Guest author Lance Cottrell is the chief scientist at Ntrepid.
While the modern always-on, data-fueled environment spells opportunity for the enterprise, it also makes an attractive target for hackers. And the proliferation of such environments has turned hacking into a profession.
Today’s serious hackers are no longer attention-seeking geeks trying to make a statement—instead, they’re calculated criminals focused on acquiring information in a data-laden marketplace.
What does this mean to the technology user? Hackers have a growing and constantly evolving arsenal of attack methods, putting everyone with a connection to the Internet at risk. Everyone has something that hackers are interested in, whether bank account information, personal identification or credentials into corporate email accounts.
Users need to evolve in step. Malware and antivirus tools alone are not the solution. Organizations need to embrace robust ways of dealing with security breaches that can minimize their impact. In practice, this means automating rapid recovery of the IT infrastructure to a known good state.
Defining Today’s Hacker
Today’s breed of hacker did not just appear. Instead, the skilled professionals behind the latest security threats are the result of long-term evolution. When most people think about hackers and security, they are clinging to an outdated vision.
Hackers are now part of a highly specialized and distributed criminal ecology. The most basic layer is filled with individuals focused on finding exploits in software. Instead of using the exploits, these professionals often sell discoveries to groups specializing in packaging exploits and running them through botnets. Those individuals, in turn, rent their botnets to anyone who aims to gain unauthorized access to other computer systems.
See also: How To Build A Botnet In 15 Minutes
Bottom line, hacking is no longer about bragging rights. While less sophisticated hacktivists still exist, today’s new hackers are doing this for money—and so aren’t talking about their exploits.
It’s hard to tie an accurate dollar amount to the costs associated with hacking. However, the sophistication of today’s hacker is quite clear in the Ponemon Cost of Cyber Crime Study, which shows a 20 percent increase in successful attack rates year over year, even as organizations continue to invest in security tools.
How Do They Do It?
Part of hackers’ growing sophistication is a direct result of the vast number of attack methodologies at their disposal. They can pick and choose among denial of service attacks, viruses, worms, trojans, malicious code, phishing, malware, botnets and ransomware, any of which could play a key role in opening business data centers to intrusion.
Today’s hackers also benefit from giant scale. They often build huge botnets from compromised computers they can harness in order to hack other systems. Often, the goal of these attacks is to compromise the desktop or workstations that allow them to work from within the organization. These attacks are launched against anyone and everyone, using generally less sophisticated techniques and better-known vulnerabilities.
Many attacks are also precisely targeted against particular individuals with access to sensitive information—proprietary corporate secrets, for instance, details of negotiations or other information that could be valuable to competitors or investors willing to base trades on it. These hackers are like snipers with carefully crafted attack plans.
The danger here is that their attacks are highly unlikely to turn up in your typical malware or antivirus detection system. That’s because such threats are often tailored specifically for particular targets and rely on innovative techniques and zero-day vulnerabilities. As a result most detection systems won’t have a clue what to look for.
Finally, modern hacker attacks are persistent. Once a hacker gets into one person’s corporate email, they can gather enough information to social engineer everyone else in the company. Patience is a real factor in these attacks. Attackers do not just come in, poke around and leave. In most breaches, it turns out that the hacker has been inside the network for months.
How To Fight Back
There is no silver bullet capable of stopping today’s attacker. Given that attackers are very likely to be successful in compromising their targets, we need a new approach to security.
For a new approach to take root, people first need to let go of the notion that no hacker will target them or their company because they “don’t have anything worth stealing.” Today’s hackers consider a lot of things valuable, especially financial information. Hackers are looking for online banking, credit card numbers or access to any other financials they can possibly find.
More to the point, almost any Internet resource stolen at scale can be turned into something valuable. So everyone is at risk.
That means the only way to assure the security of our computer systems is to assume that they have or will be compromised. We need to design networks in such a way that it’s possible to revert them to a safe state. People have a mentality that when they are breached, they will simply clean it up. Instead, they need to think of themselves as always being in a breached state.
Bottom line, no business is ever entirely free of viruses. Occasionally, something is going to penetrate the browser. What separates winners from losers rests with the organization’s ability to make the consequences negligible.
When countering targeted attacks, remaining anonymous can prove instrumental. If the hacker never recognizes the target, they will not pull the trigger.
See also: The Virtual Path To Freezing Malware
Organizations also need the ability to isolate browser activity in addition to conducting a rapid reset to a known good state. Security optimized virtualization is key for both of these. Running the browser in a properly designed and configured virtual machine ensures that any compromise is contained, and the browser virtual machine can be rolled back to a saved clean state without impacting the user’s working documents.
The trick is to destroy any possible trace of infection without losing important work or documents. It’s possible to preserve key documents and other material and to restore them to the virtual machine after reset, taking great care to ensure that doing so doesn’t also create an avenue for the malware to survive as well.
Diverse resiliency is key. For example, good deep backups help neutralize the effectiveness of ransomware.
The trend towards walled garden architectures with a requirement for signed binaries and enforced sandboxing may help, but it will simultaneously reduce the flexibility and openness of our computers. It is unlikely that they will ever be completely reliable, and software will continue to have vulnerabilities so additional layers of protection will be needed for many years to come.
Simply put, as hackers grow in sophistication, so too should our responses.
Photo by Johan Viirok