Cyber security emerging threats and defense

By Dharmesh Rathod

We currently are contributing to an unprecedented era of digitalisation across almost all and any of the systems that support and facilitate human ecosystem. It’s an astonishing perspective that makes us visualise the level of automation we have gained through past decades, making our lives easier. We have rolled over across various industry revolutions surpassing 4.0 as of now, and for sure destined towards a leapfrog target of making once or today a fantasy to be a reality. The word ‘digitalisation’ has been a major fuel behind the above argument that I strongly believe and we have a long and interesting journey to cut across. Digitalisation through information technology, that pumps global economies, acting as the nerves and veins of big enterprises, institutions, SMEs and startups across every industry segments.

In this journey, good stuff is challenged by bad stuff and we have been seeing information security domain in our lives since the past few decades, ensuring IT is indeed secured for all of its consumers. InfoSec or we call ‘cyber security’ commonly now has been thriving, flourishing as well I must say, alongside every digitalisation pursuit.

I consider myself fortunate to be around in the IT industry since past more than two decades and have witnessed how we secure IT Landscapes through various cyber security safeguards and controls. Right from early BS7799 days and mainframe era, security has been seen as an increasingly major focused area, and have witness the upper going trends, thanks to the bad guys who appeared always one step ahead of us.

This article primarily focuses on the upcoming and emerging cyber security threats and their defenses. I felt appropriate to explain about the very much origin of cyber security and the way it has graduated towards a much vital mainstream focused area. In past, the trends we saw in cyber security was attacks through viruses, ransomwares, malwares, hacking into vulnerable systems/applications, sabotaging IT landscapes, defacing websites and many more of such similar means and ways.

Recently though, since the past few months, there has been a complete and comprehensive drift of the ways how bad guys have been spearheading cyber security attacks. Newer frontiers like OT/IoT spaces we have already been exploited and the coming times have already shown glimpse of how deadlier they would be.

Let’s see views from front-leading experts:

Gartner defines the top cyber security trends that highlight the ongoing strategic shifts in the security ecosystem that aren’t yet widely recognised, but are expected to have broad industry impact and significant potential for disruption. Some of its subsequent findings include cyber risk appetite linked to business outcomes, increased reliability on data security governance frameworks, improvise cloud security and password-less authentication now prevailing more.

WEF has portrayed cyber security risk as one of the top five likelihood risks effecting countries and enterprises. Norton has expressed following threats for all of us to be more prepared for – Cyber Physical attacks, Bitcoin and cryptocurrency hacking and cyberattacks, Cloud ransomware attacks & Artificial intelligence attacks ZDNet on similar grounds have shared Cryptojacking, IOT device threats, Geopolitical risks, Cross-site scripting & Mobile malware as the emerging Cyber Security threats

More or less, the above summate to almost similar trends for coming times. My past exposure to various varied industry segments such as BFSI, manufacturing, retail and e-commerce have led to a broad summarisation of below top five cyber security emerging threats and related domains.

Phishing based cyber attacks
It has witnessed a paradigm shift in last few years, right from basic email body content based techniques to very recent AI based complex methodologies. Few years ago, we saw email body with misleading and camouflaged information targeting normal users often with embedded malicious links. There are no direct tools/products that can safe guards against any form of phishing attacks, however several levels of partial preventive measures can be taken such as rulesets in email gateway protection tools, ATP solutions and so on within the perimeter security suits.

It must be worthwhile to look at few instances of phishing attacks. One particular attack event was based on very rudimentary method of phishing attack by altering originating email address very minutely, marginally different from the original email ID. This wrongly convinced the target and end up successful siphoning of huge monetory amount. It was obviously a human error; not noticing the email attributes resulted into falling trapped of the bad guys. Lack of security awareness has been the main reason behind such events.

From such basic events, we have recently seen phishing attacks taking in account combinations of conventional tactics and AI based components such as fake videos, audio clips and also smart amalgamation of social engineering tactics.

The point is that phishing attacks always have been consistently increasing, getting more complicated for them to be prevented proactively by security professionals and with AI being widely available. It is the end user’s level of security awareness that will prove to be the shield and prevent such traps getting materialised.

Industrial cyber attacks
OT security is not new in the industry of cyber security, however lately it has shown several reflexes of cyber attacks and had opened up altogether a newer or rather an equally competitive world of industrial cyber security like conventional IT security.

Ukraine power plant hack, Thysen Krupp blast furnace disruption, Stuxnet, Black Energy and many more – the list goes on. Few years ago, the instances were pretty simple – hack into the plant through vulnerable systems and make the grid or the facility’s critical component non-functional. But lately, the horizontal landscape of such attack vectors has expanded and got more complex. Combinations of social engineering, compromising access controls, network penetration and exploits, exploit systems/DBs/applications, take control of mission critical OT systems and create havoc. We have seen varied levels of organised efforts by the bad guys and making the most of much more highly vulnerable OT systems.

This domain of industrial cyber security is as equivalent, large in scope and more complex like that of IT security. There is no single solution that can encompass any OT establishment to safeguard against industrial cyber attacks. This makes things more complex and widespread in terms of the vast horizontal landscape. OT landscapes, by virtue of legacy, have seen very less upgrades and technology upward migrations since they are more often so called closed looped networks, driven by handful of OT OEMs and supported by IT systems. A simple control of OS patch management as seen in IT landscapes turns out to be a marathon exercise when planned for OT landscape. This hence makes real good tough assignment to setright the security posture and implement security controls within OT segment.

The above lags to secure OT networks has actually given rise to wide spread advantages to the bad guys and taking the OT setups for ride. In coming times, we will see cyber attacks on most of the OT landscapes covering the Critical Infrastructures to SMEs as well that have OT components running their businesses. This is largely so due to the ‘IT and OT’ convergence factor being more prevalent and getting more acceptable day-by-day.

IoT/smart technologies based attacks
This domain of IoT/smart technologies has offered a real surge in terms of ease of use, manage and utilise/consume advantages of major systems through varied levels of sensorised setups to complex IoT deployments within smart cities. In line with industrial cyber security, most of the IoT/smart technologies deployments encompass and get closely integrated with IT setups and landscapes. It has predominantly fallen under IT network, but due to its IoT applications, we term them more commonly as ‘smart technology setups’.

These smart setups have a recent history of their inception and within no time, the bad guys have infiltrated them as well through cyber attacks. IoT fundamentally has close association between sensors, IT components, transact over internet and cover wide scope. This makes its supply chain wider and a small undue disruption would result into a cascading effect.

IoT has seen its deployment widely in several industry segments such as power plants, shipping and ports business, coal and mining, construction as well as in smart city projects. We have witnessed attacks over most of these industries in the past, resulting in catastrophic outcomes. Waste water treatment plant backed by IoT was attacked in the past, resulting into highly unacceptable chemical composition mixed with water left out for human consumption. Traffic signaling systems also were attacked, thereby leaving manual controls of traffic flow. Had this been a major widespread attack, the result would have been castrophic.

The medical industry has lately seen huge applications of IoT based equipment advancements. There have been several demonstrations during Blackhat, Defcon, etc portraying gaining of control over IoT based medical machinery that can result in undue or undesirable results.

State sponsored cyber attacks
Interestingly cyber attacks have gained importance and position within the top five rankings according to the last WEF meet. It is no more the bad guy’s game, rather it is now turning into a complex alternate of cross border advantage over conventional land/water/air war games.

Attacks on critical infrastructure have witnessed more of state sponsored brains rather than individual bad guy’s acts. From attacks on mission critical support systems like airports, aviation, oil and gas refineries, ports and defense establishments, we have witnessed newer forms of state sponsored cyber attacks as ‘cyber terrorism’ lately. A few countries have recently formed ‘cyber armies’ as additional line of defense to combat cyber attacks backed by states/global organisations.

Cloud based cyber attacks
It’s no escape – We are living in a world where getting plugged to cloud is inevitable. Right from small companies to big enterprises, almost everyone has cloud penetration and utilises its services in one form or the other. This simply implies that if a segment of one particular cloud service provider is compromised, it will result into a large customer base getting affected.

Amazon, Azure, Google etc have numerous numbers of rich and useful utilities. Similarly, there are many such other large companies that provide cloud services, while there are many niche companies rendering specialised services over cloud. The point is – recent attacks over cloud players have resulted in widespread disruptions and it seems just the beginning.

DDOS attacks have seen large shift in terms of attack vectors/pattern. DNS attack, access control sabotages and compromises and many more of such attacks are being surfaced day-by-day. There are many more avenues of cyber threats looming around us and rightly so, they are contributing to the topic of this article as well.

Having said enough about the threats, we as security professionals also have few reasons to smile for having large amount of technological developments and advancements to withstand the newer emerging cyber attacks now and in the coming times. People, process and technology — a right balance of these should deliver the appropriate and suitable security solution for any cyber threat. Any imbalance within any one of these pillars would result in a perforated approach and incomplete outcome. Plethora of technologies cannot work in right sense if there isn’t the right set of people to manage and drive.

AI and ML based technologies are being largely available to safeguard against industrial cyber security attacks; however its not one single silver bullet that should suffice. An ecosystem with the right perimeter security, aligned with robust OT OEM’s secured components, running through a set of right suited cyber security compliance frameworks, all governed and managed by skilled cyber security experts, should prove to be a right solution for any industrial facility to be safeguarded.

Similarly, AI and ML based technologies are recently being made useful to battle complex phishing attacks, whereby clean baseline is determined and any abnormality is being subjected to scrutiny. Nonetheless, people play a vital role in phishing attacks or any other cyber attacks. The level of security awareness being successfully and satisfactorily exhibited by people will always be the front runner for defending any organisation from these emerging cyber threats.

(The author is an Independent IT & Cyber Security Strategist, Architect & Adviser for big enterprises and niche cyber security firms)