According to Microsoft Cybersecurity Field chief technology officer Diana Kelley, attackers are increasingly using AI and ML to make malware more destructive and elusive.
“The use of AI and ML will provide ways for these malware to hide from detection,” she said, adding that AI and ML are used by attackers to drive this major upgrade in cyber weaponry.
STEALTH ATTACKS
AI’s fundamental ability to learn and adapt will usher in a new era in which highly-customised and human-mimicking attacks are scalable.
The danger of this new method, said Kelly, is that the highly sophisticated and malicious attack code will be able to mutate itself as it learns about its environment, and it will then be able to compromise computer systems with minimal chance of detection.
According to the 2019 Ponemon Institute report, the global average cost of a data breach is US$3.92 million.
“The issue facing data security experts is the nature of cybercrime — it’s never static,” said Kelly, who spoke at the Microsoft Cybersecurity Immersion Tour in Singapore recently.
Even as digital technologies evolve and disrupt traditional business models, cyber risks seem to evolve even faster — moving beyond data breaches and privacy concerns to sophisticated schemes that can disrupt entire businesses, industries, supply chains, and nations – costing the economy billions of dollars and affecting companies in every sector.
She said new forms of attack like trojan cryptocurrency degrade computer performance and resources by inserting secret malware for mining cryptocurrencies like Bitcoin.
“What the attackers are looking at today is very different from what it used to be in the early days of malware,” she said.
“Over time, the criminals have gone from just seeking bragging rights to being opportunists trying to make a little money to ones who see this as a really big business,” added Kelly.
The attacks have also become more organised, sophisticated and are often very well-funded, even state-sponsored and highly motivated.
“In the dark web, it’s not uncommon to hire attackers.When you’re not skilled to carry out the attack, you can hire somebody to do it for you.Sometimes it may not just be about the money.Other motives are present as well.”
DIFFICULT TO TRACK
While the attacks have cost companies and individuals billions of dollars in losses, they are hard to track.
“These attackers cover their tracks very well.
For example, I can use your machine’s IP address and use it as a proxy server.Attackers usually hop through a number of servers and it can be very hard to locate these trails to get them.
They will launch the attack not from their own machines but from other machines.
“They use a lot of different techniques to cover their tracks,” said Kelly.
As for ransom payments, attackers these days ask for Bitcoins or another crypto currency, which makes it much harder to track.
Besides that, the attacks also focus on different parts of an organisation, specifically software supply chains.
For example, back in 2018, the Dofoil virus targeted peer-to-peer applications within supply chain software and installed coin-mining malware.
While most organisations understand the threat, Kelly said they also need to focus on solutions that create a secure data environment which is resilient and able to defend itself against increasingly sophisticated cyberattacks.Microsoft Cybersecurity Field chief technology officer Diana Kelley
INCREASING RESILIENCE
To help increase stability and lessen the impact on their citizens, an increasing number of government entities have drafted regulations requiring the largest organisations to achieve operational resilience.
Kelly said that while it will always be necessary to be fully compliant with regulations like General Data Protection Regulation, Sarbanes-Oxley Act, Health Insurance Portability and Accountability Act, regional banking regulators and any others that may be relevant to the specific industry, it simply isn’t sufficient for a mature cyber programme to use this compliance as the only standard.
“Organisations must build a program that incorporates defence in depth and implements fundamental security controls like multi-factor authentication, encryption, network segmentation, patching, and isolation and reduction of exceptions.We also must consider how operations will continue after a catastrophic cyberattack and build systems that can both withstand attack and be instantaneously resilient even during such an attack,” said Kelly.
WINNING COMBINATION
Imagine how negligent it would be for your organisation to never plan and prepare for a natural disaster.
“A cyber-attack is the equivalent: the same physical, legal, operational, technological, human and communication standards must apply to preparation, response and recovery.We should all consider it negligence if we do not have a cyber recovery plan in place,” said Kelly.
“The ability to do something as simple as restoring from recent backups will be tested in every ransomware attack and many organisations will fail this test — not because they are not backing up their systems but because they haven’t tested the quality of their backup procedures or practised for a cyber event,” she added.
While the majority of firms have a disaster recovery plan on paper, Kelly said nearly a quarter never test it and only 42 per cent of global executives are confident their organisation can recover from a major cyber event without it affecting their business.
“Cybersecurity often focuses on defending against specific threats and vulnerabilities to mitigate cyber risk but cyber resilience requires a more strategic and holistic view of what can go wrong and how an organisation will address it as whole,” she said.
“We must continue to be vigilant and thorough in both security postures, which must be based on defence in depth, and in sophistication of response.
“The cyber events organisations faces are real threats, and preparing for them must be treated like any other form of continuity and disaster recovery.
“Find technology partners who are already thinking about this type of attacks.
Get security products and solutions from companies that you trust which understand these kinds of attacks, and are already planning resilient solutions to protect against next generation of threats,” she concluded.Related stories.
