Express Computer
Home  »  Security  »  Ten years of cybersecurity

Ten years of cybersecurity

0 314

-By Fabio Fratucello

Prior to 2011, the industry approach was about defending the perimeter and preventing malware execution but this philosophy struggled to address the sheer volume and complexity of attacks. The security solutions being offered at the time could not cope with silent failure nor malware-free attacks. Booting up a computer and waiting for the anti-virus to start was an ugly experience. 

Back then, a security threat meant malware and there wasn’t a view beyond that. But security goes beyond malware. Behind every attack are human adversaries who will continue to iterate and evolve their tactics, techniques and procedures (TTPs). Companies that try to focus on and fix yesterday’s malware problem will quickly fall behind to constant innovation of the adversaries behind it.

Being cloud-native, we were able to scale security like never before using telemetry data to understand the adversary in a way never previously experienced, while the rise of artificial intelligence and machine learning was instrumental in further automation to security solutions.

These adversaries are humans, and by studying these attackers and their operations, we can learn much about their capabilities and intentions so that we may inform our customers what data and assets they are targeting and, most importantly, how to best defend the things they must protect against these persistent and dedicated adversaries.  Cybersecurity has shifted toward understanding and exposing the adversary at the root of the problem rather than prevention at a surface level.

Pandas, Spiders and Bears

To better represent the humans behind the cyber-attacks, we follow a cryptonym system for adversary categorization. Some adversaries are tied directly to nation-state actors, some to eCrime groups and others to hacktivists. For example, eCrime groups are classified as “SPIDERS.”  This makes it easier for the general public to understand adversaries and the associated actors who are responsible for attacks.

 

Adversaries shifting from consumer to corporates

Over the last decade, we noticed adversaries changing their ransomware approach from spray-and-pray techniques to more refined, targeted tactics with higher payouts. What was once a problem of a few hundred dollars per consumer has now become a multi-million dollar problem for corporations. We saw well-known companies suffer significant attacks as eCrime groups became more ambitious. They used new tools and techniques, grew in volume and complexity; and came up with totally different monetisation schemes focusing around ransomware.

Ransomware actors became more refined in their approach, spending weeks and sometimes months at a time preparing a breached environment to cause as much damage as possible in order to demand high ransoms. We’ve observed ‘Big Game Hunting’ techniques targeting large organisations for maximum profit as opposed to traditional spray and pray techniques. 

Today, threat groups operate like legitimate businesses introducing new monetisation schemes and ways to increase their returns. They developed a Ransomware-as-a-Service (RaaS) business model, in which they provide ransomware toolkits to third party threat actors in return for a cut of the ransom. Also, eCrime actors began to employ double extortion techniques, demanding additional fees on top of a ransom with the threat of either releasing the data publicly or selling it to the highest bidder. 

Nation-state threat actors reset their sights

There’s also been a shift in the adversary landscape as nation-state actors became more prominent. Our Intelligence and OverWatch teams have observed massive operations from nation-state actors interfering with defence organisations and foreign governments thrusting cyberespionage into the spotlight over the last 10 years. 

Before 2009-2011, APTs typically focused on targeting governments. However, within that time period we began to see a shift as nation-state adversaries began to target corporations. This came as a shock to the industry, as nobody had really seen companies being targeted until then. More recently, nation state actors have started to adapt their models to mimic eCrime groups, disguising their activities.

A view to the future

As the threat landscape continues to evolve, a greater understanding of the importance of cybersecurity is still needed at that board and security decision maker level. By providing intelligence around the adversary and how they operate, we’re facilitating this shift. 

Automation will continue to play a big role in the future of security. It will be about further advancement in machine learning models being used to predict, protect and prevent security threats. But it will also be about how this technology combines with human threat hunting and intelligence to provide the most robust security posture.

(Author- Fabio Fratucello, Chief Technology Officer, Asia Pacific and Japan, CrowdStrike)

Advertisement

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 
We are Live Now !

TECH SENATE-2022
REINVENTING FOR THE FUTURE
DAY-3

Join our live event and learn how to use the latest technologies to future proof your IT infrastructure.
WATCH NOW
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image
How to drive performance, flexibility & security capabilities across the cloud
Learn More
close-image
We Are Live! Tech Senate 2022 -Learn best practices in choosing emerging technologies
Watch Now
close-image