22 May 2018

CYBER SECURITY PROFESSIONAL WARNS OF 5TH AND 6TH GENERATION MALWARE THREAT; POLYMORPHIC, ADAPTIVE, AND HARDER TO DETECT


Gil Shwed, CEO and Founder of the cyber security firm , CheckPoint Technologies, was interviewed on CNBC’s Squawk Box this morning/May 18, 2018, regarding his outlook on the cyber threat. Mr. Shwed said it was imperative that governments and the private sector “develop innovative, sixth generation defenses. Mr. Shwed added that “fifth-generation cyber attacks, excel at identification theft, as well as in targeting cloud services, and mobile devices.” 


Mr. Shwed described the fifth generation cyber threat as “polymorphic,” with the malware changing shape and characteristics — thus defeating common intrusion detection software and techniques used by many government and private sector entities that rely on pattern and signature analysis to discover and thwart cyber attacks. Indeed, Mr. Shwed said that most companies are relying on second and third generation defenses, which the threat is already in the fifth generation and approaching the sixth. “Only three percent of organizations are currently prepared for the fifth/sixth generation cyber threat,” Mr. Shwed told CNBC. And, we are starting to see the emergence of sixth generation malware, which is also polymorphic; but, enhanced by artificial intelligence — going dormant when under surveillance, moving from machine-to-machine, and program-to-program, etc. before hiding any exfiltration of information; or worse, — the insertion of clever/sophisticated, but corrupted data.

This fifth and sixth generation malware, which has primarily been the domain of the nation-state, is increasingly available for purchase on the Dark Web and elsewhere, and can instantly transform an average cyber thief into an elite hacker.

So, What Do We Do About It?

Mr. Shwed said that “we need to develop fast, real-time, prevention methods. We need to find ways to protect all the components of the computers, servers, and cloud services — [and] protect every layer of the system,” network enterprise. Mr. Shwed said “we need to think small: building a vast army of nanotechnologies, small, inter-connected measures, installed in a layered defense; utilizing small software and artificial intelligence to predict, discover, and thwart cyber attacks.” Reverse-engineering and best cyber hygiene practices should also be part of this strategy in my opinion.

Finding creative ways to make cyber crime risky to the perpetrator; and, quickly identifying and attributing a cyber breach to a particular individual/entity/government is also mandatory. Cyber false flags, and denial and deception are in large supply in the digital wilderness of mirrors. Cyber forensic attribution, and cyber ‘bomb damage’ assessment are critical areas in need of help and support. Developing highly-targeted, elegant, offensive cyber retaliation tools and techniques, and decision-trees of course, needs to be part of this effort, as well as non-cyber retaliation for more profound attacks. RCP, fortunascorner.com

No comments: