Though nothing will drive them away
We can beat them, just for one day
We can be Heroes, just for one day
Brian Eno, David Bowie
Listening to the legendary David Bowie singing Heroes while everybody leaves the room will be the last, enduring impression of RSAC 2016. I’d like to think that, coming from a company that has a lot to do with cryptography, where even chance has to be carefully factored in. It is not a random choice, but probably the slightly obfuscated summary of this conference. While the good guys cannot make the bad guys desist, we can beat them, forever and ever.
To win the battle with the bad guys, a new job title is born – the hunter. A hunter is capable of reading the matrix, detecting in the mass of data collected the telltale signs of an attack or an infection. Then she deploys digital traps and countermeasures to stop the adversary, analyzes the malicious code injected, studies the attack patterns and identifies the resources used for the attack and, eventually, tracks down the attacker. Finally, she launches a deadly counterstrike. Phishing and malware-laden websites are taken down. Command and control machines are seized (?). Cybercriminals are arrested. Pretty epic, isn’t it?
Even the hunter, however, could soon become obsolete. We are on the verge of the Rise of the Hacking Machines! No, it is not a cyberpunk novel. It is the title for Konstantinos Karagiannis’s (CTO Security Consulting, BT Americas) intervention. Today, AIs are successfully competing with the best humans at most intellectual games. Techniques, like the ones developed by Google DeepMind for AlphaGo, may be applied to security, intelligently scanning network and software for vulnerabilities. And, why not, for performing intelligent attacks? Or responding to such attacks?
What we see today in the cybersecurity landscape is, according to Johannes Ullrich, director of SANS’ Internet Storm Center, is a shift in cybercriminal targets. First, all personal and financial data apparently has already been stolen. Just sum up the numbers from the last, major breaches. Therefore the value of this data is very limited. As a reaction, cybercriminals are differentiating their business. Enter ransomware. And ransom-motivated DDOS.
Second, the OS vendors are starting to do a better job of avoiding unwanted software running on endpoint machines. Cybercriminals are therefore infecting the building blocks (libraries) and tools (IDEs and compilers) used by legitimate developers to reach the machines of their victims. Or they are hacking developer’s workstations to inject malicious content directly in the source code, as in the case of Juniper Networks.
Finally, IoT devices are starting to become commonplace, and with their limited embedded security, can be used as attack vectors. A myriad of uncontrolled and uncontrollable little computing devices that can be put to nefarious use.
The situation is difficult, challenging, and exciting, more than ever