21 August 2017

How military forces are combating the ransomware epidemic


By Nicola Whiting 

Organisations should follow the military's lead by adopting automated tools to combat cyber threats.

With organisations still recovering in the fallout from global ransomware attacks, Nicola Whiting, Chief Operating Officer at Titania explores how militaries have fortified their defences against the epidemic 

The rise of automation across the global economy has impacted every industry from media and financial services to information technology and healthcare. 

Worldwide, industries are adopting automated technologies to improve efficiency across operations and accelerate productivity within the human workforce. At Titania we know the cyber security industry is no different; clients such as leading defence agencies and military forces such as the US Department of Defence, the US Air Force and NATO have been amongst the first to adopt automated technologies within their cyber operations. 

Within the remit of cyber security, these technologies can greatly improve the defensive capabilities of any organisation by auditing vast amounts of cyber-infrastructure for the vulnerabilities often exploited by hackers. From a defensive standpoint, any open ports, unpatched software or vulnerabilities in firewalls can be identified and a full report given on how to fix the problem. 

Traditional security ‘scanners’ mimic cyber-attacks, indiscriminately bombarding a network from the outside in the hope of exposing a vulnerability. It’s the same as the Navy shelling one of its own warships to find the weak points in the ship’s hull – an inefficient approach that produces unreliable results. 

On the other hand, intelligent automated software can scour the internal instruction set of any network or system to find deep structural vulnerabilities and use fine-grain analysis to identify the open doors sought out by hackers. It would be the same as identifying the weaknesses in a building by analysing every line of the architect’s structural drawings, all in a matter of seconds. The benchmark speed of these technologies is phenomenal, with some proven to be able to conduct a line-by-line audit of 200 CISCO systems in just two and a half seconds. 

These automated cyber security technologies have proven themselves invaluable to organisations defending themselves against the increasing onslaught of cyber-attacks, especially the global epidemic of ransomware attacks and the growing trend for hackers to spread these attacks in the thousands using mass-distribution tools. At least two major ransomware attacks have struck organisations on a global scale this year alone, with many smaller scale attacks also being seen. The situation is so dire that according to a recent survey of 600 business decision makers and 1,200 employees by email security company Clearswift, almost 60% of organisations expect another global ransomware attack very soon. 

This unprecedented spike in ransomware attacks is no coincidence. The internet’s underbelly, known as the dark web, holds a subterranean hive of criminal activity. Peddling their wares on a highly developed cyber arms bazaar, hackers sell ransomware attack software with different levels of sophistication, complete with performance ratings and user reviews. To draw in their customers, some hackers even offer a money-back guarantee with their ransomware arsenals. 

These weapons are designed to exploit unpatched vulnerabilities and autonomously reproduce themselves throughout systems with that vulnerability, on any computer, anywhere in the world. Available to buy or rent, they can be repurposed and customised for any particular task, from hacking a bank to attacking a hospital. 

The global scale damage inflicted by the WannaCry ransomware attack that hit the NHS and other organisations earlier this year was a result of one such tool. The perpetrator(s) behind the attack used an autonomous delivery software known as ‘eternal blue’ to deliver the ransomware payloads en masse. A sophisticated virtual ‘transport’ mechanism, eternal blue enabled the ransomware to scan for a specific vulnerability in the file-sharing protocols set up across internal computer networks and then issued a payload whenever that vulnerability was found. As a result, WannaCry spread like wildfire around the world, infecting Spain’s Telefonica, the USA’s FedEx and Germany’s Deutsche Bahn, amongst a slew of others. Over 300,000 computer systems in 150 countries were hit with the use of a single delivery tool. 

At the moment, the manpower simply doesn’t exist to allow organisations to properly defend themselves against such attacks. According to the world’s largest cyber security membership body (ISC)2, the world is set to face a critical drought of human resources across the information security industry, leaving organisations shorthanded when it comes to defending themselves online. (ISC)2's 2017 Global Information Security Workforce Study, the largest ever survey of the global cyber security workforce, found an expected shortfall of 1.8 million cyber security workers by 2022. With the increasing use of automated ransomware distribution tools, coupled with the shortage of defenders, industries around the world are under one of the greatest threats to their economic vitality that they have ever faced. 

However, for western militaries, who’s battles are increasingly being fought in cyberspace, such a threat to their critical systems cannot be left to hang over them. Behind the escalation of ransomware attacks lies the increasing investment by governments, terrorists and other groups in ‘cyber-offensive’ capabilities; the development of cyber weapons that offer the ability to penetrate enemy networks and systems and project a global power in cyberspace. 

It is widely suspected by both the British Security Services and independent security firms that the North Korean-backed hacking group Lazarus was behind the WannaCry attack. A growing trend in cyberspace, proxy wars are being fought by nation-states operating via networks of puppet actors, making the internet the battle ground for a growing ‘cyber cold war’. The White House’s director of cyber incident response in the Obama administration said, “The internet allows malicious cyber actors to deliver weaponised tools, at a scope and scale like we’ve never seen.” States are intentionally leaking cyber weaponry to hacker groups, with the anonymity provided by the web ensuring the perfect smoke screen for their actions. As a result, military-grade cyber weapons are increasingly percolating down to the online underworld, giving even the most amateur hackers access to devastating cyber weaponry with the capability to inflict WannaCry level damage. 

On the front-line of the war in cyberspace, militaries are using automated defence software to fortify their digital infrastructure against these weapons. Whilst rigorously analysing each line of code in everything from a military airbase in Europe to laptops in Afghanistan, these technologies allow human cyber officers to be reassigned to strategic and cyber-offensive roles, leaving the security auditing to machines. Dramatically reducing demands on the heavily overstretched human resources, these automated systems are helping to plug the cyber security skills gap threatening the security of global industries. 

Similar to the adoption of automated technologies we’re seeing in other industries, automated auditing tools could allow organisations to create virtual cyber security ‘teams’ that work alongside human cyber security professionals, helping them anticipate and counteract future dangers quicker and more effectively. 

With advances in ransomware technology escalating exponentially, enabling criminals to launch global cyber-attacks with minimal time and resources, it is essential for organisations to adopt automated systems like the military has. Not only will this put them on a level playing field with the attackers, but will cut the time and cost of fortifying their defences. 

No comments: