve seen before, rendering useless our preprogrammed security systems. The problem, in short, is that we’ve been sending a human to a machine fight….
Recent advances in mathematics have improved this immune-system approach by adding digital antibodies that have the ability to act when they detect a serious threat. That action might involve isolating the infected machine or slowing down network activity until a human is available to assess the breach. This allows a company to neutralize fast-moving attacks like ransomware.
Attackers are getting more sophisticated every day, and there are not enough qualified experts to meet the growing volume of attacks. Machine learning filters the great swaths of notifications that hit security teams every day, guiding the expertise of trained personnel to respond to the threats that pose real danger. There is no way to do this alone. We are going to have to rely on machines to defend us.
Attackers are people writing software for money. Malware doesn’t adapt itself and in the no matter how sophisticated a system is, it can’t adapt to things that nobody has seen yet. Malware should be treated like what it is, a major crime. We need to catch and punish the perpetrators with the same energy that we go after the clandestine market drug dealers.
There was a time when kidnapping for ransom was common. The crime was actually a major scandal and news back in the 1920’s. But that changed. It changed because kidnapper started killing the victims and when that happened the risks of what would happen to you if you were caught went way up, the likelihood of getting caught increased and people stopped paying and started going right to law enforcement making any reward unlikely. Shortly thereafter kidnapping for money dropped off the crime statistics.
With current generation of malware the crooks are killing the victims. It’s time we started to take them seriously and actually work to shut them down rather than waiting for the next attack.