ChatGPT has the ability to make attacks more efficient, accurate and impactful: Reuben Koh, Akamai Technologies
With some of the world’s largest manufacturers, pharmaceutical and IT companies, India has become a prime target for cyber criminals looking to profit from extortion attacks like ransomware. Reuben Koh, Director, Security Technology & Strategy, APJ, Akamai Technologies shares with us, some of the biggest security trends and its impact on Indian enterprises
Some edited excerpts:
How do you look at the ever-growing incidents of ransomware incidents across the APJ region, especially in India?
The pandemic has accelerated digitization across the world with India too seeing a massive shift to a digital economy. With this unprecedented growth, we are seeing an uptick in cyber-attacks such as ransomware as well. Sectors such as FSI, ecommerce, retail and gaming are especially at high risk due to the high level of digital transactions that occur.
A report published by CERT-In observed that there was a 51% increase in ransomware attacks in India, in the first half of the business year in 2022. According to a new report by Akamai, web application and API attacks have increased dramatically in the Asia-Pacific and Japan (APJ) region by 449%. This growth appears to coincide with an increase in the amount of cyberattacks in the area, which primarily result in ransomware. India is ranked among the top three countries in APJ for web application and API attacks. In an APJ-focused ransomware report by Akamai,
India is the second most targeted country in APJ for ransomware attacks and this finding coincides with the observations made by CERT-IN on the substantial increase in India-centric ransomware attacks. With some of the world’s largest manufacturers, pharmaceutical and IT companies, India has become a prime target for cyber criminals looking to profit from extortion attacks like ransomware.
The scale and complexity of these attacks are also advanced. Ransomware groups use double extortion tactics, in which they steal critical data, like IP (intellectual property) and source codes, before locking the company out of their systems.
With a complex yet easy tool such as ransomware, cybercriminals have a repeatable, scalable, and profitable business model that has fundamentally altered the landscape of cyberattacks. They are more sophisticated and far more frequent. It can be said that ransomware has become the new face of organized crime.
How are Indian organizations coping with sophisticated ransomware attacks?
Today, ransomware has morphed into an attack method of epic proportions. Beyond the threat of permanent data loss, cybercriminals have become sophisticated enough to use ransomware to penetrate and cripple large enterprises, federal governments, global infrastructure, and healthcare organizations.
While Indian organizations are taking steps to protect themselves, we’re in a cyber pandemic, and it’s only a matter of time until systems become infected. All attackers need is a single compromised endpoint to use as a foothold to move within the network – so it’s vital that they are needed to put in place safeguards to prevent ransomware from gaining access to valuable data once their network is breached. But increasingly complex traffic flows coupled with distributed workforces have forced many security teams to play catch-up with ransomware attacks and make tough decisions on trade-offs.
In the case of several ransomware victims, they had no idea they’d been hit with ransomware until they started to see applications not working due to ransomware encryption making the data become unreadable, or simply start to see ransom notices appear on multiple systems, demanding payment. In other words, they had no idea they were being attacked until it was too late. One of the reasons why they are so hard to detect is that ransomware threat actors constantly evolve their techniques, tools by increasing the level of sophistication, including stealthy usage of legitimate system tools to move laterally and avoid detection or even to the extent of disabling security protections altogether.
Therefore, it is important for Indian organizations to strengthen their cybersecurity measures and adopt a Zero-trust model, preparing for both internal and external threat vectors. This means moving away from the old perimeter-centric approach to security, towards a Zero Trust model that ensures that the business assets are accessible only to the right people with authorized devices at any given time, no matter where the data is residing. At the same time, it enforces least privileged access throughout the network to allow only the minimal amount of authorized access from users and applications to access sensitive data. Zero Trust also talks about protecting those applications and users no matter where they are, from advanced threats on the internet, by automatically blocking access to known phishing or malware distribution sites.
However, the stark reality is that it just isn’t possible to plug all the potential cracks in the enterprise. At some point, there are diminishing returns in trying to create an impenetrable barrier. Organizations need a strategy in place for protecting critical assets when advanced malware attacks like Advanced Persistent Threats (APTs) and ransomware breaches those enterprise defenses.
This is where micro-segmentation comes in. It logically divides the enterprise into distinct security segments, with extremely fine grained controls down to the individual software and workload level, enforcing with well-defined security controls for each. This helps organizations to mitigate the impact of infections that slip through the cracks, by addressing the problem of malware proliferating across the enterprise or stopping a threat actor from moving laterally across the network to proliferate ransomware across multiple systems. Just like a waterproof bulkhead in a submarine, it helps contain the ‘blast radius’ from a malware or ransomware attack, dramatically limiting its lateral spread.
Additionally, with the rise of hybrid work, the focus now has to shift to protecting the end user where they are. Organizations should consider moving their security stack to the edge as that is where threats, users and applications are. They should start to consider collaborating with a cybersecurity provider who can manage the difficulties of a distributed infrastructure while also safeguarding key digital assets by ensuring threats are kept far away from users, applications and data, no matter where they are.
Can you please share your views on some of the emerging security trends?
In 2023, as more organizations move their applications and infrastructure to the cloud, there will be an increasing need for security measures that are specifically designed for cloud environments. To tackle breaches at source, the use of zero-trust security frameworks, which require users to authenticate their identity and access privileges before accessing resources, will not only increase in adoption but will become an anchor point in security strategies along with other security frameworks like the NIST CSF. rise. Massive datasets will also increase dependency on intuitive technologies like AI and ML for real-time threat visibility, identification, prevention, and mitigation.
We have seen a turning point in cyber-attacks, with the proliferation of ransomware, phishing and DDoS attacks as a service being advertised for sale on the dark web becoming the new normal. Cyber criminal gangs have been able to make cyber-attacks a repeatable and scalable business, adding more scale, structure and people into their criminal operations. Unfortunately, this trend will not go away in 2023. In fact, we will see worsening impacts, particularly to our real-world infrastructure. Cyber-attacks won’t just impact your data or a computer you’ve never heard of, but impact your ability to get gas, buy groceries, and secure healthcare.
The solution to this issue will be complex and multifaceted, requiring public and private collaboration, robust investment in the security of our software supply chain, and embracing the principle of least privilege as a core security philosophy across all industries. Additionally, the integration of security into the DevOps process (DevSecOps) will become more important to ensure that security is considered at every stage of application development and deployment.
How do you see security threats with respect to the Metaverse?
When we pivot over to the Metaverse, we have started to realize the perceived benefits of the Metaverse are numerous, including increased collaboration and communication among users, as well as the ability to create and experience new forms of entertainment and commerce, the Metaverse does present a unique cybersecurity challenge.
At the heart of all Metaverses will be its users and their interactions. Therefore, as the Metaverse evolves and matures, there will be a critical need to implement robust cybersecurity measures to protect users’ personal and financial information from identity compromise, account takeovers and account fraud, to name a few. In addition, due to how the Metaverse is designed, it requires a large amount of computing power to run its virtual environments and power its API ecosystem, all while generating an even larger amount of processed data. With these in mind, the need to secure all multi-cloud workloads and critical data from cyber threats such as API abuse, DDOS attacks, unauthorized access and malicious lateral movement has become imperative.
While the concept of Metaverse, being open and decentralised continues to grow in popularity and appeal, individuals and organizations need to start prioritizing cybersecurity early-on to ensure a safe, seamless and secure experience for all users.
A metaverse should attempt to incorporate proven security best practices to protect users, their data, and in-metaverse transactions. Here are some of the recommendations. This can be done in three ways:
● Use Blockchain responsibly: While Blockchain technologies will likely facilitate in-metaverse or cross-metaverse transactions, it’s also critical to secure the infrastructure and keys powering the platforms.
● Adopt Zero Trust security: Zero Trust architectures can enable strict access control for all endpoints and further help secure private keys (with keyless/split-key approaches) or secure the identity of entities across their lifecycle.
● Provide granular and transparent privacy controls: Data privacy is a top consumer concern and will be crucial for any metaverse. The massive volumes of data that will be generated must be managed with granular, field-level access control to enable the ecosystem to share data for business benefit, while also ensuring full transparency and control to end users.
● Segment and isolate your most critical systems: Metaverses will require an enormous amount of computing power and will in turn generate a massive amount of data. It’s essential that organizations investing in deploying the metaverse start thinking about which are the multi-cloud core critical systems and data repositories, their security posture and the need to isolate them from the rest of non-critical infrastructure.
Technologies like ChatGPT are on a rise. With its rapid adoption, do you think it might contribute to an increase in security threats?
Since ChatGPT came onto the technology scene, there’s been massive interest in it and the possibilities it could bring where some even termed it as “revolutionary”. While still in its nascent stages, AI Bots like ChatGPT definitely show tremendous promise and its potential benefits to various sectors like customer service, education, research, software development or simply curious individuals who would rather converse than to search for information. On the flip side however, there’s also been reports of ChatGPT being experimented for more nefarious purposes such as writing malware, crafting impeccable phishing emails and other cyber security ramifications.
While ChatGPT is probably still some ways away from “revolutionizing” cyber attacks, it certainly has the ability to make attacks more efficient, accurate and impactful. The current immediate risks where ChatGPT can potentially be abused to improve attacks in areas such as phishing and social engineering attacks, which continue to be a thorn in every security practitioner’s side.
ChatGPT has the potential to enable phishing operators to more efficiently combine the large volume usually associated with generic phishing attacks with the more precise but high yield of spear phishing.
On the one hand, generic phishing works at a massive scale, sending out millions of lures in the form of emails, text messages, and social media postings. But these lures are generic and easy to spot, resulting in low yield. On the other hand, and at the other extreme, spear phishing uses social engineering to create highly targeted and customized lures with much higher yield. But spear phishing requires a lot of manual work and therefore operates at low scale. Now, with ChatGPT generating much more polished lures quickly and efficiently, attackers now have the best of both worlds.
Just like how AI like ChatGPT was used to detect plagiarized content it was asked to write in the first place, we might soon start to see AI being implemented to detect and defend against AI assisted cyber attacks and phishing scams. There are also AI advocates who believe that instead of blaming AI itself, more scrutiny should be placed on how the AI is being used in a wider context instead. Therefore, it may no longer be a surprise that in the not too distant future, usage of high impact technologies like AI will start to become regulated according to ethics, accountability and governance.